e6b9441bf831daa31a34ad7afd9a6f6777381c2b367892000d9f42c5d01e3292

Analysis

max time kernel
179s
max time network
170s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 16:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

67f465f3390b181f1dd8d2b5c1eeb521_JaffaCakes118.apk
Size

3.8MB
MD5

67f465f3390b181f1dd8d2b5c1eeb521
SHA1

38eee93cb11a620f990819f9df5422e85c641061
SHA256

e6b9441bf831daa31a34ad7afd9a6f6777381c2b367892000d9f42c5d01e3292
SHA512

6497265bf748bd67b1369cf3822b803a9f99243792ec6930473aa49a1c371ef22bfe35d8c3efd252d602646240a1341836cc8a7ae86d4b7c475a94695c55c744
SSDEEP

98304:bGq6flX47Rh+qC4pWQlI4C380WfHkA4CulJGO+YeUAroPH9rs1:bGq6flI7Rh+qtpVlI4Tv/kHhWoPHk

Score

8^/10

banker discovery evasion impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.mayizaixian.myzx

description ioc process

File opened for read /proc/cpuinfo com.mayizaixian.myzx
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.mayizaixian.myzx

description ioc process

File opened for read /proc/meminfo com.mayizaixian.myzx

description	ioc	process
File opened for read	/proc/cpuinfo	com.mayizaixian.myzx

description	ioc	process
File opened for read	/proc/meminfo	com.mayizaixian.myzx

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

com.mayizaixian.myzxcom.mayizaixian.myzx:ixintui_service_v1

ioc	pid	process
/data/user/0/com.mayizaixian.myzx/files/ixintui_plugin.jar	4258	com.mayizaixian.myzx
/data/user/0/com.mayizaixian.myzx/files/stat_plugin.jar	4258	com.mayizaixian.myzx
/data/user/0/com.mayizaixian.myzx/files/ixintui_plugin.jar	4408	com.mayizaixian.myzx:ixintui_service_v1
/data/user/0/com.mayizaixian.myzx/files/stat_plugin.jar	4408	com.mayizaixian.myzx:ixintui_service_v1

Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

Process Discovery
T1424

Processes:

com.mayizaixian.myzx

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.mayizaixian.myzx
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.mayizaixian.myzx

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.mayizaixian.myzx
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

com.mayizaixian.myzx

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.mayizaixian.myzx

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.mayizaixian.myzx

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.mayizaixian.myzx

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.mayizaixian.myzx

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

com.mayizaixian.myzx:ixintui_service_v1com.mayizaixian.myzx

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.mayizaixian.myzx:ixintui_service_v1
Framework service call	android.app.IActivityManager.registerReceiver	com.mayizaixian.myzx

Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.mayizaixian.myzx

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.mayizaixian.myzx
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.mayizaixian.myzx

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.mayizaixian.myzx

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.mayizaixian.myzx

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.mayizaixian.myzx

com.mayizaixian.myzx
1⤵
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4258

cat /sys/class/net/wlan0/address
2⤵
PID:4583

com.mayizaixian.myzx:ixintui_service_v1
1⤵
- Loads dropped Dex/Jar
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4408

sh
2⤵
PID:4466

sh
2⤵
PID:4495

chmod 777 /data/user/0/com.mayizaixian.myzx/ixintui
1⤵
PID:4482

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.mayizaixian.myzx/databases/ThrowalbeLog.db-journal
Filesize
512B

MD5
5047f5662c9542f35424dd7a51aad9fc

SHA1
1dde1a3612a420c83687d45b60254e8a57fd2569

SHA256
0716f28bde4dc11fce727efd58361e36d38f48364d87e2ad664c08db9155e8ec

SHA512
73c9e81ab951202851faa4cf9315e4c45a043ed1454f355442ecfd95358e9d2d21af7eef1ab82105b2ce035711dcdfbf8461ccceba6d2a13dbc675c27281ca19

Download Submit
/data/data/com.mayizaixian.myzx/databases/ThrowalbeLog.db-wal
Filesize
64KB

MD5
c55b8b32e09de7564d3b427c634ec71b

SHA1
d9fef7f1643134a838a80369dd0affc4cff5438c

SHA256
185dade1dba77eac8f82638e52174e953c67c55801b512ec5df692a3b0023676

SHA512
28c8902d84856c8185d847836841763d249a5404ce0d61efcb4389d05a3f3911d25c7ffa31c065b89a49ab7005e68a2b0cd2f99b7c7cc02946969bf47ec33c7f

Download Submit
/data/data/com.mayizaixian.myzx/databases/com.ixintui.push.data
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.mayizaixian.myzx/databases/com.ixintui.push.data-journal
Filesize
512B

MD5
45453abe2de0f7764600ea1a721edd97

SHA1
c2325d868ff4885d5dc682214f3a1d3a5e9a2310

SHA256
1824a6b89ed1085e2fa33f626c6050ceab1050b270da7745ab9e5991c688893f

SHA512
12e7ab30f47b1e573ac8cd5dde384b0977b88157a133a89f437d625b131b2a3dc39b0c36d8ef6e1c93de1997d59e9284461a564257c873aab21d7e75e273bb75

Download Submit
/data/data/com.mayizaixian.myzx/databases/com.ixintui.push.data-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.mayizaixian.myzx/databases/com.ixintui.push.data-wal
Filesize
64KB

MD5
2e6ab3a9d756147405291507e8e71d4b

SHA1
6a43adca165c2522eada06d81258c0fedb3fb624

SHA256
94cfec3fc8dde5714e152ed35f7fdc2a6164e239879f55e3de27ab7a55893a7d

SHA512
5656ee6e7bb27553db76d4c48f61abd29fc23e488454fc9db6f4703718179896bd8537d7470eb5418439892c3f25a7b1ded982e3efe161a0dafc483ef64e55fc

Download Submit
/data/data/com.mayizaixian.myzx/databases/com.ixintui.stat.basic_db-journal
Filesize
512B

MD5
11b4f3fc98604ff68479f48c5f5ca71f

SHA1
790b95322e39372589e188f008ef00b25abc6cb4

SHA256
c4ff31368191d1932f4a7bffcf97cff6ee0c74e4028f57d1f6a1e9ee429815a6

SHA512
b95705b40dedbfe4da65113e1149504bd97ca5327a16e0fda2d0bb5a4bed05f660db6df3181779fbf2df9c3d9bf454c9d907284eb031b14f71df013271cd52ca

Download Submit
/data/data/com.mayizaixian.myzx/databases/com.ixintui.stat.basic_db-wal
Filesize
108KB

MD5
38e5abf2e8fa92909ace7cdeb5929a15

SHA1
6e43713c2e0326bca787120e2f9cf5021ef1c009

SHA256
a465c183adfa8a28ae06701cafdeb680798af0f15f8ebaf20c8b1cdd38daab6d

SHA512
13368029495cee6294bb299d61b738072d7eddb5bae61c6fc291ba1be4a5bc330327dbbdc56cb98fe39747c280c7fd8d41f0eebdb0b837b67548ea72e2b868ed

Download Submit
/data/data/com.mayizaixian.myzx/files/.um/um_cache_1716397164978.env
Filesize
618B

MD5
994ef7fc19f696982651d193f504c3a5

SHA1
fe973921045972d1149bbeb18a6f2a40eaea335b

SHA256
c238baaee94a6053d995a0dc3c5e2f8e2eb5c0f9741ddf115f44ddf711f4db8c

SHA512
0109bef875a130b17d9c051c84c3a8d62acdbf1873b52ed46abf8d7da1facdbdf1be535f78abfd0a053e3ccd62d61b0a73ae33fbdbbf384127a831995b4e41ce

Download Submit
/data/data/com.mayizaixian.myzx/files/.umeng/exchangeIdentity.json
Filesize
162B

MD5
3ca8e799d26272975d3bbc0b51f73acf

SHA1
9452b2248f293ffef499d7731346921716900dbd

SHA256
68ab2ff93a4840cb704fcd3f22429a00e45f85c44a40014232c9edd6f8c68451

SHA512
df8b167eaff7a3c36e937a1184321727f2bac0be89098a0798981b475338405d7f93fe42c1f300134ac5c050d7982a3d9828ff205970e37662ed6396c3e4052e

Download Submit
/data/data/com.mayizaixian.myzx/files/ixintui_plugin.jar
Filesize
54KB

MD5
0fd5745abb8efd27d19339cb8bf74c31

SHA1
0514c079304f4ca950dca9c5071fc8f149a644f2

SHA256
fee09a01b0393e0ee0d4e344b798d990be0783be31b6d8829a6aa9329928a848

SHA512
598e6cd7ab9c7147cd532d3c491e3a7158068b7024a8293c9c99cb32e5d1dce0800e3f42b8914380156a0901973c9ced495aee3d9c628f674bc0b23472d2bb96

Download Submit
/data/data/com.mayizaixian.myzx/files/oat/ixintui_plugin.jar.cur.prof
Filesize
337B

MD5
b79f9a30ce369bf78e5679930fab6611

SHA1
9c6dda4077e8b6d16d853b848d3b0475d510c82f

SHA256
e4c9235cd3ac560b937627d6223a5b24c23f24693c3cc7a6b8acef48d0656903

SHA512
0528ba4f0284ba210c7ab828c44cbf40dad02c29f9a5d36a7991defcada5bf64fdaa20024abe1e58978b95571358149b272e17e78052ce87ee6b0049969f450d

Download Submit
/data/data/com.mayizaixian.myzx/files/oat/stat_plugin.jar.cur.prof
Filesize
115B

MD5
43034cc2f3f0ee8a6e19c10421521083

SHA1
e969fa65f10d8f1e742d7418f919d52f95554e5a

SHA256
e183ad362345bf23c31fc70eab961df2bd82ca9f2cc6bba4f01f9b3a13b3615e

SHA512
038aaa33b06e776df8d9c44f2a33af9401fbd1823a5916ac50409325efc72d6e81b97c70148aeaa72a04b184b1551a2aab2fc497f209353347b77a0782dc7531

Download Submit
/data/data/com.mayizaixian.myzx/files/stat_plugin.jar
Filesize
11KB

MD5
6407165af23fa8b3ecf0d65664d316e0

SHA1
60a74d827d9b9d80344e9f8669dc520f6d1f5a1b

SHA256
66b2e6169631facc018b1ceb4c7b15b406abe2fcc0d04207ad185ea53304b4fa

SHA512
c06fc91bc9d9637c634d2e08e90295885c76a765444d0e552d33630c5f591870bc0a8b823d6e26394de131f610a0f72829e42999a4bb38f2894356a410be564e

Download Submit
/data/data/com.mayizaixian.myzx/files/umeng_it.cache
Filesize
310B

MD5
0548a8041e3666c1179cb899c918acb2

SHA1
7b6bb524cb44c92e27c9b4f7e763ed1539b460f3

SHA256
9edbd5d428baac20af08305e0ab27ce95e78d5c6b226e580a33ee46b134fe48e

SHA512
c89df8c40fd802c4e0a2b911dc6b1863d2bef491bc8f66769f6e08dc3e9f14e9a02398680ac44faf0dd14bbf6c4e2b6a7fa750909c210560ffa2c37e17606fc2

Download Submit
/data/user/0/com.mayizaixian.myzx/files/ixintui_plugin.jar
Filesize
119KB

MD5
3bcf8974e4cdf927afb37d9e62e8f5ae

SHA1
cb28d4153b06de6f278888be699a44217ace784d

SHA256
d47323aae8216609741ff960eae9649086451d4399c67fb813b6a2f6abb2f841

SHA512
83cbaaef1cee4d83d184e4766708239829d3c512864fecc9e9d75e7318d6bde45bdcde472d116c9effdb70d13967709fd4d7eaaf9b4a58dfc0ec923437498e04

Download Submit
/data/user/0/com.mayizaixian.myzx/files/stat_plugin.jar
Filesize
22KB

MD5
fbfd3d5c8dfdfb06f712bbc4db2645eb

SHA1
0bcaac6931feb1262c618c12040dd43ad13d0b61

SHA256
be9ad9cfad08657b6ebb1a4ed6ab1dc24d817cac644605bad6fa85b3ecbc8059

SHA512
07401ec8e2024ffce0d8264e9ba6abd061c3c16f33acbb3836b9523e0969ff1fc48f8d84621fa7d2f50390d2cab730d2a3467e8e90f2f60dc929e63ee2af8537

Download Submit
/storage/emulated/0/ShareSDK/.ba
Filesize
377B

MD5
6a3745be7f7fa0cdfad2037824e34300

SHA1
4e7f86dc0032e328311fb026d0b4de87ea2e1a6c

SHA256
2d8cfdcbbbffaff0848df059a890576963daaa0e0fc8111305b8d1f041a1c455

SHA512
cb8ff2f731f844e1dba81ab9c862fa42cfc3173d1970e3682e32340c579251bd924ec5a9ec62226c61b36a5ddce06ae7735988548ace750d310135f502494243

Download Submit
/storage/emulated/0/ShareSDK/.ba
Filesize
476B

MD5
461f46495eabd31559cb3cd640a4053e

SHA1
352077ffd8cb2b9d8dea1abf0687a190cb4c6014

SHA256
18b585dc37c73eca876eadb011e65ec3dee4a2d0d2f55cc79bdd3666c385a03a

SHA512
26e21df942b8b6829df5233601d0829f470ae907552c1b5680402c6bb744fa616e64d6bc0e5391bb5e6a79c8c212eaf845b5faa961896aad67112d6938cf3dd9

Download Submit
/storage/emulated/0/ShareSDK/.dk
Filesize
107B

MD5
3f2be1e244aa8d0567aa17c350ac5559

SHA1
349ffee1126f20a1920367b60bd19785a8dc4399

SHA256
2f892808106d63db25390b3ce94df8983484a8a544a678c654e934424c37c717

SHA512
bb3be59a9dcabfacb7e672ace4ba361d7e412b58abada055bd09d6e9c5fe0aa427a09911f3a53cb4833240e63fa59ed51a8d4bfd8db0557c856a537c22113178

Download Submit