caedf6c6c098a3142a429cbcc967228272a129003bd87b01866e28d6a91e8732

Analysis

max time kernel
166s
max time network
183s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 16:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

67e69a3034f100bf3c3c8d311946aa1d_JaffaCakes118.apk
Size

11.1MB
MD5

67e69a3034f100bf3c3c8d311946aa1d
SHA1

cac93b5b522b29bd4358f479cec49e2bd67a2f7e
SHA256

caedf6c6c098a3142a429cbcc967228272a129003bd87b01866e28d6a91e8732
SHA512

a7bb07a62b068f7181dc4f10c7bf7399f516a66a03cb917f0c0b47a7aad80a33f2589383303145c09065922f94fe65bb7b0815dfefdb650d49b6dfa894aae991
SSDEEP

196608:F59ia3w4wNNA5RggFO6J5gzyrHuSYBMwoSp71/Zqe4lf0+44WiXupzXZZLOt4fy9:bvIOD9NHeUS9bw0+44Wey9CXIw

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.yxxinglin.xzid115477

description ioc process

File opened for read /proc/cpuinfo com.yxxinglin.xzid115477
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.yxxinglin.xzid115477

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.yxxinglin.xzid115477
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.yxxinglin.xzid115477

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.yxxinglin.xzid115477
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
evasion

User Evasion
T1628.002

Processes:

com.yxxinglin.xzid115477

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.yxxinglin.xzid115477
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.yxxinglin.xzid115477

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.yxxinglin.xzid115477

description	ioc	process
File opened for read	/proc/cpuinfo	com.yxxinglin.xzid115477

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.yxxinglin.xzid115477

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yxxinglin.xzid115477

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.yxxinglin.xzid115477

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.yxxinglin.xzid115477

com.yxxinglin.xzid115477
1⤵
- Checks CPU information
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4292

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yxxinglin.xzid115477/databases/RKStorage
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.yxxinglin.xzid115477/databases/RKStorage-journal
Filesize
512B

MD5
0fd50de70121de27960ed8a80716bd39

SHA1
9c3c04a705fcc0a4bfe589a1ad7ea145408712b1

SHA256
a24a8cdcb557bfef521ff6f659975956f69a66e8bfccb0f0fa087d7721996073

SHA512
80c7bbb95e02e01622900e035d251aae7573f7550ed9e2e171da01380ae9f1cb8ccd939e520d4e643af5852eb430ca1de0110fb0f49db1e1afbc31a353667790

Download Submit
/data/data/com.yxxinglin.xzid115477/databases/RKStorage-wal
Filesize
72KB

MD5
02c87d8dd24c6570e70d3ceba2ed306d

SHA1
db8ab18b7d97ab82fdbaee0f25a0a1cb4e0eae1d

SHA256
231bb33e2a152d278131b00a37e143b050f98420d9eef96e24832f9b392e952d

SHA512
37be8558b3f62b80e0ff3ae507922d5cf6732bbd3a097c5832518f6f15e39c8b9355c1bcc4e04eca85a3a68d1fa51e89b8a3d0fb14f9a3ca7911115eb0133085

Download Submit
/data/data/com.yxxinglin.xzid115477/databases/cc/cc.db
Filesize
36KB

MD5
5d7ea1a23af19b4340cc8d90f28297d5

SHA1
4cfe95b23a9e98378d69c4290af81b51fbe76aea

SHA256
474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

SHA512
33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

Download Submit
/data/data/com.yxxinglin.xzid115477/databases/cc/cc.db
Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/com.yxxinglin.xzid115477/databases/cc/cc.db-journal
Filesize
512B

MD5
16cf555ef3d33375c294f1d32823cbfc

SHA1
50679d6f4b7b76ddbddb04a7f968a166bc22d708

SHA256
75eae01d9648c993a5138e4401c92bc85c0d2d8f94162f6a22fd35d6a47f4113

SHA512
130e43ccefc35239af7641b89f6b61221234b273cd380932b5e5cf3c96cddf93b66ade50fba67913847e5bb3a940e772f5c193afba07547e9579d6964c7e201e

Download Submit
/data/data/com.yxxinglin.xzid115477/databases/cc/cc.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.yxxinglin.xzid115477/databases/cc/cc.db-wal
Filesize
48KB

MD5
8227ed13d5f59984b1e226e436dffd6d

SHA1
178a2c39af5591116d3cf9e972106885d9452487

SHA256
825db5a9ff3c52bb0aa22982a4398019c850789740d9ac8533f43cd9e788ed26

SHA512
0c13a1530562c9f3f239e2ba8348cdc0474e810be76b2efddad648c7cd22249495253dbce1897df23aed260b64853623e52777f3a79e82d7fc9e0fd32196d2d0

Download Submit
/data/data/com.yxxinglin.xzid115477/databases/cc/cc.db-wal
Filesize
16KB

MD5
687a0972d4f494fd5ce31545625500c6

SHA1
4f4240791b64e27d28334010d6b1b68c2abb2bd2

SHA256
2775b9a1ba91d404c630fc60397d394b41b14f8756770c3bd33d1544ebe4bed8

SHA512
7579b5629435835472fb334ebf95055f5dd20f7688b9a97be083480f08ae5261d330e15cd737a6ddaa6563785eb9bd018b5ab9a0c8d6abdf67e418b6ab749bdd

Download Submit
/data/data/com.yxxinglin.xzid115477/databases/ua.db
Filesize
32KB

MD5
beb6ed70b813221eb9838a84eaef615b

SHA1
bcf766fb1ad89f26538d5db3314afecd82742a45

SHA256
a87943aacd9441eea1b3fe125eef44d03db2fe624d4661a39c6a9456bfcf271f

SHA512
74967a964a15c3837357867dc5a1587c2ce4a23423b2d375cf1b1551434dce9476e484a4e79067d0cf210dabe5a45f18a256560a817425e83417f8ba2f907026

Download Submit
/data/data/com.yxxinglin.xzid115477/databases/ua.db
Filesize
32KB

MD5
d604a3bf1f8d992cc320ea5b1f7609bd

SHA1
247f88df0b55c7d523ea5398637711a0e4a483a4

SHA256
329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17

SHA512
67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

Download Submit
/data/data/com.yxxinglin.xzid115477/databases/ua.db-journal
Filesize
512B

MD5
9a12e39a3c217fb36a1ea7197daf0292

SHA1
0318354a93b9139b40b0d75e6a771577447d232f

SHA256
b7aa2ba0ebb1a259171a9b0ff7c4190e2bcae85a13066e4b863d05cdc2fbc3c4

SHA512
f3497a9decbc30a02b24e269532d81b70fa9316f4e6a95b834a04fc34f7f2f80a3c1d3cbc0795fdf7df1d040b973d05a1105c5bcfdcebc26d2e9ceeda9861d1c

Download Submit
/data/data/com.yxxinglin.xzid115477/databases/ua.db-wal
Filesize
56KB

MD5
09655e0855c161e63e2807d48d3da97c

SHA1
dbf474794af60a075e4c797f1ff48a2269d99585

SHA256
4845eeb872ff36eb115fedd1a0bd1a9df9768cba88d090cedeaee7f8e82cac59

SHA512
7d449fa05f5122a56798e79a07e18ea555281fc118c67301d69e815252e378ce94aea063a3c0fa511b438e56cf53b9471838f05006adf8d87b0f508af01aad2f

Download Submit
/data/data/com.yxxinglin.xzid115477/databases/ua.db-wal
Filesize
8KB

MD5
b5f1837ada99370d2f624b6e6ffa12bd

SHA1
eb5a37c0e0d8241b170e9b1923e0753141cf2664

SHA256
fbd170e65a626e75e87e60f24104fc5a5b3ba059432588f5303733c536b08ca4

SHA512
2a8d3db46a80b527939e155f071f228e6a1f6cac070cee49011745511c4921e4bd135fdd4215d6229224ba0e757b0b7dbcd1e95c811ad0544ace70344a66813a

Download Submit
/data/data/com.yxxinglin.xzid115477/files/.um/um_cache_1716395907439.env
Filesize
1KB

MD5
2f548e4952b1a3bd0b9a1e2155035999

SHA1
c99115fac870b21a9f8d158d160d8e13648d2fe4

SHA256
f2f4eabf703b3be5719a0097b48c2a8a7f0d42176c13970c32de7375eb434fab

SHA512
17f497706ceec21363b5ffb4bab1d37d4216aeebd4d9ff864e26f64052267cbb1c1153eaed2cda78641e8b5e2b54dc2271018f7cb2990ce95b65466a7c52aa5e

Download Submit
/data/data/com.yxxinglin.xzid115477/files/.umeng/exchangeIdentity.json
Filesize
162B

MD5
cb572a2cc26a3aa50e7bb3131f5c3e77

SHA1
ed42473dc531fa9b9183fb6c637fe5ae46263171

SHA256
9ebe6b024fa6ca60982d329c1362c62408d14c362b77b286276e75d7b672c536

SHA512
f2747e2785e5b1709d78426bd2e2b4ca5c08ea64dede11e9f8a5d3cfbceb11ad150781d1bb09af9a5d2825056e56159648c55c9e4ab0cbc8bcf053220beb13e6

Download Submit
/data/data/com.yxxinglin.xzid115477/files/exid.dat
Filesize
54B

MD5
651a6be4fb7079e5c73600b37c11548c

SHA1
9425c9a6db3476d4d836bafccf9651a423c5b914

SHA256
e16a88749cacbc2efd96326d3afe980a8199a7050ff47721c0a7b52a8842c801

SHA512
5a4925323ad710d78906549d2e3deb778882a49fab9505b8d5e839b62082f74d59277b776274a757f48602b0334efee8630c442a2500a617feff4123d1c6960c

Download Submit
/data/data/com.yxxinglin.xzid115477/files/umeng_it.cache
Filesize
498B

MD5
e6dfeb923156c53a5ddb81c6f936951c

SHA1
8b237ad8d16ba7ccf816ee13c3fccb9aadef27c5

SHA256
1d5ba1d2aa565b1b1aaf3aea99b2862d5f9bab535965262b78c302ac60b620ed

SHA512
d8b1f5f8a1d7bd9f701609d7c34cca6eb5725a68f981403b315a90867c8372b3fdf21cc680066cbd6a7e537109be6a10efe430ee07626424193a4ff510a465e1

Download Submit
/data/data/com.yxxinglin.xzid115477/lib-main/dso_deps
Filesize
156B

MD5
52044152f2f85edf37808cbe9fbff4f5

SHA1
85dff8385afac7bda9f7757f78d7c1a95eafa812

SHA256
ef5ddbddbf1c6fd508dde6bbb19e761eaf8156f87136e3ce28f1ad1f90d53d8a

SHA512
dc96f4b8b32b6edd5d5a3a02a1ae890e1ba324c2bf5012d2b3fb3f7e4f00abc90aef81aff05427a03e84637b74fbd76533127ba36fa231aaf61ab4931df0cd1c

Download Submit
/data/data/com.yxxinglin.xzid115477/lib-main/dso_manifest
Filesize
5B

MD5
c06857e9ea338f3f3a24bb78f8fbdf6f

SHA1
c5a0a2529d2deb60fec041b4fbd722a2ebe31702

SHA256
957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027

SHA512
29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

Download Submit
/data/data/com.yxxinglin.xzid115477/lib-main/dso_state
Filesize
1B

MD5
93b885adfe0da089cdf634904fd59f71

SHA1
5ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA256
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

SHA512
b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

Download Submit
/data/data/com.yxxinglin.xzid115477/lib-main/dso_state
Filesize
1B

MD5
55a54008ad1ba589aa210d2629c1df41

SHA1
bf8b4530d8d246dd74ac53a13471bba17941dff7

SHA256
4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

SHA512
7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
111B

MD5
cb449103e385611a66fbc7659f944972

SHA1
9ada8a57d7c700bc1f4de8f5e06f1ec7801696a9

SHA256
b2fab6756f5ba35b87f595f8f45f969c7fb981d017d71e5d45dac484dc7849d4

SHA512
75aac1e5d38c5e28ff4b4a94a6c3c1811778998c3c25e40340dbe036f340b6ed2cdfc1a586204970217c59fc904c46f82723c22e6e67729249dbbff9bcea7955

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
111B

MD5
f4d2129cd8796e606d0ad956cdff198b

SHA1
c5e5d306c466390315f6c97ac1a8d82c857b2a2e

SHA256
03e5fef1ce6b9abcff71688ca2ff33f5d80141d45a7ec078229537f2c52b8342

SHA512
8bd89b5b23696c76025b6c3955c6bb7d345457b374c45c0c56af75f8aca3587080a8146fe6fa71b0fc34aa46ccb4499d38e99e5ce36de8c35e0519d5945706e3

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
380B

MD5
526df76ed62b17f96a9b122138d0e1ac

SHA1
a8128cfc64b94f29281b477948fbee59c4b1dfe5

SHA256
ca74065d31dea6b4b0939fb3c271103d6564531fbfb0a5d2c53bf4271883d1c6

SHA512
01d176a054ddf94b32531fba7cbb890e198448917e5346bc726ce5335e8a2a1508eb4d03eb1413d24009b0e3d80b3fa1187e61bed24ca9dcaee9d6c6b7eda5c5

Download Submit
/storage/emulated/0/JXCP/aff/com.yxxinglin.xzid115477
Filesize
6B

MD5
8328002d9025596d84ad026f19895f0a

SHA1
763168363f99a7b84d3b273d9c599ed58f05f5e8

SHA256
ef825fd05f3e8f7080b3ed69b3e55a4249d2a5672bee5d56e116fd6fe6b0d173

SHA512
a78f18a4074793c0b4fa1ca4bfdd5935cdfc60a608205d812b1ebcf768baed87bebdbeffe6d15e044d117b9f1b901386ac12ce494a147620c5c1c4c45c0d12aa

Download Submit