33ef3e135999be6e67c27fde1d44ab226c28e5108b851bc1f6e4357aa0254b3e

Analysis

max time kernel
161s
max time network
186s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
23-05-2024 05:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

69e49db1d24e5063413b35ec933de2c3_JaffaCakes118.apk
Size

30.5MB
MD5

69e49db1d24e5063413b35ec933de2c3
SHA1

564618994dd4af76e7585a5d12b4a3c26cafc21c
SHA256

33ef3e135999be6e67c27fde1d44ab226c28e5108b851bc1f6e4357aa0254b3e
SHA512

e1a7ef97d8e9147db4044b626c89a7623052e0208a51472aa88b13f57ddf17ebecc67f0ba1283e8e5b836e1979f6f86d0d8aefba6683b5ab10b2f76a317d8e53
SSDEEP

786432:tMDi1TIC7/+0MzuC5mIZPMdsEQOCeM6CvEuCQLdk+0:B1UC7/+b9miPMdslVeMRvEsS

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 4 IoCs

evasion

T1426

Processes:

com.yxxinglin.xzid149271/system/bin/sh -c type su

ioc	process
/system/bin/su	com.yxxinglin.xzid149271
/system/xbin/su	com.yxxinglin.xzid149271
/system/app/Superuser.apk	com.yxxinglin.xzid149271
/sbin/su	/system/bin/sh -c type su

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.yxxinglin.xzid149271

description ioc process

File opened for read /proc/cpuinfo com.yxxinglin.xzid149271
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.yxxinglin.xzid149271

description ioc process

File opened for read /proc/meminfo com.yxxinglin.xzid149271

description	ioc	process
File opened for read	/proc/cpuinfo	com.yxxinglin.xzid149271

description	ioc	process
File opened for read	/proc/meminfo	com.yxxinglin.xzid149271

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

com.yxxinglin.xzid149271com.yxxinglin.xzid149271:channel

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yxxinglin.xzid149271
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yxxinglin.xzid149271:channel

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.yxxinglin.xzid149271

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.yxxinglin.xzid149271

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.yxxinglin.xzid149271

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

T1624.001

Processes:

com.yxxinglin.xzid149271com.yxxinglin.xzid149271:channel

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.yxxinglin.xzid149271
Framework service call	android.app.IActivityManager.registerReceiver	com.yxxinglin.xzid149271:channel

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

T1421

Processes:

com.yxxinglin.xzid149271com.yxxinglin.xzid149271:channel

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yxxinglin.xzid149271
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yxxinglin.xzid149271:channel

Reads information about phone network operator. 1 TTPs
discovery

T1422
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

T1603

Processes:

com.yxxinglin.xzid149271:channel

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.yxxinglin.xzid149271:channel
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.yxxinglin.xzid149271

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.yxxinglin.xzid149271

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.yxxinglin.xzid149271:channel

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.yxxinglin.xzid149271

com.yxxinglin.xzid149271
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4275

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
2⤵
PID:4384

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
2⤵
PID:4404

/system/bin/sh -c type su
2⤵
- Checks if the Android device is rooted.
PID:4504

com.yxxinglin.xzid149271:channel
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
PID:4525

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yxxinglin.xzid149271/app_crashrecord/1004
Filesize
242B

MD5
589c09a4208f06f765381d65475f76bb

SHA1
50086bd6af3d03fc041fa43cbe70b8711d8a5134

SHA256
4eb7b0fc955c9170155f540d4161e585a6cb2441d466e75df68e17390027e4ed

SHA512
8dc6782489f0ec793cee3b241f598d7e2506397e5f0678fa298d4c3a9eebd1c9e842987677d88eee28ddcd8362f7d4b41413f95c78d3a679b40e11a4f2943c07

Download Submit
/data/data/com.yxxinglin.xzid149271/app_crashrecord/1004
Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.yxxinglin.xzid149271/databases/MessageStore.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.yxxinglin.xzid149271/databases/MessageStore.db-journal
Filesize
512B

MD5
0ce8ff4d2a4ce4c57c7f98b67c501c55

SHA1
6de97db62528884d0d581895cf3712d3f8f34071

SHA256
938332ec250a4b29f286ae0ec23514581778679f4ab112db7cbac0e747c23709

SHA512
ed9c372302eab5e437f4fda56b1d205be17641337e3a35dc2d46d7eaff5dc839275f3a0b81f5709d360d7694122763a4705767ae79c5bf2212b6a246f7c70d58

Download Submit
/data/data/com.yxxinglin.xzid149271/databases/MessageStore.db-shm
Filesize
32KB

MD5
fd5af2f35d273994fc1c995b3339573a

SHA1
e3dd5fa10a0058880452beaaf9d878c7c3b5c44b

SHA256
9848acb7c00c60a2b2db3518def3a9ee4b414061873790a6bee81b84c2632871

SHA512
c87846e38db383ae6235dfec17deca8413b14ac5eb24df62ebabafe94d1dce4c8947ad88917c32b8905e814a20d6adb43e09483243de81b1261486f0c926f791

Download Submit
/data/data/com.yxxinglin.xzid149271/databases/MessageStore.db-wal
Filesize
48KB

MD5
261cd027eaa8546bf24f10538c38a1ca

SHA1
be330b9d258f8f8dbe5a8b59b8c57b4b99f26eb1

SHA256
8e695441777123d75b9a7c499aa8a3b615b2413c21a4cd892898a93615a4e751

SHA512
dfd6f09e985a2baa17425380a62ccfb8dc572f80c72e51c76e3dd06f5aeb2c47d39220925f4014966d5734304d8c9680af2b89db9621ef943b7f6c05b6559f40

Download Submit
/data/data/com.yxxinglin.xzid149271/databases/MsgLogStore.db
Filesize
4KB

MD5
1ac5ed9005b9172a65b355d7b0b971c3

SHA1
9edbb09945f95181a87255a34fe0042c863922e0

SHA256
87b3e5c3f285451e91901470453a581ac715ace907ccac722de8e1e12b18eb85

SHA512
2d1c4f2eda8850e03580abd3f0fc58849ce66cb5600b4f44ed0bfe2712f295d0f9659c1e8dfcc46e72834d66a32f5818bb585d66f15b3d410a55688871c5177e

Download Submit
/data/data/com.yxxinglin.xzid149271/databases/MsgLogStore.db-journal
Filesize
512B

MD5
dcd58518ad138621248bec710fc6a412

SHA1
f781a7b38510720a907f26619c4b1dc9de06dbc8

SHA256
2b66cf77c38aa19b9ebba69e18e14d516607cf1b9e17dbfc8b5bbc45eb757047

SHA512
724ae92ae0a2585e427b4784194dd75944b51090bd02e260af3acfa765304ea0fe6840f17e30bc848e343044412fb930b1a8dc255f42fb4e742ecd921ef8fdb1

Download Submit
/data/data/com.yxxinglin.xzid149271/databases/MsgLogStore.db-shm
Filesize
32KB

MD5
71f4774b9f1981ac1afb56f8d5bcc6a0

SHA1
877c91aae4fff5f23ffe07b1c315cd8ba27f8700

SHA256
dea67a4ad0dd25c74c575ab88a843b3526ff67b2040335f2a5ac4913bfd5b7d3

SHA512
9fdc35e66276c2277320dc4ceeb7c6145718da5fa4b63494100003b97826b41431cab2ececfa28d5cfa350c9fc8db1ba9a2785b1108d3609d7dacdc06974ae76

Download Submit
/data/data/com.yxxinglin.xzid149271/databases/MsgLogStore.db-wal
Filesize
68KB

MD5
8a612501af52a737daa7833dff0458ea

SHA1
5c4476947685bf1f106447c356bf216084257cd7

SHA256
cf63f9db2c5ab46de1dd51c074ec494d4c2c08502e024b71af3db6056cab9c63

SHA512
107a104d62c06159ac2c48e0702348ac7819c71dd11ffe1cc73c788b065e4aec76fb63c9570574c2de1763991e293244cbb7393cc6ab653ea3420d5f81b5c141

Download Submit
/data/data/com.yxxinglin.xzid149271/databases/accs.db
Filesize
36KB

MD5
486e2bac2b3e9e1cb411d2838a4854bd

SHA1
81dd0a7537f4af319b830ae834908986be85da8b

SHA256
5644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57

SHA512
c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681

Download Submit
/data/data/com.yxxinglin.xzid149271/databases/accs.db-journal
Filesize
512B

MD5
01ef5fb27cb2e8d2149817df85137ce6

SHA1
bbfc34ab18ec8b6d95b70e76534dabea56e8167a

SHA256
3099f553aee60653c08603309bedbfe6465bdbec2a1e1f55375efcb4f234224a

SHA512
0074d98172f627b2d104530eb235782f2d4a111f251601cf57587fe170e44e571d10635e38d72ba0c89dc28ae3eb71a89e0db6339797233a2614ba443a5378bb

Download Submit
/data/data/com.yxxinglin.xzid149271/databases/accs.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.yxxinglin.xzid149271/databases/accs.db-wal
Filesize
48KB

MD5
4e79013d81e0b37e06511a5e8ef21090

SHA1
00f7ea99579909fd945d20f2f773f200b753c62a

SHA256
484a81cf68df481a8ec6c2f4b90ec44ed14bc854537b93770a57075805a90457

SHA512
b46218d3c92db11079ca8d50bec057aa8bfe9a1ac037716480d86607ea666b5fcc3031521a91681c01d27807a5e9184f9a3d7e220a10a46c56257f4129861949

Download Submit
/data/data/com.yxxinglin.xzid149271/databases/bugly_db_-journal
Filesize
512B

MD5
7f8f10619e1ba0ae652654938d21acd9

SHA1
68d2716fd4af0ababb2aa061e4f21e71d29a00c3

SHA256
cd4aa0bce3dcff1e71fd40924089680b1e1a175f34e282fb2a7d5cbee312df0f

SHA512
65957e447d27ae8bcc8ad656f9db2feb9b3594c122f3b53bad24062e09f0dfbac9b414c2eaa1e6e5b98a17f2df8bee922cf9db1012891e143b5d273b32167885

Download Submit
/data/data/com.yxxinglin.xzid149271/databases/bugly_db_-wal
Filesize
72KB

MD5
281b98f9c3c724c2dfb49d147a4a4005

SHA1
2b251208dcb5a3551bc04f84eaa6025a19b42c5d

SHA256
e0c1c3e6ac60f118d7946746d9e1a38e0b36c6b8e7a0376b33b0e383456b5d23

SHA512
ae92d6dcdb11d6999f2379372dce70361884051d5454613bb1d6350357157237187a2a784272c08ebe30414a5b735476d3daae4875fb4ccdd336086dabfa1a7b

Download Submit
/data/data/com.yxxinglin.xzid149271/databases/tencent_analysis.db-journal
Filesize
512B

MD5
4e46eba1266aed6e92805e93ed257e92

SHA1
0c987afaf18053aa5709818f5ae5764fdc985536

SHA256
ee0b79d7b1d4fb61be8b39f29d73c1dacb1c0f49713c7273da11276847099db1

SHA512
ddcc849a5b59521b593a4769e2c8b20ff1a32bce78477506eebfe0cc8f8d34370580cd6d975c40bd9faa45839d24eb7d763e9e3b47cf9339ed82e236d7987d17

Download Submit
/data/data/com.yxxinglin.xzid149271/databases/tencent_analysis.db-wal
Filesize
76KB

MD5
245e467b708fe5f20b4fa39bdb8c3871

SHA1
62ec1bc5bcd36603f4d15ea696dddf47d2927a8b

SHA256
b6a92386271d76792606bbc5048327dd89bddf9257d01276f3c9c38dcad72e07

SHA512
534bc8aaf0f5c97d32780f73254b31f4eee55ae93a624738a818e88eabae2f3b1c2c4212330254acf60fc59f1285e12f0ecb3fa33f2a449e6a266c7d85d283af

Download Submit
/data/data/com.yxxinglin.xzid149271/files/cclogs/2024-05-23 053253.log
Filesize
1KB

MD5
f4fa7593af99664785a10fb282f95167

SHA1
a7b5620e6afcf8c8bd94b79405ec0c345792a84b

SHA256
3241416b6eeb7587b3d93d99b9ce17b4f13818c981739f2c28b0a8e9c29cab5d

SHA512
d7aa74a90c363bf5072aec127f58273a9c8494e339c0c28c6350019d572df0aadb722ef05a65a9aa6436ca844f5a526d0d2c3f873d37fada8ea9dcd8cf1c9c63

Download Submit
/data/data/com.yxxinglin.xzid149271/files/com.tencent.open.config.json.101400326
Filesize
1KB

MD5
f526172de1566b34fdcea744710d9559

SHA1
000cb54d9a008a807a1c5a3fd2b2e7cb41e7939d

SHA256
8572be02b59f4d514000939ec04a9b4e2380c55265256b724a617d8d0f4c6940

SHA512
dc81f0fe345b18c96b1638c67b9ef4c5e60059dfc4a02f3c30a23645d4847abeef46cf467d044c42597115c48052ce0e8ea24328382114a544c5dfd039a95e7d

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
111B

MD5
4fe372db88c21b305ea3e58d71a9aa8d

SHA1
7292a58926ef5fa250b4fc102daf397f574aad49

SHA256
a04f08bf98efa799f8e790fdc18bccdde1a4fbbe57acb31cc7f134551943dc75

SHA512
79b74c6553103ef95d398883c445a7e395b2acf163c0df8dd5d417ea7c63c143907c5abbb06ad6f568c81dc35d97a917ff54bad05bf2ec72e72a896e7d8b4bc6

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
111B

MD5
8f1a773571f69c09ddd92e2a8c54f4f0

SHA1
8fcf16ceab377c93e07b123219c4719fd089c0d0

SHA256
2a4e2f4752728c631654aa0b6771f29ff01ba9c4c553e7ceafa255693875200d

SHA512
f9e5dc04bd1f4996db25a9b5674adf3fb02382d0e8b7f0bb000ae9327ea432b4f6cc0a209f95b815f44194eae7aa50bd020c01b0492282e461b5c12b1e7e46ff

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
381B

MD5
7505c065fd2f1cedce2e64c696f8ef1f

SHA1
56bbbbf55c966647d27d55ae39497a54a13182d8

SHA256
57419e87ae9df905687952cea775023f3398de25ffef4e20297873316f04ab4e

SHA512
9b8d2a1c5316fe05f5d9eb3711e5698e056147dae37a413bab09322615e4b7f6f088255504842dabb0fe1c4081b1c563761c5ac850a9e94352ab36e5317ca7c6

Download Submit