dc8bd4acdb13d4a6ddc6b33f2a8096cf4fc7c89f24015d99331b64a83cee92d9

Analysis

max time kernel
156s
max time network
186s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
23-05-2024 09:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6a79cfa35020707afa59e53925c6b25d_JaffaCakes118.apk
Size

30.4MB
MD5

6a79cfa35020707afa59e53925c6b25d
SHA1

1c6abcba85f9368f77c2a295a423cb806eafa722
SHA256

dc8bd4acdb13d4a6ddc6b33f2a8096cf4fc7c89f24015d99331b64a83cee92d9
SHA512

690498ab4bac78a0f192207233f38b27146a9769d88cf54f8abb690937cc4da0fbe4c98f30b5b8d466568cde1efa0b10884d8456f8d70881953572af0ad9827a
SSDEEP

786432:UIEU1bIC7be4M5iWlOvZP0PsE4WLe32+Tk2CQHB8KB:v1MC7be33OBP0PsBMe3NTkkr

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

T1426

Processes:

com.yxxinglin.xzid197807

ioc process

/system/bin/su com.yxxinglin.xzid197807
/system/xbin/su com.yxxinglin.xzid197807
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.yxxinglin.xzid197807

description ioc process

File opened for read /proc/cpuinfo com.yxxinglin.xzid197807
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.yxxinglin.xzid197807

description ioc process

File opened for read /proc/meminfo com.yxxinglin.xzid197807

ioc	process
/system/bin/su	com.yxxinglin.xzid197807
/system/xbin/su	com.yxxinglin.xzid197807

description	ioc	process
File opened for read	/proc/cpuinfo	com.yxxinglin.xzid197807

description	ioc	process
File opened for read	/proc/meminfo	com.yxxinglin.xzid197807

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

com.yxxinglin.xzid197807com.yxxinglin.xzid197807:channel

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yxxinglin.xzid197807
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yxxinglin.xzid197807:channel

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.yxxinglin.xzid197807

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.yxxinglin.xzid197807

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.yxxinglin.xzid197807

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

T1624.001

Processes:

com.yxxinglin.xzid197807:channelcom.yxxinglin.xzid197807

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.yxxinglin.xzid197807:channel
Framework service call	android.app.IActivityManager.registerReceiver	com.yxxinglin.xzid197807

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

T1421

Processes:

com.yxxinglin.xzid197807com.yxxinglin.xzid197807:channel

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yxxinglin.xzid197807
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yxxinglin.xzid197807:channel

Reads information about phone network operator. 1 TTPs
discovery

T1422
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

T1603

Processes:

com.yxxinglin.xzid197807:channel

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.yxxinglin.xzid197807:channel
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.yxxinglin.xzid197807

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.yxxinglin.xzid197807

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.yxxinglin.xzid197807:channel

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.yxxinglin.xzid197807

com.yxxinglin.xzid197807
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4276

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
2⤵
PID:4370

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
2⤵
PID:4390

com.yxxinglin.xzid197807:channel
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
PID:4488

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yxxinglin.xzid197807/app_crashrecord/1004
Filesize
242B

MD5
aafa76bfa532e50993dfb6797d98a4d8

SHA1
445af69e91f1dfaedeff763c125bdfb4e5031d45

SHA256
7ba3b5d6f0f4b84dc47284d847b384f853cad60554c8b35598849307f836b02f

SHA512
20b3f0bc10e341b83657b6ba70679348c5d9117090a721d45c6fff0e4213f1b8de2593edfa7a97fa316b29e801a64e76be60c7b79b151c119e87494840df557e

Download Submit
/data/data/com.yxxinglin.xzid197807/app_crashrecord/1004
Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.yxxinglin.xzid197807/databases/MessageStore.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.yxxinglin.xzid197807/databases/MessageStore.db-journal
Filesize
512B

MD5
7443330721eea3aaca2cb55a4a0d0120

SHA1
dff913c29731fa54cca7ba91cd1813cd3d86b9f9

SHA256
18a63b5f95f85149436941c1b7e793c1a166d254b75735a0eda303ea7df68bb4

SHA512
ea02a69abbd4e022d788cd65ada0bec29775c0bb91cc3433e8b86dc237cfe02497588b3754bd950c583b3c6b6d156963b80da11ff8096a97c9c7c2a22cffc4b8

Download Submit
/data/data/com.yxxinglin.xzid197807/databases/MessageStore.db-shm
Filesize
32KB

MD5
d4966342dc30c453061189eba6abb8b0

SHA1
d6d5f8d840208672e9fbb38d2443372cbca13890

SHA256
0314cc9c975699eb5887503d42de11f6cfe8065d82065e6dd7504993a6247c5a

SHA512
a42d4b52bc22e1f959b92803558f1343b3389a4583c708d234de393bb243293f5b13c83289a55507db1fc4f39a9b057eaaee664fbd1406f2713f84626d93990f

