Analysis

  • max time kernel
    126s
  • max time network
    156s
  • platform
    android_x86
  • resource
    android-x86-arm-20240603-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240603-enlocale:en-usos:android-9-x86system
  • submitted
    05-06-2024 17:51

General

  • Target

    98d4edc8c4f13bc13689ba11c721c66d_JaffaCakes118.apk

  • Size

    10.9MB

  • MD5

    98d4edc8c4f13bc13689ba11c721c66d

  • SHA1

    767e02818b31b5025972c3f49632c01a66f4ddca

  • SHA256

    407c990ca67690cd5751c27687ff1d10a23e954e1b3ac9f82a07de61c303acad

  • SHA512

    ba286e587df27d9b96ef4614f819fa27470411ade34284cf490fc767b6cac5cc510807b7c6bf305d677785b7031edfb7c37ea89aaecbadc0d2b0c2748f1c5d87

  • SSDEEP

    196608:dds9O/xGXnb1C0ayoo5SFhZWlo0WuSYBMwoZV711kMe4lf0AT9CrTL1XZZLOt4f4:psfayoo5SFhSWeUZqFw0AT9CrTnHI9

Malware Config

Signatures

  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.yxxinglin.xzid510028
    1⤵
    • Queries information about active data network
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    PID:4269

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.yxxinglin.xzid510028/databases/RKStorage

    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/com.yxxinglin.xzid510028/databases/RKStorage-journal

    Filesize

    512B

    MD5

    a4e40d65a62898158523d0e0baf9230d

    SHA1

    f3d2a2e9543b1fa267daaaafafea4e4cb1658a4d

    SHA256

    46627628482dbf332441d8d51e62db60cb327e4851d176f232c6130dc6c6fc8e

    SHA512

    90e1ef19c5a00decd2efb098994a9933f7bc8c7303b3d482a2c8631a87cf146b1df0a6ae31dc4749e75327c02474042ed8f0adccebd39b0d77a3ad383d496ff9

  • /data/data/com.yxxinglin.xzid510028/databases/RKStorage-wal

    Filesize

    72KB

    MD5

    c4cff65963d42b843216b0a19b29a2f4

    SHA1

    636cdf9c697f98f04a7a323f176375acd77be9df

    SHA256

    98426dedf17f2f9fabe8258d1c501d207756ca07af1e69ef91a0ed396e2d95e3

    SHA512

    499b1093d2ea55d7c815ed38d939ea62de32eb9058e15057bb112db7d93bb80c63bca2e55b1b17724a7559bbbcd751fe86dcdf6b3fcbfb6a2f2c7890493aeaa8

  • /data/data/com.yxxinglin.xzid510028/databases/cc/cc.db

    Filesize

    36KB

    MD5

    5d7ea1a23af19b4340cc8d90f28297d5

    SHA1

    4cfe95b23a9e98378d69c4290af81b51fbe76aea

    SHA256

    474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

    SHA512

    33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

  • /data/data/com.yxxinglin.xzid510028/databases/cc/cc.db

    Filesize

    36KB

    MD5

    ce6135aa1b1fe4f2c2db2a546d2a5558

    SHA1

    79b59582154017aadab783dc266fcb158c252940

    SHA256

    7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

    SHA512

    2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

  • /data/data/com.yxxinglin.xzid510028/databases/cc/cc.db-journal

    Filesize

    512B

    MD5

    06a863e3b0ac937a2f0b2dc6b305a2dd

    SHA1

    62038e08851ed2675e653bcc4336e0ced5471e8a

    SHA256

    59cf51ba9cee800cb4ee359ec56fdb18e8e9c068ac6986beb52adf5d095ebe0e

    SHA512

    8fa0afd92e48395cb45ed003e9ca661e3064f5d6c5e44b54b558af2e8238a5a474be25c298b4633c2d797574fbc201c2a608af8c6bb766b9a4db2c37c0ed981e

  • /data/data/com.yxxinglin.xzid510028/databases/cc/cc.db-shm

    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.yxxinglin.xzid510028/databases/cc/cc.db-wal

    Filesize

    48KB

    MD5

    04f9142e8b5b3b623055b90fbcceb88c

    SHA1

    11aafcbd56fc0f6342c032a77d0ebb313d65c2f2

    SHA256

    fe8b5b1e1977f7fb0d71df712e74053c1ef540ee1dbad0aa41855dc8fa9de4c8

    SHA512

    b107ebffabd8c1ce7f27a9093a64e03f5db6f13aec592d89f04706614b3a5ae95c050ef842bd7e5849b3b48df481e6e56bb08c10925e43acf0ac54ceb42df5f8

  • /data/data/com.yxxinglin.xzid510028/databases/cc/cc.db-wal

    Filesize

    16KB

    MD5

    3fc0f3200c328117450844874f6450ae

    SHA1

    2d1f12270206c63b118afc9ccc02a403a79503f4

    SHA256

    de3d39dfddfdc195449a16b89b0795e2552e658ef8938e9cc8b4ed0a56c33f1b

    SHA512

    aa2b32e941c5bc5ad4b07839d74f92f423dcb7d9138bcf5870681f8e6e4073c6556a68de6070e78f4276a4a4b0f0287cc4c5e136cc6ec728ed0a1a9bb4db94b5

  • /data/data/com.yxxinglin.xzid510028/databases/ua.db

    Filesize

    32KB

    MD5

    c1e838a49e9f4fa5c1fe4a2299750bc6

    SHA1

    bfa4037ab463fe665c84026eccf3cfed8a9ba6c1

    SHA256

    4aa59098657f7d9f2764e7f8a2da1f2a828307c9061f5b95aad52e762bce7d87

    SHA512

    d77829cbc465631761d06c0acd2e3fb0b8d21387915e6ffed403fa2e40f6e7072fec39319c5b0da3ed64fcc042d444ffc05c70d778c375943214cf4ef4bf818c

  • /data/data/com.yxxinglin.xzid510028/databases/ua.db

    Filesize

    32KB

    MD5

    d604a3bf1f8d992cc320ea5b1f7609bd

    SHA1

    247f88df0b55c7d523ea5398637711a0e4a483a4

    SHA256

    329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17

    SHA512

    67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

  • /data/data/com.yxxinglin.xzid510028/databases/ua.db-journal

    Filesize

    512B

    MD5

    3474071ddb988c1ae3225708bc604689

    SHA1

    0b51652e20e524dd9ab02866ce7925d78fe7a6b9

    SHA256

    91c536fe2f8567c352ee43ea2f690d5ffe8043ffa8b6b797b9655d1324966d5f

    SHA512

    7cae5ca79fbf2fd9efd33f2d6106514c614e180e8aed947606f7ff7b88639f3b52ec99f040509608a640ab7ebc959912b65b1b6aedff0cb46ae79e4936496735

  • /data/data/com.yxxinglin.xzid510028/databases/ua.db-wal

    Filesize

    56KB

    MD5

    1449507bd72470a08055849152ea2e7f

    SHA1

    70741211dd484183c56ce0066e143aea517b77f5

    SHA256

    b1df789781a7dadf1b93d16b48d867319efaad4092c691123063d1b3d77d62d4

    SHA512

    b64be47ce33154a6e016d0d0bfa2273af47581e0e2acdba21d3b7577b99d5ca5e14dad26464229028c6257575a5cdf2a3229d57c81d96a6188692224e133dfe6

  • /data/data/com.yxxinglin.xzid510028/databases/ua.db-wal

    Filesize

    8KB

    MD5

    646191cebe2c0c06534dbbe5d1b5ef0d

    SHA1

    303dc1fc809eb94de5c1d7b647c2d8927006859b

    SHA256

    0f07b077299e27ab2b066a4dea77590c0181163af6df33d827b1ce7ce95260a5

    SHA512

    989c61f672bf658c528f0e289715e592dda14bf71cd4c9fc551094cae0d6d96e2d6bbc50aac0e50a21480bee3c0291af2cfe85425e2c1adc5a8ac2c99b44810e

  • /data/data/com.yxxinglin.xzid510028/files/.um/um_cache_1717610054366.env

    Filesize

    1KB

    MD5

    67b5a8d33bc2455f4e26897c7c35767c

    SHA1

    4f4450577bc3dc5187e86cbf94403f3b340b7ec5

    SHA256

    5b94766c805ef6616f1affa0e2f451f28e50652b7299659e154f8698a7b19a20

    SHA512

    a32e7e9bd28d096f0871f05d01e4eacf8dc51af496f452c204d221f4e0f7197f569bfacbf7165ef8a81b5c61c22ee268c6b939c8ec6b3a7c3df104faa1549e23

  • /data/data/com.yxxinglin.xzid510028/files/.umeng/exchangeIdentity.json

    Filesize

    162B

    MD5

    4f77858063db47e51f95372730167492

    SHA1

    fe7f63fb53bd40a593d463214882510732e9f089

    SHA256

    5219091277d52a7a2c06b642e6d772b3ed82667cd8f5825b931b308a1f11b08e

    SHA512

    3fb39608d95390ee41a8ab5a83f2b539a852ab808ec7bbcb9948059de9a831b166e577d178f199a22bc1e443755b487cac0f911210664dd9b9459d4768465fa1

  • /data/data/com.yxxinglin.xzid510028/files/exid.dat

    Filesize

    54B

    MD5

    8eca6f1cafc0b3b293d3d25476339bf8

    SHA1

    f0175a2a6c166ca6be7bfaf3a01e0073a28e765a

    SHA256

    cf0563c7683abbf91edcb5b3f5ed516c6c544d2f4e05534757730a157e802095

    SHA512

    76d0158b3d5861de62dd477f6421f0f60ae102752e43a45cbc26223d3d24a405db768562ed8c8c1fa661ef6634ab36763a961aec534c297dcfb8aa33f691c098

