565325db5efa09f685d73d3578ebddd920ccd4185284160bcc0b8a66e52db0f5

Analysis

max time kernel
179s
max time network
133s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 13:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

676bdc4bc58b2eff3fbcfb28bef0e47f_JaffaCakes118.apk
Size

14.1MB
MD5

676bdc4bc58b2eff3fbcfb28bef0e47f
SHA1

c89ded145b46b90db747b662e1f6608819c2f797
SHA256

565325db5efa09f685d73d3578ebddd920ccd4185284160bcc0b8a66e52db0f5
SHA512

640284db95d6fe4dd39f6646953bfd7c16040b2ca32788fb5366ac231c47b59cb38184a455ccab77dcd2cc9b0a58623b4bb95634a40f2422d4fba1e02023a1d2
SSDEEP

393216:PCrhTv+e3mrAn01zu2zSZdGcON7r3bk8cBzKyb4x1x/:PQhTv13mHzudZdGX7GzKC4x1x/

Score

8^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 3 IoCs
evasion

T1426

Processes:

com.yidian.xiaomi

ioc process

/system/bin/su com.yidian.xiaomi
/sbin/su com.yidian.xiaomi
/system/xbin/su com.yidian.xiaomi
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.yidian.xiaomi

description ioc process

File opened for read /proc/cpuinfo com.yidian.xiaomi
Checks known Qemu files. 1 TTPs 3 IoCs
Checks for known Qemu files that exist on Android virtual device images.
evasion

T1633.001

Processes:

com.yidian.xiaomi

ioc process

/system/lib/libc_malloc_debug_qemu.so com.yidian.xiaomi
/sys/qemu_trace com.yidian.xiaomi
/system/bin/qemu-props com.yidian.xiaomi
Checks known Qemu pipes. 1 TTPs 2 IoCs
Checks for known pipes used by the Android emulator to communicate with the host.
evasion

T1633.001

Processes:

com.yidian.xiaomi

ioc process

/dev/socket/qemud com.yidian.xiaomi
/dev/qemu_pipe com.yidian.xiaomi
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.yidian.xiaomi

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.yidian.xiaomi
Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

T1422
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.yidian.xiaomi

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.yidian.xiaomi
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.yidian.xiaomi

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.yidian.xiaomi
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.yidian.xiaomi

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.yidian.xiaomi

ioc	process
/system/bin/su	com.yidian.xiaomi
/sbin/su	com.yidian.xiaomi
/system/xbin/su	com.yidian.xiaomi

description	ioc	process
File opened for read	/proc/cpuinfo	com.yidian.xiaomi

ioc	process
/system/lib/libc_malloc_debug_qemu.so	com.yidian.xiaomi
/sys/qemu_trace	com.yidian.xiaomi
/system/bin/qemu-props	com.yidian.xiaomi

ioc	process
/dev/socket/qemud	com.yidian.xiaomi
/dev/qemu_pipe	com.yidian.xiaomi

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.yidian.xiaomi

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.yidian.xiaomi

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yidian.xiaomi

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.yidian.xiaomi

com.yidian.xiaomi
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks known Qemu files.
- Checks known Qemu pipes.
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4268

logcat -v time -r1024 -n5 -f /storage/emulated/0/.xiaomi/logs/log.txt *:D
2⤵
PID:4327

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yidian.xiaomi/databases/cc/cc.db
Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/com.yidian.xiaomi/databases/cc/cc.db
Filesize
36KB

MD5
5d7ea1a23af19b4340cc8d90f28297d5

SHA1
4cfe95b23a9e98378d69c4290af81b51fbe76aea

SHA256
474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

SHA512
33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

Download Submit
/data/data/com.yidian.xiaomi/databases/cc/cc.db-journal
Filesize
512B

MD5
6f6615462a736520c22f5411a6ec8510

SHA1
b9060f4b67e024a88cdaf8ac570707004c8df821

SHA256
2513233354330bd93ebb64b5dd048c43257cf96adbe379e4c4d3bd712192e317

SHA512
f52718752d8bc115769f21881f0667c68c197875687dd73f8a6077b7e4c3839e8a1b53e37df5f951662fd4078e04e0fc09a608b81ae50fc29a0c960a1d566166

Download Submit
/data/data/com.yidian.xiaomi/databases/cc/cc.db-wal
Filesize
48KB

MD5
673f64eff1937b9b29288cfb5f4913a2

SHA1
e3d099101063f48e80a76e441b67fffc62607a8b

SHA256
5ab736ac60047c95be133be1117983e35d11dcf98ed724e6eb70fcfd5c5618b4

SHA512
b7b0806b0ff5545d2b3e211fca5eb4df5cee9ca1c044df0bd4600c27c27b8a2ffd850c95a9643f17350ffadc56eca1a9ad534e15ccc82185be22ca90a74c7b3b

Download Submit
/data/data/com.yidian.xiaomi/databases/cc/cc.db-wal
Filesize
16KB

MD5
645bad97246d6f5aeb8c551eb4fb33f0

SHA1
76a39fe316fa3d8bdf4c21372320979a6dfc677a

SHA256
db388690a0ac9da3525f5f44b2833f339681c5bd367ea7b093cee10ba8cbe08d

SHA512
52e74f419fc5491362824e84b7db0b4c1864ea5233580e1a0e5872f35dbc5c49323e2a37619a075224ad982a926247171bfcc821ed037d58df941cef65c4c251

Download Submit
/data/data/com.yidian.xiaomi/databases/hipu.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.yidian.xiaomi/databases/hipu.db-journal
Filesize
512B

MD5
c217b97cbc4f43cae55f6ed7957ec388

SHA1
e49e7f260816bf0e69962e4426bcd630a600fe0c

SHA256
07525e1c8485452ec20925e916a909f3700e86a7bf111ff76e714e74ed85bb80

SHA512
4dfb7b16dac55ce7a6a8ccd998597076f85135dbf2edb3e00d787b3c0c1680532f04c15e791db05aca73cc9c769c39a3796da0e93d810b78735bf126c579bcc3

Download Submit
/data/data/com.yidian.xiaomi/databases/hipu.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.yidian.xiaomi/databases/hipu.db-wal
Filesize
173KB

MD5
36093356b1601bb48d1150ab99478949

SHA1
a3d585e04161e869abc5f1afcc52fe1ac5bbdec1

SHA256
06479a9cb42610951912fc78d4a45cc98bd497e97140711fcdef92e9149753d8

SHA512
e668411c4a6e82e5fb2d3937eef4fc5215a993dc212bc1f2e5e43177644961f84630c02898e05b5ec5b1741260fb6d15b6a84a8afbf58f0504c9e8173f4b1e63

Download Submit
/data/data/com.yidian.xiaomi/files/.um/um_cache_1716386397303.env
Filesize
1KB

MD5
c03cb3fb3c72da4a7980f2315c336024

SHA1
4f7ebf734c3ad437c94c83ed0f5fbc144158ed90

SHA256
2ddd70eacc21db3403687aba9609d495e5670237989c08006db3053de6dc081f

SHA512
108b6306ee57b9995c1811eb646b192fc02b982ea35499105f14281a1c4efaf74c66656e29f34228a436a7900ec6eaaf353d02a158016b03f2b4fbcea03cbe9c

Download Submit
/data/data/com.yidian.xiaomi/files/.umeng/exchangeIdentity.json
Filesize
162B

MD5
1412e7d3d2f62d0614912d52fb481248

SHA1
1b00bb7ab8ac2e7d3a13b4bc4bd8141d07151794

SHA256
901cd904a0fb3f32b6fbde4018718fff327ef665be71144cbc4939a562c76ea1

SHA512
1e81e765919ee693d43e9df9447ba6c9c1a353ad00275a2918266dda25f20f919efc0166b7b6ffefcf1318ec8a682f9aade3d0404106bc5c621b348ce500299b

Download Submit
/data/data/com.yidian.xiaomi/files/exid.dat
Filesize
64B

MD5
33c49e8a6588429a80288e4849ed4c69

SHA1
5ea62264fc854e399132645a2603cfbba3f86b64

SHA256
cbdc7e81fa8395c9f5b2de49a3d6eb016373c10666aa6c007a151945bc1ac2e8

SHA512
9abe2aeb238ba7a9a2dd90682610f3699271b5b4a59782537109acb9afa3bdc0276ddbdc5a2f486a1217cea70cfd44be22acd9538cffbf53e5f48c65b0a163cd

Download Submit
/data/data/com.yidian.xiaomi/files/report.log-1716386271763
Filesize
279B

MD5
3dcfd46f2c0daa6fa153c47e4c4b3891

SHA1
51ede95477c2e0b43f3591dd298990c4dfd2d7cc

SHA256
1d7fba4a68b437afa72dc2be056afe4dac10d289be8fe4b23aad2da4d3a7283d

SHA512
27bcc945c24a6613b39e6d89755178812463ca62eeb6a59a53afd354ec8c751a8fb7c62dcd30e2d1bf129c613ace02315c4effa671c749cff5a3c061e3c5d9c9

Download Submit
/data/data/com.yidian.xiaomi/files/report.log-1716386271770
Filesize
1KB

MD5
4489fbf7f6c2571dcc2f04503746ffcb

SHA1
0d619130a586ac4256f38d4f32caf66696346ae4

SHA256
8e3d84c4d01caa5e85b57cff4f730e7e3dab9833a30fb5797a68efffb1204c88

SHA512
ca9c627ff702337b375ad7d2410e4a836be543283419fa7993b61fe18129145290612ec2e3a0b81c761b8f0c425148f1b4902e1dae6857cc999068b5b7d52aa9

Download Submit
/data/data/com.yidian.xiaomi/files/report.log-1716386275028
Filesize
405B

MD5
e3b284563e6b7d7c603d708f11db0baf

SHA1
0cbb354ed3c9a95e4d6f4102408c024e3c81871f

SHA256
926d31b73b286af0222aaecd6b4dab4b35368435ee82335ca36ad067b7694257

SHA512
dc67e4460db764320af59086b1ec1d27b3250f5627c8db3f347ff94d4e272fbfd036bb112b8e9eced75cd01d2938edbe8313296a2f0ba3479ce5806f07dbbecc

Download Submit
/data/data/com.yidian.xiaomi/files/umeng_it.cache
Filesize
415B

MD5
e5f7462bb15487445136208b5412fe0d

SHA1
438f2193e4d8b9412b81fc320a68ccb8e495efbd

SHA256
7c47958d547def53967345ebe30d060197451728fb429726cd00ae59aa299b62

SHA512
0dfbc86757c36735a1d01488c6a7f0361f0a75e81b07f884d09aac9ac200820edf0f84666e714b35799671461adb70952e9e6a8197e84b335431e081ddb98ab8

Download Submit
/storage/emulated/0/.mat/c54a22523b696b09a7aefa365e1d06b8/1716386275940
Filesize
809B

MD5
23535a5d0d3ab18e955f119a2aff3051

SHA1
704b1649a6ee8726fcbb4d04d6b41a784808646b

SHA256
8e30ba8b288a3e9c72c1729f9dc87bcd03d67355d963657b92376592b8641af9

SHA512
99dea669c67881933e64d99d0cf6c12008249baa66a18a9adb8503539799a145af7c07dbc55d6712b13683749ece000be44572945f1419b8d20f74e8eb18b5b1

Download Submit
/storage/emulated/0/.mat/c54a22523b696b09a7aefa365e1d06b8/1716386276612
Filesize
809B

MD5
2a7b889089f0e771b31e0def01db1e2b

SHA1
8e2e0d8b2930386c0817904c70bdfdba4f109927

SHA256
fcdeadd3a9b2b1acf0ce6cde97ecf5dd6a3e62a095bbf84304e4bfe63462143a

SHA512
728b8ab2db51c67ecae40f3201ba14d4542082850aec2f9e915fb2ba1d97de3ed14ed6eb5ca8f9f2b69bfff5fff2d6f2aafcd4edc9a61931d3781563d914a7cd

Download Submit
/storage/emulated/0/.mat/c54a22523b696b09a7aefa365e1d06b8/1716386276766
Filesize
841B

MD5
e4ca1ee82cc2b559e41539f839347348

SHA1
9b6df494d7ba210477e92edfa5e80bfec91b8546

SHA256
bae340290623e6f2682a72655cdb0b1fe1802f1b1ec83448fbe06103d9f3d79a

SHA512
3ae20c4e80f371e991a496e86b3d7104648d2ad654de2b9e23044c7ce055b01385cec54e486a0bc62ce7b03fb047311ac495476b0a0b8f31793643b820ed58cc

Download Submit
/storage/emulated/0/.mat/c54a22523b696b09a7aefa365e1d06b8/1716386276954
Filesize
841B

MD5
a75c097735600cb799b3024a1bf595c9

SHA1
7a8f1bb96554bab131f11fdb2bfb5dbb13ebb6c5

SHA256
d04f46652619a77e08e7333ec5b64b79429167bf617cd583dbe77262e143c910

SHA512
1b565a1c91df3e38d82289c3c4df2b1bc5f22ef08be22c6a13136e248f7d242e9247aaa3e34c48079c8758eaa2146a97997972a720cbedb423caf83400c8f049

Download Submit
/storage/emulated/0/.xiaomi/logs/log.txt *:D
Filesize
92KB

MD5
0ef0745ee691fe121ca968e8c62f4b17

SHA1
b74e4460e0edde7b230f2e97f2be710098dfbcf2

SHA256
5dae029edff309889de727ca4bc71a2160f5a9b4a3994d1362d914753391cd4f

SHA512
41dbe287e357442048f9231b6128ac85c9091ee6dd2c2705e842a564092655f34f942ef57747f12a06c88824837b2aa668262cef58b350021cb11cca5290e0c1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads