6b952c801bb08ec236214a30d78dfeb235d92f7930e9a91bf8e76c3171be38a0

Analysis

max time kernel
179s
max time network
187s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 19:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

686d83aa9f5cec17daa52a4417882a0c_JaffaCakes118.apk
Size

15.4MB
MD5

686d83aa9f5cec17daa52a4417882a0c
SHA1

0525b609f86e209cf70737bd04eb2088f3c40263
SHA256

6b952c801bb08ec236214a30d78dfeb235d92f7930e9a91bf8e76c3171be38a0
SHA512

a91e14f139d3422c6a679a742c2448b0a57e51aa7cab711ffd9b9e813ac975e63d8052dc72b42875866bbfd7ac6fadb27b5e6e96ac21debb31c76f67cda16dde
SSDEEP

393216:NX4xNzFgD5+46rjznplD6BHhpXeUo6Xuw05OIw:NkNBgDoTjznOBHTXe15OP

Score

8^/10

collection discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 3 IoCs
evasion

T1426

Processes:

com.yxxinglin.xzid123139

ioc process

/system/xbin/su com.yxxinglin.xzid123139
/system/app/Superuser.apk com.yxxinglin.xzid123139
/system/bin/su com.yxxinglin.xzid123139
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
collection discovery evasion

T1430

T1627.001

Processes:

com.yxxinglin.xzid123139

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.yxxinglin.xzid123139
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.yxxinglin.xzid123139

description ioc process

File opened for read /proc/cpuinfo com.yxxinglin.xzid123139

ioc	process
/system/xbin/su	com.yxxinglin.xzid123139
/system/app/Superuser.apk	com.yxxinglin.xzid123139
/system/bin/su	com.yxxinglin.xzid123139

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.yxxinglin.xzid123139

description	ioc	process
File opened for read	/proc/cpuinfo	com.yxxinglin.xzid123139

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

com.yxxinglin.xzid123139com.yxxinglin.xzid123139:pushcore

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yxxinglin.xzid123139
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yxxinglin.xzid123139:pushcore

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.yxxinglin.xzid123139

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.yxxinglin.xzid123139
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
discovery

T1421

Processes:

com.yxxinglin.xzid123139

description ioc process

Framework service call android.net.wifi.IWifiManager.getScanResults com.yxxinglin.xzid123139

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.yxxinglin.xzid123139

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.yxxinglin.xzid123139

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

T1624.001

Processes:

com.yxxinglin.xzid123139:pushcorecom.yxxinglin.xzid123139

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.yxxinglin.xzid123139:pushcore
Framework service call	android.app.IActivityManager.registerReceiver	com.yxxinglin.xzid123139

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

T1421

Processes:

com.yxxinglin.xzid123139:pushcorecom.yxxinglin.xzid123139

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yxxinglin.xzid123139:pushcore
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yxxinglin.xzid123139

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

T1422
Reads information about phone network operator. 1 TTPs
discovery

T1422
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
evasion

T1628.002

Processes:

com.yxxinglin.xzid123139

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.yxxinglin.xzid123139

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.yxxinglin.xzid123139

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

T1471

Processes:

com.yxxinglin.xzid123139:pushcorecom.yxxinglin.xzid123139

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.yxxinglin.xzid123139:pushcore
Framework API call	javax.crypto.Cipher.doFinal	com.yxxinglin.xzid123139

com.yxxinglin.xzid123139
1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4296

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
2⤵
PID:4509

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
2⤵
PID:4530

com.yxxinglin.xzid123139:pushcore
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4326

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yxxinglin.xzid123139/databases/RKStorage
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.yxxinglin.xzid123139/databases/RKStorage-journal
Filesize
512B

MD5
d95497149b6b7db3fc36b94397200815

SHA1
c42f5a7979e8d45ce260bd129af5be7898bbe66d

SHA256
12569c3af547a8f1dbabb532d72369f65f243ebf8c069236bb232c20c8eec549

SHA512
8572ae30980cf5c77fa50b1f8d6369904781b7b9de82646c9674c25f555849ec60c1ed017db88ae6f8a685a7ea651be4d43648fc6c96c4e12a101f905c65aa0e

Download Submit
/data/data/com.yxxinglin.xzid123139/databases/RKStorage-wal
Filesize
72KB

MD5
3ded8c9cdb98bd61958281855aeb9893

SHA1
953c581ef4bdd9a1af414a507745323bc14d8e80

SHA256
1adef2c9ec46ae12f1d94593c3fd415b5bef4f0bdc11bc4ec5e21818735a5717

SHA512
6b43167d24fbf1ec45917c800fa50cb069668f769acd87f8cb2bc43dd1b888c68fad13bfa9cbf2ae827ce6940defea2290663a205bbf4c15de019d9d3fc83319

Download Submit
/data/data/com.yxxinglin.xzid123139/databases/ua.db
Filesize
36KB

MD5
0adda9c85a5e4808f5b1b74c0a8591a5

SHA1
5048107883ab1e345af9cf2e6849ce46e0e612bf

SHA256
1e17860bba2bb4e3e92df3890aa6dddc973d6602c71519a15556d37bb69de2a1

SHA512
646061d3d5849772511bd94e36ca2d775a9a672851629d1812942ec0f0f925714eb7d4ebac44889911320cb6710a2f586014f6b1e126739cab653c4f8deef2d1

Download Submit
/data/data/com.yxxinglin.xzid123139/databases/ua.db
Filesize
24KB

MD5
c6a51fd37210ae391d58399737b1e906

SHA1
0a6a8c3a41a5e031de0200890d4497533a0a49ce

SHA256
cbf497853fea807778fb6430a57a7561eaa7f00c395204f71637b10f1a56785c

SHA512
5afee389a5d00485fcd541fcfee20b2cf952dadc4dffa7ad86733353e6265bf6c6d9fb68d44198987705cd94d13c7aa409a3e660ceab65aeb3dd797ddd7ab9cb

Download Submit
/data/data/com.yxxinglin.xzid123139/databases/ua.db-journal
Filesize
512B

MD5
5437f3f506419771a426e4c76a8c09c3

SHA1
2f22a527ac45b946626380773b546458691ee3d7

SHA256
055f48892efe211f340455c4e300f3595fed2fd682b92090538cd0ba43f1adbe

SHA512
1a1eae707d329df7fab73ddd57a533214866ed252822be4bea34f1adbd44545d3962fb9c6cbb81040df7ffa32e6668b8e41170ece8fafd9f46e09a25b8042195

Download Submit
/data/data/com.yxxinglin.xzid123139/databases/ua.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.yxxinglin.xzid123139/databases/ua.db-wal
Filesize
48KB

MD5
a17480f66b2699f81ce492a8cc6e0acc

SHA1
8d2e187411a4e056b383f02d86faeb11873d7ee5

SHA256
5bf4c7cf2d33b4834b5514f476c9b742c715149568bf1bb724e6f95d4ec10feb

SHA512
313ee58c67ca8aae97d152d8c1294da2c3b1f925bebab2b3545ce3df69bfb365d32e7b2b74f281f8cb9d76e0192c8bc28381e5a31cb4f5a149ebdb6d696c6cbe

Download Submit
/data/data/com.yxxinglin.xzid123139/databases/ua.db-wal
Filesize
12KB

MD5
be8efb0ca9022f50ab8590d60aa465a0

SHA1
cd9c594a81cccf2c146ece4ab477eda82cfdec7e

SHA256
94420867080cebb8e8575acf6a2e987a4ccfb00cfb6ba8bc03270574d71b8c85

SHA512
c9c88cb264588b712eb9aa88b3137c9340670c7f761e84329344d43fa40ef7334d0f54c6249529bc66d41152c85378162d1b8a6dd7fc03ada6ca5df57fed4861

Download Submit
/data/data/com.yxxinglin.xzid123139/files/.envelope/a==7.5.3&&1.0.0_1716407816135_envelope.log
Filesize
1KB

MD5
2e91cc31b7bfd18f533ffe678e9c0fb2

SHA1
83f34548e10816d3f28a43634b00596e39115e1f

SHA256
ad61cb150ce99cc0c4f08d47f409c749bd1c78b095ad1fef89ed1a32b362bd13

SHA512
2ff0b43bb507a5d92124dcdb63c8dcb3f6c8f1312641791010c8988eefbf8f6ed9c6ec584ccffda968a3d23c7add5ff5bbe967406274a61811cdfd3814cf981b

Download Submit
/data/data/com.yxxinglin.xzid123139/files/.envelope/i==1.2.0&&1.0.0_1716407817323_envelope.log
Filesize
2KB

MD5
58a64064b1819d1e8a8e0ae2c087614f

SHA1
b98876c1a2cb56448e10936ff478a66aa3355c87

SHA256
10934340c83baf1610085b8f1d0c202d2d7153b2371245aee93a054091f344fb

SHA512
65b03edfdabebda872311e82346998bf2d8dedf7773f443e99529998e71ca2ffddf5db719f7f6a4da9241242c977194a64fc892d9d6589983b4a13294438580e

Download Submit
/data/data/com.yxxinglin.xzid123139/files/.imprint
Filesize
1021B

MD5
69c67805e7119a47fa097145fe7e8011

SHA1
fe5fc8d974387ca4b4c1cbf30fbaa759087498a6

SHA256
ee1b5f17eb3bb53be49f2336a1842dfc1a4e782beacf55200838d0300c00e0b6

SHA512
db66a796475a7104f0fcb46f09df6d88e31b8b46d868896d7fda2d22f2da65845e4a6b6b930597a2fcf222a519ec1798912de7085875e5bec817f14a6daabf77

Download Submit
/data/data/com.yxxinglin.xzid123139/files/.umeng/exchangeIdentity.json
Filesize
162B

MD5
bb3b902c27890f0a05646aec179805e1

SHA1
8dacfe9fee2f776ef407913471eba8c858950a85

SHA256
1b49fddfd18ef221c29ef0fff483c95509eb1403583b1bb897745d5d2fb65dae

SHA512
a0a82310d36988984681ec0a4d326ce353d0644e1f0cd261c06f85f1275dbd94463e2c14b5095442534555da81436c45de1342e81723176a60f5acb09cc4436c

Download Submit
/data/data/com.yxxinglin.xzid123139/files/exid.dat
Filesize
67B

MD5
a1d1b637718e98800fdb9f86f84e3085

SHA1
df1257e1ec021b864e6fe24d9a4884c4720ba349

SHA256
11dace4c740c445f60b3d7cc7c4a577686fb15f49c903ef9dba309226a80fe4f

SHA512
1eca2bd01aa7c6dfcd0412550eaf626dad64d6d354975d71e76c02c9ca88310439431728de913ef9cf12a9dc3a526a898f7cac95713e3e7131b42098aa21eda7

Download Submit
/data/data/com.yxxinglin.xzid123139/files/jpush_stat_history/active_user/nowrap/0e407920-7a1e-4875-9f90-2789d3339914
Filesize
159B

MD5
806d20da6a5346aa2ef24106055f4a60

SHA1
01d1ad19ee427f5b3472232d57eb4581a1e1e96e

SHA256
9c79d722aea58ecfac458b1d5569f51d7f40146bc5f3c43a88ab28828b663b22

SHA512
cbf447d72b8c58341502e267fced8ce4b4acd7249b3a437d9632c373254dbd130346f94f6bfbd0c7dd8b2a6ed6349d2fb3c7a27288721f76c8fa75c9c92e42e0

Download Submit
/data/data/com.yxxinglin.xzid123139/files/jpush_stat_history_pushcore/normal/nowrap/fba5c20c-34b8-4e91-a396-41ca5686c5cd
Filesize
202B

MD5
a8fd135e010857be4dff38ddb26d71da

SHA1
fef2f296222b5654ee27162ba6d1531e7cef2644

SHA256
10ab5d2941d6086a3730edd3092547a5a6bc294788b700b3ff2ea7edb2d5b196

SHA512
3b824d5ca2d6de119af82f97aca136ad328cc176a87e902ef9e5bc529112dc82c4ae588c982e50f312358c8ed862e39a46faf2b54f9ef36357e4734daf8864ca

Download Submit
/data/data/com.yxxinglin.xzid123139/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE2NDA3ODE0OTQ2
Filesize
1KB

MD5
3b98f3fbf58cc192560154fa0abf8004

SHA1
b248d93672ad9a93ca399ea3f48e433c31dec009

SHA256
dbda55a69a26142700253124517b385d89993b5189c27511d8cc0b6b9105ba15

SHA512
396d81a0753737daa3309e5d13f9127ac0cf981750cc2388e7dafca15230e997275b5e2975285431ccbe43c18c5d92880b733336bd92dd0f8c29d6558c40907c

Download Submit
/data/data/com.yxxinglin.xzid123139/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE2NDA3ODQ1ODkx
Filesize
1KB

MD5
923a1d51ce40332ad0277ade15b9a67a

SHA1
1a2c4f955429d67872bf99e9a363ada985fc2820

SHA256
f5296fb8f47c2f0d697ff1634f6054db1e2a1595e4309bb755329c9dbdf4308a

SHA512
dc263914ea680ae7d11f17542f26909af767af89bcb17656c7f7914c2e2c80943ebdfa313e09400b5acdb4b6b4196dae4cdc10afef9925ee63e8f22034d13641

Download Submit
/data/data/com.yxxinglin.xzid123139/files/umeng_it.cache
Filesize
415B

MD5
4b7f9aeeca714d39e9ceec6c02f0c5de

SHA1
08b099d3d8fb98c948fcd40f97a0d6d7cec0b89a

SHA256
abeccde7bb06c55a9c40143abb481aee210e3153b4516f75a8374e5024a207c2

SHA512
04de0b2cf01e22aa609f4022e0bc4330bc6a193cdee5193c777e248eb56e888548a5bbd8cedf3d6484187391d19fbfeab884f5850f3127dd8c37f5283bf548f3

Download Submit
/data/data/com.yxxinglin.xzid123139/files/umeng_it.cache
Filesize
211B

MD5
6f06ba0ccfc565575721c35421d57bfd

SHA1
5788a705488a553e9282238f41a5bbb4dc28fbb8

SHA256
b4ee9f8c08bc791340e1317e2a04d1e34aa88373e60963674212492e0fb86fa5

SHA512
4e4c16e59aa40f79ec68d422004b6a1ef8daa4edf900828674d18f5c72fbf7270c562d0d194fdcf6e876d3ae723d467cf29d83a4925354af432de209df779b72

Download Submit
/data/data/com.yxxinglin.xzid123139/lib-main/dso_deps
Filesize
156B

MD5
59fbb008f83abb75cc97233cc93f00d4

SHA1
7573db9cb7b34407d34bb845d0588e30a8c62c01

SHA256
7328df9341eb50ebe577cbbc6f0a4e1b1bd0721e4bc38751ada5acf4ae603c43

SHA512
b0c839d8ea2924934a5220eb1691393303704c9760dc42f1a5e67cc5e12a571908bd2f28b5a5f27a270aa3defc7f696ea404655dcc3e9931a8ec010a48e353ac

Download Submit
/data/data/com.yxxinglin.xzid123139/lib-main/dso_manifest
Filesize
5B

MD5
c06857e9ea338f3f3a24bb78f8fbdf6f

SHA1
c5a0a2529d2deb60fec041b4fbd722a2ebe31702

SHA256
957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027

SHA512
29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

Download Submit
/data/data/com.yxxinglin.xzid123139/lib-main/dso_state
Filesize
6B

MD5
d1e17855ff832a6bf9b9f6cfa565da49

SHA1
ecf8582c81a204e49d2409195c9da32d5b9707f2

SHA256
db75a995afd3befd7e90fe5e722a6bd31443d0c67409f2bb8ed1011134121600

SHA512
db4a5419a4a7328e5354fad905f069dd7c44f8232d0a4ba9fc0e23dac78da4d97e7d08cb83d90013a9d1cc6154b5f2e4f9eaff11c2a7eb64b459c019d704e97c

Download Submit
/data/data/com.yxxinglin.xzid123139/lib-main/dso_state
Filesize
32B

MD5
e2746fa867917685bab2c66946df8ec6

SHA1
24f1f37029641df6c68ad3dc3c2a3d67d89308a0

SHA256
7a1e91c0cbf794e10af86f1fce255b4f44bf79fafc86b63015851108fe0f3776

SHA512
83891df35e707f42b78cefaa6e827cc250e787c45cde712346a13dd220854bf3177b91824dd6c4b4ebc18a31413a6be27a22abddc75f2d7a3d8810eda298f26f

Download Submit