6181c237e6741e7cb16faef9eae233c131181694f7f4f7511c8142b9fee5f453

Analysis

max time kernel
125s
max time network
156s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
14-06-2024 01:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a781043bdb65d9e1c6c6afdfd0821a8e_JaffaCakes118.apk
Size

10.7MB
MD5

a781043bdb65d9e1c6c6afdfd0821a8e
SHA1

4bb6cb5a42cf0a60f9cc09c2e7c2b44c1f354ada
SHA256

6181c237e6741e7cb16faef9eae233c131181694f7f4f7511c8142b9fee5f453
SHA512

c09816120d2f87822ebb6f999916f11553b336e340a5e4b3b9461d6089e03d861f1fee8a9ea0521e5fe72d62338a61800860e806bb22b86fae0de3cd7ae007b7
SSDEEP

196608:VSH9Xk9FGosXjW4WMIuoEWPuSYBMwoXC717f/e4lf0xAPTGAki6JSXuZLOt4fyXC:VsosXjW4NIuNIeUXeWw0xAyAki6NquOa

Score

6^/10

discovery evasion impact persistence

Malware Config

Signatures

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

Processes:

flow ioc

14 alog.umeng.com
Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.yxxinglin.xzid526958

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.yxxinglin.xzid526958
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
evasion

T1628.002

Processes:

com.yxxinglin.xzid526958

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.yxxinglin.xzid526958
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.yxxinglin.xzid526958

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.yxxinglin.xzid526958
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.yxxinglin.xzid526958

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.yxxinglin.xzid526958
Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.yxxinglin.xzid526958

description ioc process

File opened for read /proc/cpuinfo com.yxxinglin.xzid526958

flow	ioc
14	alog.umeng.com

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yxxinglin.xzid526958

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.yxxinglin.xzid526958

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.yxxinglin.xzid526958

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.yxxinglin.xzid526958

description	ioc	process
File opened for read	/proc/cpuinfo	com.yxxinglin.xzid526958

com.yxxinglin.xzid526958
1⤵
- Queries information about active data network
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4260

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yxxinglin.xzid526958/databases/RKStorage
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.yxxinglin.xzid526958/databases/RKStorage-journal
Filesize
512B

MD5
f7055d7bb4ce4d7457369193c05a7635

SHA1
db3e1d5fbf7046947c97af979e326ac251aff869

SHA256
f8f7df53779d69e5891f99cddc2984c2f0a2d294aa228217d57e7e00a7669f04

SHA512
13be98e21579e37f93d2834548391b4533be65a9458e9b766d0dccbc9e83018584f3a0c6bc69d31b3929d68b07e06f6fa19a40d80f90488a0b593f28b3ba7fc0

Download Submit
/data/data/com.yxxinglin.xzid526958/databases/RKStorage-wal
Filesize
72KB

MD5
c2682eb01b519c69a4c3f4c5ceb11158

SHA1
3a7b9f598f446f15058479295b6e4fb9e949327b

SHA256
e927c5202c4e053005fb4442b1bea6d40a6e88d022fedb8b9649793c6b25f6f1

SHA512
54adb1be47d16024fafe642a9c00980cfbef935e6ed47ce499fcf152479438af0ab1a2c6e3cebe1fecd5f0c02d8751fc915f8a87cb30d913b5d2f5b89d3feab8

Download Submit
/data/data/com.yxxinglin.xzid526958/databases/cc/cc.db
Filesize
36KB

MD5
5d7ea1a23af19b4340cc8d90f28297d5

SHA1
4cfe95b23a9e98378d69c4290af81b51fbe76aea

SHA256
474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

SHA512
33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

Download Submit
/data/data/com.yxxinglin.xzid526958/databases/cc/cc.db
Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/com.yxxinglin.xzid526958/databases/cc/cc.db-journal
Filesize
512B

MD5
7b6dc78ca243d1c7ea04a7e636d52ad2

SHA1
caeb5e20ada7a81150c7a0bc0fe724c12960da07

SHA256
e3a028e7ed17a3f08dd9d763929700680f4e5a3c23b1d0749da31ef7f5df4e4f

SHA512
8f9ebe844dad4f83a506eb109444ea3ab73c842acdf5a01506c323928acf3222e2301477f462062e3a49e75f0c52d7325e6ce1b7e26c4ddd749c12f268f7c12f

Download Submit
/data/data/com.yxxinglin.xzid526958/databases/cc/cc.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.yxxinglin.xzid526958/databases/cc/cc.db-wal
Filesize
48KB

MD5
8fba304420569de2153e69a28b8b2ed8

SHA1
cdcb8854f3cfee32df9d23f17ba3a7d84b975051

SHA256
cd4054f4f880d39aeb30784c8ec63ea542b9ee26632cdc8df2ccab5546536138

SHA512
6f5ba855029f5c999e8da29f163a7001dcf1b5b29ee2cf5bfa574a7c8c0eaa70426301ab336dbc93b9dff79349ad141b1f4f5d5b719297c176fad6ae87e65d5b

Download Submit
/data/data/com.yxxinglin.xzid526958/databases/cc/cc.db-wal
Filesize
16KB

MD5
143b201e7be1b3417efc51a38e51bfde

SHA1
5453ff31d8457bd430d430611d6246d27e204a0d

SHA256
bfce86ea35f569d78c2a9c7323b1874445c46331d765857720eeff762519b99b

SHA512
41e707ff0f807e07b93dcf61274156da3a318852d69eed34a14cb679a883b67484e200522400bca6336d5b00fdb180a3ecae2527fb5f9da1d31cdc12023cc24a

Download Submit
/data/data/com.yxxinglin.xzid526958/databases/ua.db
Filesize
32KB

MD5
858fefc33484c8223657b498b69dc777

SHA1
8aeea6a3bd68555ebf54a052d88f6fae0e01208f

SHA256
dba94d6a7a9c46870c2bd9c4a43fd206db560122dff32fa013225e52d8812020

SHA512
ecd2b91975abddb41e72eeac0af93a477a0f11c80bfba0a9b6302deaaae890ae40bd6b6a3f62decb37361a79228f8f4a827bcf3bd6c3f67d838ab601d42a2622

Download Submit
/data/data/com.yxxinglin.xzid526958/databases/ua.db
Filesize
32KB

MD5
d604a3bf1f8d992cc320ea5b1f7609bd

SHA1
247f88df0b55c7d523ea5398637711a0e4a483a4

SHA256
329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17

SHA512
67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

Download Submit
/data/data/com.yxxinglin.xzid526958/databases/ua.db-journal
Filesize
512B

MD5
0229fd69922079f08578ca4d17b4748f

SHA1
17d316b15a8614d1cb368d84a9bd3490cd8414a3

SHA256
5360b6d1973d638a97376b1c5548371359762857a164fb5516d19aeb6ef90796

SHA512
aaf1ce7ad13faec8c921fd5b5ff13ce9dcc1432bf18cfe349037d43d24c23a623812b0779ba14e5febf7a03502651ae188ee95ddcbf19bef109eed3c0956914b

Download Submit
/data/data/com.yxxinglin.xzid526958/databases/ua.db-wal
Filesize
56KB

MD5
54190dad49e0666d160af781b0a0c8be

SHA1
5f7b3a3cfbc02b76b0a5b612c21ea6c35753de9d

SHA256
976fdb5dfe123cccc4e4ca08f8a78e81b562a8fee0765e20e7773b1a6e1b0222

SHA512
812f137aad007b95920e7696862c2771727d5a58c9b1580dd799e97e8b617ac2d1447da44b624f78db722eaf0ebaaa0c9116533437043bc9a0ef6ff9900df27b

Download Submit
/data/data/com.yxxinglin.xzid526958/databases/ua.db-wal
Filesize
8KB

MD5
11c2e0bd537688a4acf257008a939b29

SHA1
c029ed9dc398d459594544afd16db5c62ed5c6d5

SHA256
d6151c55bb7708fb8396ea79d0597fdc7c380608d08a5630826d6af368e5143b

SHA512
7ff4cd41420f4139bd95020eddc943e12e01293b225010958df12803483035d43bb08612af16e6cb50f8be569d883fe9e1d3a479467ff9515045eab88542e65b

Download Submit
/data/data/com.yxxinglin.xzid526958/files/.um/um_cache_1718328181101.env
Filesize
1KB

MD5
b355114708bb759171616296d3cb7632

SHA1
07730d4d26e863c80358b7f9bea6c670e4351418

SHA256
4e3a0ac254c228463b7ebc216bb28d1287ca685b1f956cc69b135a41b3e38c63

SHA512
2bb4938fc2c76808bb51a19cc8a5c796d26c5c8a30bd92338550827dcc4e5eaf4fac70649a7112b2c01a6905a4ec40a8fcb94ab3974c2a6bfa6c9f245f2bbc63

Download Submit
/data/data/com.yxxinglin.xzid526958/files/.umeng/exchangeIdentity.json
Filesize
162B

MD5
3af39c63d2beb482fcf71f99619e2e65

SHA1
bf074366054df1e55ae670b8b7d596afe032c075

SHA256
46b407202a8224355c23403a3de3c87aed38b12ab490ea7f5bcef7faf2c86bb3

SHA512
fd6e2b4869d0f036565e8f885d659ec2e8631785cc8b09a13cb891a4c8cdc20ba5a6ff48c4a0af9d6a8aa8cb60adfc757ab647189b8a5a8d83bef105772c7f12

Download Submit
/data/data/com.yxxinglin.xzid526958/files/exid.dat
Filesize
54B

MD5
f7776c8fc0e889b0ced1726848a1409e

SHA1
684ed8df2d3744df3fe57e8a83f5c28d2568dfbc

SHA256
e8a1d2515eb2f595202ff921a5d12240ce7c2da55ba14908713fb5632a7d9c2d

SHA512
bf71c6bcfc8587f3eb1a2b6b1b5fa4e51773784d5de1617e22fcbc785711c76803d6914b786ba567602273ce2c17463278b0fbfb6360ac949dcb455196c4fa8e

Download Submit
/data/data/com.yxxinglin.xzid526958/files/umeng_it.cache
Filesize
415B

MD5
9ea0a822c4087f71241a437d95f1ebfe

SHA1
f5cacb8b09aeed854a09d4ff02f40bb8f00e6613

SHA256
5dacc2378e8277602489d0378fc79dce5a49e300ff6e4caaffd31ba688119ad2

SHA512
085335f086846e5ec3fbc1c0571fbc138af43f3272dfc44f309ab04ca471b8013eed885256a5c479e36d6b35e2361d654397dab99461d4d5f571ba312a2da719

Download Submit
/data/data/com.yxxinglin.xzid526958/lib-main/dso_deps
Filesize
156B

MD5
c778800d4b91ddc191fefcb26989ae2d

SHA1
5045df78c2b8498ee0b08399ac76f04012b05513

SHA256
18f917eb821dd079396e4e603ceb97f02c05696b56b2f73a6e048438e0d41f0a

SHA512
c02286f158dc1d7346d7f2efced220d927e358782c77543c48fe54097e7c28a1c4a39c6be16e39a5788cd5ae4f71172f24ffeea740beb97f8d016222595e7d90

Download Submit
/data/data/com.yxxinglin.xzid526958/lib-main/dso_manifest
Filesize
93B

MD5
f049019de27a3a937680ead2d2ab0491

SHA1
da7e30a8e411aebc0174a4029287a911bd8ab260

SHA256
055b4a2335955bb0b7fbf290cf19489b457757b0f5ff4684dce994a88aa9df03

SHA512
04089120a08f9e18fc528d84f727349c5197e6a6dd494921d7e293e6dd5824d56a10eb832b5d058d6fb8dd555c2e645c00f338ca9ca7734a6b9f70ced405e2cc

Download Submit
/data/data/com.yxxinglin.xzid526958/lib-main/dso_state
Filesize
1B

MD5
55a54008ad1ba589aa210d2629c1df41

SHA1
bf8b4530d8d246dd74ac53a13471bba17941dff7

SHA256
4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

SHA512
7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

Download Submit
/data/data/com.yxxinglin.xzid526958/lib-main/dso_state
Filesize
1B

MD5
93b885adfe0da089cdf634904fd59f71

SHA1
5ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA256
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

SHA512
b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

Download Submit
/data/data/com.yxxinglin.xzid526958/lib-main/libjcore110.so
Filesize
77KB

MD5
304c4775c940633d9bcd763ef3c59ff6

SHA1
88cec29d0123a91bd5fc01adf460d75137592998

SHA256
718cdf15c87ac89607e548ac80b4e22499afbbdf5f5df77aa8fb3e2776e719ad

SHA512
8265e7dfc99e7ab6195d879a6fe3ad0cd5e33919d75c6ecf33d38d301b754a2c576bcaa73e56c8b305838f726577fc042ee7e8ddd88cea05e25eab4fec82cc43

Download Submit
/storage/emulated/0/JXCP/aff/com.yxxinglin.xzid526958
Filesize
7B

MD5
c64a67131a30749e85b6682cb41fc270

SHA1
5a6bbe84691a569d959ee96d454c0999a55658ab

SHA256
ee2d2f22c49f0c0848718ab28bd933d4cae5aaa88388138dca92fa8536ee73bf

SHA512
601761bf43c0a5e0b5e430f8b2abc3fd8c11741c0e0292ad7e602017c57087f6e4ef80e30ec11dacfb77d8942651a1ac3a00d864701533cbafd04889a35a6e15

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads