204a5708a6d8218e4543a9013d213f7391497ff91d80c3f147ed58e23e2e07e0

Analysis

max time kernel
156s
max time network
186s
platform
android_x86
resource
android-x86-arm-20240603-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240603-enlocale:en-usos:android-9-x86system
submitted
05/06/2024, 06:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

975dde94bc120afd8e6d4ea4712ec5e5_JaffaCakes118.apk
Size

30.3MB
MD5

975dde94bc120afd8e6d4ea4712ec5e5
SHA1

f42ea03a66dab28f236d1720b1d9014498b489ba
SHA256

204a5708a6d8218e4543a9013d213f7391497ff91d80c3f147ed58e23e2e07e0
SHA512

8d8d9a80b2389f0d64fd86b45f39508a8808acae10cdde9141add17ed489267c0f36559a2e8684b249a9ae1bbc1b2f2f9ef0b49f97468f5c41ad539277947973
SSDEEP

786432:fcqW1zIC7XCaM/Lk1cUZPx/sESx+VgrzIgOPQvOXTO:i10C7XCROcOPx/sLcVgHIgSq

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 4 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/bin/su	com.yxxinglin.xzid80501
/system/xbin/su	com.yxxinglin.xzid80501
/system/app/Superuser.apk	com.yxxinglin.xzid80501
/sbin/su	/system/bin/sh -c type su

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yxxinglin.xzid80501
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yxxinglin.xzid80501:channel

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yxxinglin.xzid80501
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yxxinglin.xzid80501:channel

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.yxxinglin.xzid80501

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.yxxinglin.xzid80501
Framework service call	android.app.IActivityManager.registerReceiver	com.yxxinglin.xzid80501:channel

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.yxxinglin.xzid80501:channel

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.yxxinglin.xzid80501

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.yxxinglin.xzid80501

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.yxxinglin.xzid80501

com.yxxinglin.xzid80501
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4279
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
  2⤵
  PID:4385
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
  2⤵
  PID:4404
- /system/bin/sh -c getprop
  2⤵
  PID:4455
- getprop
  2⤵
  PID:4455
- /system/bin/sh -c type su
  2⤵
  - Checks if the Android device is rooted.
  PID:4482

com.yxxinglin.xzid80501:channel
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
PID:4526

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yxxinglin.xzid80501/app_crashrecord/1004

Filesize
241B

MD5
e4ccbce2480e6586992ae927600d3677

SHA1
a8519a823066a3e5251a57270c27af5c66e77640

SHA256
c3393a085002292fa12897481401839915df0fe8bd3b01938315b9d9349c3d7c

SHA512
894cbe7ece33a973443a5924225fb2b0a8506798731bc432d07f06d732dfccf4c1e96d703c17ebf2e551e2479b6e37e300e49b65008a7f0203964551a5155b04

Download Submit
/data/data/com.yxxinglin.xzid80501/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.yxxinglin.xzid80501/databases/MessageStore.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.yxxinglin.xzid80501/databases/MessageStore.db-journal

Filesize
512B

MD5
6f140a11263a0689a5fb5f9a2445e505

SHA1
d6ea0f7afcbbe7a39e46aa4f2a3423eb7d43698f

SHA256
647572e6e232bbe21a3a84a94d58f14cbda03e0d48c262e80d4c5f315d6e4623

SHA512
9fd446daf39079b6d97ccc453d80f80dbf359d5f9af5f76503d4dfebfb062818b88f4707c0ee664b1d45c4d03d3d2425c1d143ac366d72e2a37176dc3a1bbbc0

Download Submit
/data/data/com.yxxinglin.xzid80501/databases/MessageStore.db-shm

Filesize
32KB

MD5
fefe4c5ab927138a922c9c9af27443df

SHA1
19d963b7446630661be85bd6f1bde4943161d911

SHA256
3477cbd7880918be3225543e2d24dce8f0bdb4a4a81d7d159afde677d334ccde

SHA512
2fc617f469068cd09efde5ad372b3ca281c274ff4e9d336df6f83ea37be527848a66cf4723f3fca4bf39b6ca3bc281e81573a7a41220e2d73017fb2e8f4c0888

Download Submit
/data/data/com.yxxinglin.xzid80501/databases/MessageStore.db-wal

Filesize
48KB

MD5
dc81e049328fb8f5c7d9c4ec74c9f7d5

SHA1
9077db04e0ac1fd6cc628403e246ebfae9921e77

SHA256
20966d9381dc514e30e90b039a8bccf2964c15ed231293a268d145b9cafe0ae7

SHA512
4a557b2cd9f66d63cd8d55a0817a4218ad54fcee8a17224bfe7cb6fe3c67d0c12cb04a8c2ec78393184035fe2cce1f7548d920e04a43fa1624583ce7314786e1

