37523835b8275921cc8da9a2f3654ba0635fe2c40854fe349b65acf2c61733df

Analysis

max time kernel
172s
max time network
186s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
13-06-2024 07:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a4827e3572a24be2d42215ba1c7aca28_JaffaCakes118.apk
Size

30.2MB
MD5

a4827e3572a24be2d42215ba1c7aca28
SHA1

daf92a8e2b6504b9dba592ada17324beb7236ebf
SHA256

37523835b8275921cc8da9a2f3654ba0635fe2c40854fe349b65acf2c61733df
SHA512

5dbf17733120389ab00d3a19c38f68d8026d93b715a3c70ae2062f20d3acfc04af5cca897fbdc86dcbca2d9cde160adfaef5f362e07879ae76998678a1022803
SSDEEP

786432:FQaE1zIC7TCuMQkO9WTZPessEouauTstJouAQTpWQi:m10C7TCdKWlPesspNuTAJoQQ

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 4 IoCs

evasion

T1426

Processes:

com.yxxinglin.xzid403062/system/bin/sh -c type su

ioc	process
/system/bin/su	com.yxxinglin.xzid403062
/system/xbin/su	com.yxxinglin.xzid403062
/system/app/Superuser.apk	com.yxxinglin.xzid403062
/sbin/su	/system/bin/sh -c type su

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

com.yxxinglin.xzid403062com.yxxinglin.xzid403062:channel

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yxxinglin.xzid403062
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yxxinglin.xzid403062:channel

Queries information about active data network 1 TTPs 2 IoCs

discovery

T1421

Processes:

com.yxxinglin.xzid403062com.yxxinglin.xzid403062:channel

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yxxinglin.xzid403062
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yxxinglin.xzid403062:channel

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.yxxinglin.xzid403062

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.yxxinglin.xzid403062
Reads information about phone network operator. 1 TTPs
discovery

T1422

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.yxxinglin.xzid403062

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

T1624.001

Processes:

com.yxxinglin.xzid403062com.yxxinglin.xzid403062:channel

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.yxxinglin.xzid403062
Framework service call	android.app.IActivityManager.registerReceiver	com.yxxinglin.xzid403062:channel

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

T1603

Processes:

com.yxxinglin.xzid403062:channel

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.yxxinglin.xzid403062:channel
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.yxxinglin.xzid403062

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.yxxinglin.xzid403062
Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.yxxinglin.xzid403062

description ioc process

File opened for read /proc/cpuinfo com.yxxinglin.xzid403062
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.yxxinglin.xzid403062

description ioc process

File opened for read /proc/meminfo com.yxxinglin.xzid403062

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.yxxinglin.xzid403062:channel

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.yxxinglin.xzid403062

description	ioc	process
File opened for read	/proc/cpuinfo	com.yxxinglin.xzid403062

description	ioc	process
File opened for read	/proc/meminfo	com.yxxinglin.xzid403062

com.yxxinglin.xzid403062
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4301

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
2⤵
PID:4394

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
2⤵
PID:4414

/system/bin/sh -c getprop
2⤵
PID:4506

getprop
2⤵
PID:4506

/system/bin/sh -c type su
2⤵
- Checks if the Android device is rooted.
PID:4533

com.yxxinglin.xzid403062:channel
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
PID:4581

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yxxinglin.xzid403062/app_crashrecord/1004
Filesize
242B

MD5
66331718dddb57a6d0473c1892873b81

SHA1
62c149bb9901c43df8f693f0c6354d4c0475503f

SHA256
f1a86c6b74172839f5d12391dfb0dfb90fd79c100cd61b3d7c5b28b9ea9c7b08

SHA512
10a4b78c9f7e7274e13dc7704b0ed879ba5cecc451380039b0ce4213ea8080d9d142b3037427bb9f20eff1ef0e27c42fd9200785ec7e9473566c098a04bca96a

Download Submit
/data/data/com.yxxinglin.xzid403062/app_crashrecord/1004
Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.yxxinglin.xzid403062/databases/MessageStore.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.yxxinglin.xzid403062/databases/MessageStore.db-journal
Filesize
512B

MD5
ce962cd679dc8ed6ec5603460b024b2e

SHA1
1f9204593e1ad812177d5525499fbf592a7e8865

SHA256
c71244b16a33b06a0c7aa50e563a40cfbf14168d81b360c95473ee3f1c0c0342

SHA512
5643453457048b95858d3a2d318234ccd72051ce8952b0c757ca6e39c8380621dab09deece7868f32da61c17bb3db791e906dab3343e731ab1c8cb141f54f2b8

Download Submit
/data/data/com.yxxinglin.xzid403062/databases/MessageStore.db-shm
Filesize
32KB

MD5
8305101a58a9bd103fe2bfa6f38200ae

SHA1
9f3b536935f37bce9214896dd659b00e2b869c3f

SHA256
102bfb76aac9a4e68c26bcbcf97f8498bc06987e5b68f5d7e8855579eae58a62

SHA512
642f6d42e4477aed9ad0c0e8aac6b38900abc84a5f05f8f5b36041b32c96331055c66961c2d34514acdb611bde54931b3432e8390f010d57d034193ac8e912ee

Download Submit
/data/data/com.yxxinglin.xzid403062/databases/MessageStore.db-wal
Filesize
48KB

MD5
907fcc9e9f57495ec5b6b118e1111c94

SHA1
dcdb8f845b93eb6f1a86d9e9541427b5eb92a4e6

SHA256
49efac3d3d3505b82e394a9a1043f05807a3736f4773f1f53b9c9f6dd2688671

SHA512
903e67617688ef6e8c550d9683228a5571ac3d1513b75d0ee082d409dbcf121b24b600a052c75ab08855b9069a2bc1942d3ebbc8042a346c915f775367c228f1

Download Submit
/data/data/com.yxxinglin.xzid403062/databases/MsgLogStore.db
Filesize
4KB

MD5
f56ee37cadc0560430d6e64a1a2c20ff

SHA1
daef90940e345324df49a44818b6c9f1dc71b674

SHA256
a2139d75407054af2423e81d7ffa63edf8fae44e41902535d454207bd026b9c9

SHA512
aad81bbb8294f59ebf0b63901c3eb362a604ec5286d47c706eac83b0f2fb16c4077062545b3b493ee47c09f2dbe0d73df2edc2b199e9189ba40c66b656b18f6d

Download Submit
/data/data/com.yxxinglin.xzid403062/databases/MsgLogStore.db-journal
Filesize
512B

MD5
1bdd502beafd2b81a6b658fda0582492

SHA1
f54712e566d7d9bc6053e1a77aeb91447127fc4b

SHA256
9bbe15711ce4e3beb1efc9ec7241291e13b13b05dba93085a6b360e5530c058a

SHA512
ee8b0bde15cd9ca66075cad5c31f705be8ed2586c6c59f60c3a83f87df799068b3f58187451ed593c73d13e63bb5e0a28228878ebd3ef41a213ffd9bbd80995c

Download Submit
/data/data/com.yxxinglin.xzid403062/databases/MsgLogStore.db-shm
Filesize
32KB

MD5
c563a9d422e1ae39774d06c5a563446a

SHA1
cbef4249e8728590900f5837923fc8408fd4b3a5

SHA256
8fc82cf9055eb325bd57cf3a95217202e3154554bbe4fb905e1c631801388e21

SHA512
8e6a5f3d31d7c554c85e657f226811529a078a50bc8cecd77a55d649eaa7c461cf86468bee1cbec7ac4ed797f6294494ae49934f9b9a3660ab7e620490c571d0

Download Submit
/data/data/com.yxxinglin.xzid403062/databases/MsgLogStore.db-wal
Filesize
68KB

MD5
26073325a678f799c145eff99ce984e8

SHA1
1a77c40abebeb73ee7b951f4ec18885233e3e35b

SHA256
a5bd18fea2d93e02ca2dad85bac85785dfdf1a7559c907eb5b08e7adfd790110

SHA512
9f242f5d24cca3ba13786e78ff2aa536608c445824659fc12c9bf5bf62ca171855dae6bb7867f6b1ca891a0a63c8e82b17c2d883b860f5358d130843e8a2c180

Download Submit
/data/data/com.yxxinglin.xzid403062/databases/accs.db
Filesize
36KB

MD5
486e2bac2b3e9e1cb411d2838a4854bd

SHA1
81dd0a7537f4af319b830ae834908986be85da8b

SHA256
5644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57

SHA512
c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681

Download Submit
/data/data/com.yxxinglin.xzid403062/databases/accs.db-journal
Filesize
512B

MD5
771e1a02a1be8afd7fcc8bebe405fcb6

SHA1
f3bfdf99e427cb7dcd41103390a94a98eae1a2a8

SHA256
2225032b25b570c32454e2693c4c154ac6ecf5a5d8a5c13ed4f5f8ab19cc5853

SHA512
75513bb5af34b559d582cb093135792b86b508e675d7704175e85aa324f24384e2dc4021a92e1087dc15fe17426b22da37391193625147d205faa467582ac387

Download Submit
/data/data/com.yxxinglin.xzid403062/databases/accs.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.yxxinglin.xzid403062/databases/accs.db-wal
Filesize
48KB

MD5
7a77509d2a8aa38c4b5f297e179ceb06

SHA1
7b78a7489546e3827089c0a8e05deeed51707c33

SHA256
cb99aa76a44fc0724cf914e592598eaf49d1f9a0d3842f067bb34587d0825575

SHA512
0a1098e237053ab1417b9c2b1c7151918ae8c7eab177228830a7ae91961baaef6b4fd3d1a75d6c91eb0495ad7aff015e76b9da09cee59acc7e9ce150f7af5226

Download Submit
/data/data/com.yxxinglin.xzid403062/databases/bugly_db_-journal
Filesize
512B

MD5
584846a4b78dfe9891c49dd590d7f107

SHA1
7122aac4a5a856974bc78b6cd4b90c0ac8d0c11f

SHA256
a9d5a76cbcfffb428bd0124eb8445971abf32bb4b4068cda166e8bcf242a4aec

SHA512
69775440d88e9a21462737c5dfb78b19cce3d8b7b5c2a57d5aeeb0b5a5d67fae8f34d2598d51adb7ec887d97ec7aea30bbdb2335438ce871128d54400a668df2

Download Submit
/data/data/com.yxxinglin.xzid403062/databases/bugly_db_-wal
Filesize
72KB

MD5
6f54387b09055541482553944a1d0eef

SHA1
76d64c94b6a052540176d7e1d71eebef80cf5253

SHA256
06ff8c0d25bf9dae762a898d76db5037a2d0fd104d5b055f413a78006a599c86

SHA512
6983670fbcec26f6a1695c0d134e7ee203ce4707c2120114ca83adaf264101021967ad048ceb2ac909ff8d46a82176c9d15b1dc647bca4f8dc3f62eaacacb5c6

Download Submit
/data/data/com.yxxinglin.xzid403062/databases/tencent_analysis.db-journal
Filesize
512B

MD5
38cb8ead5cf2054b51be1bdc725ceef2

SHA1
f81cb9b3469d7b4c8081049a4af5de07e98dd8c2

SHA256
8a2436dc4b7e4e5791bf77748ede6a586a4401dd38e42858e07090317f57ea3b

SHA512
57a38f78b68f15c88bfcf778c90ee7090fde6c2d3d3983b608fe2f0930d10f09f68286dadc5477fdc3708c4930365ac60e57cec8e3b904c04a90b8a6b0d449fa

Download Submit
/data/data/com.yxxinglin.xzid403062/databases/tencent_analysis.db-wal
Filesize
76KB

MD5
fe0d5d8dcbb90559ab9ad0416d7cc99b

SHA1
b57f4ed473f95318e087698ff2cd6e8a52faa1b9

SHA256
8f830bea3d01e717f4dc9eece821d6f9f6fcd3ccd927103298af94aab85e3381

SHA512
63fc422b54246bef75ffe6b48e9ee386e9ad88f01139f8791dc06f0f8c45c53999d49da18ab5e7ef60d267e1b2321dc249b67092482136e7baf2407313a6ebb1

Download Submit
/data/data/com.yxxinglin.xzid403062/files/cclogs/2024-06-13 075359.log
Filesize
1KB

MD5
ed8a16148107f3d03adb90bf6bab5c5c

SHA1
ee4ce0231af93367da4f827ab103b731a8f1a9ec

SHA256
239905f807b941d64f83f4142296a3e1d4a3c45a30cf5dfb63a1d545c96c66d8

SHA512
8e48f62d9d3ae51a75860a690593dea361597d9fe2004770f5a7a8de2e95ab71e666447ed67f634fc57c59e0dde08e2f9aad8993ad5d0b32f5128bf662aea030

Download Submit
/data/data/com.yxxinglin.xzid403062/files/com.tencent.open.config.json.101400326
Filesize
1KB

MD5
f526172de1566b34fdcea744710d9559

SHA1
000cb54d9a008a807a1c5a3fd2b2e7cb41e7939d

SHA256
8572be02b59f4d514000939ec04a9b4e2380c55265256b724a617d8d0f4c6940

SHA512
dc81f0fe345b18c96b1638c67b9ef4c5e60059dfc4a02f3c30a23645d4847abeef46cf467d044c42597115c48052ce0e8ea24328382114a544c5dfd039a95e7d

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
111B

MD5
0f019e74cd3b724f62a654ef23113659

SHA1
ea096cf8b7bf1d41d27e64ab03c4f405cf0cb647

SHA256
c8ae90bd0483a57012f18e5ba16a899ff529aeac59e330367e2b93cffd0b32ca

SHA512
d116f6a8a81c138b6f32633f5ba114fdbbd05528514002fcfd9d9764880efec982ab849918ba6cde4585932ef57368e8064c28a182813d42b998118a9dde1eb6

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
111B

MD5
b8aaa91b6b352b16457e094c6696c063

SHA1
1464a4a385ac7bb246a208a4ba35c776bc912348

SHA256
8f639acd896bb0024ad1a4a425c83da5eedd9f3ef19980121d2d7569b70e2b1c

SHA512
d7cef82d26264b0e1ae3a0fbe593e8336a851c9b79ce415b23bbd22511935364ae88ec0647c850604180ff6f72b1dcf569be4b888e18f70af72549165e1ae25e

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
381B

MD5
b13ee8be10af5f7fa172a81ba2859b3e

SHA1
7a19c46376a2cd89b30a5318214b19890e8b71c4

SHA256
1f69a53c11a5cabeb6af48a18ad4da96edc1ee75b6dff732285cc6759ddd531e

SHA512
1d8e1cedb9ea3bf3e2de553f75fd81376087c2d134941c212aed7cecae659a81be1e8e5a0a543a70002c1e5ad186fbe510acce985e733981314774791fbd62bf

Download Submit