838568de8e6d0a2b08ac5a97b913192d289bd5ee0d5b0bb882f45fe6491bc2d0

General

Target

66c6dec5beab22c764c33c909f98f047_JaffaCakes118.apk
Size

13.8MB
MD5

66c6dec5beab22c764c33c909f98f047
SHA1

e0c589176068b803e9ce29307173354d260968de
SHA256

838568de8e6d0a2b08ac5a97b913192d289bd5ee0d5b0bb882f45fe6491bc2d0
SHA512

14ab8250ae956ab1786e33db77c14f4c95e2f56c3d7e623e9e3d9bdaa931f03cb436029876c05323dd904d699134206ee991ffd3675f7fd9f3ecf1dd65051bfb
SSDEEP

393216:zfKyYcG3E0duS4Vn/IslMXHR8fGb9ddMldzj:zfClESSgslMXeMbOPzj

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.sybercare.xingyistaff

description ioc process

File opened for read /proc/cpuinfo com.sybercare.xingyistaff
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

Process Discovery
T1424

Processes:

com.sybercare.xingyistaff

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.sybercare.xingyistaff
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.sybercare.xingyistaff

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.sybercare.xingyistaff
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.sybercare.xingyistaff

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.sybercare.xingyistaff
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.sybercare.xingyistaff

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.sybercare.xingyistaff
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.sybercare.xingyistaff

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.sybercare.xingyistaff

description	ioc	process
File opened for read	/proc/cpuinfo	com.sybercare.xingyistaff

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.sybercare.xingyistaff

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.sybercare.xingyistaff

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.sybercare.xingyistaff

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.sybercare.xingyistaff

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.sybercare.xingyistaff

com.sybercare.xingyistaff
1⤵
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4348

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1

T1624

Broadcast Receivers

1

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1

T1633

System Checks

1

T1633.001

Credential Access

Discovery

Process Discovery

1

T1424

System Information Discovery

1

T1426

System Network Connections Discovery

2

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.sybercare.xingyistaff/files/.imprint
Filesize
915B

MD5
3d75c2b67c06d20cd4a7b9751b6ede41

SHA1
c8bbccb0e30264e670c29c8ba05258cc67d6d58b

SHA256
c35cb68af643256d05e40b351a1afb0d160fe6db732a1a0851b45f2704caabd5

SHA512
026f1f2f4d48bdc45d80f802b0da15816aa43392b1acb2ab00399b49d2cc99fc84c07e4d9008a9f761d1c169db6afebabac84adb99f3a95bc4e07f2a7e85c8de

Download Submit
/data/data/com.sybercare.xingyistaff/files/umeng_it.cache
Filesize
310B

MD5
0f2c86990d7a2b90cf4f90cb5be8335a

SHA1
cc8e1e9f605e7e168f3c5de219f994e72dcb077a

SHA256
8253e10fbc0e66e7679283ca9a40378dafe746b8d80a7da64081d5b210d98288

SHA512
e350f5788111e4baccd3320edc53d9dee90326b330465ed620e1284cbf6cfe4e65498b6ad91eacdc5a5bcee545356415165dba118b5a05380507e0ba4fcde7fc

Download Submit
/data/data/com.sybercare.xingyistaff/files/umeng_it.cache
Filesize
158B

MD5
2f902ea55794126184a9c458f0660671

SHA1
1535bd3cf5f8bdf0ecca5f0430d9e700270f589d

SHA256
90c8e2de4b553509a33f978c11a3f28591b2414a1c4126cf9ed127546fa855fd

SHA512
1225fd8740a088d1cbb80f6d476c740f9642899b246552a11adcc6ab925ab0f0ad9c409125a345e427d393681e3880da452353785d70687d4d4cbbfbfb1bf36c

Download Submit
/storage/emulated/0/Android/data/com.sybercare.xingyistaff/sybercare#xingyi/log/20240522/000.html
Filesize
172B

MD5
736fe5738ac7695dbfcb7dbf25ad335e

SHA1
940fdb730100793b923deb733ac004152c0f0015

SHA256
de3bc7e0a86551d82f569d7d45c5ca5adc1fe16b99c6d5fd9dde1a66264e339a

SHA512
2495e5eaa820e12cb8b7ad1a532f66d0f046abd014fcc2a8e83f440abbd84ff80c51edc0280a614a9c2207ea43e047163580783c9e052a16f19dfc22d2b33097

Download Submit
/storage/emulated/0/Android/data/com.sybercare.xingyistaff/sybercare#xingyi/log/20240522/000.html
Filesize
85B

MD5
ccd9b112c5db16138b955bee08f2344b

SHA1
c55651dc41d03d69d0e39fdff2caa6b14403ea72

SHA256
99ececa7d721cf5bb5be93bb885da97fb7acf4e60be054ab3c16df7f4e0e2261

SHA512
2feb42cdf347bf828938f846fcc5ac131dbb72571a399113767646136943186df5a3e76791da00c42f116042fa77d1fd7afc1e3be8aafb6283ad09364d3f9b22

Download Submit
/storage/emulated/0/Android/data/com.sybercare.xingyistaff/sybercare#xingyi/log/20240522/000.html
Filesize
82B

MD5
b8b9d01e698857235fb14797059dc1c3

SHA1
bbb50360086066ce32c1e1710d21344d129c2958

SHA256
896fbf6ba201b510970072fb0e00f77368f2efdfea5cfc6e0d061d82570c08b5

SHA512
3573bc0031b5699136e3259c9efd671572486ffb8a4bc80a63ea55cff74859ea8ba14cb91d5fb0504069fa86a2c6a4280d212e7666d151fd65c046ccd223a981

Download Submit
/storage/emulated/0/Android/data/com.sybercare.xingyistaff/sybercare#xingyi/log/20240522/000.html
Filesize
113B

MD5
bbd82b4b0876210e22466c3c5e6bb098

SHA1
20d43d4ed5e062c6efa9ec18a1aa12accc274c0b

SHA256
ce6de0141b585bc0eace3d2630113292d2baed98fa9c718145853f107c0a2fae

SHA512
b80076abebf669e9701a464d4d57bcc5f405de14a517ff1e948f1ba6a4518a59e304f7ac29ea648b5ba1916ca33db5db56df86a7137c40db73959b5e5cfd2318

Download Submit
/storage/emulated/0/Android/data/com.sybercare.xingyistaff/sybercare#xingyi/log/20240522/000.html
Filesize
10KB

MD5
152ef33eb419d0a1f25e613b0797463f

SHA1
682f53b4cb01980c5b8cb006736cc96bcbbe38a9

SHA256
82a377f9db290fd0ff2109f005d8e3ab05e17574f67ae300ca1957bef4b32311

SHA512
3cd15de6fc3cea263ccba62213211f065fdd0eeccbb67800071a1724e366103717af5b3b670632e396411359a2edee2fa53c8905406d6ad5301639ae61b04cff

Download Submit

Analysis

Sharing