Overview

overview

8

Static

static

1

66bcf8031d...18.apk

android-9-x86

8

66bcf8031d...18.apk

android-10-x64

8

66bcf8031d...18.apk

android-11-x64

8

Analysis

  • max time kernel
    64s
  • max time network
    185s
  • platform
    android_x64
  • resource
    android-x64-20240514-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
  • submitted
    22-05-2024 09:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    66bcf8031d4a4c701cf83bd9dfb87a7c_JaffaCakes118.apk

  • Size

    2.5MB

  • MD5

    66bcf8031d4a4c701cf83bd9dfb87a7c

  • SHA1

    68224ed4acf9327a25e1f09e8612052be3bdead1

  • SHA256

    5e46295f5050d4dcd4f6da5c4c156addcc8280cea3aac7b3731e1e8d260da373

  • SHA512

    4f1d7ddad111e989f8f4c8cf41bf02fe131608768c927d58bd27489d82dfc2bdfc2c7596a4d8a033f14b6b42df89b1bacaf5ad761be3696d45fc53db192650f4

  • SSDEEP

    49152:FK43Ei2Lnu2S9xphxvrymYbW5EWBCkIannhfc3tBGAn2yf23IOYSF+mUnpnQH:4438u2SkmYyKWHnhfc9HSWkIY

Score
8/10
collectioncredential_accessdiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 1 IoCs
    evasion
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.yxxinglin.xzid586042
    1⤵
    • Checks if the Android device is rooted.
    • Checks CPU information
    • Checks memory information
    • Obtains sensitive information copied to the device clipboard
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Queries information about the current nearby Wi-Fi networks
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:5158

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.yxxinglin.xzid586042/databases/ua.db
    Filesize

    24KB

    MD5

    ef1a833cc3fcfcbf5cf3c1ebf982717b

    SHA1

    27964d62eec9045c95770caf0d412e0609f17a8e

    SHA256

    2d1ed0b09ecf1a7eea4baae06c3631ca881aa6166f0ab71dc1ff30673547744b

    SHA512

    cac3275ca47239e3458d1fba8b0e34709da31a422bd81cdc09850f2e8537b20a367483761682ff6b9ffc0307f4db4e9fe9a8892cd1ef374cd53b5c6c42a03118

    Download Submit
  • /data/data/com.yxxinglin.xzid586042/databases/ua.db
    Filesize

    36KB

    MD5

    b7036131b84bdf2b66c67fde18d62308

    SHA1

    18b1e5a358d68c846495cab5cfef7c6679659093

    SHA256

    c2c0bc8842203ccf1665dbb5b3333b22ae5a6ae3ef8eafe83e7f43adf32d0295

    SHA512

    256bc83e1a516a58f5d1d024d27dad3c26723df0f96e0deca6baac86d84518000212570b06996a14bcbeadff05fed05125862aba2d4aa08c15a6999563dac067

    Download Submit
  • /data/data/com.yxxinglin.xzid586042/databases/ua.db-journal
    Filesize

    8KB

    MD5

    5e576111bf014c0fde1bcd44ab78866d

    SHA1

    5e2e24d7125caed5033146fab9746d470f98d7b1

    SHA256

    6d43349188af47dd4861415e6c216799f189b45d4bb5626538d82ebed6073942

    SHA512

    9d7a50bef39aea33b5a5ce7158c6f09f9cb2dca88d8bfd6780ba3b75b365bdffbef1fa9b27dc10ff03ef22543f87173f0ff1e391ffa03732bc4322b345d48744

    Download Submit
  • /data/data/com.yxxinglin.xzid586042/databases/ua.db-journal
    Filesize

    16KB

    MD5

    8395ed708c76f7edf7f46687ed33e891

    SHA1

    8a919df6016ab6316777b151cd3a335bc928720f

    SHA256

    f2729ff98bab49465efa5b36969607322b8e1e51e12854bf3e72b5deafc9f3e4

    SHA512

    faaffa06282c3600e7ee6338d4f14511876882fc08a23b49f0153bd92d4fc2e84ae1eead1a017d04fd0f6b1924169b0b4f2b0746f775fd30d92ef0bf96614e2f

    Download Submit
  • /data/data/com.yxxinglin.xzid586042/databases/ua.db-journal
    Filesize

    512B

    MD5

    d1f6a8b76a7e5351901328c350d46690

    SHA1

    8a58a120e254b27eed491c037648d0a3cad0b155

    SHA256

    679b5a1e119d87eaa5260d41fe7e44d143e3503cf32b6d645d03b80586507e2c

    SHA512

    d70765c002cb1ec0bab2bca646606812c02d116e3e077e4c7db7fb8cd613e64ae1403115e30846f1eee5910d0b1035e675d928bd7a1fff5b33324818359fe9bd

    Download Submit
  • /data/data/com.yxxinglin.xzid586042/databases/ua.db-journal
    Filesize

    8KB

    MD5

    2e323acb7a27e1837b9a0311b55dbaf6

    SHA1

    85bd114fcfc0998101d4589e9377ea911841fc65

    SHA256

    bc9b9c0c795346171e157cfd8639be1597a51caa19b53a8638a450c36b1729da

    SHA512

    45d28e4cfb97177882c651aa0ed3f69f3fb7504f497ceef565b58172ddc921754b057c4580aa7a433d56a489e11c72aa7fec55f8391a7ef3050d19d4c8e19923

    Download Submit
  • /data/data/com.yxxinglin.xzid586042/files/.envelope/a==7.5.0&&1.0.0_1716368705613_envelope.log
    Filesize

    1KB

    MD5

    fe1752fad768c89cdb2e71bb80378bb2

    SHA1

    320fd00652da8d060d55a929bbb78cebacf6cfe4

    SHA256

    5bc21d10a1011e0913756701cd33f0942c3e068ef266bee444ee4e50ea045f7a

    SHA512

    56feed1fe34a5f4b5aa26b250975a4d1358b668a582f786e98a6b0d531e4db12572146d02e4fe1d9950ec7f1b4024a57d2f83937263b757e5c4351b766e2c36a

    Download Submit
  • /data/data/com.yxxinglin.xzid586042/files/.envelope/i==1.2.0&&1.0.0_1716368701320_envelope.log
    Filesize

    2KB

    MD5

    d4e98ed633069f100d1d620373bf6c39

    SHA1

    20f741b169805feadd95e1d43f9f87cfd0da3d7a

    SHA256

    8c9d80bce6443adf9f1936cb27f69e761d246325b19528b3e19dc70169c8ac19

    SHA512

    753dddf811846e702e134f945bb7834427699db14d564d172ad10ab2bdf68d6669ab845265c43f4e8dc759dd450ccd46470c034e05d8ff24491dd5b3ce61cf85

    Download Submit
  • /data/data/com.yxxinglin.xzid586042/files/.umeng/exchangeIdentity.json
    Filesize

    162B

    MD5

    44fae30013d439a8ce2362b459fe2120

    SHA1

    25452aa3922c8fb68ca221581fc954c9603c41fe

    SHA256

    98adf3cd70513d494efb77abe1cf4cb5e7920f6ef671dd30a6140c9a8662848e

    SHA512

    54c65c8a60669f2746bb440bd3ea2cf418059d7ec28d1385648d2d772360e41c92d0b05fd3fc62bb1ba2895663afd07e25664488c752f206f40c04f776966d95

    Download Submit
  • /data/data/com.yxxinglin.xzid586042/files/exid.dat
    Filesize

    59B

    MD5

    fe6e1f0f7fcf080f0b664051380a68fd

    SHA1

    1d4ebf1ca52cf658f901a43ce8f7e6ad7325182b

    SHA256

    0009f79d8c44422b644d88be3b1b734b8e97abcf9754edbd7e65340980b04ab0

    SHA512

    d9c598f18e19c773cf3097c57d46c6865f8122dfabe4299fbbeebd54658d54e34bda8467df28b4193fad8b366fda16b8e015465119968b90d1c1d7c2e87f31cb

    Download Submit
  • /data/data/com.yxxinglin.xzid586042/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE2MzY4NzAwNzQ0
    Filesize

    1KB

    MD5

    d3ec9d8ad3d6cb6b72e71a1066c1ae60

    SHA1

    8d41bef92525c9e0ee1358316e8eb6aeafa83ba0

    SHA256

    7d344cd4f577b1cd501314871240ab6297c03cc4a60f7c11670d68155f17c381

    SHA512

    766c9214a32f28fbb130b656fc134a0029096e3b58d1b82ccf248e7d131b9dc303f794409ea2541d1cd9b6a5a1e148af563675f9e6a8e93ebcc82192787c335b

    Download Submit
  • /data/data/com.yxxinglin.xzid586042/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE2MzY4NzMwODk3
    Filesize

    1KB

    MD5

    8c59193ce0212676bd86eb290d161a7e

    SHA1

    3d823bc72252164beb9b07cfc38157eaa7835c91

    SHA256

    5121ea295508bd79189c820e67f5bcba0ae8a1e3a190c2a3ea70a2ea4113f3e9

    SHA512

    d7d0aea512c236557d89fdfccdc37534904b00c6141998a5918ffee253587f3b4264cf7ff862ba563bf3e0be326e32f15af7ff40024558a6bfa0bc7a24bfe935

    Download Submit
  • /data/data/com.yxxinglin.xzid586042/files/umeng_it.cache
    Filesize

    348B

    MD5

    2c74cd41eab09bbc6671c0dc94e3491f

    SHA1

    c33228862b7b2e8bddf4b5ee0d9ef80fb2fd7e64

    SHA256

    e5edbbfb38d4d380050d7a37c2fa71ac0d4fd55cf2d2808eca48875e93ea4b1d

    SHA512

    c8e51bbb82f632fc7c96e2dbad827918528302972f23dfaa7a25bd850b6453562d3bcc821cfe01d3f22b94578eed8b3d36c3ec6193efd6a86efc602a951050f6

    Download Submit