Overview

overview

7

Static

static

6

6a536f2a08...18.apk

android-9-x86

7

6a536f2a08...18.apk

android-13-x64

7

XiangYouWL_Res.apk

android-9-x86

1

XiangYouWL_Res.apk

android-10-x64

1

XiangYouWL_Res.apk

android-11-x64

1

YLPatch.apk

android-9-x86

1

YLPatch.apk

android-10-x64

1

YLPatch.apk

android-11-x64

1

Analysis

  • max time kernel
    100s
  • max time network
    187s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    23-05-2024 08:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6a536f2a08176261de89f145cccb33e1_JaffaCakes118.apk

  • Size

    10.7MB

  • MD5

    6a536f2a08176261de89f145cccb33e1

  • SHA1

    42fd7d7e5b73a56169fe637d432e035ab60e4081

  • SHA256

    6ddb16b1a0aa4adc1bc471af2a7893f180ce699633cd2be3ba6a92d17bfe8990

  • SHA512

    28afab02dfdef4e5462df58043eb60becd667db36f755697169fffa631ea7861424fb5c0d23a6f629198ed5ffd6a66df56be99cf605a7816e6e06c81b97232f2

  • SSDEEP

    196608:J4sWC74hpKwl+I/cFyT6lM3qhiovyBZlrZ7kwEclsBQPW8XXe5BYYZMMaQTp1LIt:Gs9gTl+zyGl1m9wwEQ4mwndnLXpaoCQ0

Score
7/10
discoveryevasion

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery

Processes

  • com.ylwl.webshell.xiangyouwangluo
    1⤵
    • Loads dropped Dex/Jar
    • Checks if the internet connection is available
    PID:4283
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.ylwl.webshell.xiangyouwangluo/files/PUDDING_DroidFix/code_cache/YLPatch.apk --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.ylwl.webshell.xiangyouwangluo/files/PUDDING_DroidFix/code_cache/oat/x86/YLPatch.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4309

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.ylwl.webshell.xiangyouwangluo/files/PUDDING_DroidFix/code_cache/YLPatch.apk
    Filesize

    62KB

    MD5

    d9f33a4c98f2dcc179f8925debafe68e

    SHA1

    a3ecc0116c91b7d2fad2c0b9ba607731805816a2

    SHA256

    8f1d6d7ed552acd9ff97c27a22e68cf5a29b109718d7122c4e6d9e8b362e56a8

    SHA512

    a18603c1fbdb2b5b0f63d8606df6ce06c894b75c210f588ec52bc48d53dc6caeb74c353c06d9f6144df54cc2968edb2faf158646f321c61224b7d98eebebbd32

    Download Submit
  • /data/user/0/com.ylwl.webshell.xiangyouwangluo/files/PUDDING_DroidFix/code_cache/YLPatch.apk
    Filesize

    84KB

    MD5

    7d4342e27f7c43ec4d4c879c8283fe85

    SHA1

    f29594402904a7b9ce1d098bbfd11354a0a42db6

    SHA256

    6276eda17abd05312ee0ee9606ef221ea930ebbc9054aab08c9cd8531b4e51d1

    SHA512

    d98bb10f9cfb7d22a6a329388b24550fdb435205f4a49603e3bab07140adc61e01c2108b841e3c1f515588d43c94b12123bc7ebf98310a585557af8adcb70b1a

    Download Submit
  • /data/user/0/com.ylwl.webshell.xiangyouwangluo/files/PUDDING_DroidFix/code_cache/YLPatch.apk
    Filesize

    84KB

    MD5

    848a80183b0283f55802d1461ce14d62

    SHA1

    71c7e673898ceb717e401f494161838352cdc8bd

    SHA256

    c99bdcd5954dfd8edce89b8c9a162fc67b6470c850966b43cc847e0432ead3eb

    SHA512

    04b2e2eb003f05a968481c74c1defc1b60bef5aebbf630951ae84a42da517e5fa5c6c64d4b7c26da6f3adf1a94b22337a4467e76ac72c36347bc66900e6291d5

    Download Submit
  • /storage/emulated/0/YLSuperSDK/Log/com.ylwl.webshell.xiangyouwangluo/2024-05-23/Log.txt
    Filesize

    143B

    MD5

    924ac071d42fbdfcb5d78c57ba33339e

    SHA1

    5e74f68febc8144c9aaed612c10cf0cf54caa083

    SHA256

    56850b42be8e7dbc65acfe40a22e9cc3f6835cbe82be058fafbe70e92f732728

    SHA512

    5e0a4e696318bb474d617a145f590401185a3e9f7bf8f0d8f294212927c0f0c0a89bbd8ce3afe05959467f0039b5a057f11fbae8034769608304c767201ec38e

    Download Submit
  • /storage/emulated/0/YLSuperSDK/Log/com.ylwl.webshell.xiangyouwangluo/2024-05-23/Log.txt
    Filesize

    225B

    MD5

    85ee682b67c90d65f7e2a07d6ab4e92c

    SHA1

    9c15c17235c27a4e304fd7ee31dc183d9ee6694a

    SHA256

    8d586f0f4c15774803c9869b89be3177f60dba4bbf36be67dd4395bda2fe2100

    SHA512

    53cdcfe24f3b9f150593648bf5453673816bc7289cdd0c1652820eb61cb58d75494b85bece9fd3aafcb84311e915198897958ef7159e259c9fecf7390ac7d2fd

    Download Submit