  • /data/data/com.yxxinglin.xzid510028/files/umeng_it.cache

    Filesize

    498B

    MD5

    91846ffb79fc1bc68214069e2697359a

    SHA1

    87ed98d8e83fc4183a4a294c5d37a6146dbe2bd2

    SHA256

    94071e04e082ca741355d127e3d12ad4794cb375fb0ccca24a842f1e9a04d540

    SHA512

    e04e566702bdf0d62c431ca139561d58f40b33d8ecef0a5e401400e9289e62f0c04f684f43dc569d7f1052fd384683fbb789e0fceab641a0f05c8a0eb11b3179

  • /data/data/com.yxxinglin.xzid510028/lib-main/dso_deps

    Filesize

    156B

    MD5

    acea292af58d77a1fcde2295c78315a9

    SHA1

    e9ef18b330317e41e69008da546ac6c5f0810729

    SHA256

    2d9bbcb32ebfe53b6e8ca91253cffa982d0708067f8fe7842645323a40a0ac2d

    SHA512

    cc3a677a72e719662774b8fcaae55aa9b12f21ea5fe01b227e288893a4a9a9e0cb7940df8eeec7a11ff6030361bc39ae019510484388acc2731635877c05d002

  • /data/data/com.yxxinglin.xzid510028/lib-main/dso_manifest

    Filesize

    5B

    MD5

    c06857e9ea338f3f3a24bb78f8fbdf6f

    SHA1

    c5a0a2529d2deb60fec041b4fbd722a2ebe31702

    SHA256

    957b88b12730e646e0f33d3618b77dfa579e8231e3c59c7104be7165611c8027

    SHA512

    29f61516876c25379a7bf4faa2b3ca6f6b53eac90e7de47671fec4a818d51441b4025cd7909f7c0a0d113ab6c5ff00cb3700c286bac7319185b77905feec4fb1

  • /data/data/com.yxxinglin.xzid510028/lib-main/dso_state

    Filesize

    1B

    MD5

    93b885adfe0da089cdf634904fd59f71

    SHA1

    5ba93c9db0cff93f52b521d7420e43f6eda2784f

    SHA256

    6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

    SHA512

    b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

  • /data/data/com.yxxinglin.xzid510028/lib-main/dso_state

    Filesize

    1B

    MD5

    55a54008ad1ba589aa210d2629c1df41

    SHA1

    bf8b4530d8d246dd74ac53a13471bba17941dff7

    SHA256

    4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

    SHA512

    7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

  • /storage/emulated/0/.DataStorage/ContextData.xml

    Filesize

    111B

    MD5

    acf925d2fd34b2928c9cef67ecede63a

    SHA1

    c5894b4ce1b9a37cbb89059e9c27d786386b3340

    SHA256

    f31c1349ae50a1a512b2a30c6eb71b1cc89e4e343993a33ef8612811be980878

    SHA512

    2402a603448b65057eeaf8ec3f750459a6dd3385b811e750348629d6320fb96c80549cc51549616e3dc45e7b4d2f683ca6264d1b9354ff20180aa5f852fdc67f

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

    Filesize

    65B

    MD5

    9781ca003f10f8d0c9c1945b63fdca7f

    SHA1

    4156cf5dc8d71dbab734d25e5e1598b37a5456f4

    SHA256

    3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

    SHA512

    25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

    Filesize

    111B

    MD5

    841b2eea73f54ed87e854fc1534d1eec

    SHA1

    29cd0c6069b064d748cfef8d3e73089476c9b7fc

    SHA256

    29e23adfec8e79c211fbcad9100b2aca2687901c27b3ace997ae649925884b33

    SHA512

    a22476371a702d816804f8836f6db2ea0f8a546429a30474462e55377a1563723985ab78e740f07bfefcf134469be2ea05a3734b6191639d05ee5e6fda3adfcb

  • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

    Filesize

    381B

    MD5

    578dda41370a7c58e2075487912863d0

    SHA1

    f0557b98459565a8634f1273b5c4c9f3f50dc1a8

    SHA256

    2038358690a384a0c270506725d59b99085c76f60f52567d6cde31b0e98b2aa6

    SHA512

    76b33127235cba32c3910eeedacc0a8fddb79e6c6ec6bba4a129217ff7a94510a19f3cc47d038e75f13a40c3f6b24ba1b827eaa836eac1e856489a214eef4e2e

  • /storage/emulated/0/JXCP/aff/com.yxxinglin.xzid510028

    Filesize

    8B

    MD5

    4fa7e26102afc285def55883c283d885

    SHA1

    ce1709a188ef1213291453f4751e3c5c5d048301

    SHA256

    ec600619d127b4524746c2668a7e5bf700042643d25951f1e6feb99bac4a4423

    SHA512

    c0191d0e19a0ececfb137fc102a7ce92b1f3b9d65c6e8e21f45cb9e9527b17b6a6e0bf68ef0216b69c3e0795556de29ffd7944d3dacf847b2b5f0e2813a5d3a2