Analysis
-
max time kernel
179s -
max time network
189s -
platform
android_x86 -
resource
android-x86-arm-20240603-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240603-enlocale:en-usos:android-9-x86system -
submitted
05-06-2024 07:32
Static task
static1
Behavioral task
behavioral1
Sample
977ba1a844d36c328bc9e71c8f3a0cb7_JaffaCakes118.apk
Resource
android-x86-arm-20240603-en
Behavioral task
behavioral2
Sample
977ba1a844d36c328bc9e71c8f3a0cb7_JaffaCakes118.apk
Resource
android-33-x64-arm64-20240603-en
General
-
Target
977ba1a844d36c328bc9e71c8f3a0cb7_JaffaCakes118.apk
-
Size
15.5MB
-
MD5
977ba1a844d36c328bc9e71c8f3a0cb7
-
SHA1
1e2de120de9bad740b5d6cfb347e8edf494045e6
-
SHA256
b9b5551db376a25c6d5831aa29415da1d5af915d7085b9f70fc629909242b9db
-
SHA512
957509225b09a1ed285cca2b4b825371d2c679680e0a5c17f214f2321b1b689e9f83a7bf96f70eb0e97713b3a94c4c1d05e73ba9fbe4bc0e5e5eb14971d31bd8
-
SSDEEP
393216:YeUrFw0Tkmvh03sMdHMfYppickkSLg/izIYu:YeqPgmvS3scsUHBygu9u
Malware Config
Signatures
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.yxxinglin.xzid8996:pushcore Framework service call android.app.IActivityManager.getRunningAppProcesses com.yxxinglin.xzid8996 -
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.yxxinglin.xzid8996 -
Queries information about active data network 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.yxxinglin.xzid8996:pushcore Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.yxxinglin.xzid8996 -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.yxxinglin.xzid8996 -
Reads information about phone network operator. 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
description ioc Process Framework API call android.hardware.SensorManager.registerListener com.yxxinglin.xzid8996 -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.yxxinglin.xzid8996 Framework service call android.app.IActivityManager.registerReceiver com.yxxinglin.xzid8996:pushcore -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.yxxinglin.xzid8996:pushcore -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.yxxinglin.xzid8996
Processes
-
com.yxxinglin.xzid89961⤵
- Queries information about running processes on the device
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
PID:4215 -
ls /sys/class/thermal2⤵PID:4296
-
-
com.yxxinglin.xzid8996:pushcore1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4244
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Execution Guardrails
1Geofencing
1Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
58B
MD50d210bfb2a0e1f1b4c082a6a0f79de07
SHA1bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5a74cdfb6257ea3c7af5ffe6aaf6cec5e
SHA1190924bf84384da17f5b0fe754c5f521d1256ef3
SHA256938cd1c1dbffb46ac878842f2f88042ada0366dd5cf2c3eac863321fbbd94710
SHA512d12582f8870252e19c004a4217f76dd42d0e7701ffca3a33172660275c12fe6fafd4f22801a3f2c248bcaf84185252ccd860ad0fbe8886a25f8c9409f4a163bc
-
Filesize
32KB
MD5044ed5b7dea1a9a18b765e35a02c236f
SHA13587ddfa8417d9ccf263d0c56c2dd91edd001f91
SHA256f2714e208f907ee29337d6fb4b5896a50dec470bb35bbc3df63f74ea03021a47
SHA51225714bdfda5d16dd5c171da5bf2fd138160d7368aeb43c6d8006f3368fe628ffd3accbe295b06724063101598c716861b396e068c891471ff234543f34ac766c
-
Filesize
64KB
MD5c8aa708cca1cdbfa7726ad21ecdc7de9
SHA15c21b296b9fdd677712df0f592d17a82883287fb
SHA2564bac00042ffe499370620cb1cdb984a1f3f09e0434783d385950825a811869f9
SHA512bc0c21e2d57571b678c28897acfdf647b479d490b7761780d276dbd55fb42eb9ded97cf7c24e4e54ce16e66194669cdbecf76452abb967a84cb405e6b62b93fa
-
/data/data/com.yxxinglin.xzid8996/files/jpush_stat_history_pushcore/normal/nowrap/a1f2ab35-7b26-45e0-af67-31a5337c01c3
Filesize202B
MD568a714383f11e8350cf2e5430a15cd2c
SHA183aab0fedb98e595116a77e03e417e80d861d2b3
SHA2565309a5157d5f355964b5b4585c1e50b461df7538f391a29d8174f808f3134777
SHA512d07bb406af479783f954e74848d3463a188ef5aea4f1bfcecea2e0218ef711f3e41e5c54825d50fdea080bf6c99ad2a006aabe21561132d004d6da2979107643
-
Filesize
238B
MD52430eceb2943542658a8410edcb145c3
SHA16c723f9a98e773c6dea626464bfd4901897ba7a5
SHA256cd56d0a0f37a8244b6bb21c5d7049133f67a9abda32f9f1dfd58a50872921d95
SHA512a7f3e12d2a4b2160041532167907f556a2776473edf5302ebeb46bf10bf00aa718d4bfb577d2c563ceb20bbd46970d580a4a42422ff28ebea08a329cf4372af7
-
Filesize
5B
MD5c06857e9ea338f3f3a24bb78f8fbdf6f
SHA1c5a0a2529d2deb60fec041b4fbd722a2ebe31702
SHA256957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027
SHA51229f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1
-
Filesize
9B
MD58b47abc8b3a7f0f4ca2024b96ba6f36a
SHA1c47a7ab010b6858de0f49c4c8c1dc0b0ada92f9c
SHA256e751c30de7afa746e90b92dd491d80c327cd67ad1ab4f3cbcb562e52715d48a8
SHA5125c280798149ea1fd795aaebe65de733626e5dd1b48389e970e61c7377832e7d4675603a2e472c0c016bed07cb619f8d49f8d9a31a5a4b36ebf4851c2f2e3cbef
-
Filesize
1B
MD555a54008ad1ba589aa210d2629c1df41
SHA1bf8b4530d8d246dd74ac53a13471bba17941dff7
SHA2564bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a
SHA5127b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339