13df86d8fb6afba1492be0ba67e087c87e2bffcf4f6f085af3a68410d7a43a11

Analysis

max time kernel
156s
max time network
186s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 19:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

684b602f16f1f240db5850779cff9549_JaffaCakes118.apk
Size

30.3MB
MD5

684b602f16f1f240db5850779cff9549
SHA1

0e5ec14912c5aeadc4c9a1b808aefd28598bf866
SHA256

13df86d8fb6afba1492be0ba67e087c87e2bffcf4f6f085af3a68410d7a43a11
SHA512

710eddb0a9ece26f64007d8507fc8ea67892c678588cbc07b535ba99a33f11fc94ab7b37c1d9c60aeb8f2f9c2c17abef65f477636d8435aecad650dd4bb24d8e
SSDEEP

786432:ZscI1jIC7H2kMh2SZezZP0/sE4UzUZOQ5YKIQP4K4O:M1kC7H2LbeFP0/shmUZL5Yjo

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 3 IoCs
evasion

T1426

Processes:

com.yxxinglin.xzid28949

ioc process

/system/bin/su com.yxxinglin.xzid28949
/system/xbin/su com.yxxinglin.xzid28949
/system/app/Superuser.apk com.yxxinglin.xzid28949
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.yxxinglin.xzid28949

description ioc process

File opened for read /proc/cpuinfo com.yxxinglin.xzid28949
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.yxxinglin.xzid28949

description ioc process

File opened for read /proc/meminfo com.yxxinglin.xzid28949

ioc	process
/system/bin/su	com.yxxinglin.xzid28949
/system/xbin/su	com.yxxinglin.xzid28949
/system/app/Superuser.apk	com.yxxinglin.xzid28949

description	ioc	process
File opened for read	/proc/cpuinfo	com.yxxinglin.xzid28949

description	ioc	process
File opened for read	/proc/meminfo	com.yxxinglin.xzid28949

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

com.yxxinglin.xzid28949:channelcom.yxxinglin.xzid28949

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yxxinglin.xzid28949:channel
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yxxinglin.xzid28949

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.yxxinglin.xzid28949

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.yxxinglin.xzid28949

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.yxxinglin.xzid28949

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

T1624.001

Processes:

com.yxxinglin.xzid28949com.yxxinglin.xzid28949:channel

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.yxxinglin.xzid28949
Framework service call	android.app.IActivityManager.registerReceiver	com.yxxinglin.xzid28949:channel

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

T1421

Processes:

com.yxxinglin.xzid28949com.yxxinglin.xzid28949:channel

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yxxinglin.xzid28949
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yxxinglin.xzid28949:channel

Reads information about phone network operator. 1 TTPs
discovery

T1422
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

T1603

Processes:

com.yxxinglin.xzid28949:channel

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.yxxinglin.xzid28949:channel
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.yxxinglin.xzid28949

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.yxxinglin.xzid28949

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.yxxinglin.xzid28949:channel

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.yxxinglin.xzid28949

com.yxxinglin.xzid28949
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4235

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
2⤵
PID:4366

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
2⤵
PID:4386

/system/bin/sh -c getprop
2⤵
PID:4505

getprop
2⤵
PID:4505

com.yxxinglin.xzid28949:channel
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
PID:4555

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yxxinglin.xzid28949/app_crashrecord/1004
Filesize
241B

MD5
2d75057eaad314978a5a313a60a33bea

SHA1
efef28157a0684f749638fb10155125e2caae731

SHA256
380f33aaa39426d986062ca59d7a82837e861bc305e1c34d653977cd0f8d4340

SHA512
088402a311d379ec2b77c18166c8193f50912b8b9b69083311f7b519d87e5662e6fc51637bad24cbf4ec4ac2d9c672a9d93196e242a43a134406b76ac9a9a136

Download Submit
/data/data/com.yxxinglin.xzid28949/app_crashrecord/1004
Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.yxxinglin.xzid28949/databases/MessageStore.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.yxxinglin.xzid28949/databases/MessageStore.db-journal
Filesize
512B

MD5
5f1a5309e157fc144587e33258059301

SHA1
f375ec3860b246657ccff465b58462efbef56537

SHA256
349381fa7e68058f2e8befc7238b83b288a3775d8c81486f8356197b180c19fe

SHA512
0d3d52054bcb47f36e4806dfed79ba95e839c7f3d5c26f9d6dcb4efe4c7c6bed8b5b4cb9e94b0f60dbb7fedbe4507beaf5e4e66720824a4a2c4c8cdf4dce71df

Download Submit
/data/data/com.yxxinglin.xzid28949/databases/MessageStore.db-shm
Filesize
32KB

MD5
b835acb1fd30fbcfa648391a45c6d2a3

SHA1
df544701b59920d972e623086ecbf72f9afa13a3

SHA256
eeb996d1e5579acc8ca6a50d4bbca0dc84cbe517b13ceb88a893e5c1282143f8

SHA512
8899eb33ae605d1e9f2985597003b705df8fae59fa7284f533feeadbcf805702815122b8d109be6ec982cdd9195412370275fb40beebba89030aaaa5cc8bcce0

Download Submit
/data/data/com.yxxinglin.xzid28949/databases/MessageStore.db-wal
Filesize
48KB

MD5
4a311a8c0a5d93a8a1b1ecbe48f85aa5

SHA1
43e370f218d36902080d2bf51f58a07465b698e7

SHA256
be67feb749baa4b9a6d744207ade5e6461adcf822b0ae61d2d5702b847a410b0

SHA512
a7f9d9ab385fc50011b0ba1226c9686e5a98584f6d8a2b607f4d772328ff326a742185db959b8e0feffc634f6157018f627aef06383336ec91c505a4c5e6e674

Download Submit
/data/data/com.yxxinglin.xzid28949/databases/MsgLogStore.db
Filesize
4KB

MD5
8737aee5cfbc3c9ba53a32c3f0694586

SHA1
b1b373908b6d41ced0d479d4133a2df6e9c0acb1

SHA256
8ade83c1260b77867e70d1c132019e0ea27a4d357674996446052d4de038336e

SHA512
6db6b3866974aa431992dcddd0915848228a265185c2c14394c3dec7834205fe24b3733b6c06937e24edcc06a281d74c40b02ebac0bd6b71a37f1978b5c4570a

Download Submit
/data/data/com.yxxinglin.xzid28949/databases/MsgLogStore.db-journal
Filesize
512B

MD5
30b7d00e3f6ecca0324e8e6b88cbae51

SHA1
05274a11eb9473dad206be9144ef24219ad5c9d0

SHA256
3c96558c44f5f63c4a2a1d8945f2fa98018246ab793accfa4475d2ca4985f769

SHA512
271f92171a4762fa811405e6ac880e7bd542da7bdbf0c7099241dadc1d3f81dbd8d089dbb471345d41f77ea6c0b7433c7076d1c16eaa902db520f34f17446b3e

Download Submit
/data/data/com.yxxinglin.xzid28949/databases/MsgLogStore.db-shm
Filesize
32KB

MD5
d8af11d03778a073f7aa8bf29687f449

SHA1
a3217a31b54766e780864b22694f666a5e070ef7

SHA256
cfd1e5279aafff712259ba5eae4725fdb6218d14e5910b91895b89192c017a06

SHA512
d2c07cebd1178a8c39d320033f890b0e2dbdd06441e25d485685e718043d6a81b8adfcc684e30ee1bdbbf181b1914029e751815b1c8efaa00aeed9d6018c4e43

Download Submit
/data/data/com.yxxinglin.xzid28949/databases/MsgLogStore.db-wal
Filesize
68KB

MD5
dd067bfcf6bd7d8c2f6fedb338fe33df

SHA1
2e45d7f32dc278f918d2bb3647e99d8b40fddd57

SHA256
46b9291d47318eb32fa155bb3b04f224c4e964ee702912b52d45c9dd4cba22b2

SHA512
c4f572796c8b6574ccc3c10e88c2d176a0fb21e07f58569cc236935382570490afaa25109ed9546bec1cafd0970a01e3b4219f556338013557e10aec5c5af8da

Download Submit
/data/data/com.yxxinglin.xzid28949/databases/accs.db
Filesize
36KB

MD5
486e2bac2b3e9e1cb411d2838a4854bd

SHA1
81dd0a7537f4af319b830ae834908986be85da8b

SHA256
5644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57

SHA512
c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681

Download Submit
/data/data/com.yxxinglin.xzid28949/databases/accs.db-journal
Filesize
512B

MD5
775bb3f1a57a2619fbdf120edbcb88f8

SHA1
211ed7eb963c05073daf9c610307b0906bdddcd3

SHA256
375e20ebefc42419e2b537f67e72e3af74399052dbd83238dba05a5d65dbf13a

SHA512
cccd0001ab250b45cd174d017b3dd09915cc73e68bb10420ec7bf2d213069cd3f0f8e6ec088126af2fcda0e40fa63a0926fd20d00584ed61f7bc7a176d8d1db1

Download Submit
/data/data/com.yxxinglin.xzid28949/databases/accs.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.yxxinglin.xzid28949/databases/accs.db-wal
Filesize
48KB

MD5
8b43123f1da3874c385bbacf8a9e21a0

SHA1
21e1dab1f56f4fb812c7202fb3d1332cb84d8bc9

SHA256
30c04e8f6bcb96f391086027bb9da3954178dd0df3828a0d3c7af05aeeaae04a

SHA512
cb4f9e8b0fde3731e1c622fd35fc3ab647ba546c68da31de36b3c01fcfe82e320dd3c8e148299ba3c8532ad6a5d02bfb22b522ca35152055ad18d6a6f96af801

Download Submit
/data/data/com.yxxinglin.xzid28949/databases/bugly_db_-journal
Filesize
512B

MD5
10be717f685dfe7dcefd244ba5ccc892

SHA1
3348628146ff98f4616f2716f365f34437168228

SHA256
a29914d4b865869b96f6f318a92a630f89976b79b3ec5f9a82c28fe6b6d4780c

SHA512
e184eafa3f76b2134e20a1a7da06f01ea8bcf1da5598990804889d23c9378e4de899086cfb626954052cd6b57cdf00c3de32f2d7b66b3e6a04a02d9b1535db33

Download Submit
/data/data/com.yxxinglin.xzid28949/databases/bugly_db_-wal
Filesize
68KB

MD5
07d30b2c0822f6df2802be9267dff6d3

SHA1
10f338b4f4a74cc0063c870765b5e2f433fe677b

SHA256
3ee5c9b783f0657bd5fefd30a26cb382af5def0fdb9972a57cdd74713885020e

SHA512
9c13b97ca6c53575e3c4d7c6444b2451e109dae1396f0c9c2822398308db3176f6a4b7e98879c66b6344d9323281a37353928896f656cb8220de47bedf9c014a

Download Submit
/data/data/com.yxxinglin.xzid28949/databases/tencent_analysis.db-journal
Filesize
512B

MD5
7fbe2d50285e6383c8363aa332e43b8c

SHA1
3c1249812ea45675d19386e00271c1fcf097fe41

SHA256
aead623047149864e3ac16a61e43269fe858ef9ec7eec73840c7a1665946a993

SHA512
e9c86f8f38c3364038ebc69d580336038ea4bba8ee262ce396507b0a610d28d3e587600ac916fec8c72a0db84fb6c13a3eb2e00d0fcd5ec49ad0acc00a51f839

Download Submit
/data/data/com.yxxinglin.xzid28949/databases/tencent_analysis.db-wal
Filesize
76KB

MD5
dfea608e43eacf61a436e292d9171488

SHA1
1fb744e0eacac73370c303c7856cd0e0fa45eaa7

SHA256
f9f20b93a07630d3408a609108e34d1f190be71f9050a085a792647aa9609401

SHA512
71705e20c4b78be9560e04c73943188500657a8da6444680ac6f79595a9672e1728896cdf6d8c5b376a0b4c69a0a08c49d29395fe5f7294ef17e9e8d1059a29a

Download Submit
/data/data/com.yxxinglin.xzid28949/files/cclogs/2024-05-22 190418.log
Filesize
1KB

MD5
904b7c9d1801afc52ce5c260c6eb4495

SHA1
b487e599073451b34112497aba2b1469daf9eebc

SHA256
a6505c7418db7440b9b1100354efcd2bb2644d32c22d07728dc89d8bd714bbdb

SHA512
df58c9fb2d7b8bbf9e604afdfefd96c2d91d2d1a9645e5b54e76fb8ebaf62f7cd5521d84ce6b010815511bb185afbe5cbf081e44f9951f2c2f07e64441d6d442

Download Submit
/data/data/com.yxxinglin.xzid28949/files/com.tencent.open.config.json.101400326
Filesize
1KB

MD5
f526172de1566b34fdcea744710d9559

SHA1
000cb54d9a008a807a1c5a3fd2b2e7cb41e7939d

SHA256
8572be02b59f4d514000939ec04a9b4e2380c55265256b724a617d8d0f4c6940

SHA512
dc81f0fe345b18c96b1638c67b9ef4c5e60059dfc4a02f3c30a23645d4847abeef46cf467d044c42597115c48052ce0e8ea24328382114a544c5dfd039a95e7d

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
111B

MD5
8002cb74a022d11095ce81c87b8cf004

SHA1
650b4eb540c5047c978058e483006855d794c8e7

SHA256
ee4f68a4fa4d143e13c4f6f4614597179f2892dbe16ad1e0c3d363345f339819

SHA512
6969894ca4bbc13f483c1cd9198eb5677ce56585fa0d9ff7ebca51b4c4be0a462ace29d4a993b588c42dc237f368ff51189200e00278a3bf2d5c34a4c89ad55b

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
111B

MD5
6f28c71352983a9dc6e5bddde22e41f6

SHA1
f5783733af9cd1f6cdc0273270c1fa7219c027fc

SHA256
8fdbadbd1004cfc58dba47bc2500d40bdc06528cb4b4e616ee432bf5f1be7344

SHA512
0dcd80263a2c323eabd659f18efbfcd3bb52f07c9d97d8b755c60497c96bf712d5733d1b4b6eb48120212d9503cf324948e831899b5edb95aec94a5c0bde8266

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
381B

MD5
744c79b32b2d313abc0728e3740c3ef6

SHA1
7bc67f0dc559b6f6c5face7e6102237b330e5040

SHA256
f5317b784520bbae3a102a78bd4d71dfd2413261b2145fb48f2d3032e493e7e7

SHA512
86c0a04a02b608e2ea750852739a4fecb6bd1404179a3ac1048bdef7a7b809b94d95d9a40325c9a4a92b00aca2d74c48eed6d8cefa547178766e6366db6d02c1

Download Submit