Download Submit
/data/data/com.yxxinglin.xzid80501/databases/MsgLogStore.db

Filesize
4KB

MD5
4b0faf0617fe1f03e0e169632f9d692c

SHA1
e976f05cfed792d36981a7f7b08d05b9cf64fde1

SHA256
fb355d09d817c48022e3a31be4739d2c53007a13beee268ab557348387cdbf8e

SHA512
81f311c5886b563ed157070c113f3800bbdb1c5e2dde0d491984da97483db7dfeb3d544b1f1badc3d512d8f63d5f46f81ccbd17626fa0788ce99e382c11d5d3a

Download Submit
/data/data/com.yxxinglin.xzid80501/databases/MsgLogStore.db-journal

Filesize
512B

MD5
cd73e9180b2db01c5589017946a2dab4

SHA1
33a4dc64d0f4725785adae364a8d5db8dbe1b43a

SHA256
dd48c86c758789005b345c46e51c6bf72114708fc0ba5bc33a1f8959558302ce

SHA512
b0e982d3916952f68116c82e59c77ef710fb4246b911d016483a20c988f9f1704a05eb0613408884e2e42dad082e60e97b818fc27e2c5fdd9a935cd9108f8076

Download Submit
/data/data/com.yxxinglin.xzid80501/databases/MsgLogStore.db-shm

Filesize
32KB

MD5
c332856465dda13c9f15e1f833143176

SHA1
8bb85495dcc137f3042c6f3a26578419e1644e9a

SHA256
37f9c657bf65ea4cab81f4716d504d186ab8a6df2d20a983a98563960f7dc36b

SHA512
1b5889d711a112ea769579184db899ff470d07de89b46d6f77737faa769302921d92ce08bd57251b9a65b202e0554aca9890ad33d85432575117c1aeba16bbd3

Download Submit
/data/data/com.yxxinglin.xzid80501/databases/MsgLogStore.db-wal

Filesize
68KB

MD5
2dfc1abc6b508ae1efdf073f91816516

SHA1
6f93c87f59fbbe4a8e534e47037a0ae6a3d570b9

SHA256
c952790a93078134bfbcd7db086777c9066cd6fd81d31c18709a55a28d4ffd98

SHA512
7fa9768fcf5310263f5956e7063bc7ee843796932c94a9c53c38508a4d96ec32d4dc2d15d236d9884a364c04ff7a0ba9efa2015df191c6e3702ec60733c9af8f

Download Submit
/data/data/com.yxxinglin.xzid80501/databases/accs.db

Filesize
36KB

MD5
486e2bac2b3e9e1cb411d2838a4854bd

SHA1
81dd0a7537f4af319b830ae834908986be85da8b

SHA256
5644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57

SHA512
c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681

Download Submit
/data/data/com.yxxinglin.xzid80501/databases/accs.db-journal

Filesize
512B

MD5
fdc03a32446a82bdb2c9926761d73729

SHA1
dd88e6c10631729829627e736c9bedfcc40321ec

SHA256
ddf5dee5beb934a4fa2d0a5beb7f5a2f9596e633720f409ae53cad07737b3871

SHA512
03f18796b380dab65f005944ee2b0f6fbd458f302bfbe68266c42323d0038334ff9a39ea68d9e4271ad74247d938c585e73e982d76c3926e42cc93f8542837d5

Download Submit
/data/data/com.yxxinglin.xzid80501/databases/accs.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.yxxinglin.xzid80501/databases/accs.db-wal

Filesize
48KB

MD5
06a9e28a339866d39fba47316094390d

SHA1
4912e863acd6049a375e0da2818d0fc0962b5f0a

SHA256
04f4b90cee5b7f4ec2d112479c43e8ce4a35f96fcefbc3ad750cda10afc70b3b

SHA512
ee4a7d5c55262bd7c2d429494965b5f4ef351c6d750040c884da7d4970fd3e65b5c808db6d8f05be754e103c1d57ae325bb4b54d725ee6bb6b428032ee809a94

Download Submit
/data/data/com.yxxinglin.xzid80501/databases/bugly_db_-journal

Filesize
512B

MD5
9f927764e1737e48491a13f469e6907d

SHA1
8572bb7974a4495bc6412997cc5ef35fad2d66e1

SHA256
e549e535a4e634b96f61f8aa32ca54ac0a882525a85864a2ca0e51f72a285aa3

SHA512
4a3a4e5d4b78195b6850f35d74da97472e83d287f498f7139d052b6110bc135fd2eb141b85f57577b1ab30680606652dd11e51fcecbe3ada85d48c96a7a6bdc9

Download Submit
/data/data/com.yxxinglin.xzid80501/databases/bugly_db_-wal

Filesize
72KB

MD5
17443d410c6d93d75809b5b7347e9e26

SHA1
a93bf75ea179081b64e67d7af135c8090590fcbc

SHA256
2ae75a708ecbab1d30e50cddc7b25affac90a1f8b0dbde0bee64886778308059

SHA512
271e67b1e296646b42673aa87c88565dd8cf906217866d34b200d951fd4e4196a644a0c46a2198232ce1cd857b50861fdd82b45d4c28ecf6c5f3743c140cb136

Download Submit
/data/data/com.yxxinglin.xzid80501/databases/tencent_analysis.db-journal

Filesize
512B

MD5
d50727a16180f973ce72de84cabe3f21

SHA1
a13034244826bd38638583cf945cffbb898608c6

SHA256
0d4498b9c8665413b47175da2a49e4f9b8e0b2fc68b4ff21f97816833e40b12b

SHA512
34bae81e81a11247c6d83260d9bdb5a8e2dc54dcebfc4ff11c2f8a13e255b741b244540028c0be175465ed238eb528e150defc185b867b2828665aa06273c46c

Download Submit
/data/data/com.yxxinglin.xzid80501/databases/tencent_analysis.db-wal

Filesize
76KB

MD5
04a0a353f3e161ff841125afa1441321

SHA1
f28c7840f24ff5dcb301f17a2d937535fde629c9

SHA256
01be7c8eca2eef05ee50faac855a559e492cd252aa67c1ae9564de6cc336f2a4

SHA512
95e8b43088b875736d495defd67b684afe4bd079c240fe0aeb7cd7a9f254428f589422b3e593fddd8f2b142e0a4d6652e8c05da822546e71c19e88689f558962

Download Submit
/data/data/com.yxxinglin.xzid80501/files/cclogs/2024-06-05 063419.log

Filesize
1KB

MD5
bb37d700eef8cc68032691c635cd5286

SHA1
177a9e1f3fbc1f76aec70a3c76b9ae653b38b32c

SHA256
42d227b0cf8c1b3fa816cfef09d18033f107378c1b99ad2074943ccfe3fae564

SHA512
6584f3841d35b1801592c43fdb9c7ed2f8b4398ce4e25bf412c0c945648fab8eaf9d4a6e86aab205183ac8e99e703d6978af8bd2f9f4734b142aca89da919e90

Download Submit
/data/data/com.yxxinglin.xzid80501/files/com.tencent.open.config.json.101400326

Filesize
1KB

MD5
f526172de1566b34fdcea744710d9559

SHA1
000cb54d9a008a807a1c5a3fd2b2e7cb41e7939d

SHA256
8572be02b59f4d514000939ec04a9b4e2380c55265256b724a617d8d0f4c6940

SHA512
dc81f0fe345b18c96b1638c67b9ef4c5e60059dfc4a02f3c30a23645d4847abeef46cf467d044c42597115c48052ce0e8ea24328382114a544c5dfd039a95e7d

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
184bc2dfd3b60fd3471f3502cc45c46a

SHA1
ef6161df56beb732099b2cab06dff6472d59f9ed

SHA256
c2d3847ef0d1b68538d6beed248373a010e294e644685aa9b94873cfaaf08c01

SHA512
5d264edef5dd0002f36dd15789e2c2f39518fc9745bf22a47e2e47431718bfc654b24a0804655eabe161c6175efca73a4dc988d1cfb91b6277a7d4514c576b1a

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
a89191ca132d71f42ccc2021e79dffcf

SHA1
96b4d64af918abfdf3625426a26704be5c47839a

SHA256
9be7b64749cf10ee4fb702e023bc352bfe06e22daa83d8b2abc674d0584dceb9

SHA512
924c046afcc09d4f75b02edd4bed73c02b6e624c7716d982fcc7b3f888257332665ac583825df3c85a2cf7595c429923140d5866e2b7a9329210b5f0155f0638

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
381B

MD5
2a82e8149e759ae0a45e8f21117dbd9c

SHA1
a3c635b1f03376bbf1e18243d8287fe7c568a412

SHA256
8ca860d7bed5fe1eb543de8520d45e04327ccd41d7102fab034f6e2ac33567a8

SHA512
47169f469a95c810060b979e6507bbc33c5e6c4be4f90bdb2151ca26e93c19e9e096c1c265972add7f282e6b02b1783de4aefd463b974ea95225f9b98bf8074c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads