82b00dfdba53399cc69f377ca8ba5d7cce68f54c919edf5bb063288ebe81c268

Analysis

max time kernel
156s
max time network
186s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
29/05/2024, 06:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7fd0df7db83aa4d5c57f8b433c8e6c4c_JaffaCakes118.apk
Size

30.2MB
MD5

7fd0df7db83aa4d5c57f8b433c8e6c4c
SHA1

903022747c42c5ad1fac146fd057723f5ace3816
SHA256

82b00dfdba53399cc69f377ca8ba5d7cce68f54c919edf5bb063288ebe81c268
SHA512

b0f829b9a1ececf4cd706d2204765e391da658cdf60d290fedcf19d23aa9e4b29b7f4f10b0ae8469654247376e71e3703c8be8d2b0d61310476c45b68850cd88
SSDEEP

786432:kKOXvpRq83UX+WpTLgZPdwoksh6ZwLMYoq2rE0QrYIC7yplX8:+p4rvaPdpksh6yIY3yELPC7yplX8

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 4 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/sbin/su	/system/bin/sh -c type su
/system/bin/su	com.yxxinglin.xzid39277
/system/xbin/su	com.yxxinglin.xzid39277
/system/app/Superuser.apk	com.yxxinglin.xzid39277

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.yxxinglin.xzid39277

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.yxxinglin.xzid39277

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yxxinglin.xzid39277
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yxxinglin.xzid39277:channel

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.yxxinglin.xzid39277

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.yxxinglin.xzid39277
Framework service call	android.app.IActivityManager.registerReceiver	com.yxxinglin.xzid39277:channel

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yxxinglin.xzid39277
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yxxinglin.xzid39277:channel

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.yxxinglin.xzid39277:channel

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.yxxinglin.xzid39277

com.yxxinglin.xzid39277
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4264
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
  2⤵
  PID:4394
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
  2⤵
  PID:4413
- /system/bin/sh -c getprop
  2⤵
  PID:4580
- getprop
  2⤵
  PID:4580
- /system/bin/sh -c type su
  2⤵
  - Checks if the Android device is rooted.
  PID:4610

com.yxxinglin.xzid39277:channel
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
PID:4636

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yxxinglin.xzid39277/app_crashrecord/1004

Filesize
241B

MD5
0087eb901d1cdd9fba9bac7d6b65f5fe

SHA1
b499ccd568617ff1bb7328279ca85be0487390b7

SHA256
cce6d995ec8f05e18d0c817a1bc412d79c4322e99729e59dc1ba9ea4eb8ff69d

SHA512
2fa5965884a3befa037486edb50e32fc7e331d436074b84726000dccf9d792ca8a9a1c53282ba493782005d71050ea7e71b9a102d183aadf1a1e8e7e0311bed8

Download Submit
/data/data/com.yxxinglin.xzid39277/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.yxxinglin.xzid39277/databases/MessageStore.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.yxxinglin.xzid39277/databases/MessageStore.db-journal

Filesize
512B

MD5
d11b1f82bdf0b76aa7c48a8f5e55e04e

SHA1
ebf1d628b6e9575e89a4f467bdd73d4157e924b4

SHA256
1eb31c636f906267e97a10e199b60aa73443d91d3608c646fad38656f1154730

SHA512
20c5c0334a9febaec10a52e4a4e1acad88c494f39ed042434fcbde0fe9e1310e3dc845a9a8706fecd5ebe3f51273c9301e2b83fb1b2c2e1e90923f4d5013ea97

Download Submit
/data/data/com.yxxinglin.xzid39277/databases/MessageStore.db-shm

Filesize
32KB

MD5
267da978e1a0d7d804f0e61248363b0f

SHA1
17715e71f28c0aa97ccf0ca030c57b60e655a409

SHA256
739374a1291d96fca90cd0308da746934607c7879b8d30e20e0e2e4f3f532226

SHA512
324fe378675c334c81587898717a5a41c609e58a9e2f1852195037d276dc1a9d6a9c6b400767365e97f28d9fd59c0c5cb831c7eb42feec2c3efc04cdfa72d429

Download Submit
/data/data/com.yxxinglin.xzid39277/databases/MessageStore.db-wal

Filesize
48KB

MD5
2d3e477a0f0ccf2532f2407d4970c661

SHA1
e22c9ca6fb1a148502e90691fd17353df9e65eff

SHA256
207c226ecaa5a7254b1dff4ec103956caf02f14c2117e8c4fd1eadfca0e140e5

SHA512
e253f6b987fe4058675ea4c69f71cc51deabd0ccf6145850ec1ca302767d1baf92dcdca17d4d1d2a8461c4d897288019cd0fb194cd83431136325a0b40666616

Download Submit
/data/data/com.yxxinglin.xzid39277/databases/MsgLogStore.db

Filesize
4KB

MD5
5bcaf58181823f20e01e3f0ac525bd09

SHA1
51814a64354b8e6592cfe07f55d9aaad450080df

SHA256
6c4d5f3f4aa7c04a7e4a52a96c33f7245da2db9f8efb9fd727771966aecd12e2

SHA512
defcf50d05bc9878fa6607f4c6152909bd137410e8eea8627143623f0ea81d2fc447e6ed4aa7714f07bfe1a9f45f525f426cbb7111c4f9dacc2951da5ffe9ae0

Download Submit
/data/data/com.yxxinglin.xzid39277/databases/MsgLogStore.db-journal

Filesize
512B

MD5
f995a9772175fb6e3e651a66df1be668

SHA1
098b73423e5267cbb356d64bdf87ef75f1f8b88d

SHA256
a9b932f5f00c1ad73fc9b812c8e6ee9d6604ebfc29e5d55ccbcf0e66910d6740

SHA512
359bb1da53baf5be34ff632f2d540b7f40c67b94a0829a5ddb5cb7112c243f1d08d1dc5e718b2ff929b2d6442638359cfdc3f48ad8bb7718ef516f0465988c49

Download Submit
/data/data/com.yxxinglin.xzid39277/databases/MsgLogStore.db-shm

Filesize
32KB

MD5
0886e633afc412fcf189be4a63790d54

SHA1
3273570b375d6dcd6955a9c82f539b330592f5eb

SHA256
0d8128bf8f36e7c4ed77825c40ba14b2782c44c8adb570b93c83c0c029dcf9c7

SHA512
7e276e3882b983c5a3c658cb8afe8159529c2618f59650d56b82f51904ff33184d8ec9b839781cad776ee7b2a4097aea7faac45faa16885244e5293a0ff91f72

Download Submit
/data/data/com.yxxinglin.xzid39277/databases/MsgLogStore.db-wal

Filesize
68KB

MD5
90aaa47db98f837fc54d504f28afb3ca

SHA1
0415b2ca54e3f11b9326cdd96e1dbd2bd9eb52ab

SHA256
ccee21262f3581466ba6a953595ada0429dcbcb85ed635c9585d84f321b0e875

SHA512
6c707b1606360191ed915a11e0e792cdd42af0c9036720dddfcbfc904228b897a852c4f2035835c183a9c9426de56fee1a1076e7b331d2945b491b6c2155037b

Download Submit
/data/data/com.yxxinglin.xzid39277/databases/accs.db

Filesize
36KB

MD5
486e2bac2b3e9e1cb411d2838a4854bd

SHA1
81dd0a7537f4af319b830ae834908986be85da8b

SHA256
5644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57

SHA512
c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681

Download Submit
/data/data/com.yxxinglin.xzid39277/databases/accs.db-journal

Filesize
512B

MD5
4d368edbbae803a1a6d948b441685eb6

SHA1
a85bddd3e794be655ae5dcddffcc148ebc926ab1

SHA256
9f090bfc79d9fc3d12cd53614a4f0c0d9b091d1435fbc9f1dbd28611580c7b82

SHA512
0570eab4081900b7d80082ba1909a69dc0c89fd92da9f9feaa74d730a0a0a72742007d33150190015384ea813d5400af29c6bb6f03b8c9a3d0cd666821c3a599

Download Submit
/data/data/com.yxxinglin.xzid39277/databases/accs.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.yxxinglin.xzid39277/databases/accs.db-wal

Filesize
48KB

MD5
3a13480eb812bacd37fe3816ff42f733

SHA1
15b888039acbdcd650b7fb355ef1ae118d5fb1ab

SHA256
a07dccf8b3abd5fd94ec96c2d1ed008851eafdd816b7408da242a4ec52373b1d

SHA512
68070b5e5bd5270f7e548d7cc244d6a07b868758964874515e711d453c1f9bf846c695fd8ccb3dd5ca6455adc676667177e7eb4b2ecff10bfcd477b02b961e5f

Download Submit
/data/data/com.yxxinglin.xzid39277/databases/bugly_db_-journal

Filesize
512B

MD5
fc6d54f8493dff2946fa1e5a71bf7c93

SHA1
90ef874900fb44ce78166a761ef6fe8629344504

SHA256
f465921b1bc9fddde1c8666f70f15d4aaef9896fc65faf40a95a273a4be5510f

SHA512
07707b74b983ab51a83d0b1d86705beeebe00cdf4135b4ecbf084c9fe0c7a3c871a287ea989594f55549b61d7e2112a29a2846b9194a7ab1566bf4d41676f631

Download Submit
/data/data/com.yxxinglin.xzid39277/databases/bugly_db_-wal

Filesize
72KB

MD5
ecb15f584361748821021a3d9a41b9b3

SHA1
542419dabb789cac5a9a4f90a3c710119ca753c5

SHA256
6abd20449e17fb77f2fbb3010aab092e8f02d154339c8218cbf1cb939b68469a

SHA512
79bc15a63d3c96f08542b39f45a485400b4fd4546685260731ff53ad711bba92d78cef8a7397f0afa3616f87874b3c57ef2cafb236324ab46f18db477afe18d2

Download Submit
/data/data/com.yxxinglin.xzid39277/databases/tencent_analysis.db-journal

Filesize
512B

MD5
118c7e226719143def051cde9e04fa28

SHA1
3c297ab3f54c4d645aaf68396b8e067eeaf546ff

SHA256
6143cd50b0acd827a56574081c88ed80ab12d38c40891b7811fd0c4179ac8bce

SHA512
58475c9ca5522e387151d077a53ee0eaa71d5c9d4325c18a4a458ff65b23d47ec2d93082837d637cef0ce39ee44c2ff66fac19fabe58bee5841310771db217fe

Download Submit
/data/data/com.yxxinglin.xzid39277/databases/tencent_analysis.db-wal

Filesize
76KB

MD5
218b1b9a0b92f653acf1c0e0ca2a46f8

SHA1
dcaee4cc8d8607afeaf5bf279431307b9a1974d7

SHA256
b1e1cf4c4285d212a4c4850e2b4d02061b9ed3866690958e6298c34d3d6f66be

SHA512
71df42ac4b0aabf09be7a96746863db522055a0ecfa7d9d21854bfc861d55cc474c5383dcd6093f069351e28e48b2f5c5184e41a94c7d9c0543a710e377b4655

Download Submit
/data/data/com.yxxinglin.xzid39277/files/cclogs/2024-05-29 064044.log

Filesize
1KB

MD5
de045ec5e6b8a93e01835bc7ad3776d5

SHA1
cf79e9ff8665328ab1da0a967fab34bb3c5fa1c2

SHA256
78bb95c09ee18a1ea892c4d7070217e65dc41c8ef71b4e2458e231059232a360

SHA512
6912139fc5f94cf7b0e88fee0a608293e7188472322d79875aa616e9b62d606e9ad234b1bdcf3fc56d5cff6470bacff16af39fd895d9d22bdc8f249b03f37b29

Download Submit
/data/data/com.yxxinglin.xzid39277/files/com.tencent.open.config.json.101400326

Filesize
1KB

MD5
f526172de1566b34fdcea744710d9559

SHA1
000cb54d9a008a807a1c5a3fd2b2e7cb41e7939d

SHA256
8572be02b59f4d514000939ec04a9b4e2380c55265256b724a617d8d0f4c6940

SHA512
dc81f0fe345b18c96b1638c67b9ef4c5e60059dfc4a02f3c30a23645d4847abeef46cf467d044c42597115c48052ce0e8ea24328382114a544c5dfd039a95e7d

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
5701a5c482cf5618e3453b946d7f4cd6

SHA1
4b69daec1a00b49acb4d1623d098fb681a5c3f92

SHA256
546fd249c31f62fda0fd7661fe2bc80533667ee0d4e1a7ee0a9ec4246479f4b2

SHA512
88c2f8472ca55f0a7cf3a4ffc1114697239cd9a43c52d3cd268845bbba248c50821ae3bd0957cc341ef93b838b3c42e51821aa2b919ada181b26ae87f0e9706a

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
0b6503e402ac5cdbecb566d2369e8bff

SHA1
ceddd4c4ef492fcd77e7468e493b89fb6b3c778e

SHA256
e85821eb0c5de2ce227e0a0fc76b5c848005ec834c71b9e3712391888e6c11c9

SHA512
56b1c1c42229f7d3da96648b835196bb631ef2f7a23429dd32234464fdc4864a3343dfc92fe5dcfbee1e5f130ba7b23f836fe5c7f6b224afd148e0b68e720b6b

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
381B

MD5
5abb58d7b87504b8745fd3a1894696f2

SHA1
ab5bee2c906817af7b1a61830b18eeb5de8c9ff5

SHA256
75bebdf340e01fd34ea89e584313606e4fb7ab2b680f528ba093a1e683595436

SHA512
1dc544d18d8b10407852c92f224807e139c7e406e740b0e75578fd417cf35dc4e0485abd1a55cc7f828583d5df184e4888bb2eeb980dee0b838e3b78e27883fb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads