1e88b3696e7be109ee031123abae5f2c579f022162035f12afc7461c56a5d407

Analysis

max time kernel
8s
max time network
175s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
23-05-2024 04:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

69c89ba38630a9aa22367c48cc1072d0_JaffaCakes118.apk
Size

12.6MB
MD5

69c89ba38630a9aa22367c48cc1072d0
SHA1

e920c5de89a3338afd4caaa8e372cd99b5bd2d80
SHA256

1e88b3696e7be109ee031123abae5f2c579f022162035f12afc7461c56a5d407
SHA512

d5d4f4bae9e373b83fee07f18fe08abb23cc7669df90493b5587a0afacbfe82ebcbca8437eedc954e337d6dfedec22b52bac40dbe1cfefdf23ca83c56cc23fc4
SSDEEP

393216:zQCVy8cNOzfhAdIC2aDKcwDKcj5Kj3n0TpqEBu:pA8oOzG2MDKPDK6c0TpqR

Score

7^/10

discovery evasion impact

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.puyue.www.xinge

description ioc process

File opened for read /proc/cpuinfo com.puyue.www.xinge

description	ioc	process
File opened for read	/proc/cpuinfo	com.puyue.www.xinge

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

com.puyue.www.xingecom.puyue.www.xinge:core

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.puyue.www.xinge
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.puyue.www.xinge:core

Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.puyue.www.xinge

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.puyue.www.xinge
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.puyue.www.xinge

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

com.puyue.www.xingecom.puyue.www.xinge:core

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.puyue.www.xinge
Framework API call	javax.crypto.Cipher.doFinal	com.puyue.www.xinge:core

com.puyue.www.xinge
1⤵
- Checks CPU information
- Queries information about running processes on the device
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4272

com.puyue.www.xinge:core
1⤵
- Queries information about running processes on the device
- Uses Crypto APIs (Might try to encrypt user data)
PID:4322

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.puyue.www.xinge/cache/YouMiCache/journal.tmp

Filesize
36B

MD5
37e8e716e0e2f4a0b05cd9571d95b84d

SHA1
f8d068f6931707bddb8cd69f706f2224ad1fea3c

SHA256
7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca

SHA512
e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

Download Submit
/data/data/com.puyue.www.xinge/databases/cc/cc.db

Filesize
36KB

MD5
5d7ea1a23af19b4340cc8d90f28297d5

SHA1
4cfe95b23a9e98378d69c4290af81b51fbe76aea

SHA256
474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

SHA512
33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

Download Submit
/data/data/com.puyue.www.xinge/databases/cc/cc.db

Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/com.puyue.www.xinge/databases/cc/cc.db-journal

Filesize
512B

MD5
bfca822e08fb97d7947d427533f71d1f

SHA1
2c0002a162272058e640845f38c88d8f72ad6097

SHA256
ac4a6e5a7327e301355423277727297d1b9d0bb48631c5df9a2205a90b792fbb

SHA512
87eb388785d74ea4d93bf63ff292b0c9ef76ae1118fe927a923e721264d86d40ae3e2dc0eff170a5b38eb8e4799cfdc251cabdb70d1d6b4807a2784f662192cf

Download Submit
/data/data/com.puyue.www.xinge/databases/cc/cc.db-wal

Filesize
48KB

MD5
22126df000ea7824e6c7cd965322b0df

SHA1
055cf09217d1c6f99426e1ee0a324bf99630506a

SHA256
c634e463c536ada4ee6e79a8f473a93c6fedb9d0fd5bb08f3883a745a5c1c05c

SHA512
d4a5630fca8a3b61f4900628568f9a3b6711899bb8184c6cb528285520bc9214b9ca2f7b43c8ad433424b80d65903b86872c6b767c8e68b3bda87c96fafb3bff

Download Submit
/data/data/com.puyue.www.xinge/databases/cc/cc.db-wal

Filesize
16KB

MD5
8c78d75d47e6aaaa989fb46128284c08

SHA1
043fc3e90e79eb12b39c88a2df0aee62a2bd4ffb

SHA256
9c679a9981e07dc561d0b240b55169ff87dfa7696e9d21687f277a695e047a0c

SHA512
232feebeac82930f07e0b9dd23fbd1a97ad517ffc5690cc8059f84c2c11a545b0337b5b00dfa4e48e739bd3805eacc015db73cca39d46702e2fc2148708a2d35

Download Submit
/data/data/com.puyue.www.xinge/databases/ua.db

Filesize
32KB

MD5
d604a3bf1f8d992cc320ea5b1f7609bd

SHA1
247f88df0b55c7d523ea5398637711a0e4a483a4

SHA256
329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17

SHA512
67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

Download Submit
/data/data/com.puyue.www.xinge/databases/ua.db

Filesize
32KB

MD5
fb63b4f37ec5efc2b43c95a5a885e61d

SHA1
4086c6247b14bf3a2510584e267e32c5494bed8d

SHA256
ec71d75f11b7ca900dd60d29bb0ea5fe3f9f238d067abdb2ef8c9e71d0bba4e0

SHA512
254f9934efd4afe78b1cf0bc8e3a7489b5a9cc742ad06f9cc11a5f5b00656bcafa683d2e4876c50f27582e1b10a207008a29a73333c4f8bc739effa17fb59da4

Download Submit
/data/data/com.puyue.www.xinge/databases/ua.db-journal

Filesize
512B

MD5
04848bdc6d87ac4ea49087e426bef48f

SHA1
f8ec48972403619ba05889f502506ef5ea0f0407

SHA256
60843a811e05e333ce05816bbc0ce193d5d64dc64597439e89092cc6065e5aa2

SHA512
55ccde2c800683112a02f485a4e67cd156ec7ad2e6688360ff36aead87ea650f9d27006f1042b2f23ddf70f05dcc95975f1790817ac681f670cd22cb3256f631

Download Submit
/data/data/com.puyue.www.xinge/databases/ua.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.puyue.www.xinge/databases/ua.db-wal

Filesize
8KB

MD5
73d0487074a42e31cfeeaf1c14004d0b

SHA1
64b3e726e9cf3adf1ba5dd98fb159f40f2ca3e71

SHA256
509d19dbb6ebbc2299e4b4eef93647ca50aaee00642aa77a670708e21be0777b

SHA512
51d2a145dcf04056b19b2ccaba17b544992f5713075866744a840f7b4c057ae4cf088289aaa71f4059c970e4113b86317376ff203b9fe1506f79647a35d3a25c

Download Submit
/data/data/com.puyue.www.xinge/databases/ua.db-wal

Filesize
56KB

MD5
c1c85688e9e9a26701a22ec28bf2a1a7

SHA1
517710e8a1e5f3f47474d6ca9689fc4a7bd0eed8

SHA256
2534cba49c79e64675fb77acf10efe833a281beb97beaa1153d4ee1f111155b0

SHA512
72c274aa7792b078e169e45c483679bd42720a359f7a7b77f85d7673e44eca1cf7783e66612eec8e143ecd2ae4696d6b400d0247fd196f3c36acd0c2d048b5d0

Download Submit
/data/data/com.puyue.www.xinge/files/.imprint

Filesize
999B

MD5
3654e4f8c85bf79b09ca4a93360785c5

SHA1
b99817ebc810d56efc3fa5a236c15e03c96816db

SHA256
99098078d8c541ce0f860e8b5c5d13a2d76fa71babb306447a13b72360aa1f9a

SHA512
3741685d5374e2835f0c7b4af43f7dc7550b55fbebea8f5988604832b56d751f1fb286a1caec1fbcf297c0ecf09da136e14c3f11e1f93c90fe82a579d9dcf73b

Download Submit
/data/data/com.puyue.www.xinge/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
cb510617282c964a7b9184b33d692639

SHA1
35b6fa74f3c636fce9f42c05e3e941b9d8dd08bb

SHA256
16ef16c163758106fd117247b9fe4d3519f02c367a0ad798fea8467279999503

SHA512
10c6d587d52e7f5830634dd1cfc057af2430e0a38885dcac77d8e50de03c62dce941f5db9c2c9c14beaf44817b0773fcede976413645af5872bbd37fdb60448d

Download Submit
/data/data/com.puyue.www.xinge/files/exid.dat

Filesize
56B

MD5
30cf7dc150845dc79422dcc4eecf176d

SHA1
ec088ddeac8a9d1b0839655f0908ab8b0e49ad48

SHA256
57d33bd18fdea3be41c79bbac9c6016812006715f84e25684d6ae8b8518aff23

SHA512
1d683485a4ef277fa87cd619729ca65780fd51baf9928e0a71073080ea51447614777ebdfe3776d23286946225e9223adce340eeb475f4ebcfc40985b9f20972

Download Submit
/data/data/com.puyue.www.xinge/files/umeng_it.cache

Filesize
413B

MD5
eaf37d9d91e333b0b2d5d4c53127de10

SHA1
d14c910a5ef95ffd208b6d33cbd728fdbf64a985

SHA256
8332e7c65cdb29b55c7cb2957a41d9482747a8e6b49b322a9dac45d2cfed5918

SHA512
e85e807876f67969b76d5b200dbffd2bfda0fd2c2d8d032608c20696958a6663ed92f6c34ba6cef3d59e3cdfba4140e508879de90bca1bef33fc4a4df8b00f1e

Download Submit
/data/data/com.puyue.www.xinge/files/umeng_it.cache

Filesize
210B

MD5
269f10ed5ceaeb55644e5845c418ffd5

SHA1
3c6216df8b7c74bfbae4ebbe78e60a30d13f8c85

SHA256
efec9b9a84fde5932029d2dd3a50775cbc400ff77a40bcad35b371de97f5bd19

SHA512
3b954e555bd399906763ceeb2af800b55e1664a89c717a317cc3f43e4526a0e0536e83791d5c8dd64fbaea46a650ac4cdf87734315260cb4089a3028e34f6825

Download Submit
/data/data/com.puyue.www.xinge/unicorn#cheese#

Filesize
64KB

MD5
fcd6bcb56c1689fcef28b57c22475bad

SHA1
1adc95bebe9eea8c112d40cd04ab7a8d75c4f961

SHA256
de2f256064a0af797747c2b97505dc0b9f3df0de4f489eac731c23ae9ca9cc31

SHA512
73e4153936dab198397b74ee9efc26093dda721eaab2f8d92786891153b45b04265a161b169c988edb0db2c53124607b6eaaa816559c5ce54f3dbc9fa6a7a4b2

Download Submit