d8c1d2d6e931f2af2235fafccc530a245b86ce7387d4e9321c8a57818644ae42

Analysis

max time kernel
164s
max time network
187s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
22-05-2024 19:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

685f159a2f88f7ac27b1c8b7fe31bdb7_JaffaCakes118.apk
Size

30.9MB
MD5

685f159a2f88f7ac27b1c8b7fe31bdb7
SHA1

05bb586d16cf595bd00c2c398ba83717670a918e
SHA256

d8c1d2d6e931f2af2235fafccc530a245b86ce7387d4e9321c8a57818644ae42
SHA512

4ef0927a3b84dda9c9e1e6d795667aa0810ca8935412021d48eeb260167b9ea298a3ad575b3c0808218386cdb4425e4177cc47178a0e5a369bef0b9283d25394
SSDEEP

786432:iaeDkxgxlnpZGLqbM6NXlT/LVoEoqoBo/boZ:jegxcYObzDT/LGJfy0Z

Score

8^/10

collection discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs
evasion

T1426

Processes:

com.xiantu.hw

ioc process

/system/app/Superuser.apk com.xiantu.hw
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
collection discovery evasion

T1430

T1627.001

Processes:

com.xiantu.hw

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.xiantu.hw
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.xiantu.hw

description ioc process

File opened for read /proc/cpuinfo com.xiantu.hw
Checks memory information 2 TTPs 2 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.xiantu.hwcom.xiantu.hw:channel

description ioc process

File opened for read /proc/meminfo com.xiantu.hw
File opened for read /proc/meminfo com.xiantu.hw:channel

ioc	process
/system/app/Superuser.apk	com.xiantu.hw

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.xiantu.hw

description	ioc	process
File opened for read	/proc/cpuinfo	com.xiantu.hw

description	ioc	process
File opened for read	/proc/meminfo	com.xiantu.hw
File opened for read	/proc/meminfo	com.xiantu.hw:channel

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

com.xiantu.hw:channelcom.xiantu.hw

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.xiantu.hw:channel
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.xiantu.hw

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.xiantu.hw

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.xiantu.hw
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
discovery

T1421

Processes:

com.xiantu.hw

description ioc process

Framework service call android.net.wifi.IWifiManager.getScanResults com.xiantu.hw

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.xiantu.hw

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.xiantu.hw

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

T1421

Processes:

com.xiantu.hwcom.xiantu.hw:channel

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.xiantu.hw
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.xiantu.hw:channel

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

T1422
Reads information about phone network operator. 1 TTPs
discovery

T1422
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

T1603

Processes:

com.xiantu.hw:channel

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.xiantu.hw:channel
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
evasion

T1628.002

Processes:

com.xiantu.hw

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.xiantu.hw
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.xiantu.hw

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.xiantu.hw

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.xiantu.hw:channel

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.xiantu.hw

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.xiantu.hw

com.xiantu.hw
1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4607

com.xiantu.hw:channel
1⤵
- Checks memory information
- Queries information about running processes on the device
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
PID:4869

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.xiantu.hw/databases/MessageStore.db
Filesize
36KB

MD5
6b5db35f52497aaf85205918ade6cb81

SHA1
1d06ee1691fc452511b0513da19ca1f9457dcd45

SHA256
e544b3ae004daefed536780f0ba5f0e80e4d0f69f9db1ba153de88a222029771

SHA512
0c7d9bc49c959751e171db2c66ccb089ea9c369ee69a6cd34027c57506dcc3206b28e9c5b4be6434d2ecc7027cd7bc5429e349fe7fd77f72021fb3f21ec237c3

Download Submit
/data/user/0/com.xiantu.hw/databases/MessageStore.db-journal
Filesize
12KB

MD5
1d0caee2ad9ba0d905c3e35122ed78ec

SHA1
1beb252038ade86e808daf986fa548cdb0a68740

SHA256
8fdae623e771cc01f6ba32a3a818cc614910d34d7f6f4e01fb83a47d548a63b4

SHA512
a1553c4469b6b9273c66eaf754f987370ba6179c02b5130f75194638afad0a7adec87ef9bca93bf8e52be71ec7c8aaa5037aafd9ea02254b7ebb893aee8cd4aa

Download Submit
/data/user/0/com.xiantu.hw/databases/MessageStore.db-journal
Filesize
512B

MD5
0831fd30b7eb595f964e6f43c10736e3

SHA1
b5fadb363444ca273989b5b5618fe502e088b56d

SHA256
e968a11fb1d404c7907115f475ad4f10eb6a32fa5cd1104a398106a707bdaa01

SHA512
b7fa0d251bb7984ece2f99bcbbc41b347271e39d6049157b7e484afaf4a89d72c698811ad46e8608478bb915145c2d19a7bf3510e8e7adcf277f8d84d882102a

Download Submit
/data/user/0/com.xiantu.hw/databases/MessageStore.db-journal
Filesize
8KB

MD5
026f5b096edc3201912d6e044d5b3dca

SHA1
dfc261a5b81f5d0db44e3d947f84e74597200d7a

SHA256
30e7f64e41062348ffa81ba51850e1c8ec4f75f22f707fc9f5918c16755cc853

SHA512
4748e14d8d9b7651bca93247e13795f9c8dc9ae7ffacb24e1277dea898384852bdd39140cfb87c6ebe0c93cb88f69d701ef191ac0709ddb46d6f362b20e7b04f

Download Submit
/data/user/0/com.xiantu.hw/databases/MessageStore.db-journal
Filesize
8KB

MD5
d19d44a981eb0624efa018bad24c683d

SHA1
3f80359de06d1acba75c30dd29183a4db9a00836

SHA256
aa51ec6f3424de0f7a7ca6aa798f0f7ecac8fb05760275d0bbb8209e332eaff3

SHA512
19321fb701c59d32920eaf5e4a55ee20f9a69382f4724c053a704be8ee9b50ede4602920f1aa29e7b523e948d67cb3eb8be0520a27f29ceee7dc9cca3e6cbd27

Download Submit
/data/user/0/com.xiantu.hw/databases/MessageStore.db-journal
Filesize
8KB

MD5
0f6a66169923c5e690b488d05e76219c

SHA1
c7c5b00d744404ecf40821e2d57e4bca00f67b06

SHA256
ab119e0097ea454b71020b138457d5170fcf29924181a22b81342a17ccf36fc0

SHA512
9df92dbed695eb373ff8b3352c5ffd7b9a045210e3a62dd0ce84d1ea225f33359365fa4b829933baad22d92eae1fe17e09edd7c02b78d16827938168b7b12397

Download Submit
/data/user/0/com.xiantu.hw/databases/MsgLogStore.db
Filesize
56KB

MD5
a860ba3e3a648f73fc11269ff9ea9c16

SHA1
7167faf1666bdb05633e945dddc3d6af6c35fd0b

SHA256
4087524ad761d0669a39007849311b2b0a32c1a62d0a7ff04d4a77d702bfe27e

SHA512
279991548672e18e99522e1402ab96a3b1887a6ccbfa350cab5c5f5096807beb647b9cef0a5668755798f8032e243aab9ea5f1cfcd934671153d54fce48ef8c0

Download Submit
/data/user/0/com.xiantu.hw/databases/MsgLogStore.db-journal
Filesize
512B

MD5
5e1bec5822e64d25ca7fc0259e73997d

SHA1
004ae2a16b5b533d7fcccabaf614259fb4f247c1

SHA256
9d96493bb3b69282edc3a8a26fad0d849d00b1ced30c163aec1bb7492989068c

SHA512
a2e22094d930c96763d1f9cbb96fcf70dadefb2382ae19183822425ea5968681df770b8f15679baec8389e3e07d8e6c1d926350dd7a57343faf1114e6382ffc8

Download Submit
/data/user/0/com.xiantu.hw/databases/MsgLogStore.db-journal
Filesize
36KB

MD5
7c0b5c6d1120bf3635cb815eb5e29f28

SHA1
cbb58092e164d3d098e750a608f3833f85a06476

SHA256
f2434b69ad5ddbdeb3796b9e34fa428cf6fc31bf987dee42c12816e3632a128b

SHA512
151d69445e8311fc78f40b5781e2e1f1d631e879e87a08d1076ac69d7ad5bbb8ee017fa4d5be934f9eaf1cd3a0aea87c40be405c2a601a845820d73705ec7a36

Download Submit
/data/user/0/com.xiantu.hw/databases/MsgLogStore.db-journal
Filesize
8KB

MD5
4f51d06d16a47c905e7271d066f1cbf9

SHA1
84e98455d37155aa96df3e8bd79f1076bed9db44

SHA256
41e35a42072bd39e4442e3ca5cc695870bc4a97bc26d46672b50e6867f39b67c

SHA512
8dbb6f8dda422e6288f5cc63efef960bbe7db7801e2bdac4a9b0194812ebb2e8bce88d92d07900f4218c3397776c2d1f0b99bbdd527b0f71b3c34d5c485a9574

Download Submit
/data/user/0/com.xiantu.hw/databases/accs.db
Filesize
20KB

MD5
064201502ce25754236b3b5c12e24c65

SHA1
e2c89961dcf8306440bc99f7b058ef4680eacf0d

SHA256
b4ef8a71919ac4b6ef9a895a991b527f5c3316fd6204eb815366c9614dc71f00

SHA512
3f5af9d3e7fbca1c0a3f9ad5a8d8d8e1d3b3e3c79cfda89b6baef007aeafb4ec5738626fca1f682b73b0305a94a4e2bf17c0bdd4fc7fbacb80ed02c7affa44a1

Download Submit
/data/user/0/com.xiantu.hw/databases/accs.db-journal
Filesize
512B

MD5
f09f8fbcf721fd945482ed53f2acfb66

SHA1
cb51f17878205d654ff591f1e0b056624390fff0

SHA256
070193fa7158795ab05a9a3507018a3d5df9acdd02032e8f36d619209262c150

SHA512
a0083093dece3c6440dc581c96c889361a2a0bbc2cedb7d511d8db771a24572b865366a407ebbf37cba64e197fbbc36d259323af17c61c0e4503dea47312863c

Download Submit
/data/user/0/com.xiantu.hw/databases/accs.db-journal
Filesize
8KB

MD5
64628e65ee0852e4a40ecf05e97a2085

SHA1
5b36ab28b6c3d95fa3b76b69fd939486446cda90

SHA256
b3f4ad2d5009d791f31da903bcfead003cd3ac0f625201ede1654bb23005e1ab

SHA512
4d7152661a34199b1ea7658ebcdcce574c1b8b10e9f7c54777ec242cd53454cd9ffb5f1de4e6d3c15e193cc75a2cc13b765cb5baf292e590a029bc1865921b54

Download Submit
/data/user/0/com.xiantu.hw/databases/accs.db-journal
Filesize
8KB

MD5
bf3d9413f708a454abc794a4fdef1e4d

SHA1
441d619a12bebb5dbd2e8b497172422d83fb734b

SHA256
ea7d16109e7c079e71b8c101ccbb1718128ab201fdcc0456f2372203a0c1dc57

SHA512
f575bf9473bbdb58ba2477bae6dd1f19c96ef491d6839a6775efb8b021e9bc8bd64012a19e37b0e3f30475ccaa5f7e440db796e6d2a2d7443484d969f4a12160

Download Submit
/data/user/0/com.xiantu.hw/files/.envelope/i==1.2.0&&1.7.1_1716406418961_envelope.log
Filesize
2KB

MD5
0b2a69383fcd802d96ea8552a24caba7

SHA1
43e4b3f31cfb2a32102d768b723aab74663ef074

SHA256
9252a3b2ace2bc465ca5b6d66bac815e85365270015440f29f1fbabbdb7ce215

SHA512
c3890527a03ed11a9945ad72c2576fcd8cd26322d83f7d5ce765daf124044666e0d50ece2f17aebb749474974754a2a2695c465a85036eba8376f10209bf995b

Download Submit
/data/user/0/com.xiantu.hw/files/.umeng/exchangeIdentity.json
Filesize
162B

MD5
d9334137f72104afb5085684c74fdc1d

SHA1
9278e50b5f98f20ffaf186a84cf6fe25549a0ddd

SHA256
89c851f20318b6ee0f7f1791dc813a33d7c718e42ab048d57b3836963869ea5a

SHA512
3fc31eb1eb33d0a80563dd5bb34a4c4a507e424f333794dc7a3c811a8e71747be3f6ec7263e8230bcfad9ba891fbfc489b68573876de24d73de0bfbfc4e0f3a5

Download Submit
/data/user/0/com.xiantu.hw/files/exid.dat
Filesize
60B

MD5
f560fdceca9cc7aabac25dbd815d933c

SHA1
3bb8b5dbfdbd3c4f8b60454899a3316292f39005

SHA256
336f65b6a8760cf51bdb7cf50365a15a3cf2993559590f958c017b640b07c585

SHA512
eaaa09e864d6b8dea226565e48d7ef77f9cef9d7476f52ad72ede25acc93b824095a5435a809fb9d7d34b1f6c635644c146a0f1d33d5ddbea5d1844c17a14b47

Download Submit
/data/user/0/com.xiantu.hw/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE2NDA2NDE4MDk0
Filesize
1KB

MD5
7d63c8910ff0c3dedbe7c757fe152bf4

SHA1
022065d8ce719e81b31d8102d4305173f0affbf1

SHA256
2772b0a965fe0741ea72d223045f0da32a98cfe8fa2ec9c7af6638aef014e7ed

SHA512
f2eb48828fa3fede39dbfcaf2da75280cb9d1d19da250391115120f28589a9faac730b84d473ac59fa22cc7e5ba442683363ad8cf646cb1f83ea1de149c7318d

Download Submit
/data/user/0/com.xiantu.hw/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE2NDA2NDQ4Mjkw
Filesize
1KB

MD5
457ac58f981386a12353dc90141e0715

SHA1
89ddaedb5cbd69541da23958655a1502f2c53551

SHA256
5b9b895b67c49aa1dc40df99f3094229843d57cc351a99b484d158bbc37ae380

SHA512
a5e35b45817854ef98fd7ed84f4674f582e192db1a4d1d8e4b3e985fc387e64e1a2092ffb71cf7b9e5f519693a7acfa19827ec65d4f3f795fc669bb7de600ab2

Download Submit
/data/user/0/com.xiantu.hw/files/umeng_it.cache
Filesize
433B

MD5
f938ca5d0b8e500f39ddbb110ede2ae0

SHA1
62d293276e7bb37fe1353e87959e64bf29051e3f

SHA256
29bdecd2c5ffbbcdea533d59c870e2550ee25d51a5259ac9fe4128c605bcedf2

SHA512
ad2f869c24817453a2c3647edc80b85453798082b017ebfeee6135ad6beafd7bad436885ae5d42941f445d2ec8be8e1f08e7935cfaf762e8f8eaea6f6b2ca6f7

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
111B

MD5
1dae541352629303940c05591dd9fee8

SHA1
136df24b184b44e197dc2443978ffd3d34e63b2d

SHA256
db373f94233b8678cf0c80b4622885b9c76133acc8a3ce2151c6b0f963216461

SHA512
81e578276d0b1855cc72fe00514c743f5170ad44d1b3c34b4115abe55d40984c5cdeefa65560e61f796df9a182fc748145e8dd77293a83c82d09f92417ab0b73

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
8KB

MD5
d96c772abc1a42579df34492141e994b

SHA1
4f5d3c2fa93c68510d4cca8e66d811f3cdf3c00b

SHA256
48340fbc04c9195226778532a26b1a2fa2a165b3a9f9dc255a010eb07158c584

SHA512
96afc4f2a3c4c5ec469304da1cb2fb5f0ea455c37297d90a21593c68827aa73b872a21d039690153bc10d6fcebd790e7cf5a22f20f44f92ad07594b036b5aca8

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
167B

MD5
03791621b98a8a9ae1b8d378d4d2af05

SHA1
4c127b4bf8176e23df56f25e99398e442bbd3edf

SHA256
9bf3d75d3f03d2249f30ae1d99548d9420e8ed899638813fce8b00f5d58e5ea9

SHA512
66f58cb816496b132e7019bc262aa62c79b51f55eb288767bf9059290ac87141bb06858ede936ccae2d22ec9257c0b6d11ea9e45b1d6acc75bb3ba92bbde570a

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
8KB

MD5
97bc72b17b8ae3b29c54d379e57f00b3

SHA1
8e8e1df4156ef560610127e66a17c78538b53cc2

SHA256
12cc14b3b98e843b381a49349beb88fa1b6a507f0534aaa8c994dd89d7798f25

SHA512
350bcb98ae53c4781272d26b07e81777d10646f440325b2e6a57004a119bb5def3d5830f7e03dfb4029f82e0157552be5a2757a363eb8fadfad3117b195e82aa

Download Submit