02264bc4b9b4061642aad15fa63d5d291bd8840bd9f3c449813362904f28c8c3

Analysis

max time kernel
11s
max time network
153s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
24-05-2024 07:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6db358e02b9a820db40cbf554f4c0fec_JaffaCakes118.apk
Size

1.8MB
MD5

6db358e02b9a820db40cbf554f4c0fec
SHA1

ae98f6acda81a41fe92b84ba0dc0e62467f5a2c1
SHA256

02264bc4b9b4061642aad15fa63d5d291bd8840bd9f3c449813362904f28c8c3
SHA512

627f63dd33f04257b7e492a96062a89e0158deb6facb5c426f5cd8ba48fa512ca087b512367242936b445ef5bc4693da73b7f593d7815ce4d2550acf5d2a7494
SSDEEP

49152:UEBWKK9EBWKKGmHmZ+oEBWKKWEBWKKncHAN2a:bBKWBKGmHmkBKpBKncH22a

Score

8^/10

banker collection discovery evasion impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
collection discovery evasion

Location Tracking
T1430

Geofencing
T1627.001

Processes:

com.yxxinglin.xzid10277

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.yxxinglin.xzid10277
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.yxxinglin.xzid10277

description ioc process

File opened for read /proc/cpuinfo com.yxxinglin.xzid10277
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.yxxinglin.xzid10277

description ioc process

File opened for read /proc/meminfo com.yxxinglin.xzid10277
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.yxxinglin.xzid10277

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.yxxinglin.xzid10277
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

com.yxxinglin.xzid10277

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.yxxinglin.xzid10277
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.yxxinglin.xzid10277

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.yxxinglin.xzid10277
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.yxxinglin.xzid10277

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.yxxinglin.xzid10277
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.yxxinglin.xzid10277

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.yxxinglin.xzid10277

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.yxxinglin.xzid10277

description	ioc	process
File opened for read	/proc/cpuinfo	com.yxxinglin.xzid10277

description	ioc	process
File opened for read	/proc/meminfo	com.yxxinglin.xzid10277

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.yxxinglin.xzid10277

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.yxxinglin.xzid10277

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.yxxinglin.xzid10277

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yxxinglin.xzid10277

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.yxxinglin.xzid10277

com.yxxinglin.xzid10277
1⤵
- Requests cell location
- Checks CPU information
- Checks memory information
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4285