5f3d935de1f28dacd1090a4851c64d97e0300e6cf1c8f589851f12f319d7c938

Analysis

max time kernel
169s
max time network
183s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
29/05/2024, 00:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7ef152e998263addfb3770bb7be23f98_JaffaCakes118.apk
Size

30.3MB
MD5

7ef152e998263addfb3770bb7be23f98
SHA1

262a6d9ed3826815250fcbd2591a3cbd38f42edf
SHA256

5f3d935de1f28dacd1090a4851c64d97e0300e6cf1c8f589851f12f319d7c938
SHA512

5d10b9d3daa06445e983a68078635e510a10366dbff3eabe69a88e5ed4dc8b774738de7a230956d8bf43011a5671950ecd599293bdb66eac3e0a0eab5e4d13f8
SSDEEP

786432:98yJ1bIC7/WRMpDoNAZZPVXsEyb7TueTz06hQ/ddhc:b1MC7/WmMAnPVXsbnTugz0bs

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 4 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/xbin/su	com.yxxinglin.xzid6439
/system/app/Superuser.apk	com.yxxinglin.xzid6439
/sbin/su	/system/bin/sh -c type su
/system/bin/su	com.yxxinglin.xzid6439

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.yxxinglin.xzid6439

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.yxxinglin.xzid6439

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yxxinglin.xzid6439
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yxxinglin.xzid6439:channel

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.yxxinglin.xzid6439

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.yxxinglin.xzid6439
Framework service call	android.app.IActivityManager.registerReceiver	com.yxxinglin.xzid6439:channel

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yxxinglin.xzid6439
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yxxinglin.xzid6439:channel

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.yxxinglin.xzid6439:channel

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.yxxinglin.xzid6439

com.yxxinglin.xzid6439
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4251
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
  2⤵
  PID:4382
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
  2⤵
  PID:4402
- /system/bin/sh -c getprop
  2⤵
  PID:4539
- getprop
  2⤵
  PID:4539
- /system/bin/sh -c type su
  2⤵
  - Checks if the Android device is rooted.
  PID:4575

com.yxxinglin.xzid6439:channel
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
PID:4605

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yxxinglin.xzid6439/app_crashrecord/1004

Filesize
240B

MD5
13dc9ee15b03407e88767995c9861444

SHA1
78ff56b623fa5c3106953786b93c54dbcef78adb

SHA256
0df542740f3e4c6cb1be5075f252ae3460b6f2db8b1b91ade8a3235c66383bd4

SHA512
ed7d7ab76329a117e3161e13ffe3c12e4d72d5e3b5459394f580719c6f96cbb62625242d7287c0f4d49327f2b938243a5a9bec0db6f17afeb3ba728099df9a68

Download Submit
/data/data/com.yxxinglin.xzid6439/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.yxxinglin.xzid6439/databases/MessageStore.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.yxxinglin.xzid6439/databases/MessageStore.db-journal

Filesize
512B

MD5
107abb1972185d172d28ae8c3ffaed23

SHA1
ed5edf582264e728c243e14e2e2cd7258e88b02b

SHA256
9d8da0a1638a7d9b4299e3558d800b56a57f6c2cb32c80d1a729b536f891570a

SHA512
9941f82855b47bf7c37ff6985217c55591034961eee6e60e060eecfeef44f5739cfa54eb95181c0a8aa48b08c24a3967d8ac3ce9a691e2e680aaa69e66239703

Download Submit
/data/data/com.yxxinglin.xzid6439/databases/MessageStore.db-shm

Filesize
32KB

MD5
061b5b7343e82a9877a86a95c52456a6

SHA1
acfe55bb872499418b46bb4eac2d3b608e295074

SHA256
9d5205720431ccbb0c4f01d699846fe0a7a6e42e78c7d5e2f193d6f818fe62a9

SHA512
4325f5262d3eac895d498a3acf107b7ebf5e8524b1b104c5e0187a3eb01b2339e72aaa60620e398f1c910e5091cc0352456131f516f4acd0849039da968f7bfd

Download Submit
/data/data/com.yxxinglin.xzid6439/databases/MessageStore.db-wal

Filesize
48KB

MD5
2d4731092033be1d5ec9fcdf526851e6

SHA1
d26ef35844272a73a8c768e9e1f6eeb0484057fb

SHA256
27eecca356842bee6ca48a244c2d5b4423aaa675a68cfb7c06d22bd0e7199913

SHA512
f9905af8e505193859576eb2450107bd56ec8676222723a8e47e11346f36e2d7a63dec37b7a3b71dfd36ff808296f72019ad6fc14cb644c8d45f81c2c92d1612

Download Submit
/data/data/com.yxxinglin.xzid6439/databases/MsgLogStore.db

Filesize
4KB

MD5
604aac624b6ac17b51cb34fa8aeb2415

SHA1
540e756eae6061405b880cbb3afef8eda0dd7e5d

SHA256
de65659206d6dfc555c188a923e63806c22fba31351148d0d80e2a9a4e9f5ef3

SHA512
63e918a49d9e10de332cae59a118d7ee693f4b0d56db648899317085f5dfb2ab90411e01179039f0297e2b91a53dbd8414734d1aa272580e2e9ccccb71ae95e6

Download Submit
/data/data/com.yxxinglin.xzid6439/databases/MsgLogStore.db-journal

Filesize
512B

MD5
7b1bd09ede62bc94e3c3d651c0180e2b

SHA1
47b7bd69b24cccd3dace5417edb8ef4e893feac4

SHA256
205bebae891ac4947e7989c0411d887fb3ff8ce4c74f15e4fb1bbdbb605b73d3

SHA512
8ebf78130e38e38bbe1acceb0b319b15e8e5b23934569cd7caf87bd89fb3f6ad69b8158d9d41b59ffd4bccfbf55787dc5a05932f86ac43ebbcc82dd84885c490

Download Submit
/data/data/com.yxxinglin.xzid6439/databases/MsgLogStore.db-shm

Filesize
32KB

MD5
80daf13bda75f8c470e11ae83dfac746

SHA1
be0e6f9bf0f41f082ae9e8fde59fa4f0721aced8

SHA256
b1666499498e2da225aa44235eeaf0389afc95fd0972859619b8ad4713ad58b4

SHA512
a7127062e35fe942d92e56bafd2fc13e902e7cfbd66414bc632e69452a0059c98d1926544a414bbc3c50bb780a3eb594922a611e8c93a5e6cdb34faf415f4882

Download Submit
/data/data/com.yxxinglin.xzid6439/databases/MsgLogStore.db-wal

Filesize
68KB

MD5
32ea5a5ed749a52550fab1fbfc9cf0ab

SHA1
063ac7e3727afab4ee38471fc8b3c66b02a30637

SHA256
cac4b1edf639f3b83b731f8f5ceb5be1e394a8cb3b7dddca93af4eb339d8efd1

SHA512
106ee017d9b738c7e940ba29a64c55b88448f6c164899b219539f4e7aaeb0e8386c8952b33dfeb88ab50c7ea1842023b46e5008a75f2578bf4498aa4af1a283d

Download Submit
/data/data/com.yxxinglin.xzid6439/databases/accs.db

Filesize
36KB

MD5
486e2bac2b3e9e1cb411d2838a4854bd

SHA1
81dd0a7537f4af319b830ae834908986be85da8b

SHA256
5644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57

SHA512
c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681

Download Submit
/data/data/com.yxxinglin.xzid6439/databases/accs.db-journal

Filesize
512B

MD5
1eb1d006a16b6ca962e1795b105df7b8

SHA1
89ea90982092dae2d48ad670caca4a83e5059faa

SHA256
789d3891dd0d00bcda6c23117ae77439bd5d0bce4d67533c39986651270c9091

SHA512
a581d712b8c67b01ca00b97ebf0127c19be2faaf591fb4bce3fa1616c6606d791aa507eef20a4adcc39d568b240e2cb9fcfd97719019562f0b29ac34bb6fa2ce

Download Submit
/data/data/com.yxxinglin.xzid6439/databases/accs.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.yxxinglin.xzid6439/databases/accs.db-wal

Filesize
48KB

MD5
7ee7554f1519a91a44d6d18a9a1963eb

SHA1
654fa7c4fd7fee14058cc27596c39ecc6f06aaf0

SHA256
03cbb180d9045295e6a224363635c230c6dcddc104bbdd035e0c89533eb161c9

SHA512
dbb4c1397edb40b28aea82e76d30b7c2b24a895c22c7f3b5b38c6d3087bad79e1d6268e06c33123caa6fb7c371df489c00ffef699887ed2760c406f87fc36724

Download Submit
/data/data/com.yxxinglin.xzid6439/databases/bugly_db_-journal

Filesize
512B

MD5
c1dd2665d1a29ffcce822a503117818a

SHA1
a0a062d372a18c3982b41dd04ac6e0493e4738ff

SHA256
296db31cffae9484adda9a322c2943afcedc4becee7824fb31eb6e21d6678add

SHA512
155c0e6af41101f1c8239dfa1555236b82a921df9fc3295b60ccdced42ed80abc618da789f4549900cf37974b3713c3e4009777e7f5698bb91b2dc90b470e565

Download Submit
/data/data/com.yxxinglin.xzid6439/databases/bugly_db_-wal

Filesize
72KB

MD5
00cc507d72f21a09222372e187708330

SHA1
12a6695c83d3c0c93562d28b5ec1ad9383ee2e23

SHA256
66d426f416f59cd7fb3da79b0b3db4f9ec52f676ce1661e16ffbed25ae697b7d

SHA512
444bc86b186abb16c8b7136e6419207cc6747a1fe101545b29ab56515cf14535c53eb0530529d4d44e241594f0f7a693731e4c256ef5468b5b27111caa76cf3e

Download Submit
/data/data/com.yxxinglin.xzid6439/databases/tencent_analysis.db-journal

Filesize
512B

MD5
935d071df9ab2f100664a1329646318f

SHA1
5bd647325ab60a6146ac1ebc8ef53ece763d73ae

SHA256
9979dd5eb767109f915df167d21b500d5db5bc75a7a5d928dbcb12ede7d51197

SHA512
476ba971c2b4c1b3859fce3010343e440e609947de759f3a547bc411d5a5b44018c701c667adda787877511a5f9e22893f540f5695896cc6eb7836d18d590a54

Download Submit
/data/data/com.yxxinglin.xzid6439/databases/tencent_analysis.db-wal

Filesize
76KB

MD5
0dc58ea82d93995a1358f9106dffc9d3

SHA1
cb9e1a4783ced9b1cd7e658d2c1ecaaf3b39e86a

SHA256
e4d964f0b25c0869c2a5978c9c60d5ce05d4c16bdc861459b3c1df0e0ae9c24d

SHA512
767099e61d23e6ceb52689db887042a430db79a55bd4acada533f84f6d36c095f54e54707ee52e7e8c40f90401deb5478cb288de4e6909a83418eb550b886ecf

Download Submit
/data/data/com.yxxinglin.xzid6439/files/cclogs/2024-05-29 003344.log

Filesize
1KB

MD5
1ff1883afdcddb7fd102287e058d70b6

SHA1
18a710748639a893b53051943edca8df735d8f94

SHA256
f1b014d887047fe994b38e13f65ddf8193c068f5807144ce0465f1b9638fb111

SHA512
f46a23930abc2a272fda80dc05e7e8cfb31baf5b31263586701f559012b5d64eb4cca472228be33a1cee687f7fee855737250173c6d9a853e681078812fe450c

Download Submit
/data/data/com.yxxinglin.xzid6439/files/com.tencent.open.config.json.101400326

Filesize
1KB

MD5
f526172de1566b34fdcea744710d9559

SHA1
000cb54d9a008a807a1c5a3fd2b2e7cb41e7939d

SHA256
8572be02b59f4d514000939ec04a9b4e2380c55265256b724a617d8d0f4c6940

SHA512
dc81f0fe345b18c96b1638c67b9ef4c5e60059dfc4a02f3c30a23645d4847abeef46cf467d044c42597115c48052ce0e8ea24328382114a544c5dfd039a95e7d

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
b1ffca58bf8ff1a8941c0b254f804ef6

SHA1
91c490bb781edc5acf51a2c8a7518fa0b3035586

SHA256
b810ab7e5643c82b241d985b6467d987660cb89edc5a4e4c6f69c34ba30d2353

SHA512
2bc1d195f0f6483f66a4a0aa970d6a6abbce917a629177952547742d070dfab74f90abaa4a8979961b745886c45e3b76890ca450f440bc68c6d59838dc33ccc8

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
bbc9321a4e29e3ba0bd7a951cb9ed8e4

SHA1
83620665457e255f67c386127351dba07fa15274

SHA256
e63f8b35ae1be782ae062084fa6a9cab843aa752a64de7f63fe4d5104c47475c

SHA512
eb083529f19bb590bee7bb86d3c8e3bea71c9968fa269df1ee68e521ab77daf3a356ef5dcd0d52d327e3e87db9f32045ef6037acc2779d95833a488dbba7363e

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
381B

MD5
96901bd8909dbfdd71e390858b9bf06d

SHA1
6d93ffb6679b43aa0c86ea77424d3f622c540e4e

SHA256
966fdac12141ba83a61eb44add3a1e52075e3a4c24730e8c2bce98dc19b41829

SHA512
fce6b3e1a27e5cc73fd0805be0a3f8252cd451ba6e065ddae53e3606eb437b62bcc4fe20b23bdcdda2711e4250f5e05d3432fd89f24decb9e3f71c28260993e5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads