Overview

overview

8

Static

static

6

685f159a2f...18.apk

android-9-x86

8

685f159a2f...18.apk

android-11-x64

8

Analysis

  • max time kernel
    163s
  • max time network
    187s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    22-05-2024 19:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    685f159a2f88f7ac27b1c8b7fe31bdb7_JaffaCakes118.apk

  • Size

    30.9MB

  • MD5

    685f159a2f88f7ac27b1c8b7fe31bdb7

  • SHA1

    05bb586d16cf595bd00c2c398ba83717670a918e

  • SHA256

    d8c1d2d6e931f2af2235fafccc530a245b86ce7387d4e9321c8a57818644ae42

  • SHA512

    4ef0927a3b84dda9c9e1e6d795667aa0810ca8935412021d48eeb260167b9ea298a3ad575b3c0808218386cdb4425e4177cc47178a0e5a369bef0b9283d25394

  • SSDEEP

    786432:iaeDkxgxlnpZGLqbM6NXlT/LVoEoqoBo/boZ:jegxcYObzDT/LGJfy0Z

Score
8/10
collectiondiscoveryevasionexecutionimpactpersistence

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 1 IoCs
    evasion
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 2 IoCs
    discovery
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.xiantu.hw
    1⤵
    • Checks if the Android device is rooted.
    • Requests cell location
    • Checks CPU information
    • Checks memory information
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Queries information about the current nearby Wi-Fi networks
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4337
    • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
      2⤵
        PID:4670
      • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
        2⤵
          PID:4696
      • com.xiantu.hw:channel
        1⤵
        • Queries information about running processes on the device
        • Registers a broadcast receiver at runtime (usually for listening for system events)
        • Checks if the internet connection is available
        • Schedules tasks to execute at a specified time
        PID:4541

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • /data/data/com.xiantu.hw/app_06851326-179e-4f06-8472-d5e78a1ab259/be7b7b05-7ca6-433e-b4b8-e26585aa3a9b
        Filesize

        94B

        MD5

        2f615c3148a3d616a4d3c6cc7ffb832a

        SHA1

        da2260e80e5b5d58553405877262a6bf2790352f

        SHA256

        4938e50025b5e6b8ea639daa3c13e706003c22bdde1eb5b0faca99849a1ab987

        SHA512

        8e7709e07bebd2be655be40629f636711d7de67ed5bbac036957387bde9a5966ede6439caee99629c153f302e11e6763e236c25fcf850c0f80570bdf24db6ddb

        Download Submit
      • /data/data/com.xiantu.hw/databases/MessageStore.db
        Filesize

        4KB

        MD5

        6650485a6ed53983d72a949c81cab155

        SHA1

        d3c4780dbdde39978918896aa9ee7243e6de41c3

        SHA256

        4d820446cc74f375f1370b2c20f71ad95e7885f67164b0f773e98cdca5127afc

        SHA512

        f5de056fd5634113cc12b0fbe1ac37ffaa0c4d1ff98d8ac161694a5562f5ae097964a0ceefb580570343667c8f535656bf9e8940506058b3f8312fc8ea829858

        Download Submit
      • /data/data/com.xiantu.hw/databases/MessageStore.db-journal
        Filesize

        512B

        MD5

        00a6175008b070c70583d4bcf5a7968e

        SHA1

        c875e2b7057b84dfa8f8efab1104eafe4fd210e7

        SHA256

        3a13cac15b12f7b2be447db2aa0a54e8263a2d76ed3f3ff3af983917d1b66fa2

        SHA512

        4fd13dc0e21757a7703286ccbaf557cee847bd791af56674128f91e312618d8039d791b7e080866e1e187dc8adb111b508c5c18e18c7603c11ca3a3e40e7bf5c

        Download Submit
      • /data/data/com.xiantu.hw/databases/MessageStore.db-shm
        Filesize

        32KB

        MD5

        bb7df04e1b0a2570657527a7e108ae23

        SHA1

        5188431849b4613152fd7bdba6a3ff0a4fd6424b

        SHA256

        c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

        SHA512

        768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

        Download Submit
      • /data/data/com.xiantu.hw/databases/MessageStore.db-wal
        Filesize

        60KB

        MD5

        92b8f31d68f636b2aae9ea2cbb74cc03

        SHA1

        8ada2af52c6ff6e9614797915eb1cd45bb7d6f9b

        SHA256

        d4d3a56e9532f73e9355a5bad6dd8326620b877205ac64f3562719b4bb349137

        SHA512

        74dd530985042b645c20240fb630e6d57cdb107768c9db27bc5cef240ac4d6d985233e8b38e36f25cb41dbe5c273c5602383080b9836b1640315e6ae0f94a3b2

        Download Submit
      • /data/data/com.xiantu.hw/databases/MsgLogStore.db
        Filesize

        4KB

        MD5

        f2b4b0190b9f384ca885f0c8c9b14700

        SHA1

        934ff2646757b5b6e7f20f6a0aa76c7f995d9361

        SHA256

        0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

        SHA512

        ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

        Download Submit
      • /data/data/com.xiantu.hw/databases/MsgLogStore.db-journal
        Filesize

        512B

        MD5

        0f64fda200a05a47bbe48df99512a98f

        SHA1

        0694ec0152e2bca9d3026d930be82fd5f475b7db

        SHA256

        7f6991f7f469790ae987785dfdc59fbba12002e20ee41e3f3cf96be498ef5bc8

        SHA512

        2be46ec3b2b325a708256ae679936c4cac68a1c6aae417d110a9d74fa06fec80c1d41e82f2540d1ed1c51831d3bb3d2a4e8ab5a8aa331d8cc2fdfbd73ead72d6

        Download Submit
      • /data/data/com.xiantu.hw/databases/MsgLogStore.db-shm
        Filesize

        32KB

        MD5

        4a15f1151c3df3c93f22db64da1e0f45

        SHA1

        9fb472e50ed6dfc2fb732daca1522f14f951372c

        SHA256

        2fd8583a3cd17247b835354de1d9c795cb905e3145e164a340c6dbfd380df082

        SHA512

        7bd29c8d716b8a9e4196b29e5c6c91fe5e1512d3ae1df58afbb8bacd4f2d5a7a773de12356739659c006cccfc76121d551c267866e709e613f214567ba7f557c

        Download Submit
      • /data/data/com.xiantu.hw/databases/MsgLogStore.db-wal
        Filesize

        68KB

        MD5

        13315469f6d1084d574814d70bdfe441

        SHA1

        fe081d6f69c18e091c9cbc8f54cc89a0c6650ad0

        SHA256

        cd27e1c141f7c48f2e66411d6badd7833c424d20285ec877c74561dcdad0dc69

        SHA512

        bae9bb4d8bd0994448eb4a7ac07b8336a193f2a3b4e815cec7549428487d2db31778512dd21bc379cba22491bde2999144195da1dc1a8b2ec61641805d08d78a

        Download Submit
      • /data/data/com.xiantu.hw/databases/accs.db-journal
        Filesize

        512B

        MD5

        35169e07dcf96de526ea35620f54e8f5

        SHA1

        6f675e83295e2fed02445db713f2e0cbed567959

        SHA256

        21681dc7d8023ed974fbc6c9b9cf6b02170abe164f0cb228d156cdaaec6828ae

        SHA512

        980df2d7144a86163ecdf9b72b62b92eb270e11da68ee11064ce41b4db4c887c44885e862aa3112bb8dc8563139e4d07d33628723dc79e2f393ae3d7fbfb1ead

        Download Submit
      • /data/data/com.xiantu.hw/databases/accs.db-wal
        Filesize

        32KB

        MD5

        9404f7fc4e554b10bea94460cb293b73

        SHA1

        834bd7c1a2d24238e451e53deec2fab4b8102061

        SHA256

        85c97d7288d359a893369821f2a7894592378cfc02a36325d43e31d39c5abb1f

        SHA512

        57f2b0488816d21f0cae285d901950dd77dfbe615c857d3ff8b7d5e20e5ab8797c2f3aaa1547e57e545c6d0c584894ebedc11e89f014abe23c992900f08c7f8c

        Download Submit
      • /data/data/com.xiantu.hw/files/.envelope/i==1.2.0&&1.7.1_1716406449154_envelope.log
        Filesize

        2KB

        MD5

        cf84c28c10a683cec6bb6fcad1740335

        SHA1

        3b2654314302ad0c1a34511269a9e579fad37729

        SHA256

        317ba9e8b7e2a1d46230231e4ab66fca665a9b42e6b8eb8e199321183af39712

        SHA512

        9a9ff9a5702af04a99c1d02e62cb5168bd80ff2a48da993cfca9de3a006f9d9910f0568209f93c336323e09aa07ec7f8d9316fa52daeb41a557039b4454dc5b3

        Download Submit
      • /data/data/com.xiantu.hw/files/.imprint
        Filesize

        487B

        MD5

        4ab4b710f83f412af308ce0504aa57b4

        SHA1

        5d6e556967709387ab1da9c4a4eeb0380bf1112d

        SHA256

        1008760394c192ff2feab57ccfa82a93969aacaaaf275f00e8b391030befcffe

        SHA512

        727f6aeba2264060cb303d25aed76450c8f8ba9af24a93b8eabd9718f503e28830fee1242c7e66d524bcadc0fe856db02aaded3f2ca6755caab5ae137afa825e

        Download Submit
      • /data/data/com.xiantu.hw/files/.umeng/exchangeIdentity.json
        Filesize

        162B

        MD5

        4ad2d1097464f31866e0da3e23445f8a

        SHA1

        bda40fc4de549c1e69f0dee62602a85cfe78fbe1

        SHA256

        0cbc05671edbe074a018d1a65451941bab412ed370063cce59d274f247c848ba

        SHA512

        b65b16acf971f5c851d732d3191b366a6616aac54fe3a4c1b691702acfb3ac50acd21efd0a931d765e2bc54c701924239eb047480b482104eebaae42d9e6dda6

        Download Submit
      • /data/data/com.xiantu.hw/files/exid.dat
        Filesize

        60B

        MD5

        f560fdceca9cc7aabac25dbd815d933c

        SHA1

        3bb8b5dbfdbd3c4f8b60454899a3316292f39005

        SHA256

        336f65b6a8760cf51bdb7cf50365a15a3cf2993559590f958c017b640b07c585

        SHA512

        eaaa09e864d6b8dea226565e48d7ef77f9cef9d7476f52ad72ede25acc93b824095a5435a809fb9d7d34b1f6c635644c146a0f1d33d5ddbea5d1844c17a14b47

        Download Submit
      • /data/data/com.xiantu.hw/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE2NDA2NDQ4MjU4
        Filesize

        1KB

        MD5

        323a2d3cadd68c97853f067a4c7f8f07

        SHA1

        8ca6d94cf74f8b317072879358142df6b766cd5b

        SHA256

        2a04df56c20f6106c90fd01521e3ca51455c9920333427f4406371cb46933a3a

        SHA512

        a46949fc33ea225919c04793096f6f7a2989670e700b8f539c33a8aeb76d1c84a075991cbd5ee544bcf81b03380b7cd08a402f1659d60d079bfc0e604718d393

        Download Submit
      • /data/data/com.xiantu.hw/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE2NDA2NDc4ODU4
        Filesize

        1KB

        MD5

        3abf9525f099739ea403fb18d1f050ed

        SHA1

        54e3389c4de17efb07a54fc7a4442c5e46e1cdad

        SHA256

        2be4db3325bb3054cdf1c89301a724059a63f74e73a56715a55452b893e7057f

        SHA512

        0c633a28aaec11fa1932716c54ee43d982eaf93b5c3fdccbd1588e2ef9e86696617f676dc124c7a8368a83baa628d8a83d1737c12855b552f10fc5411aaee161

        Download Submit
      • /data/data/com.xiantu.hw/files/umeng_it.cache
        Filesize

        498B

        MD5

        9cbfd99d56664b4b856f230805936f11

        SHA1

        361747321aed74e9d7930a58c4f74b4e0a0d0810

        SHA256

        ec3ba47d339643a37b16ffbc2291b24b668ccdb74cb9609fbf72791bed4a2154

        SHA512

        616fa705697b7c6b43bb8818050cd2ad7284cf4ba4c069632a8cc95e1588dc03b887f9236f36b1f84cd02017ea6748119ef1364453a053acf5aaefa10fe25595

        Download Submit
      • /data/data/com.xiantu.hw/files/umeng_it.cache
        Filesize

        253B

        MD5

        0075d5a0a7ae18bbca2e6e1787b1896d

        SHA1

        bf98799f2b21c91103573f5b4c95f64398506eeb

        SHA256

        00fefef0f14b1c06fa5d326fb03fa8eb56e198f82a9dbd02e7e2c5c93273be87

        SHA512

        89e0bf67bcf247633241be3d1892f44128382592e28b83d0bc721b008d888c60b703f9b2c5ac944bb656c4bec2981dfebf7b1a2609f6eee62f25297803ab97a5

        Download Submit
      • /storage/emulated/0/.DataStorage/ContextData.xml
        Filesize

        48KB

        MD5

        79e47f45cfc1a99702a770204d6c8f5d

        SHA1

        134d0d47981d45af9153b88407ac1f9456cea28c

        SHA256

        63ddc02b50ede987af83233d893ea744a8648abd31297096d3adbba154d58192

        SHA512

        c0c0984bd377d090d24ae1e17136c0829e687fa6179e2bb271c45b6305832c4569ab8413abd0658276ef6b22bc9c73c5b548d1efd7564551c69ecddf7f563c2e

        Download Submit
      • /storage/emulated/0/.DataStorage/ContextData.xml
        Filesize

        32KB

        MD5

        2ddc6026a2094387316d04a7de2274f9

        SHA1

        93c83c0954e521c2d091dc014e88059291938719

        SHA256

        11b33ddd8b5dbc4ca23a58aa81b2194634aa70d3b80b779ec3f08611724e126c

        SHA512

        a3afabca39e965bed6c1afebce1f3afd9b24cfbbc153475d0a6699031ab74cdd2dc81f55eb64a1499a0fc5cbdb7ecc1e3d9bec75f8586953d7dcb0b7e1795cc8

        Download Submit
      • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
        Filesize

        512B

        MD5

        338af218f92c0cf6c438e887439d60fc

        SHA1

        6d77c9c3ce4bccd311b628c2c91fed8a6cd49ec6

        SHA256

        8cea7ee4fe17a7066407c720941133e87dd5cc7d7fe7fa6a5086ad06ec6d8e25

        SHA512

        cfbff9e5175aee8c3d69a1afe4d26aeb1e047fbdd454b5ec97a58a311b20ee841395a28b83a6d6e698afe3a7be4f5718b395a07c9876b6aa90e1852f73e5aa2d

        Download Submit
      • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
        Filesize

        167B

        MD5

        3cf11cce7fff333a93c8c6121202a5ab

        SHA1

        700fbac4bb34ea23da04d1ab56db488d2d17ba41

        SHA256

        c276c532b23276fa54c0fc3a227510898b471d00d63683640d07e4c3ffaea38c

        SHA512

        c6e3738c7fe4036a067891cc90baf5622c8e042e9500fcf162a8490218ed9e007f8141490e0a1ae4b9ecc86f89f0529c4a3f07c58487a407010e2fc40cef80ed

        Download Submit
      • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
        Filesize

        36KB

        MD5

        486e2bac2b3e9e1cb411d2838a4854bd

        SHA1

        81dd0a7537f4af319b830ae834908986be85da8b

        SHA256

        5644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57

        SHA512

        c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681

        Download Submit