Download Submit
/data/data/com.yxxinglin.xzid197807/databases/MessageStore.db-wal
Filesize
48KB

MD5
c425ae84ffe969e0ab2f0a993cb9e1f5

SHA1
d8b07af6d49ed3c8d2ccf0f2179ea5b7f31f0890

SHA256
07c978627863dba591f0e1999e4741b2a89926d825c5182efcb4d88b3204548a

SHA512
3c63fc69febbd9549a63236afb3422d5c24467e1dd80769ed207f9a154831451a3b721e6e47ff7a857a5b9756ed8494ea5d4d52d1d9d186d0762923003911d6b

Download Submit
/data/data/com.yxxinglin.xzid197807/databases/MsgLogStore.db
Filesize
4KB

MD5
f4f58cf83d2bd74e20741152cc27bf99

SHA1
8816a726e2428408cca7f62c7febbe524d4fb5c9

SHA256
e2b9f93e85972fcd6c5b09a1fe80fcd6f4c70b8b0ac6d2587536052019f7adf1

SHA512
448dc80f53a9d42d603ff41deaa16d9c3031f200398dc9065dbf216f1ab06e30573d0c35e812df3fccde2517a796a03485c8172b0e7cc263a6331eedfdb4fba9

Download Submit
/data/data/com.yxxinglin.xzid197807/databases/MsgLogStore.db-journal
Filesize
512B

MD5
52644c32d9534dcdf7fd5c8c9251793c

SHA1
ee303bc9ae38a2e86ad4f5e165b645fcc12c0731

SHA256
774fcd1b1a82b708905b183db627e07734f35365329fce7c1932f34f2b3070da

SHA512
09067d28c3883226206834b153793d6dcdfef01f16ddaef087a1958858db36e8ff784e21fcb62f833393ce0d178896da8a26a40b97530f1edec6a8041bf1cf60

Download Submit
/data/data/com.yxxinglin.xzid197807/databases/MsgLogStore.db-shm
Filesize
32KB

MD5
7eaa8b2561c1255f374dcb1c152a75f2

SHA1
de40fe97560a4452c66a1626437ce7bf6d038e18

SHA256
98f810413d6ce89ff5f951a48ce7c7ed6a4050abe7b5cdbbd60fde4b18be9388

SHA512
389411006b6125f4e11faf15c2ea6a1ff6c28507f171f060ae653e744330b77faece0094bc9c4d2a1433135b2086ec0a22bebee5e55cbdd0ffcaf4e6fe0cf659

Download Submit
/data/data/com.yxxinglin.xzid197807/databases/MsgLogStore.db-wal
Filesize
68KB

MD5
d67432cf046e15541f865655e7f924ab

SHA1
44d28066f423bbf8b736ed5114ea6ee8b153b8ab

SHA256
c7148411454f6ab4b2b777168519e6d03717edb69c1b95e585854f6da668b1ac

SHA512
bab51f94d9e36f7a7d2d4776960284474efb9e00380aa37983a2fa977f17903a947d2621fb1b1700cc9c11e961318e4726228685bd1cfbe7ec8c446256612309

Download Submit
/data/data/com.yxxinglin.xzid197807/databases/accs.db
Filesize
36KB

MD5
486e2bac2b3e9e1cb411d2838a4854bd

SHA1
81dd0a7537f4af319b830ae834908986be85da8b

SHA256
5644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57

SHA512
c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681

Download Submit
/data/data/com.yxxinglin.xzid197807/databases/accs.db-journal
Filesize
512B

MD5
872d47e6fd1d720d4134a3c705db6916

SHA1
d94bd58126af2ef9bb1766633eacb8f00c2f0b5c

SHA256
6be29d9f763c39d6e0fc980982ec630e711e75d371f0159def7467bb5473a374

SHA512
338d82740e22881a5f1e56f2cdf6b3fbbcae17f4c6b77717eea573d903803e23442a6f84d0aa879b408f4eace006856be370dd93b87a6c99b37a135ecbdeab9d

Download Submit
/data/data/com.yxxinglin.xzid197807/databases/accs.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.yxxinglin.xzid197807/databases/accs.db-wal
Filesize
48KB

MD5
ddb983403b6b2e31ea0ce535d26c5234

SHA1
1f22a6f52710dcd43483438d2c13e99ffacf6713

SHA256
7a5bed7007523646b3794dc355607693cdb5887239badac18e8b0c09f93eedcf

SHA512
65cd36ef8483f753c711a2436d762f4ecc7028f2e0474487d41a9a4c10176987d16e6c6448c9f9e74a847f8988f09cdee6dfe87691f07385b0b84e04bdd1a7d3

Download Submit
/data/data/com.yxxinglin.xzid197807/databases/bugly_db_-journal
Filesize
512B

MD5
2e90314b2a2538ad34343e9fbd54c18e

SHA1
691f2a1d6f1fe2292b9ecdedc755e519db5c9264

SHA256
dd66afcefc48198148376992e119e71009c8a99f6a2fef0a654a45d5a73c1f17

SHA512
75ce0990305f3dba64c30ed0221e0fbab7d5e8422e57b56afe6ee166d771888528e9e4f42a53b6fa674feb21885e55b11e8b80604c27b35ce9094574215cfda7

Download Submit
/data/data/com.yxxinglin.xzid197807/databases/bugly_db_-wal
Filesize
68KB

MD5
01f6e14b38068dd9debd54abc6325024

SHA1
9a49f3b58835f735b7fafef9b94bf7ff3a1b5c41

SHA256
b13cd1074f8087b1231cbc25ccaba21b65bae4ddfc29a7ef4ce2ff06b241795e

SHA512
4bf541ce337f52d1bdb7abb46113371a6f88a5b0a8045b445ecf452bf35b0c2380e531ea7dff0793bf3fc8cd2324519d9d42da3fdbee969fea818afc807044b8

Download Submit
/data/data/com.yxxinglin.xzid197807/databases/tencent_analysis.db-journal
Filesize
512B

MD5
1194f13ab3bd0f4575e85be34c64fd73

SHA1
201ddfb70295fc474700cb78c39dc1f33cd0fe93

SHA256
6e6c16e87b9b97c51e1703f4375dcd614183980b31be2a1b8c23ad12466f0879

SHA512
4e7db8bab48c9788b40758c2c59c531e1db4117f739fe718d492aa83b31e68fbed2b1fbc4647617ffda5d35915364002ef5cb8168ffe96680ec85b82585d8695

Download Submit
/data/data/com.yxxinglin.xzid197807/databases/tencent_analysis.db-wal
Filesize
76KB

MD5
65e20cbcf21cc546a9b9f6e5b6131922

SHA1
6603bad9b2ad2df4a517bb8b8a32737f40440295

SHA256
01b963a5052a2dd3c41968868d8b405ef8cbabee38db90285a2828f424f00f78

SHA512
909bf5bc3db129a7b5f1d9d1fc5fb6049bd24cf927ccac2719911ff1781e32308b03193e6e038e26f53a6de10cba5575840eda4542e1cac0510a8b8f8646614d

Download Submit
/data/data/com.yxxinglin.xzid197807/files/cclogs/2024-05-23 092354.log
Filesize
1KB

MD5
70673f190fd51e567358b02c72e179c3

SHA1
432577056172bdef68a5d01fa0b9f1ab2955e607

SHA256
2f7156b17dd730e1f8e032ec6cf5c67f209c9f766e9fd9ad0faf7b136d0d5c41

SHA512
bcb386c40de83062f725658652dfd5185244e7e860ac2f4df57e805d837c60bf555ead0ac91079f94a0085b55929e7cb66f1e12fadd8ceffa94a33c6b4b3a063

Download Submit
/data/data/com.yxxinglin.xzid197807/files/com.tencent.open.config.json.101400326
Filesize
1KB

MD5
f526172de1566b34fdcea744710d9559

SHA1
000cb54d9a008a807a1c5a3fd2b2e7cb41e7939d

SHA256
8572be02b59f4d514000939ec04a9b4e2380c55265256b724a617d8d0f4c6940

SHA512
dc81f0fe345b18c96b1638c67b9ef4c5e60059dfc4a02f3c30a23645d4847abeef46cf467d044c42597115c48052ce0e8ea24328382114a544c5dfd039a95e7d

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
111B

MD5
db98e3a9745d2bf340229eda2269d121

SHA1
759f92f89510e6eb536a31f0997d271c095c4b10

SHA256
271b93b92c7d14aa035e38c8c42d05dbd30fd34e875111f3f1dc309646b96ac6

SHA512
ff30ebca893ea6ef563a9cc99108939c2c2ce2a4a6ebe8a110938b63728dc80747be058abfc669db9e0cfa7a4e6afc225ee5fe58ee600088316b4f879025aaa7

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
111B

MD5
afff51b9b64acc49328b9babc800e3f1

SHA1
4f96c55f3e1e864e3ae047f87ede5f5eeb3d1eb1

SHA256
a1d871edf55c9b7e4a1998282ab62c7f926c1db1b20374eb3e150de000e99bd9

SHA512
707c844f87a661c43cf44eed89270970c8782b4a5d127f84981e017330ba54a6cc4ea16c2dbad5a29083b632d568dab27cc96ddb7f090575f2c1f0e818402da4

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
381B

MD5
9e213ac63dfa8bb6704204e8ec1dac45

SHA1
2ed9b2d40c5d6245cf4fa0bf24e7f68f1b61acf1

SHA256
c921983838de1b47b9fe6f0174a3301da8deaa06306f53187227c0a9f4522ba0

SHA512
90ed5c6b6f82f42ab5f661498eb7c9d9fdd277e65bafeaa0960fdce69720d02fef79cbedbdfd6a7ced9172f2c9d9e8ff35bdda773390be3a3a5d47dfae1811a0

Download Submit