Overview

overview

8

Static

static

1

66bcf8031d...18.apk

android-9-x86

8

66bcf8031d...18.apk

android-10-x64

8

66bcf8031d...18.apk

android-11-x64

8

Analysis

  • max time kernel
    63s
  • max time network
    185s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240514-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
  • submitted
    22-05-2024 09:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    66bcf8031d4a4c701cf83bd9dfb87a7c_JaffaCakes118.apk

  • Size

    2.5MB

  • MD5

    66bcf8031d4a4c701cf83bd9dfb87a7c

  • SHA1

    68224ed4acf9327a25e1f09e8612052be3bdead1

  • SHA256

    5e46295f5050d4dcd4f6da5c4c156addcc8280cea3aac7b3731e1e8d260da373

  • SHA512

    4f1d7ddad111e989f8f4c8cf41bf02fe131608768c927d58bd27489d82dfc2bdfc2c7596a4d8a033f14b6b42df89b1bacaf5ad761be3696d45fc53db192650f4

  • SSDEEP

    49152:FK43Ei2Lnu2S9xphxvrymYbW5EWBCkIannhfc3tBGAn2yf23IOYSF+mUnpnQH:4438u2SkmYyKWHnhfc9HSWkIY

Score
8/10
collectioncredential_accessdiscoveryevasionimpact

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 1 IoCs
    evasion
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.yxxinglin.xzid586042
    1⤵
    • Checks if the Android device is rooted.
    • Checks CPU information
    • Checks memory information
    • Obtains sensitive information copied to the device clipboard
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Queries information about the current nearby Wi-Fi networks
    • Checks if the internet connection is available
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4627

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.yxxinglin.xzid586042/databases/ua.db
    Filesize

    24KB

    MD5

    c0baf3326dc470e47249def863c109ec

    SHA1

    97f2d86cea38b1f36bf7908f38e95a72d74a931f

    SHA256

    b188515375e16aa7a2b38ffd65e1853cabd6c4d298c550782a68edc397c62e75

    SHA512

    4643d29a09b237a820f8e872f8e88bae77eab70d64d76c851017c94c213a9d4303132a8725df382788c1479136418b8effe6377cd38195c8a7bc73f70f70da74

    Download Submit
  • /data/data/com.yxxinglin.xzid586042/databases/ua.db
    Filesize

    36KB

    MD5

    4a8120c91e3143b2db43971dbc77cf8d

    SHA1

    37c5700d35059c4e0a718ced73b3d73ba5d2b277

    SHA256

    1fa1b6e6bd75bcef64d35785e2fd6f2e73dcdf92dce73c8b2a8fed49746d53bb

    SHA512

    465cd282927e30a0a894a75ad261feddde5a31869c8cea6b548362afce08fbb7cff7a784bd1d62c3e4c95916ce30e758d3919dd4cdc13176f29d68c2620c185c

    Download Submit
  • /data/data/com.yxxinglin.xzid586042/databases/ua.db-journal
    Filesize

    8KB

    MD5

    435be4b79f7b3d03bd3d48678567e341

    SHA1

    f002eba8408524949c7ccaa6d5ae0287a8440c03

    SHA256

    348d12a7548d609f74882cda9691344432d599416205818e729672e3ad2b0d7b

    SHA512

    903a11ce3bbfe8b92ef40236665d8eedab16779180dd7459e9455d909fb9f4c71b696359f7dffc69e844e6cf92d13ce4af25616c00107359210a2704eff52b89

    Download Submit
  • /data/data/com.yxxinglin.xzid586042/databases/ua.db-journal
    Filesize

    16KB

    MD5

    f15dc35e67af833908467585b15ad8e7

    SHA1

    2a84af3fc2fe8dd369cb4328445caaf9b411f4fa

    SHA256

    e73c51ab25a5a400adb839959bfd49810c7a7e620b2ce97facb4ba1ff32e71c4

    SHA512

    1a71bec4bb9d8b8a0e733dfd42182fd5482731b3e5209e6556515f9eaa4760903ba0a34fd1e9aecfd61d26125557623a53d20a10b04669342b230a2a586d50b0

    Download Submit
  • /data/data/com.yxxinglin.xzid586042/databases/ua.db-journal
    Filesize

    512B

    MD5

    76f113517a1f3ff5858fab6d2933fef8

    SHA1

    5cb129e14677626f212c8eee3e09d1ccaf518686

    SHA256

    4988bdd38bec857151ec6a5b72cc6b41f1861404cb522055fda19afcc2ff835a

    SHA512

    78a1bfc19b2718452d2dd2b4fef36b46f22f0b71b7cad257f64a71e46bde52b2b1902377f31e12a74a3366479d8e453691d5a89f18355012489ae6be06edab30

    Download Submit
  • /data/data/com.yxxinglin.xzid586042/databases/ua.db-journal
    Filesize

    8KB

    MD5

    16caba5c4703c94a8a6478ade9372ea6

    SHA1

    23a84b0f7d57a0636a4c93997d40bffef9595568

    SHA256

    b0eadf24eabe3654d599f1d1c48bb23081b586652fddf7bad1e5a563989dd699

    SHA512

    eb5e3d700ba62a23592992689c67f203cd2579e1b35326dd00183747416427357c79ca813b908bf6d6adc8e6f21e2468be09af6ce9f5dfd4d458d5d8963a23eb

    Download Submit
  • /data/user/0/com.yxxinglin.xzid586042/files/.envelope/a==7.5.0&&1.0.0_1716368704352_envelope.log
    Filesize

    1KB

    MD5

    019db87b1201da62a87a4792986fd5ea

    SHA1

    dc38d497160407b2a333a4d67967a3f7ca8cc5bf

    SHA256

    d6e58703d777c062ff51ab88261dbcd1d6b16c6ef1c635ba249522a2d958668f

    SHA512

    52c52c4defcfa7ef7d9f4359ac6d88c92f381fd6b033b9b03936f847709af089db1216e6cafdbbc2184b7703e9e4700d7706b0af4e127aedc597e4c85967314c

    Download Submit
  • /data/user/0/com.yxxinglin.xzid586042/files/.envelope/i==1.2.0&&1.0.0_1716368699496_envelope.log
    Filesize

    2KB

    MD5

    419f584837c8c24275df6ab84771d6c0

    SHA1

    6be748a3c202c3cb72e25000392e7326804c7675

    SHA256

    bfa4030a591328e5c84317e3d9d14dd6ca8298f43340b1b6a1131296a0775fd0

    SHA512

    6d94953c2bebef61ec8703a4027891722338e9e7075a98e6b3cedc496411a8ad718f6c6410929dc8b7fcc264f33e73929dae3a63e7e80ae4dd4d158e2bd8e85b

    Download Submit
  • /data/user/0/com.yxxinglin.xzid586042/files/.umeng/exchangeIdentity.json
    Filesize

    162B

    MD5

    1f848e943325fd00479264cb885969bc

    SHA1

    deb3c5e8322e7e49543f5a6bd3674b108bb13f4f

    SHA256

    e5e3f5bc953eabd235934d031dac12b834420bb2aaa64a7310c4d2aa74c5a8a0

    SHA512

    94b0f5d32bf4e82fc795ec30ccecb944e6522e7dd2262cae2106c06b051a86260a01f146da9ddfc003d5d72341f47d070b837ed77ea5d5dda69d26290a5dfc80

    Download Submit
  • /data/user/0/com.yxxinglin.xzid586042/files/exid.dat
    Filesize

    59B

    MD5

    fe6e1f0f7fcf080f0b664051380a68fd

    SHA1

    1d4ebf1ca52cf658f901a43ce8f7e6ad7325182b

    SHA256

    0009f79d8c44422b644d88be3b1b734b8e97abcf9754edbd7e65340980b04ab0

    SHA512

    d9c598f18e19c773cf3097c57d46c6865f8122dfabe4299fbbeebd54658d54e34bda8467df28b4193fad8b366fda16b8e015465119968b90d1c1d7c2e87f31cb

    Download Submit
  • /data/user/0/com.yxxinglin.xzid586042/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE2MzY4Njk5Mjk0
    Filesize

    1KB

    MD5

    0fa029c21d3dba577440e6e563cae42b

    SHA1

    86a941e2f17a8c0fe1a8e593b911c9126f37f6e9

    SHA256

    87cc9a0eba467635a8514c71f462a0cd5970722f1dcb69f0044b402945cc8979

    SHA512

    c8a2628b2e16ac3e4025384c147e0defd0c26e86fbb39cd8bfbd8191a5690611b1e955476b155f038a0f90ce41df48158e929e1df0e7ea48fcb8b537150736b2

    Download Submit
  • /data/user/0/com.yxxinglin.xzid586042/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE2MzY4NzI5NDY0
    Filesize

    1KB

    MD5

    186c42b1b66d13de9aaebaae365463aa

    SHA1

    049b1a2aee18188ecdce78875cba5950f905ab28

    SHA256

    b8803bee5b699b15c39891bd52d7ca8e1889ae3f2ca7051444ecf5777ce5c39a

    SHA512

    c2861eeb45a1ea0c50953a3dbea48713a97d56a22f25736d0c5a4a09deabfe1c27555b290afa82e027b931bf15efb0525a3570ffa65c64488a06fb38d27203fc

    Download Submit
  • /data/user/0/com.yxxinglin.xzid586042/files/umeng_it.cache
    Filesize

    350B

    MD5

    f037c9eff658773ab133c7c6644b655f

    SHA1

    a1dff0f788a69b298d64adb65379979ec85494d7

    SHA256

    7fc19040202c87058ef19a1f36f16051e0d8759c9a18cd138e99fdfa9f3a1c8a

    SHA512

    a77a34499ae7544543b3457492eab850807919042f41efbc1965aa424558a634e5498b8ba924e079ced8b435fb5e1804b90a0809bbbed1827590c1062d496885

    Download Submit