837f3f3c143133e01b38c815f15e334b96a5c9d370154fd334b803789c62ebdc

Analysis

max time kernel
156s
max time network
186s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
02/06/2024, 17:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8eee82f76cbb5c339f09b950c4bc3c29_JaffaCakes118.apk
Size

30.4MB
MD5

8eee82f76cbb5c339f09b950c4bc3c29
SHA1

725cf69de780bb16063c19e64bb3a030192cb8d4
SHA256

837f3f3c143133e01b38c815f15e334b96a5c9d370154fd334b803789c62ebdc
SHA512

4a00c65942664fc1eb914881e374a496ab9c436cef57d07f4514cf7ab47ca3ee10aede789503e2a644367bf335df8c62586f6e98391fa19b5cb6da7cbb862f6f
SSDEEP

786432:ac7k1FIC7/2BMOTkZcRZPFssEyHHbyGhs4e7Q7K7LO:y1GC7/2WJc/PFssjnbyms4mm

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 4 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/xbin/su	com.yxxinglin.xzid122977
/system/app/Superuser.apk	com.yxxinglin.xzid122977
/sbin/su	/system/bin/sh -c type su
/system/bin/su	com.yxxinglin.xzid122977

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.yxxinglin.xzid122977

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.yxxinglin.xzid122977

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yxxinglin.xzid122977:channel
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yxxinglin.xzid122977

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.yxxinglin.xzid122977

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.yxxinglin.xzid122977
Framework service call	android.app.IActivityManager.registerReceiver	com.yxxinglin.xzid122977:channel

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yxxinglin.xzid122977
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yxxinglin.xzid122977:channel

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.yxxinglin.xzid122977:channel

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.yxxinglin.xzid122977

com.yxxinglin.xzid122977
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4323
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
  2⤵
  PID:4419
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
  2⤵
  PID:4440
- /system/bin/sh -c getprop
  2⤵
  PID:4494
- getprop
  2⤵
  PID:4494
- /system/bin/sh -c type su
  2⤵
  - Checks if the Android device is rooted.
  PID:4544
- logcat -d -v threadtime
  2⤵
  PID:4576

com.yxxinglin.xzid122977:channel
1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
PID:4596

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yxxinglin.xzid122977/app_crashrecord/1004

Filesize
242B

MD5
13965a1e2ae00252c24bd77dc0b6366b

SHA1
7e0f4058c75083d134680793885c14958fe9a8b2

SHA256
80f44efc33d43475d759c0c2e7aed5d6908e485bb7a0e9b5f48cf2ad65b503e0

SHA512
91c1bdf27d755cdb95a943a9d3705570009fac5875fc5170c13dc3fefad21b1bd706ddbee153627b36607ea5fa2cc34aa2defd65f79a5ccc9e613b8f7d5216d0

Download Submit
/data/data/com.yxxinglin.xzid122977/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.yxxinglin.xzid122977/databases/MessageStore.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.yxxinglin.xzid122977/databases/MessageStore.db-journal

Filesize
512B

MD5
078134c2304c20c2548af4ac9a82b701

SHA1
4eff5e3874c6929ee96795d566381b9ed3ac32c1

SHA256
62198c10235870b289c88e272ced6d8f31c8df1b6373b8e30444fe0400cd456b

SHA512
79539e3ea0fe6ab46f08563b346e9479add9f01e5215234ca2d143cbb7a4e80a9da7e132364ab27258c03c1135b6d271222b09542532e2dd21ddf16b18b1b76a

Download Submit
/data/data/com.yxxinglin.xzid122977/databases/MessageStore.db-shm

Filesize
32KB

MD5
71f3ced1369ff4c196fadcd0f9d93166

SHA1
714a3d31a6f5818c38b80f23490c8a56e5748ff4

SHA256
fbce1851f2fcee111dca8ff7131b52f0d89ea1095b89c8bc286c11484815650e

SHA512
fa5f8cd72a4361227aa73397a726927f3954a19f87316af8cc62692c996ec7f7dbb063d639c267a8af9ae490940c7e8cf87beaa9158ca06c066934d57e0c9f15

Download Submit
/data/data/com.yxxinglin.xzid122977/databases/MessageStore.db-wal

Filesize
48KB

MD5
968d74599a2983b2298c644059487b22

SHA1
91ce8c63be219012e3e9b4aa0586a2d0f510e248

SHA256
a973cd5649786b2be597d8fbd3cbd60eb62593ea36f7224e8a4cc0835f1b745a

SHA512
c13e4816865f1ad135829c54a59552b612ab5067902eb85f0d7bd327b6c2f7efcf2e7f4af7e0fc05a907c70e3a68cb9de06ecdc12236ff211e078e9a59f99b53

Download Submit
/data/data/com.yxxinglin.xzid122977/databases/MsgLogStore.db

Filesize
4KB

MD5
5e556ea1ae763731a3094eafacadc722

SHA1
393a432d905095e7cf166ef29ed61654dc0445e0

SHA256
c993ec7c6a4195ba7f00ba9c85b5c00d4fded02082794231f52c23d9ee2106e2

SHA512
ec7017e804293edb8ad653b536c99071dcaa032a8864dc87772645578958b2db044d5ea12eec515941ba47f13fe9965e89002b1aad830262e5c017e3b356b11f

Download Submit
/data/data/com.yxxinglin.xzid122977/databases/MsgLogStore.db-journal

Filesize
512B

MD5
37582f1ed31ea4dd3f6451d677ad7a37

SHA1
68ec0af9ab117488ed7f226265b5a0058e3b3379

SHA256
27aa2f7c67b674c7ffefb13745310958ff4e2c9c13754b6aa7a3fe949d47e76d

SHA512
bb014fbdc3974b17557e7c45cf823c96bac482fad3c90b216fac5563184b9f2ce1c5ae138ab96290f3e40a7448ba61f1a9d1592c20dc59014458366b6e54e59d

Download Submit
/data/data/com.yxxinglin.xzid122977/databases/MsgLogStore.db-shm

Filesize
32KB

MD5
4d60278728c8667bed1f153ca8a29cc7

SHA1
78e775aecba0c9f51219da30ae4f5bfeafc10e72

SHA256
7e5de2ac655daa3218bb7a3d97b6a792a1bd6165049edeed437b71a9dcbeda7f

SHA512
0f7689d52a9afe4a89abb8482871c336eb99c872895b6cd02d4bcd9bd08f1f574fd5d666aeacf62d9b112a66c9b22bddae50e3829f95a27a67c78e2c1b83de52

Download Submit
/data/data/com.yxxinglin.xzid122977/databases/MsgLogStore.db-wal

Filesize
68KB

MD5
1a52ee32282e04a4fa0502ed17a5fa76

SHA1
671081ce0204c27dd2d759e5054b5558376b550c

SHA256
a256de81eae2b815fe8a06573f22d1d45a2d9053512472df21c80aef4ef627c3

SHA512
90185b9ef546501af4e5954dccadbde9ff689a08d0caadf873c0b7c28a47d503555a31eb98f7e36c43c691d877a1765d5691ef1e36629c7355a76af685ff5b9e

Download Submit
/data/data/com.yxxinglin.xzid122977/databases/accs.db

Filesize
36KB

MD5
486e2bac2b3e9e1cb411d2838a4854bd

SHA1
81dd0a7537f4af319b830ae834908986be85da8b

SHA256
5644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57

SHA512
c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681

Download Submit
/data/data/com.yxxinglin.xzid122977/databases/accs.db-journal

Filesize
512B

MD5
2aaa8dd3720cf76fbfdd8304e8dd053a

SHA1
d50c1ace2bbdc0ad18b817b9cf376ef877c56554

SHA256
1595731b7aee909682cb574d329719a5c6aee13e6a3f53f911b24b778fd1b016

SHA512
53cd12d07437abf2882eb38c5f41aae1730b21a9c3c3af6cde534161800f51756f1885e7e0ad2aac93b8055825e3ad0c5695b2ad048c2e9ed93d8bc14aa3ff72

Download Submit
/data/data/com.yxxinglin.xzid122977/databases/accs.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.yxxinglin.xzid122977/databases/accs.db-wal

Filesize
48KB

MD5
7a08861deb7170fbb60c6a606b75bd40

SHA1
b2d6e20cf9a0ca9db429801532a085f2c8623c52

SHA256
fe219d3da96a9f317e3060cdfa0bd9bf5d6ca6ff89ffe651913174b69e0eefff

SHA512
8935092f2810cd4d71a6f7fbd96cdb1c25b4eda9a4182f9fb4fbeac8b77917ff0a11840b144e37333b101ca5a1dbbdb4859fee433d1ae663c29acb822c629ec3

Download Submit
/data/data/com.yxxinglin.xzid122977/databases/bugly_db_-journal

Filesize
512B

MD5
5fe77ee6f0757046e325a42fe84e430a

SHA1
141710e2f39ae8ba205d2032d38be923a79940e2

SHA256
9823ae59ce297348f696f2d35c7d3c2731ee5c4f23be59b0a0dfba08faacc5fd

SHA512
1d662807f037c3ac4ace43b63c47839551eb8c203aadc3f6e1362b9026a89c28564e2160a1231d6cd5efec66ef97d032811f10ef72f7c70a34a8b49807cd0c3f

Download Submit
/data/data/com.yxxinglin.xzid122977/databases/bugly_db_-wal

Filesize
164KB

MD5
f4d96b910590178fde5d5d5181879c9b

SHA1
75f3aef9866121a5d04ca60f811eb69758702bf9

SHA256
fe40a9206874d8eeaf07eaca778862026a42972882966b61e88135d901f02dcd

SHA512
3314137094040a1ba6ec381466551afa5d9ec1b053a8b11ac2e3e15aa0b66ccba3147b3a45d8dcd068c2b81796dc052dc44161d84303df8e211f7c40be7d42fd

Download Submit
/data/data/com.yxxinglin.xzid122977/databases/tencent_analysis.db-journal

Filesize
512B

MD5
accb0a2dab68a9134050f85ae1a1101a

SHA1
0e8a85ae06e5dfde133e28e9ac911d090545d181

SHA256
5ae8309a7db0827ade995bb66701deae3963243dcb80a8d610111bee139c4da8

SHA512
22a6f251c6e29441af92cbd7ddd1f0d251b079437e853a52dee45d32f413b16b2da7f7f6c9b38a511ac243bd2ca9c96151bd3538bafba14e03dad7405b294226

Download Submit
/data/data/com.yxxinglin.xzid122977/databases/tencent_analysis.db-wal

Filesize
76KB

MD5
43338c6f642eb813ca85302a1d118d24

SHA1
6d1ca83b7b6d771a4ef647692b365ec10df7d0d2

SHA256
fdc08e172d112c1ddb23a06fe6275f8f746974067068a420f0a34ba9c3bd4df1

SHA512
e4ee8024d5f93249a956d089160f083567a76470e864a567706a0326641ef618ad47b1670f4846e92b3c9e18b59aacad9ee3d3f8c11ee0002eefedcd43b127ee

Download Submit
/data/data/com.yxxinglin.xzid122977/files/cclogs/2024-06-02 175838.log

Filesize
409B

MD5
31f846eed306b77204aa23140dcfbe54

SHA1
9ac523d0259b35ca7205d58b3d9a116af4a364e1

SHA256
d39590191e3bcb04a8dbaba59b2d88e66b67df9492ea1647a03dbf98fbdfc976

SHA512
a58c0ed3cd7f28b42af1c36d859016baa5d0c55f8fa33f2e21c03379c91e87d47c9fd1e58ee8e7d6fbb191bafecc89266ad8155c58fe4ff178329d074c35cb61

Download Submit
/data/data/com.yxxinglin.xzid122977/files/com.tencent.open.config.json.101400326

Filesize
1KB

MD5
f526172de1566b34fdcea744710d9559

SHA1
000cb54d9a008a807a1c5a3fd2b2e7cb41e7939d

SHA256
8572be02b59f4d514000939ec04a9b4e2380c55265256b724a617d8d0f4c6940

SHA512
dc81f0fe345b18c96b1638c67b9ef4c5e60059dfc4a02f3c30a23645d4847abeef46cf467d044c42597115c48052ce0e8ea24328382114a544c5dfd039a95e7d

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
dc435e58dcc411ebc1117094c6277490

SHA1
710249851e639473d8ad6de0052b4bb6aa9a0826

SHA256
3a38c95ea92b40613b395c5216a4827e367a2567b633f1b7c6316caa3e8b89d2

SHA512
4a50250d8de6570f7089fd525246c90f509ac96a1e64a98be56f03e6eeadeba82eb0b6cd71af7fcf127bd644290074e9b28c95fb28e2afaf30435a39e8e03585

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
bb03e65d61bc07b3409f23964cb6169e

SHA1
51c6da9c212fb99d92b1dd7aac30c12f76b047aa

SHA256
dae2f91200c46e9c20e3b563e3923beddd33ba949e3d4194d164b0a5dfdaa954

SHA512
f35cf77996602daed58aebe6bababdd4ef2bd26f248737ddc50f0f6e11bf65e9ac50a852a6ff37ced7a09ebe26a59929a5e90b3730c6f56dd97487b756a0def1

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
381B

MD5
cc5209a71e5b077c992c9c467f03379c

SHA1
2f243c8ca35f866e03a62182e7abb858c4cf92aa

SHA256
e4f41ed85489c8029021e1f6671dc76e65f25c41359c3a1d81c6f724585badc5

SHA512
c95ce23e64400109a48d6694e32985217f7a2ed3d61e521ccec89af1517cd9742f03a03903ca469ab1e294635afb57f971cc4efaf98d4dc6a544d677abf0f38c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads