4ab0e6ebc50e65e6ba3182e353430d451e1fc0674c5e812aff31a58f248a925e

Resubmissions

Analysis

max time kernel
156s
max time network
186s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
23-05-2024 18:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6bdf49e9738a7824e0ddc7996b2e41e9_JaffaCakes118.apk
Size

30.4MB
MD5

6bdf49e9738a7824e0ddc7996b2e41e9
SHA1

599dfd793096d670fd4010336a958e9a93dd094e
SHA256

4ab0e6ebc50e65e6ba3182e353430d451e1fc0674c5e812aff31a58f248a925e
SHA512

6572e16e14ef0d51ad81906b3e38dccb4a3b67b61fa600388edc843eb553ff76c11c2f5c7b9917ce15c67af69670b2cb06fcf24baf5efcb2b32742ab80114a6a
SSDEEP

786432:oI0h1bIC7b+oMZqJ5AVZPfssEmjuDySCX0WWQPUIe8:y1MC7b+nIAzPfssDiDytX0lu

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 4 IoCs

evasion

T1426

Processes:

com.yxxinglin.xzid26073/system/bin/sh -c type su

ioc	process
/system/xbin/su	com.yxxinglin.xzid26073
/system/app/Superuser.apk	com.yxxinglin.xzid26073
/sbin/su	/system/bin/sh -c type su
/system/bin/su	com.yxxinglin.xzid26073

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.yxxinglin.xzid26073

description ioc process

File opened for read /proc/cpuinfo com.yxxinglin.xzid26073
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.yxxinglin.xzid26073

description ioc process

File opened for read /proc/meminfo com.yxxinglin.xzid26073

description	ioc	process
File opened for read	/proc/cpuinfo	com.yxxinglin.xzid26073

description	ioc	process
File opened for read	/proc/meminfo	com.yxxinglin.xzid26073

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

com.yxxinglin.xzid26073com.yxxinglin.xzid26073:channel

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yxxinglin.xzid26073
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yxxinglin.xzid26073:channel

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.yxxinglin.xzid26073

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.yxxinglin.xzid26073

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.yxxinglin.xzid26073

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

T1624.001

Processes:

com.yxxinglin.xzid26073com.yxxinglin.xzid26073:channel

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.yxxinglin.xzid26073
Framework service call	android.app.IActivityManager.registerReceiver	com.yxxinglin.xzid26073:channel

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

T1421

Processes:

com.yxxinglin.xzid26073:channelcom.yxxinglin.xzid26073

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yxxinglin.xzid26073:channel
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yxxinglin.xzid26073

Reads information about phone network operator. 1 TTPs
discovery

T1422
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

T1603

Processes:

com.yxxinglin.xzid26073:channel

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.yxxinglin.xzid26073:channel
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.yxxinglin.xzid26073

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.yxxinglin.xzid26073

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.yxxinglin.xzid26073:channel

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.yxxinglin.xzid26073

com.yxxinglin.xzid26073
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4268

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
2⤵
PID:4406

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
2⤵
PID:4425

/system/bin/sh -c getprop
2⤵
PID:4499

getprop
2⤵
PID:4499

/system/bin/sh -c type su
2⤵
- Checks if the Android device is rooted.
PID:4530

com.yxxinglin.xzid26073:channel
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
PID:4557

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yxxinglin.xzid26073/app_crashrecord/1004
Filesize
241B

MD5
3d2af8ca2be16283367875ed03710b2c

SHA1
29210b206b287b3c6b36ae96f58e3f924648c522

SHA256
44f1098d32dd2a9d97c27000164569c3e8854680a7366c537863ce830c9631d9

SHA512
cfa098432d741f95be844a0af1d281bf807822f8f8bd4e2e1c7280338ddf4146cd945529a2e738238bc1ead5a314b453a69f6d44b53d3f58e7a3406a32b55329

Download Submit
/data/data/com.yxxinglin.xzid26073/app_crashrecord/1004
Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.yxxinglin.xzid26073/databases/MessageStore.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.yxxinglin.xzid26073/databases/MessageStore.db-journal
Filesize
512B

MD5
f26ed177912c2a13b96a74aa8684c20e

SHA1
256fe894988568180103f7a36f20ea4274f92463

SHA256
7dfe65aff1b46a21faa3f9a2f61f2736db5f0c845e797d0d8642de446c239cfc

SHA512
d1ec0e918bf59c2a455282d985b7b39ecfb7f9c6b46a295b0a1bb1cd86d095ddfd02880eae7ba4a0ee33c7e6afe7e20fae77ce283d1634569d7de600d5bf799a

Download Submit
/data/data/com.yxxinglin.xzid26073/databases/MessageStore.db-shm
Filesize
32KB

MD5
4878dd9d1c99dcfd9a7760559a68a6ee

SHA1
ea14c015cb2efe0187addb41c014a2316b691da6

SHA256
0594981c2275bb19e6a12d52004d092e18a0aadce19fb486375ab78b6f542942

SHA512
c7099e588e2b3abbd89592b5991ae3427001fce4621b9ddc08bfc0d5c5a362e4d31acf8becdacf3b9156b43a6c78f2efa76b72246f9249a90e7a44b2eef8caac

Download Submit
/data/data/com.yxxinglin.xzid26073/databases/MessageStore.db-wal
Filesize
48KB

MD5
cb192ed49baa4809524a948167bab2c4

SHA1
2ec1bd308282e5b7c45a65cbb2869ac74e44b1de

SHA256
af731768756d463644473b3a5cd34c83d99c28899348681090f58af7af3183d4

SHA512
cf7c3990a8fc776470f6f1daf03cfa45125baa7ec72905fe1c8058694452f5333c362f6b897ec0db544f8f18768ca18ce445c1dbfdb0972f4307b78ef4360e12

Download Submit
/data/data/com.yxxinglin.xzid26073/databases/MsgLogStore.db
Filesize
4KB

MD5
4267cb1f872cff666c38a19d45225ab8

SHA1
ab8eb36b0ad2e8439ed4b85535d5acf01f895903

SHA256
ede952695607d8c7dcf3b57055b9881d5f165a8c0c5fdb3cd23bf002e428783a

SHA512
12746fa1f899edff70be7a412184e723cf56f88deb479a5ec28b215a13e097699d5980248d763fc7253c0d1b573e983ac9c7d830dced0b3919f0031308f39825

Download Submit
/data/data/com.yxxinglin.xzid26073/databases/MsgLogStore.db-journal
Filesize
512B

MD5
6a15ac7869946910b184563bf28a84df

SHA1
d3513ce4b4587f2d3f9abf013f8918069a8ac4c4

SHA256
ef5b2e57cf7fc4d6cf9050b87b37e3e4d338cc9dcaddfa05ed99306ec6f841a1

SHA512
3145ed7024113d49afb115840b2a69d8954ae7f464dcc5d1e2748f45cc30ced1f1e9c7e8f890ea6cf5ca12644ba4ff7b5d7ace5ea1ed2e421434bdd95345b386

Download Submit
/data/data/com.yxxinglin.xzid26073/databases/MsgLogStore.db-shm
Filesize
32KB

MD5
dfbc21aa3c2bbcd85f1e7adc77a2e549

SHA1
d159eb0082f2d97c844b3c565254f6c943a7b6e1

SHA256
eecb40a16fc7d4bbae8c4015a70027136073450da4f3d7c0cc1094e18e6d0c75

SHA512
e3c8cd58ac494abf94206f5f9d056ffe33a500a8da599af334547b90c34470a2d0c981e7317e82bb0e8b8b8821b416ac1d14398b6c857a3ef4495dd859915e8c

Download Submit
/data/data/com.yxxinglin.xzid26073/databases/MsgLogStore.db-wal
Filesize
68KB

MD5
edb3ec799ab457e540b2803f9c8169ef

SHA1
340bc3e5a1241474f04cfe56aed3c5908b3554f4

SHA256
3fda9ea69e90a043cb15411c40d52df69bbb21758af0507ec21ddf3071bb95f6

SHA512
f3af90c7073c1b9fe6c7bdee9c68dd7ff631bda4b5fda53d9bdf5334a97fc6b8615b8355b980fa4cdf45af687bb58e44916f5d9fddecedff5262e7754590225e

Download Submit
/data/data/com.yxxinglin.xzid26073/databases/accs.db
Filesize
36KB

MD5
486e2bac2b3e9e1cb411d2838a4854bd

SHA1
81dd0a7537f4af319b830ae834908986be85da8b

SHA256
5644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57

SHA512
c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681

Download Submit
/data/data/com.yxxinglin.xzid26073/databases/accs.db-journal
Filesize
512B

MD5
9a2ed398f4ef799b22eeb3ad94a6b24b

SHA1
54b63cdba162f5770ea8eb7ce41a667b79b57b62

SHA256
0a82bd051395956b8f69bddab33786c98b4b779e87664bbfd88bb532fc7397ac

SHA512
d8fa4011fa2047177974402af0f5b717680ecd2b341feb6787fdf7e1ae72847de8f015e43486ab481c005f8a2ae3783b04c6495fa0f93126aca6ed668052b3ac

Download Submit
/data/data/com.yxxinglin.xzid26073/databases/accs.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.yxxinglin.xzid26073/databases/accs.db-wal
Filesize
48KB

MD5
2692e8703039a1de9e3c374b36f1c9eb

SHA1
52caaf282175c0c78f8262f4e944114ca39175c3

SHA256
32ffd55b5edbb1ae4a614b046174143f5f8e6e792f9507dea1c92af48e8fe69c

SHA512
90853b876d6bea5987770b5fc22e398dd3c6e7010cd53fa5dca1efa554e5ccc2bff12602067ca4048c804d017f5fb0bae80fc1f5e48399d561ca240b5024d5c9

Download Submit
/data/data/com.yxxinglin.xzid26073/databases/bugly_db_-journal
Filesize
512B

MD5
debc04c1eadc311d098f1d427a24c847

SHA1
f2f14006aeb6e49854b9471dd5657f32605c5719

SHA256
eba8e921129836983305f672402fc131d73fc9363dda09d6e8805cf11aac1991

SHA512
8d222d194f984bf747f0d4e1edefaf44338f9f15b35b58cc30ccf20555788df50b3cfdf2dabf9a818cb8147b5098ad5c2cbe9d68f75ae94423868f039c4e9dd8

Download Submit
/data/data/com.yxxinglin.xzid26073/databases/bugly_db_-wal
Filesize
72KB

MD5
0d980cf226033deaa79876f67f6ccf5d

SHA1
69f0538a03e7c54831dff2fe7e44ccf7bce071d5

SHA256
94ac92c4fe42d9e390207e65e821a79143f10e4a6261c39c42e199fe804c8118

SHA512
e6093b5ce238c1d2159aafa0f905d1b81b6aa0bc453a93f15479dfc2423a2750680429c2335ff9d4b8d42b460c8e3fee72b636bd82a697ef099e3d77fda1d565

Download Submit
/data/data/com.yxxinglin.xzid26073/databases/tencent_analysis.db-journal
Filesize
512B

MD5
cef61a7635c32e330ea4abd0e24c92ca

SHA1
4b2a38e369893eb6fe06d408d6b213d82cb1642b

SHA256
9980b7ed9e00209e97d64cfaf42285a5762863e1b4ae1e5441f8d164a8e7388b

SHA512
d8aa87ab9ea074dbe21acef277424994ae59673c8d7e2559be2d777a1e292149869074f9af09a0ac530b6411489fec203018fde62fd3cb790821813ac246009f

Download Submit
/data/data/com.yxxinglin.xzid26073/databases/tencent_analysis.db-wal
Filesize
76KB

MD5
c8d12f25a5b7ac72bfcde9f5176e2dc4

SHA1
a9f9df8b34444e184911d6fec993a9c38515736e

SHA256
5779d1d6c7233c722b35fccaadcf126eb7b9f4aee1c3c1d9926f747f02b29628

SHA512
189b23361bdf64c96b0dc7ae097ab47f3251209ca847cd19015746ca75bbeb988e418c0caeff73b5ae225012d971f4fa6bab791f1e79305d8b671ec294d59c85

Download Submit
/data/data/com.yxxinglin.xzid26073/files/cclogs/2024-05-23 183029.log
Filesize
1KB

MD5
43c254ad593f25a2c39f85bd68a31108

SHA1
047eaa5aedf768efcb6ee686b4da705f6de6952e

SHA256
438ed6a61c4a92d8f8c7df07fdb5efdf5ebac6e18dab636dab9b55940dfdc82e

SHA512
75ed15919cf8e6d9ca7306c8db641148278b87c3fa464417af84196b65b99bf77a6fb2df3188bdbedbd00c86c5e125a9ed222a7388ad3a581d197038e89b61ae

Download Submit
/data/data/com.yxxinglin.xzid26073/files/com.tencent.open.config.json.101400326
Filesize
1KB

MD5
f526172de1566b34fdcea744710d9559

SHA1
000cb54d9a008a807a1c5a3fd2b2e7cb41e7939d

SHA256
8572be02b59f4d514000939ec04a9b4e2380c55265256b724a617d8d0f4c6940

SHA512
dc81f0fe345b18c96b1638c67b9ef4c5e60059dfc4a02f3c30a23645d4847abeef46cf467d044c42597115c48052ce0e8ea24328382114a544c5dfd039a95e7d

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
111B

MD5
0a11b446b2d24741270deba595d2018f

SHA1
8dbe25bc4d1527bc27a8883610f6c81c07af634e

SHA256
7e8f033fe1d2a1a8c7ea590e382b78320f4904cae9321870e277e9ed82133c28

SHA512
2df8a092ac9eba85d8afe12d50b4a82ac7dfee4abc47b983126cafc0149128299455065bc62adf3414e29ce5726a9b566be79a73bf6a6d2d7e55ea8deed747bd

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
111B

MD5
203d8497c8a1f0c66ea36f2cd16fffc2

SHA1
c8a0e2c9222bd3e178e683b74dccfd538d1bf8f1

SHA256
f920426978816401043692ab41bdc8ac66079394f9cf0bd25ca1b244aa206894

SHA512
0ef44c518307e7d0eaf53e975299d753c1b62156f36366fbfc845c6fb311088c684b05d04278b3cb2acb0e7d40d918129480ecb92afd0deddd4a3d5a01c98da2

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
381B

MD5
4751dd88a131aaec5774c7d2c4b38b56

SHA1
a595772f6b1415d62cf5e0346aeec152a555dfc0

SHA256
cc637c7773596ebe20821bce9414fa134e25feae58d43181f24b90a2ff2de276

SHA512
1c45bfec651ce57f87f54b0e9a62b786c18c34591140660b2c9308a79a391fd3b16253f38378a0b1f55b857fb0933c06b9c93e9a104c91458066235222dc419e

Download Submit