Analysis
-
max time kernel
63s -
max time network
185s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system -
submitted
22-05-2024 09:04
Static task
static1
Behavioral task
behavioral1
Sample
66bcf8031d4a4c701cf83bd9dfb87a7c_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
66bcf8031d4a4c701cf83bd9dfb87a7c_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
66bcf8031d4a4c701cf83bd9dfb87a7c_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
66bcf8031d4a4c701cf83bd9dfb87a7c_JaffaCakes118.apk
-
Size
2.5MB
-
MD5
66bcf8031d4a4c701cf83bd9dfb87a7c
-
SHA1
68224ed4acf9327a25e1f09e8612052be3bdead1
-
SHA256
5e46295f5050d4dcd4f6da5c4c156addcc8280cea3aac7b3731e1e8d260da373
-
SHA512
4f1d7ddad111e989f8f4c8cf41bf02fe131608768c927d58bd27489d82dfc2bdfc2c7596a4d8a033f14b6b42df89b1bacaf5ad761be3696d45fc53db192650f4
-
SSDEEP
49152:FK43Ei2Lnu2S9xphxvrymYbW5EWBCkIannhfc3tBGAn2yf23IOYSF+mUnpnQH:4438u2SkmYyKWHnhfc9HSWkIY
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
Processes:
com.yxxinglin.xzid586042ioc process /system/app/Superuser.apk com.yxxinglin.xzid586042 -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
com.yxxinglin.xzid586042description ioc process File opened for read /proc/cpuinfo com.yxxinglin.xzid586042 -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
com.yxxinglin.xzid586042description ioc process File opened for read /proc/meminfo com.yxxinglin.xzid586042 -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
com.yxxinglin.xzid586042description ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.yxxinglin.xzid586042 -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.yxxinglin.xzid586042description ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.yxxinglin.xzid586042 -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.yxxinglin.xzid586042description ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.yxxinglin.xzid586042 -
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
Processes:
com.yxxinglin.xzid586042description ioc process Framework service call android.net.wifi.IWifiManager.getScanResults com.yxxinglin.xzid586042 -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.yxxinglin.xzid586042description ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.yxxinglin.xzid586042 -
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
Processes:
com.yxxinglin.xzid586042description ioc process Framework API call android.hardware.SensorManager.registerListener com.yxxinglin.xzid586042 -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.yxxinglin.xzid586042description ioc process Framework API call javax.crypto.Cipher.doFinal com.yxxinglin.xzid586042
Processes
-
com.yxxinglin.xzid5860421⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4627
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.yxxinglin.xzid586042/databases/ua.dbFilesize
24KB
MD5c0baf3326dc470e47249def863c109ec
SHA197f2d86cea38b1f36bf7908f38e95a72d74a931f
SHA256b188515375e16aa7a2b38ffd65e1853cabd6c4d298c550782a68edc397c62e75
SHA5124643d29a09b237a820f8e872f8e88bae77eab70d64d76c851017c94c213a9d4303132a8725df382788c1479136418b8effe6377cd38195c8a7bc73f70f70da74
-
/data/data/com.yxxinglin.xzid586042/databases/ua.dbFilesize
36KB
MD54a8120c91e3143b2db43971dbc77cf8d
SHA137c5700d35059c4e0a718ced73b3d73ba5d2b277
SHA2561fa1b6e6bd75bcef64d35785e2fd6f2e73dcdf92dce73c8b2a8fed49746d53bb
SHA512465cd282927e30a0a894a75ad261feddde5a31869c8cea6b548362afce08fbb7cff7a784bd1d62c3e4c95916ce30e758d3919dd4cdc13176f29d68c2620c185c
-
/data/data/com.yxxinglin.xzid586042/databases/ua.db-journalFilesize
8KB
MD5435be4b79f7b3d03bd3d48678567e341
SHA1f002eba8408524949c7ccaa6d5ae0287a8440c03
SHA256348d12a7548d609f74882cda9691344432d599416205818e729672e3ad2b0d7b
SHA512903a11ce3bbfe8b92ef40236665d8eedab16779180dd7459e9455d909fb9f4c71b696359f7dffc69e844e6cf92d13ce4af25616c00107359210a2704eff52b89
-
/data/data/com.yxxinglin.xzid586042/databases/ua.db-journalFilesize
16KB
MD5f15dc35e67af833908467585b15ad8e7
SHA12a84af3fc2fe8dd369cb4328445caaf9b411f4fa
SHA256e73c51ab25a5a400adb839959bfd49810c7a7e620b2ce97facb4ba1ff32e71c4
SHA5121a71bec4bb9d8b8a0e733dfd42182fd5482731b3e5209e6556515f9eaa4760903ba0a34fd1e9aecfd61d26125557623a53d20a10b04669342b230a2a586d50b0
-
/data/data/com.yxxinglin.xzid586042/databases/ua.db-journalFilesize
512B
MD576f113517a1f3ff5858fab6d2933fef8
SHA15cb129e14677626f212c8eee3e09d1ccaf518686
SHA2564988bdd38bec857151ec6a5b72cc6b41f1861404cb522055fda19afcc2ff835a
SHA51278a1bfc19b2718452d2dd2b4fef36b46f22f0b71b7cad257f64a71e46bde52b2b1902377f31e12a74a3366479d8e453691d5a89f18355012489ae6be06edab30
-
/data/data/com.yxxinglin.xzid586042/databases/ua.db-journalFilesize
8KB
MD516caba5c4703c94a8a6478ade9372ea6
SHA123a84b0f7d57a0636a4c93997d40bffef9595568
SHA256b0eadf24eabe3654d599f1d1c48bb23081b586652fddf7bad1e5a563989dd699
SHA512eb5e3d700ba62a23592992689c67f203cd2579e1b35326dd00183747416427357c79ca813b908bf6d6adc8e6f21e2468be09af6ce9f5dfd4d458d5d8963a23eb
-
/data/user/0/com.yxxinglin.xzid586042/files/.envelope/a==7.5.0&&1.0.0_1716368704352_envelope.logFilesize
1KB
MD5019db87b1201da62a87a4792986fd5ea
SHA1dc38d497160407b2a333a4d67967a3f7ca8cc5bf
SHA256d6e58703d777c062ff51ab88261dbcd1d6b16c6ef1c635ba249522a2d958668f
SHA51252c52c4defcfa7ef7d9f4359ac6d88c92f381fd6b033b9b03936f847709af089db1216e6cafdbbc2184b7703e9e4700d7706b0af4e127aedc597e4c85967314c
-
/data/user/0/com.yxxinglin.xzid586042/files/.envelope/i==1.2.0&&1.0.0_1716368699496_envelope.logFilesize
2KB
MD5419f584837c8c24275df6ab84771d6c0
SHA16be748a3c202c3cb72e25000392e7326804c7675
SHA256bfa4030a591328e5c84317e3d9d14dd6ca8298f43340b1b6a1131296a0775fd0
SHA5126d94953c2bebef61ec8703a4027891722338e9e7075a98e6b3cedc496411a8ad718f6c6410929dc8b7fcc264f33e73929dae3a63e7e80ae4dd4d158e2bd8e85b
-
/data/user/0/com.yxxinglin.xzid586042/files/.umeng/exchangeIdentity.jsonFilesize
162B
MD51f848e943325fd00479264cb885969bc
SHA1deb3c5e8322e7e49543f5a6bd3674b108bb13f4f
SHA256e5e3f5bc953eabd235934d031dac12b834420bb2aaa64a7310c4d2aa74c5a8a0
SHA51294b0f5d32bf4e82fc795ec30ccecb944e6522e7dd2262cae2106c06b051a86260a01f146da9ddfc003d5d72341f47d070b837ed77ea5d5dda69d26290a5dfc80
-
/data/user/0/com.yxxinglin.xzid586042/files/exid.datFilesize
59B
MD5fe6e1f0f7fcf080f0b664051380a68fd
SHA11d4ebf1ca52cf658f901a43ce8f7e6ad7325182b
SHA2560009f79d8c44422b644d88be3b1b734b8e97abcf9754edbd7e65340980b04ab0
SHA512d9c598f18e19c773cf3097c57d46c6865f8122dfabe4299fbbeebd54658d54e34bda8467df28b4193fad8b366fda16b8e015465119968b90d1c1d7c2e87f31cb
-
/data/user/0/com.yxxinglin.xzid586042/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE2MzY4Njk5Mjk0Filesize
1KB
MD50fa029c21d3dba577440e6e563cae42b
SHA186a941e2f17a8c0fe1a8e593b911c9126f37f6e9
SHA25687cc9a0eba467635a8514c71f462a0cd5970722f1dcb69f0044b402945cc8979
SHA512c8a2628b2e16ac3e4025384c147e0defd0c26e86fbb39cd8bfbd8191a5690611b1e955476b155f038a0f90ce41df48158e929e1df0e7ea48fcb8b537150736b2
-
/data/user/0/com.yxxinglin.xzid586042/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE2MzY4NzI5NDY0Filesize
1KB
MD5186c42b1b66d13de9aaebaae365463aa
SHA1049b1a2aee18188ecdce78875cba5950f905ab28
SHA256b8803bee5b699b15c39891bd52d7ca8e1889ae3f2ca7051444ecf5777ce5c39a
SHA512c2861eeb45a1ea0c50953a3dbea48713a97d56a22f25736d0c5a4a09deabfe1c27555b290afa82e027b931bf15efb0525a3570ffa65c64488a06fb38d27203fc
-
/data/user/0/com.yxxinglin.xzid586042/files/umeng_it.cacheFilesize
350B
MD5f037c9eff658773ab133c7c6644b655f
SHA1a1dff0f788a69b298d64adb65379979ec85494d7
SHA2567fc19040202c87058ef19a1f36f16051e0d8759c9a18cd138e99fdfa9f3a1c8a
SHA512a77a34499ae7544543b3457492eab850807919042f41efbc1965aa424558a634e5498b8ba924e079ced8b435fb5e1804b90a0809bbbed1827590c1062d496885