Analysis
-
max time kernel
172s -
max time network
186s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
13-06-2024 07:53
Static task
static1
Behavioral task
behavioral1
Sample
a4827e3572a24be2d42215ba1c7aca28_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
General
-
Target
a4827e3572a24be2d42215ba1c7aca28_JaffaCakes118.apk
-
Size
30.2MB
-
MD5
a4827e3572a24be2d42215ba1c7aca28
-
SHA1
daf92a8e2b6504b9dba592ada17324beb7236ebf
-
SHA256
37523835b8275921cc8da9a2f3654ba0635fe2c40854fe349b65acf2c61733df
-
SHA512
5dbf17733120389ab00d3a19c38f68d8026d93b715a3c70ae2062f20d3acfc04af5cca897fbdc86dcbca2d9cde160adfaef5f362e07879ae76998678a1022803
-
SSDEEP
786432:FQaE1zIC7TCuMQkO9WTZPessEouauTstJouAQTpWQi:m10C7TCdKWlPesspNuTAJoQQ
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 4 IoCs
Processes:
com.yxxinglin.xzid403062/system/bin/sh -c type suioc process /system/bin/su com.yxxinglin.xzid403062 /system/xbin/su com.yxxinglin.xzid403062 /system/app/Superuser.apk com.yxxinglin.xzid403062 /sbin/su /system/bin/sh -c type su -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.yxxinglin.xzid403062com.yxxinglin.xzid403062:channeldescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.yxxinglin.xzid403062 Framework service call android.app.IActivityManager.getRunningAppProcesses com.yxxinglin.xzid403062:channel -
Queries information about active data network 1 TTPs 2 IoCs
Processes:
com.yxxinglin.xzid403062com.yxxinglin.xzid403062:channeldescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.yxxinglin.xzid403062 Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.yxxinglin.xzid403062:channel -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.yxxinglin.xzid403062description ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.yxxinglin.xzid403062 -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
Processes:
com.yxxinglin.xzid403062com.yxxinglin.xzid403062:channeldescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.yxxinglin.xzid403062 Framework service call android.app.IActivityManager.registerReceiver com.yxxinglin.xzid403062:channel -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
com.yxxinglin.xzid403062:channeldescription ioc process Framework service call android.app.job.IJobScheduler.schedule com.yxxinglin.xzid403062:channel -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.yxxinglin.xzid403062description ioc process Framework API call javax.crypto.Cipher.doFinal com.yxxinglin.xzid403062 -
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.yxxinglin.xzid4030621⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
-
/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq2⤵
-
/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq2⤵
-
/system/bin/sh -c getprop2⤵
-
getprop2⤵
-
/system/bin/sh -c type su2⤵
- Checks if the Android device is rooted.
-
com.yxxinglin.xzid403062:channel1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.yxxinglin.xzid403062/app_crashrecord/1004Filesize
242B
MD566331718dddb57a6d0473c1892873b81
SHA162c149bb9901c43df8f693f0c6354d4c0475503f
SHA256f1a86c6b74172839f5d12391dfb0dfb90fd79c100cd61b3d7c5b28b9ea9c7b08
SHA51210a4b78c9f7e7274e13dc7704b0ed879ba5cecc451380039b0ce4213ea8080d9d142b3037427bb9f20eff1ef0e27c42fd9200785ec7e9473566c098a04bca96a
-
/data/data/com.yxxinglin.xzid403062/app_crashrecord/1004Filesize
58B
MD50d210bfb2a0e1f1b4c082a6a0f79de07
SHA1bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1
-
/data/data/com.yxxinglin.xzid403062/databases/MessageStore.dbFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.yxxinglin.xzid403062/databases/MessageStore.db-journalFilesize
512B
MD5ce962cd679dc8ed6ec5603460b024b2e
SHA11f9204593e1ad812177d5525499fbf592a7e8865
SHA256c71244b16a33b06a0c7aa50e563a40cfbf14168d81b360c95473ee3f1c0c0342
SHA5125643453457048b95858d3a2d318234ccd72051ce8952b0c757ca6e39c8380621dab09deece7868f32da61c17bb3db791e906dab3343e731ab1c8cb141f54f2b8
-
/data/data/com.yxxinglin.xzid403062/databases/MessageStore.db-shmFilesize
32KB
MD58305101a58a9bd103fe2bfa6f38200ae
SHA19f3b536935f37bce9214896dd659b00e2b869c3f
SHA256102bfb76aac9a4e68c26bcbcf97f8498bc06987e5b68f5d7e8855579eae58a62
SHA512642f6d42e4477aed9ad0c0e8aac6b38900abc84a5f05f8f5b36041b32c96331055c66961c2d34514acdb611bde54931b3432e8390f010d57d034193ac8e912ee
-
/data/data/com.yxxinglin.xzid403062/databases/MessageStore.db-walFilesize
48KB
MD5907fcc9e9f57495ec5b6b118e1111c94
SHA1dcdb8f845b93eb6f1a86d9e9541427b5eb92a4e6
SHA25649efac3d3d3505b82e394a9a1043f05807a3736f4773f1f53b9c9f6dd2688671
SHA512903e67617688ef6e8c550d9683228a5571ac3d1513b75d0ee082d409dbcf121b24b600a052c75ab08855b9069a2bc1942d3ebbc8042a346c915f775367c228f1
-
/data/data/com.yxxinglin.xzid403062/databases/MsgLogStore.dbFilesize
4KB
MD5f56ee37cadc0560430d6e64a1a2c20ff
SHA1daef90940e345324df49a44818b6c9f1dc71b674
SHA256a2139d75407054af2423e81d7ffa63edf8fae44e41902535d454207bd026b9c9
SHA512aad81bbb8294f59ebf0b63901c3eb362a604ec5286d47c706eac83b0f2fb16c4077062545b3b493ee47c09f2dbe0d73df2edc2b199e9189ba40c66b656b18f6d
-
/data/data/com.yxxinglin.xzid403062/databases/MsgLogStore.db-journalFilesize
512B
MD51bdd502beafd2b81a6b658fda0582492
SHA1f54712e566d7d9bc6053e1a77aeb91447127fc4b
SHA2569bbe15711ce4e3beb1efc9ec7241291e13b13b05dba93085a6b360e5530c058a
SHA512ee8b0bde15cd9ca66075cad5c31f705be8ed2586c6c59f60c3a83f87df799068b3f58187451ed593c73d13e63bb5e0a28228878ebd3ef41a213ffd9bbd80995c
-
/data/data/com.yxxinglin.xzid403062/databases/MsgLogStore.db-shmFilesize
32KB
MD5c563a9d422e1ae39774d06c5a563446a
SHA1cbef4249e8728590900f5837923fc8408fd4b3a5
SHA2568fc82cf9055eb325bd57cf3a95217202e3154554bbe4fb905e1c631801388e21
SHA5128e6a5f3d31d7c554c85e657f226811529a078a50bc8cecd77a55d649eaa7c461cf86468bee1cbec7ac4ed797f6294494ae49934f9b9a3660ab7e620490c571d0
-
/data/data/com.yxxinglin.xzid403062/databases/MsgLogStore.db-walFilesize
68KB
MD526073325a678f799c145eff99ce984e8
SHA11a77c40abebeb73ee7b951f4ec18885233e3e35b
SHA256a5bd18fea2d93e02ca2dad85bac85785dfdf1a7559c907eb5b08e7adfd790110
SHA5129f242f5d24cca3ba13786e78ff2aa536608c445824659fc12c9bf5bf62ca171855dae6bb7867f6b1ca891a0a63c8e82b17c2d883b860f5358d130843e8a2c180
-
/data/data/com.yxxinglin.xzid403062/databases/accs.dbFilesize
36KB
MD5486e2bac2b3e9e1cb411d2838a4854bd
SHA181dd0a7537f4af319b830ae834908986be85da8b
SHA2565644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57
SHA512c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681
-
/data/data/com.yxxinglin.xzid403062/databases/accs.db-journalFilesize
512B
MD5771e1a02a1be8afd7fcc8bebe405fcb6
SHA1f3bfdf99e427cb7dcd41103390a94a98eae1a2a8
SHA2562225032b25b570c32454e2693c4c154ac6ecf5a5d8a5c13ed4f5f8ab19cc5853
SHA51275513bb5af34b559d582cb093135792b86b508e675d7704175e85aa324f24384e2dc4021a92e1087dc15fe17426b22da37391193625147d205faa467582ac387
-
/data/data/com.yxxinglin.xzid403062/databases/accs.db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.yxxinglin.xzid403062/databases/accs.db-walFilesize
48KB
MD57a77509d2a8aa38c4b5f297e179ceb06
SHA17b78a7489546e3827089c0a8e05deeed51707c33
SHA256cb99aa76a44fc0724cf914e592598eaf49d1f9a0d3842f067bb34587d0825575
SHA5120a1098e237053ab1417b9c2b1c7151918ae8c7eab177228830a7ae91961baaef6b4fd3d1a75d6c91eb0495ad7aff015e76b9da09cee59acc7e9ce150f7af5226
-
/data/data/com.yxxinglin.xzid403062/databases/bugly_db_-journalFilesize
512B
MD5584846a4b78dfe9891c49dd590d7f107
SHA17122aac4a5a856974bc78b6cd4b90c0ac8d0c11f
SHA256a9d5a76cbcfffb428bd0124eb8445971abf32bb4b4068cda166e8bcf242a4aec
SHA51269775440d88e9a21462737c5dfb78b19cce3d8b7b5c2a57d5aeeb0b5a5d67fae8f34d2598d51adb7ec887d97ec7aea30bbdb2335438ce871128d54400a668df2
-
/data/data/com.yxxinglin.xzid403062/databases/bugly_db_-walFilesize
72KB
MD56f54387b09055541482553944a1d0eef
SHA176d64c94b6a052540176d7e1d71eebef80cf5253
SHA25606ff8c0d25bf9dae762a898d76db5037a2d0fd104d5b055f413a78006a599c86
SHA5126983670fbcec26f6a1695c0d134e7ee203ce4707c2120114ca83adaf264101021967ad048ceb2ac909ff8d46a82176c9d15b1dc647bca4f8dc3f62eaacacb5c6
-
/data/data/com.yxxinglin.xzid403062/databases/tencent_analysis.db-journalFilesize
512B
MD538cb8ead5cf2054b51be1bdc725ceef2
SHA1f81cb9b3469d7b4c8081049a4af5de07e98dd8c2
SHA2568a2436dc4b7e4e5791bf77748ede6a586a4401dd38e42858e07090317f57ea3b
SHA51257a38f78b68f15c88bfcf778c90ee7090fde6c2d3d3983b608fe2f0930d10f09f68286dadc5477fdc3708c4930365ac60e57cec8e3b904c04a90b8a6b0d449fa
-
/data/data/com.yxxinglin.xzid403062/databases/tencent_analysis.db-walFilesize
76KB
MD5fe0d5d8dcbb90559ab9ad0416d7cc99b
SHA1b57f4ed473f95318e087698ff2cd6e8a52faa1b9
SHA2568f830bea3d01e717f4dc9eece821d6f9f6fcd3ccd927103298af94aab85e3381
SHA51263fc422b54246bef75ffe6b48e9ee386e9ad88f01139f8791dc06f0f8c45c53999d49da18ab5e7ef60d267e1b2321dc249b67092482136e7baf2407313a6ebb1
-
/data/data/com.yxxinglin.xzid403062/files/cclogs/2024-06-13 075359.logFilesize
1KB
MD5ed8a16148107f3d03adb90bf6bab5c5c
SHA1ee4ce0231af93367da4f827ab103b731a8f1a9ec
SHA256239905f807b941d64f83f4142296a3e1d4a3c45a30cf5dfb63a1d545c96c66d8
SHA5128e48f62d9d3ae51a75860a690593dea361597d9fe2004770f5a7a8de2e95ab71e666447ed67f634fc57c59e0dde08e2f9aad8993ad5d0b32f5128bf662aea030
-
/data/data/com.yxxinglin.xzid403062/files/com.tencent.open.config.json.101400326Filesize
1KB
MD5f526172de1566b34fdcea744710d9559
SHA1000cb54d9a008a807a1c5a3fd2b2e7cb41e7939d
SHA2568572be02b59f4d514000939ec04a9b4e2380c55265256b724a617d8d0f4c6940
SHA512dc81f0fe345b18c96b1638c67b9ef4c5e60059dfc4a02f3c30a23645d4847abeef46cf467d044c42597115c48052ce0e8ea24328382114a544c5dfd039a95e7d
-
/storage/emulated/0/.DataStorage/ContextData.xmlFilesize
111B
MD50f019e74cd3b724f62a654ef23113659
SHA1ea096cf8b7bf1d41d27e64ab03c4f405cf0cb647
SHA256c8ae90bd0483a57012f18e5ba16a899ff529aeac59e330367e2b93cffd0b32ca
SHA512d116f6a8a81c138b6f32633f5ba114fdbbd05528514002fcfd9d9764880efec982ab849918ba6cde4585932ef57368e8064c28a182813d42b998118a9dde1eb6
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
65B
MD59781ca003f10f8d0c9c1945b63fdca7f
SHA14156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA2563325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA51225a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
111B
MD5b8aaa91b6b352b16457e094c6696c063
SHA11464a4a385ac7bb246a208a4ba35c776bc912348
SHA2568f639acd896bb0024ad1a4a425c83da5eedd9f3ef19980121d2d7569b70e2b1c
SHA512d7cef82d26264b0e1ae3a0fbe593e8336a851c9b79ce415b23bbd22511935364ae88ec0647c850604180ff6f72b1dcf569be4b888e18f70af72549165e1ae25e
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
381B
MD5b13ee8be10af5f7fa172a81ba2859b3e
SHA17a19c46376a2cd89b30a5318214b19890e8b71c4
SHA2561f69a53c11a5cabeb6af48a18ad4da96edc1ee75b6dff732285cc6759ddd531e
SHA5121d8e1cedb9ea3bf3e2de553f75fd81376087c2d134941c212aed7cecae659a81be1e8e5a0a543a70002c1e5ad186fbe510acce985e733981314774791fbd62bf