35a4285fac00fd354674e12fd98380ec4cd9a23b15919185d00d1ca86c6cc558

Analysis

max time kernel
179s
max time network
179s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
24-05-2024 20:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6fb830bd4002ffda8461b4940692e412_JaffaCakes118.apk
Size

17.7MB
MD5

6fb830bd4002ffda8461b4940692e412
SHA1

d928505ce3ff0417b497ceca446a7dee73a163c4
SHA256

35a4285fac00fd354674e12fd98380ec4cd9a23b15919185d00d1ca86c6cc558
SHA512

6c9b5a3d1442d8cf78d5ee0f44d759a2ab3435e6c2dd192d780b0d793e4e71441bb1dbda1b0e0ff1a162aa1831be7134ec304e5b4fc170a83a1f3402e0b2c5d0
SSDEEP

393216:pMx+TCmbI9+6r9eso9e53J9N/4kHM0k/R0nmP8UYccv1LYz87nb:pqhmbSjlo923J9N/VNo0mPPcvuz87nb

Score

8^/10

banker discovery evasion impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.kingnet.xyclient.xytv

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.kingnet.xyclient.xytv

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.kingnet.xyclient.xytv

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.kingnet.xyclient.xytv
Framework service call	android.app.IActivityManager.registerReceiver	com.kingnet.xyclient.xytv:pushservice

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.kingnet.xyclient.xytv:pushservice

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.kingnet.xyclient.xytv
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.kingnet.xyclient.xytv:pushservice

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
25	alog.umeng.com

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.kingnet.xyclient.xytv

com.kingnet.xyclient.xytv
1⤵
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4299
- cat /sys/class/net/wlan0/address
  2⤵
  PID:4511

com.kingnet.xyclient.xytv:pushservice
1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:4326

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.kingnet.xyclient.xytv/databases/ThrowalbeLog.db-journal

Filesize
512B

MD5
8489c27be0ff202afadbca36e69f9b3b

SHA1
df7e8aba5d62a37678e570e19c5fa0453a0ce88b

SHA256
cd6b6254915e106ab2ec05642d9d94269f6bb72bc91edb7961afbcf10f6e54b9

SHA512
a4d882d518e0b7332f787942cd3793b7084006be365a1c560b28aabce90c98778f625844dc03fef2aa21e3e367978ea0a1255f2675df15bf9dafd0472f25bab0

Download Submit
/data/data/com.kingnet.xyclient.xytv/databases/ThrowalbeLog.db-wal

Filesize
84KB

MD5
045915127bce277e88cb50306c7a08f6

SHA1
d7d816aaf2820d8473248da70c2787408d3899e9

SHA256
b71d476c9efd9c098f7f7aefb4214ac8f21da9ddcb42f90e4759e1f97aeb1628

SHA512
972eb739f931e7a63ef508880b117fae3104f5d183f3c787897807912d95fb0556e6808f705b3afb282a97270222e55b5a80a5f38fe9d23db63bc8ad9f88a62e

Download Submit
/data/data/com.kingnet.xyclient.xytv/databases/banli-db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.kingnet.xyclient.xytv/databases/banli-db-journal

Filesize
512B

MD5
c6e8dcb9239559a23a83fc36ab93c216

SHA1
ecd869956a11af00fcd17ea56ee00db5047f49a6

SHA256
4304113e4824c7b8eed18613d40a5ec54468d3e9d361aee6b0785743b6ce4315

SHA512
c91bdb806523cef8903f17dac7b6814873e0846ad40b7b5f81d8500664dda8c7f0fd58a41abfd5bbdad263458dcb32cb19cc3fc8f34a216b47707a0eb0fd2720

Download Submit
/data/data/com.kingnet.xyclient.xytv/databases/banli-db-shm

Filesize
32KB

MD5
366676e3a7f7550b36059e16734d9b33

SHA1
bcf138be79550037a772d462bb656bd4a2d2cfc2

SHA256
c294c138b43e927eb326524e885b22346d1814f82c0987ebac4c345437970302

SHA512
69fbb85f953306e119b26f3d454d5e9c5b27649a99e4ed08f6e7188525bf7294ffa9341cfb0ad469bedaa47eb46c462b18f0b69e32303e7707893a193306c59e

Download Submit
/data/data/com.kingnet.xyclient.xytv/databases/banli-db-wal

Filesize
32KB

MD5
b1f73ca2d43d1886141c327d8ee464f7

SHA1
8adac26a39bf6fe39106d538942fb4d8ec8b7eed

SHA256
fc11ded8ee859a5c89eafb1b88a6709986cf6b9ae2b48955d3a33cbec6c4b913

SHA512
856e59c115de082bc02057a0b2df88d783512ddcbbba1e5d22e8fe3a5ec28f0e3ca0b56c5b5b0174201276fadda5dd88a00ea4374bfe0fb5cee7d58710fcbabe

Download Submit
/data/data/com.kingnet.xyclient.xytv/databases/cc/cc.db

Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/com.kingnet.xyclient.xytv/databases/cc/cc.db

Filesize
36KB

MD5
fd348517c53cc0123970ce8e62ef4e7c

SHA1
8bc6f0795a1760379c4798f7ba42dc205e5d7268

SHA256
228f6e9064a054413346021406992e4b7986c0ba194e0d8e05952073de5b811d

SHA512
424dbb895a064bec378dcbc99227166721c51cf416ac2d5edc522725d281895977af66b530fbf4e142f41ec30422748c5a239ebd859dba34143447b6fc67a94a

Download Submit
/data/data/com.kingnet.xyclient.xytv/databases/cc/cc.db-journal

Filesize
512B

MD5
883e98df3d797afded8c3ec41f9870fb

SHA1
fadf63a55af36c7bccc09aa8799c4aa5849ee1a2

SHA256
18c64c4067cb03e64c0753bc3f87153bf37a9176b06c0053cb44fcc31caa2580

SHA512
297f8e1e06be2cd9409d65dafd773ffb6abc4d62b27d5fec2e14c8be2fa0416a6fe523418e45b5eeddee89672ef7f1f25c89f0946c6db453dfcc38842e259cad

Download Submit
/data/data/com.kingnet.xyclient.xytv/databases/cc/cc.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.kingnet.xyclient.xytv/databases/cc/cc.db-wal

Filesize
16KB

MD5
6ae2e75497f6e5f3c6f77ad995978121

SHA1
fbecce66e8a74e09f80745b761dd8c8cf4a3f739

SHA256
0ea6987164297de1f0b51ff29df81e0176bb41e87f2793c96c4e890e9b0271b7

SHA512
0e136186b11411ce2254f3c977d5be5bc837f812a36b78059c26a9eecd9724c582388a6909e486557f0df917bb4aed8289f81fa8a199ec5e56c3c304fa69fdc8

Download Submit
/data/data/com.kingnet.xyclient.xytv/databases/cc/cc.db-wal

Filesize
181KB

MD5
1a756e5fd2362ebaefbbd2e2fce6752d

SHA1
c4b0573df977f0633ac2ba9fa42c7a67e0564c54

SHA256
525cded0c9c4309c31d5a9b18803f481747882d68ce1d581c26bc806433cb64d

SHA512
d3508e88031f0e3f4347f853bd7f069f940be6b0cfc37a69421d724f98d4c6c626d376774be5ab651abb7f9578c82c68e6e357a63c7bd200976ea8f4461987d6

Download Submit
/data/data/com.kingnet.xyclient.xytv/files/.imprint

Filesize
1001B

MD5
ec41eacc144061f93770d62ffe0f0ea1

SHA1
1a5eeb10a503632b32098416b55470f0cc4f56d2

SHA256
24079ae2ed0b032cc4aadfaa7a3c1762f002b964f3fe01351f13d3376771ceb8

SHA512
2bb178a1cdc358625f250e022b08387b9b25f2ac76fb1e6b50643149e807d90c183635d12500e16de6e17c92ee4f5f0d1a047e5a8379ddd510a962f8eb584f55

Download Submit
/data/data/com.kingnet.xyclient.xytv/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
75913157a044adb6e7eb77539533694f

SHA1
2b1fe721fcd5cebfd7b86aebe347dd5c1fcf7d57

SHA256
5d08a0213d5a0ad2178de9863e5ea67a1797278b190cd1f562f5434ad78d7788

SHA512
be06e599c49e8bec52d5303e3cb26d1814d88795eef1d955e16a489d50b4cc089ef4271aa2d5b89fe104815246d56cbd933e7974ba8eddaac65121cfae8ee007

Download Submit
/data/data/com.kingnet.xyclient.xytv/files/exid.dat

Filesize
59B

MD5
f70c970f257a7de8f9ee7e9f41512b84

SHA1
3a26845e7ef201591bd4fce3882006dc3b735eea

SHA256
d1b2390b33162848451506b28416de362c7b462cfb823fccb7560d714016e47e

SHA512
820e1d8903bf711a50b4dc1603f40ab0823dd1b06955d3803b827d55907a45cea552d1624f55c08d547f58d590aa23ea16166652d6404979d38a00d6f6c5bc6f

Download Submit
/data/data/com.kingnet.xyclient.xytv/files/umeng_it.cache

Filesize
498B

MD5
93d93a8c510d21c01421190fdc093122

SHA1
3ddbc8d74de66cde178398e701f4c5e86aa5f94a

SHA256
6a6394fa8a96709fc63a07f218bcb69a4d27d275eaf7f1835e2940fbd8c72221

SHA512
8cd90ed7dd4c5a5440c23c34cbe18d698a324e57589df78b42d3e10083938644bddd5bcf6aeb0c68164745f0ce9c0a5ea700e3de9bea617bc1ce22981896b4b4

Download Submit
/data/data/com.kingnet.xyclient.xytv/files/umeng_it.cache

Filesize
253B

MD5
8eb3aa1c9e7d51717c2bd92bf3adfa7e

SHA1
a3d795b2e07c5d01048d11e620a31359c1097902

SHA256
a7b4a4713445ddaf5437ee8a163efe5b7d1711bc5d0333e2fbca7840549201b0

SHA512
b96dc2684e7ef0b4d36b28d909788ffb0f028380b87bdc8aa2d8da9cc1800a89b8387ebd7e7a3c87c9e5cae353d13c95d2fe231648c23f816b13f325646b8b21

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
c410ffa994fb43e82dd37fe80fcf7518

SHA1
02e87a8fac9a30adfbea12250ce586a80fc0d946

SHA256
81630fe8720f717d98b47af74e50b9e4db52bf23c89715e00ae7bb8c356ad08a

SHA512
5ad295d7c5daab01aee67bd1d90eefc0362b7f44b5ab6c08667ad9dea53bdd0308af19a825683d0004de6a074459e51238113f8e9aa7356e69ff8aa05f9b2f6a

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
95e113c73117635366e11a104f55b36c

SHA1
aba47e607257103a30188aad7b2a7b0c8cef8200

SHA256
8ad4c22c40180b4dced7bf5459a44457c3bbd64bdc2054b6cb433a3899050ecf

SHA512
d48a4c1f7aecad2c78714a2f5957c3905417530f21685e46a77db9a1ae30304017d1d5a3013e61bb89b42a239bd490715ac932bbe3ce594adaa17e6e50cbe857

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
167B

MD5
ee621fd987240141280fb9c85303ce78

SHA1
53b339f470cc85ef20078c2d2a76748c1b0b69a6

SHA256
d94f91ed7daac55878d9a3ca93fe5ed5a1b9a0f9eb21843781b5f8096e134cdc

SHA512
810472a0bde00374fe84418cf452793d1fc35ec0a0710c75490d5b1cb423b676b15d2f3d2c6a9df1b906e025ae3f9f3932d7804bfbd59ff3fbc97c1fce07b09a

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/Mob/.ba

Filesize
373B

MD5
851a6fd1db18e27786115fa8a7a7ec90

SHA1
6e3da81fd995f93fddce65da018cb04991747665

SHA256
a77aaf7829211421d44a150162b96ab26c80c96ae7036f2fbc55bfb5b10da714

SHA512
e5f08288d81226858d1c302c864e93ad0fae1b2f85346c4fda81aa20c81e31f672dbf2800a5796cc6626b1ffce454dc629d5ec7fe74bc89cf7cdf7e81b5e6753

Download Submit
/storage/emulated/0/Mob/.ba

Filesize
472B

MD5
166d27a7d33c4c846ea1da25e98b5122

SHA1
0ee1620bd7ad28df78c4d6aff95361082fb0e906

SHA256
144d8346073d12c604e6a16de20a80205e7e06df1ac0897eba2e7d48970443b2

SHA512
d76c3c216e55a1d3a7d671d030236da4b3fa589ce2cb707bc3d12ee35c1c24c544d185b21aa3cf065136c5ae0dcd967c77ffcceb4cf6f31eb570aa987c252aa4

Download Submit
/storage/emulated/0/Mob/.dk

Filesize
107B

MD5
54f2b9c177bd0409bf680ca8be35cfec

SHA1
6082782136b443662856c3bf9197ed85ee532389

SHA256
7957374210b906fc69417b2866151ba19c088eb20808278b2f16f614ccdcd278

SHA512
ba4e4b38ea9277b220da8c697d9801360088c1d8222560caee4841c516f290925820b6d880728f20d66608ff9fa2c7d378659894cf3462bd87f4679df746a127

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads