6b952c801bb08ec236214a30d78dfeb235d92f7930e9a91bf8e76c3171be38a0

Analysis

max time kernel
179s
max time network
188s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
22-05-2024 19:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

686d83aa9f5cec17daa52a4417882a0c_JaffaCakes118.apk
Size

15.4MB
MD5

686d83aa9f5cec17daa52a4417882a0c
SHA1

0525b609f86e209cf70737bd04eb2088f3c40263
SHA256

6b952c801bb08ec236214a30d78dfeb235d92f7930e9a91bf8e76c3171be38a0
SHA512

a91e14f139d3422c6a679a742c2448b0a57e51aa7cab711ffd9b9e813ac975e63d8052dc72b42875866bbfd7ac6fadb27b5e6e96ac21debb31c76f67cda16dde
SSDEEP

393216:NX4xNzFgD5+46rjznplD6BHhpXeUo6Xuw05OIw:NkNBgDoTjznOBHTXe15OP

Score

8^/10

collection discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

T1426

Processes:

com.yxxinglin.xzid123139

ioc process

/system/app/Superuser.apk com.yxxinglin.xzid123139
/system/bin/su com.yxxinglin.xzid123139
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
collection discovery evasion

T1430

T1627.001

Processes:

com.yxxinglin.xzid123139

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.yxxinglin.xzid123139
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.yxxinglin.xzid123139

description ioc process

File opened for read /proc/cpuinfo com.yxxinglin.xzid123139
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.yxxinglin.xzid123139

description ioc process

File opened for read /proc/meminfo com.yxxinglin.xzid123139

ioc	process
/system/app/Superuser.apk	com.yxxinglin.xzid123139
/system/bin/su	com.yxxinglin.xzid123139

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.yxxinglin.xzid123139

description	ioc	process
File opened for read	/proc/cpuinfo	com.yxxinglin.xzid123139

description	ioc	process
File opened for read	/proc/meminfo	com.yxxinglin.xzid123139

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

com.yxxinglin.xzid123139com.yxxinglin.xzid123139:pushcore

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yxxinglin.xzid123139
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yxxinglin.xzid123139:pushcore

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.yxxinglin.xzid123139

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.yxxinglin.xzid123139
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
discovery

T1421

Processes:

com.yxxinglin.xzid123139

description ioc process

Framework service call android.net.wifi.IWifiManager.getScanResults com.yxxinglin.xzid123139

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.yxxinglin.xzid123139

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.yxxinglin.xzid123139

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

T1421

Processes:

com.yxxinglin.xzid123139:pushcorecom.yxxinglin.xzid123139

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yxxinglin.xzid123139:pushcore
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yxxinglin.xzid123139

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

T1422
Reads information about phone network operator. 1 TTPs
discovery

T1422
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
evasion

T1628.002

Processes:

com.yxxinglin.xzid123139

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.yxxinglin.xzid123139

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.yxxinglin.xzid123139

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

T1471

Processes:

com.yxxinglin.xzid123139com.yxxinglin.xzid123139:pushcore

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.yxxinglin.xzid123139
Framework API call	javax.crypto.Cipher.doFinal	com.yxxinglin.xzid123139:pushcore

com.yxxinglin.xzid123139
1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4656

com.yxxinglin.xzid123139:pushcore
1⤵
- Queries information about running processes on the device
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4693

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yxxinglin.xzid123139/databases/ua.db
Filesize
36KB

MD5
4a8120c91e3143b2db43971dbc77cf8d

SHA1
37c5700d35059c4e0a718ced73b3d73ba5d2b277

SHA256
1fa1b6e6bd75bcef64d35785e2fd6f2e73dcdf92dce73c8b2a8fed49746d53bb

SHA512
465cd282927e30a0a894a75ad261feddde5a31869c8cea6b548362afce08fbb7cff7a784bd1d62c3e4c95916ce30e758d3919dd4cdc13176f29d68c2620c185c

Download Submit
/data/data/com.yxxinglin.xzid123139/databases/ua.db
Filesize
24KB

MD5
3638b34b56bc715fe238ca5bcc7fb468

SHA1
82edc5693b461acd58377f4b02e982415f0f3298

SHA256
e12aafef088dffd2f0848811f1f9948784162fc0e2f0195d77571238ec95635b

SHA512
ef216ccf99a8ff5819cc298e99c3043da0a94e745a157f2dbd9882b34575148209eb10a74498b3558a5f802a8091600ea012526b9caa87cea36f6b51ff4c3d3e

Download Submit
/data/data/com.yxxinglin.xzid123139/databases/ua.db-journal
Filesize
512B

MD5
544393b51dffd711a33888d507605739

SHA1
7ff2da13afec50877f42c65538681a8af1940790

SHA256
2979cd5db160c402f08e77b7616af6b2e44c49ae8c038a5bf5f4175394dd51b1

SHA512
e88ed82e35ce627dfd0a529bc9124f6fa110523000096480f2b30ff626e4e2871e7bc4b0f41c3a0af83173c8a4763badb92c006723267d7e9e6e9bc73d4a49cf

Download Submit
/data/data/com.yxxinglin.xzid123139/databases/ua.db-journal
Filesize
8KB

MD5
d947e49feb61ff0daad6195fbaa32531

SHA1
e13f50ac3431a2489d5b58eb2a1256973512f479

SHA256
1f232611707d6f63793b50c5f35a11dad7a6cceee1a1eb8b270af847e05f9975

SHA512
3ebd9c886b496c91ccfa7e5680c9cffce91e7a0c7b2ab80c649ce16cb4d750f85c87950a6b973e8beca4debb7a3236c5f852d46a150ca2b741159f1e7c36844a

Download Submit
/data/data/com.yxxinglin.xzid123139/databases/ua.db-journal
Filesize
8KB

MD5
625aa00d1f76252855af8ee03fc59f30

SHA1
20514321d18a90744c3432c56610fce32c15fcc2

SHA256
54eb7999019ef65d32cf5e44b513657d9a605d6602a3f3ed0095fed35e7c3c40

SHA512
2e6325a34882a7ed621b236de57a65172be557957c75ab25eeaf0f172b8d024ea0ff4c6a500e006024b20a898e3bda6068221ce755a798befff5c09a11da4866

Download Submit
/data/data/com.yxxinglin.xzid123139/databases/ua.db-journal
Filesize
16KB

MD5
c809502678c630c9a86b12e8ad6b1917

SHA1
0a6a243477e6952fb993a3ca6e60c916e9ee1a89

SHA256
2985357e70ba4c3119b2db15b37e4c1e8689971d808957db1a76c2b712728ef8

SHA512
56d6787066d14396c1e037d80b5fda485edec4fd79f669443eac065a051e76486a9f8ae6b31ac04de4cfd8fdc547e25c186f9d9e2365c9276a039362492450b4

Download Submit
/data/user/0/com.yxxinglin.xzid123139/databases/RKStorage
Filesize
20KB

MD5
c4af11713a64f1af1066867a57381c59

SHA1
8636900c5784a2f10ede61429f7c6829f283ccaf

SHA256
bede8a95f94206ea233bf9b5176bb66ae6016fb467a64baae259a53cd27b3432

SHA512
a7abbf7974da3402a1f1df51265ea37470265843a75bfa5f914da9e1c707141103e108fa91db2911522d1d3e893f338bde82cdfd6706bbd2296b731cb713c1ad

Download Submit
/data/user/0/com.yxxinglin.xzid123139/databases/RKStorage-journal
Filesize
512B

MD5
25ac99092328c7edf792624c41959149

SHA1
d992f8d2d727da3adc72d470351a9b6392ade1c4

SHA256
d801178ebc21b9eeb246511b757b4be58b4475f4a6b7849fe9c955462db66e3a

SHA512
7912c112798e3e45b2a23f01e4d175f9025de295736a03e5483a064ce5a9dd366add50531407610910f7034bb7477451aa54206135e6ad5ade3c4a82ba0ba33e

Download Submit
/data/user/0/com.yxxinglin.xzid123139/databases/RKStorage-journal
Filesize
8KB

MD5
8b79e797d55292deeb6570bed4ea135c

SHA1
9b2710e628250b74f2d4a5b5f489af88662713e7

SHA256
cd4eef01ca80f6a55526db3cf6b398188008583ef33017bd71781805689b79ce

SHA512
4c208181c4833762ebfe5328ab6d8a8bda066b299f0c2875ea63e80542a0198bd7ab9257cb45977dd7c42852fd199ef7a4aefc8a2ce66c7ce41e4d6041d833ad

Download Submit
/data/user/0/com.yxxinglin.xzid123139/databases/RKStorage-journal
Filesize
8KB

MD5
064f76b621d849ce06265b1cc88e81a3

SHA1
60d6fa8a02883d3ebefb31de1b00e88fa2aae0d3

SHA256
5b7ed5bb3bf68d4efb02c844d4ec497ea2f2398e85d385476f69a08cb38eca25

SHA512
6535d4b804c66c84ccf7fb5e07eb3ee08b78c119d5dcef878890c2410c38e938427fb18277eb8a5c51a4a2f8bf11dfd91c0d0f66070736826ebd1f63f8e7aee8

Download Submit
/data/user/0/com.yxxinglin.xzid123139/databases/RKStorage-journal
Filesize
12KB

MD5
b83a51cf93ba7382b614c3b19763f7d8

SHA1
5e67c491c9f9b3f512c260279799d53083bb0d7b

SHA256
d2d066a1afa45af5b5e4665b218d47866bd3aa9785eece944bf43184ccf83af8

SHA512
11ccea6a3f3a70dd32dd9f91ba8404b9fb7d4913a8ee4964dc47ee36ed37bea2879feac69975ed6846b27ca62b752db8a8f0eccd867602272de6ede3d9eab42f

Download Submit
/data/user/0/com.yxxinglin.xzid123139/databases/RKStorage-journal
Filesize
12KB

MD5
c92849c824d5e2c4cd187aadec4c4159

SHA1
1383e53ddcfa5d3f7136dd4fd41cc3492e9624ba

SHA256
8a3d47e6b435c5d929970f6503efcb1dcb1cd23831f33f292c7ff8007c08fabd

SHA512
3daf3ae67d4f09f9b3615ee472dd73abd3efaf7d8e1e9fee3e874db86a18b115ed40a0310fb00cb2bcdfc99691f9630c1797f8b78570a224b0749c32810c47ff

Download Submit
/data/user/0/com.yxxinglin.xzid123139/databases/RKStorage-journal
Filesize
12KB

MD5
48d2986dfb2d44ae7b3898b6cda5f796

SHA1
d7e1895d08a19311ffdf2ed8c9eab3f42d37201e

SHA256
ef3f2564cbf194d2a435e26f55b640a719b8b77d24c4aac91d252cb9cf88758a

SHA512
0d19143c9fbc2a685cec97f5fb99e18f3a37414815f9cbe4b1cf5a4973683e878343f249c6f88dd6951c81c93f1997cfae9c1381f96fce7584663609b583ffa1

Download Submit
/data/user/0/com.yxxinglin.xzid123139/files/.envelope/a==7.5.3&&1.0.0_1716407819171_envelope.log
Filesize
1KB

MD5
46acf03760038ab336450aa9ed339ed5

SHA1
f56463cd35e1bd6b741589a4b3fbaee1b6642f40

SHA256
492f319a49b2671e23769cad5f676b2d1e82bb5cce8a71e43c8d7861640b4272

SHA512
a59374d1d5845e67e49dceb80a1b869b26f9bd40b1f89f7965521f60fc8f8a5ca5eff8ae5aaacd74e98c6d28d1e7de6174f3cf93ecc3156bffa35f2157549318

Download Submit
/data/user/0/com.yxxinglin.xzid123139/files/.envelope/i==1.2.0&&1.0.0_1716407819729_envelope.log
Filesize
2KB

MD5
31669f83860ec036b80891706d190ba4

SHA1
56e451fb3c55d037583dd9a3b844d39cf7a292fb

SHA256
5c98d7019983ce33ae5b1906300c01e51787b45d6cad35ccfbeeb8a8f6853d1b

SHA512
41d541d3497256abc0e4efa61992853878ec9f866b39498955c782db5f525d5d13210d4ed4cda6d607d7136e8d3035751aa3140a8c958d2d0fc5e6bf7967a918

Download Submit
/data/user/0/com.yxxinglin.xzid123139/files/.imprint
Filesize
952B

MD5
28c4dc4c5119cb9b92c7630d4b96b13d

SHA1
88435e27d6b723c02aad830387256f7314769a8d

SHA256
ac216641acabe7005329922d92516ea9c54a3c4398e2d3f1031d6283004aa923

SHA512
9b9a6f183228c14636959e75054d62d87bdb04eaecb64ebe92855f9a63da9eefa8dac6f2ce5ed6695c1662c82ca9ca1ebc7af56c0843f715fd0e7aac8bc5370f

Download Submit
/data/user/0/com.yxxinglin.xzid123139/files/.umeng/exchangeIdentity.json
Filesize
162B

MD5
367db315f7e4fe6d102cb9a0bcf240d0

SHA1
c24e447fb06a48d93da66f43876982e6104ef637

SHA256
46c078283eebbed47e7d37d4591fba76080ff68d7e5137a3b3c363739d0258c1

SHA512
8fccc8f4ae5e6ee228d939f30387683230680d6c7aa0d53edc564dd9a547956b8e954f44b8698d2f57f41441d246e8380e214661d064a6bbea42264ff31fb70b

Download Submit
/data/user/0/com.yxxinglin.xzid123139/files/exid.dat
Filesize
67B

MD5
a1d1b637718e98800fdb9f86f84e3085

SHA1
df1257e1ec021b864e6fe24d9a4884c4720ba349

SHA256
11dace4c740c445f60b3d7cc7c4a577686fb15f49c903ef9dba309226a80fe4f

SHA512
1eca2bd01aa7c6dfcd0412550eaf626dad64d6d354975d71e76c02c9ca88310439431728de913ef9cf12a9dc3a526a898f7cac95713e3e7131b42098aa21eda7

Download Submit
/data/user/0/com.yxxinglin.xzid123139/files/jpush_stat_history/active_user/nowrap/6498763d-8ebb-457e-adcb-07fb9e2a4b3c
Filesize
159B

MD5
79afccfcd8d80628472d119a73099327

SHA1
a1b30522d419f6a32ab35da5bb09c896e7858faf

SHA256
97e81a28588e3f95a1c3b26094c3d8f9bd0cc414bfa3957a998d393f08fcc1d8

SHA512
3dc521b362d6b7c8358c4a9c6071b6a5ea64b1395b0b962936b90bb5bf45d8ee37a3b7171016ae58465be0b7d4b8d1aca88bccf47a8281bfd6dc26083a4ffb13

Download Submit
/data/user/0/com.yxxinglin.xzid123139/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE2NDA3ODE4NTg2
Filesize
1KB

MD5
c9d6b634540956e24f4ec1646f353bf8

SHA1
a451b19f24673cc97eac4771d0677e3841b38e5c

SHA256
03adf5e04c55898dce544c7fd74799b788cc69caf45ee1668e6d7351b0590b79

SHA512
f5a534e2c6c14a3e6105e4b2bd2e261c44ab96cd068b335d7f71ecb4e18d71d4c8aec9a9993113f0ca23cfeb2514c44bfd4191028b35bb4050f9626a0a459e97

Download Submit
/data/user/0/com.yxxinglin.xzid123139/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE2NDA3ODQ4OTIx
Filesize
1KB

MD5
e111d90440007026185e8f46544ae402

SHA1
ef8aba3bb644fcef5568d82130683bae0fc7baf2

SHA256
3fd74a55754df4f9bc105416ac6caae00dc76ce808d77fbf3adf6e44f412ca8f

SHA512
6c41417263784fa778a60d6f7cbc3d33d1995c7ba3d279b567a7294de00c8bd1a934458719b2f539e10929f9aa2e5404c8c35c88257d83e3e985654c360f421a

Download Submit
/data/user/0/com.yxxinglin.xzid123139/files/umeng_it.cache
Filesize
350B

MD5
e1751d25f52c7431d6d60242f23535ac

SHA1
8b97a6db128135ea3dffcc08ca973a1c43a46ef5

SHA256
c174fca76742c24f33e44a24a5262819272c65734bf0d3357ba5bc49c4504c44

SHA512
c8f9bbd86d1ff78e490b9df901ed05f5c1b4c7a0bb474616a724e60676eedf6001550188020fc045043608f0b3b913563163d93b57921cb6f1b84f8ff33cd041

Download Submit
/data/user/0/com.yxxinglin.xzid123139/files/umeng_it.cache
Filesize
178B

MD5
dc64e5d0608e53ab77d27e5efba32a6a

SHA1
46f8002fca290b89a0b7c7d04d28302f512e9cb6

SHA256
4d87dd55cdaacb7113fdedf7f918e594a56f7fb73bcc758a66797663fff86bd1

SHA512
5d8144d5b280a5ddc47d37b822e35113bfd1d6536e4c90818ae105563e77806b1e3b71f92953063415f83733fc7b4d90fa93610f7d5d64ba56d62844ea09a513

Download Submit
/data/user/0/com.yxxinglin.xzid123139/lib-main/dso_deps
Filesize
208B

MD5
496b7f257f7dec7e7ebb9fd9fa37abc4

SHA1
fce6d4dc5fa189225e885f3817e92beda4f892ea

SHA256
d6df3bee6f63692cabca64269c6006fd6ae946907db59cf3200188fe4e82d816

SHA512
5ca785828e48f44bfd55bedb2ed11ceec8361836b021cbc747b138f22d94911f22264bbf1385c9416fc3663050ab55b45b4d4cc41a4586a81c89196a452b6c83

Download Submit
/data/user/0/com.yxxinglin.xzid123139/lib-main/dso_manifest
Filesize
5B

MD5
c06857e9ea338f3f3a24bb78f8fbdf6f

SHA1
c5a0a2529d2deb60fec041b4fbd722a2ebe31702

SHA256
957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027

SHA512
29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

Download Submit
/data/user/0/com.yxxinglin.xzid123139/lib-main/dso_state
Filesize
6B

MD5
d1e17855ff832a6bf9b9f6cfa565da49

SHA1
ecf8582c81a204e49d2409195c9da32d5b9707f2

SHA256
db75a995afd3befd7e90fe5e722a6bd31443d0c67409f2bb8ed1011134121600

SHA512
db4a5419a4a7328e5354fad905f069dd7c44f8232d0a4ba9fc0e23dac78da4d97e7d08cb83d90013a9d1cc6154b5f2e4f9eaff11c2a7eb64b459c019d704e97c

Download Submit
/data/user/0/com.yxxinglin.xzid123139/lib-main/dso_state
Filesize
187B

MD5
8a6e33831c1ec06479c83130ad810da7

SHA1
fca22289dfe3f1acfdec85df532b81ec90e3d3ed

SHA256
a7d2934fbff6f213d7c9575632d9a2da86a6ccba7a3c6d337022788cd7070b61

SHA512
af4dbe8b0f1ba691cdcd70e31f3200f7b21451f8ef2769dc5a3469e24008a9e20bd3caa26abe15213e18b3f4b618201861f2222e96da3a8356c29a995db000f6

Download Submit