Analysis
-
max time kernel
64s -
max time network
185s -
platform
android_x64 -
resource
android-x64-20240514-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system -
submitted
22-05-2024 09:04
Static task
static1
Behavioral task
behavioral1
Sample
66bcf8031d4a4c701cf83bd9dfb87a7c_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
66bcf8031d4a4c701cf83bd9dfb87a7c_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
66bcf8031d4a4c701cf83bd9dfb87a7c_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
66bcf8031d4a4c701cf83bd9dfb87a7c_JaffaCakes118.apk
-
Size
2.5MB
-
MD5
66bcf8031d4a4c701cf83bd9dfb87a7c
-
SHA1
68224ed4acf9327a25e1f09e8612052be3bdead1
-
SHA256
5e46295f5050d4dcd4f6da5c4c156addcc8280cea3aac7b3731e1e8d260da373
-
SHA512
4f1d7ddad111e989f8f4c8cf41bf02fe131608768c927d58bd27489d82dfc2bdfc2c7596a4d8a033f14b6b42df89b1bacaf5ad761be3696d45fc53db192650f4
-
SSDEEP
49152:FK43Ei2Lnu2S9xphxvrymYbW5EWBCkIannhfc3tBGAn2yf23IOYSF+mUnpnQH:4438u2SkmYyKWHnhfc9HSWkIY
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
Processes:
com.yxxinglin.xzid586042ioc process /system/app/Superuser.apk com.yxxinglin.xzid586042 -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
com.yxxinglin.xzid586042description ioc process File opened for read /proc/cpuinfo com.yxxinglin.xzid586042 -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
com.yxxinglin.xzid586042description ioc process File opened for read /proc/meminfo com.yxxinglin.xzid586042 -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
com.yxxinglin.xzid586042description ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.yxxinglin.xzid586042 -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.yxxinglin.xzid586042description ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.yxxinglin.xzid586042 -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.yxxinglin.xzid586042description ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.yxxinglin.xzid586042 -
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
Processes:
com.yxxinglin.xzid586042description ioc process Framework service call android.net.wifi.IWifiManager.getScanResults com.yxxinglin.xzid586042 -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.yxxinglin.xzid586042description ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.yxxinglin.xzid586042 -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.yxxinglin.xzid586042description ioc process Framework service call android.app.IActivityManager.registerReceiver com.yxxinglin.xzid586042 -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.yxxinglin.xzid586042description ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.yxxinglin.xzid586042 -
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
Processes:
com.yxxinglin.xzid586042description ioc process Framework API call android.hardware.SensorManager.registerListener com.yxxinglin.xzid586042 -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.yxxinglin.xzid586042description ioc process Framework API call javax.crypto.Cipher.doFinal com.yxxinglin.xzid586042
Processes
-
com.yxxinglin.xzid5860421⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:5158
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.yxxinglin.xzid586042/databases/ua.dbFilesize
24KB
MD5ef1a833cc3fcfcbf5cf3c1ebf982717b
SHA127964d62eec9045c95770caf0d412e0609f17a8e
SHA2562d1ed0b09ecf1a7eea4baae06c3631ca881aa6166f0ab71dc1ff30673547744b
SHA512cac3275ca47239e3458d1fba8b0e34709da31a422bd81cdc09850f2e8537b20a367483761682ff6b9ffc0307f4db4e9fe9a8892cd1ef374cd53b5c6c42a03118
-
/data/data/com.yxxinglin.xzid586042/databases/ua.dbFilesize
36KB
MD5b7036131b84bdf2b66c67fde18d62308
SHA118b1e5a358d68c846495cab5cfef7c6679659093
SHA256c2c0bc8842203ccf1665dbb5b3333b22ae5a6ae3ef8eafe83e7f43adf32d0295
SHA512256bc83e1a516a58f5d1d024d27dad3c26723df0f96e0deca6baac86d84518000212570b06996a14bcbeadff05fed05125862aba2d4aa08c15a6999563dac067
-
/data/data/com.yxxinglin.xzid586042/databases/ua.db-journalFilesize
8KB
MD55e576111bf014c0fde1bcd44ab78866d
SHA15e2e24d7125caed5033146fab9746d470f98d7b1
SHA2566d43349188af47dd4861415e6c216799f189b45d4bb5626538d82ebed6073942
SHA5129d7a50bef39aea33b5a5ce7158c6f09f9cb2dca88d8bfd6780ba3b75b365bdffbef1fa9b27dc10ff03ef22543f87173f0ff1e391ffa03732bc4322b345d48744
-
/data/data/com.yxxinglin.xzid586042/databases/ua.db-journalFilesize
16KB
MD58395ed708c76f7edf7f46687ed33e891
SHA18a919df6016ab6316777b151cd3a335bc928720f
SHA256f2729ff98bab49465efa5b36969607322b8e1e51e12854bf3e72b5deafc9f3e4
SHA512faaffa06282c3600e7ee6338d4f14511876882fc08a23b49f0153bd92d4fc2e84ae1eead1a017d04fd0f6b1924169b0b4f2b0746f775fd30d92ef0bf96614e2f
-
/data/data/com.yxxinglin.xzid586042/databases/ua.db-journalFilesize
512B
MD5d1f6a8b76a7e5351901328c350d46690
SHA18a58a120e254b27eed491c037648d0a3cad0b155
SHA256679b5a1e119d87eaa5260d41fe7e44d143e3503cf32b6d645d03b80586507e2c
SHA512d70765c002cb1ec0bab2bca646606812c02d116e3e077e4c7db7fb8cd613e64ae1403115e30846f1eee5910d0b1035e675d928bd7a1fff5b33324818359fe9bd
-
/data/data/com.yxxinglin.xzid586042/databases/ua.db-journalFilesize
8KB
MD52e323acb7a27e1837b9a0311b55dbaf6
SHA185bd114fcfc0998101d4589e9377ea911841fc65
SHA256bc9b9c0c795346171e157cfd8639be1597a51caa19b53a8638a450c36b1729da
SHA51245d28e4cfb97177882c651aa0ed3f69f3fb7504f497ceef565b58172ddc921754b057c4580aa7a433d56a489e11c72aa7fec55f8391a7ef3050d19d4c8e19923
-
/data/data/com.yxxinglin.xzid586042/files/.envelope/a==7.5.0&&1.0.0_1716368705613_envelope.logFilesize
1KB
MD5fe1752fad768c89cdb2e71bb80378bb2
SHA1320fd00652da8d060d55a929bbb78cebacf6cfe4
SHA2565bc21d10a1011e0913756701cd33f0942c3e068ef266bee444ee4e50ea045f7a
SHA51256feed1fe34a5f4b5aa26b250975a4d1358b668a582f786e98a6b0d531e4db12572146d02e4fe1d9950ec7f1b4024a57d2f83937263b757e5c4351b766e2c36a
-
/data/data/com.yxxinglin.xzid586042/files/.envelope/i==1.2.0&&1.0.0_1716368701320_envelope.logFilesize
2KB
MD5d4e98ed633069f100d1d620373bf6c39
SHA120f741b169805feadd95e1d43f9f87cfd0da3d7a
SHA2568c9d80bce6443adf9f1936cb27f69e761d246325b19528b3e19dc70169c8ac19
SHA512753dddf811846e702e134f945bb7834427699db14d564d172ad10ab2bdf68d6669ab845265c43f4e8dc759dd450ccd46470c034e05d8ff24491dd5b3ce61cf85
-
/data/data/com.yxxinglin.xzid586042/files/.umeng/exchangeIdentity.jsonFilesize
162B
MD544fae30013d439a8ce2362b459fe2120
SHA125452aa3922c8fb68ca221581fc954c9603c41fe
SHA25698adf3cd70513d494efb77abe1cf4cb5e7920f6ef671dd30a6140c9a8662848e
SHA51254c65c8a60669f2746bb440bd3ea2cf418059d7ec28d1385648d2d772360e41c92d0b05fd3fc62bb1ba2895663afd07e25664488c752f206f40c04f776966d95
-
/data/data/com.yxxinglin.xzid586042/files/exid.datFilesize
59B
MD5fe6e1f0f7fcf080f0b664051380a68fd
SHA11d4ebf1ca52cf658f901a43ce8f7e6ad7325182b
SHA2560009f79d8c44422b644d88be3b1b734b8e97abcf9754edbd7e65340980b04ab0
SHA512d9c598f18e19c773cf3097c57d46c6865f8122dfabe4299fbbeebd54658d54e34bda8467df28b4193fad8b366fda16b8e015465119968b90d1c1d7c2e87f31cb
-
/data/data/com.yxxinglin.xzid586042/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE2MzY4NzAwNzQ0Filesize
1KB
MD5d3ec9d8ad3d6cb6b72e71a1066c1ae60
SHA18d41bef92525c9e0ee1358316e8eb6aeafa83ba0
SHA2567d344cd4f577b1cd501314871240ab6297c03cc4a60f7c11670d68155f17c381
SHA512766c9214a32f28fbb130b656fc134a0029096e3b58d1b82ccf248e7d131b9dc303f794409ea2541d1cd9b6a5a1e148af563675f9e6a8e93ebcc82192787c335b
-
/data/data/com.yxxinglin.xzid586042/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE2MzY4NzMwODk3Filesize
1KB
MD58c59193ce0212676bd86eb290d161a7e
SHA13d823bc72252164beb9b07cfc38157eaa7835c91
SHA2565121ea295508bd79189c820e67f5bcba0ae8a1e3a190c2a3ea70a2ea4113f3e9
SHA512d7d0aea512c236557d89fdfccdc37534904b00c6141998a5918ffee253587f3b4264cf7ff862ba563bf3e0be326e32f15af7ff40024558a6bfa0bc7a24bfe935
-
/data/data/com.yxxinglin.xzid586042/files/umeng_it.cacheFilesize
348B
MD52c74cd41eab09bbc6671c0dc94e3491f
SHA1c33228862b7b2e8bddf4b5ee0d9ef80fb2fd7e64
SHA256e5edbbfb38d4d380050d7a37c2fa71ac0d4fd55cf2d2808eca48875e93ea4b1d
SHA512c8e51bbb82f632fc7c96e2dbad827918528302972f23dfaa7a25bd850b6453562d3bcc821cfe01d3f22b94578eed8b3d36c3ec6193efd6a86efc602a951050f6