48ff55a0155f9229742fc18eb68a888c7d863405312917d128b65909eb9ce2e7

Analysis

max time kernel
157s
max time network
186s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
14-06-2024 01:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a7a671992660973d6d30587fa19de37d_JaffaCakes118.apk
Size

30.4MB
MD5

a7a671992660973d6d30587fa19de37d
SHA1

2fbecbfe77c0c86b4c79cce8a1c6804b1ed9799e
SHA256

48ff55a0155f9229742fc18eb68a888c7d863405312917d128b65909eb9ce2e7
SHA512

ca9735994f1b19579b5cb45601a1acb5da4c86fb7eed9cdba73e6d0197fbb039ef4ff303d4e470b3bd8a781e67cd31f6d471ba469f5d3ea96f8611a92712395a
SSDEEP

786432:7oqY1jIC7TW6MMAedaYZPF1sE4kDEB+YtASsQvNGEI:s1kC7TWx6aSPF1sp+EBDtAqu

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 4 IoCs

evasion

T1426

Processes:

com.yxxinglin.xzid135526/system/bin/sh -c type su

ioc	process
/system/bin/su	com.yxxinglin.xzid135526
/system/xbin/su	com.yxxinglin.xzid135526
/system/app/Superuser.apk	com.yxxinglin.xzid135526
/sbin/su	/system/bin/sh -c type su

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

com.yxxinglin.xzid135526com.yxxinglin.xzid135526:channel

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yxxinglin.xzid135526
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yxxinglin.xzid135526:channel

Queries information about active data network 1 TTPs 2 IoCs

discovery

T1421

Processes:

com.yxxinglin.xzid135526com.yxxinglin.xzid135526:channel

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yxxinglin.xzid135526
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yxxinglin.xzid135526:channel

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.yxxinglin.xzid135526

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.yxxinglin.xzid135526
Reads information about phone network operator. 1 TTPs
discovery

T1422

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.yxxinglin.xzid135526

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

T1624.001

Processes:

com.yxxinglin.xzid135526com.yxxinglin.xzid135526:channel

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.yxxinglin.xzid135526
Framework service call	android.app.IActivityManager.registerReceiver	com.yxxinglin.xzid135526:channel

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

T1603

Processes:

com.yxxinglin.xzid135526:channel

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.yxxinglin.xzid135526:channel
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.yxxinglin.xzid135526

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.yxxinglin.xzid135526
Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.yxxinglin.xzid135526

description ioc process

File opened for read /proc/cpuinfo com.yxxinglin.xzid135526
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.yxxinglin.xzid135526

description ioc process

File opened for read /proc/meminfo com.yxxinglin.xzid135526

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.yxxinglin.xzid135526:channel

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.yxxinglin.xzid135526

description	ioc	process
File opened for read	/proc/cpuinfo	com.yxxinglin.xzid135526

description	ioc	process
File opened for read	/proc/meminfo	com.yxxinglin.xzid135526

com.yxxinglin.xzid135526
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4190

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
2⤵
PID:4280

/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
2⤵
PID:4303

/system/bin/sh -c getprop
2⤵
PID:4378

getprop
2⤵
PID:4378

/system/bin/sh -c type su
2⤵
- Checks if the Android device is rooted.
PID:4405

com.yxxinglin.xzid135526:channel
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
PID:4431

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yxxinglin.xzid135526/app_crashrecord/1004
Filesize
242B

MD5
bac6dcbe30ebc91a4039da020fc455a1

SHA1
bded099cdc4f96aba4934796066e52d163db17b9

SHA256
de8fada4903a5342f8e5d52dcfe4711e245ccee2427f244486fb1578b7b75605

SHA512
f898d3e9fa6d442b7f2d93f52a19241b720c792d7851e8d3e4d9ac72195a6e79ae848e059965ea16fdc74238059d56b4b425378a123c3fb2d9d9b29e7b546d12

Download Submit
/data/data/com.yxxinglin.xzid135526/app_crashrecord/1004
Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.yxxinglin.xzid135526/databases/MessageStore.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.yxxinglin.xzid135526/databases/MessageStore.db-journal
Filesize
512B

MD5
2e1273a4a0e78917021eadb23f0375dc

SHA1
4cb392b673d6451c4b9ee02e6c65fed541f78af0

SHA256
d18a0330b0cd18cde48cd02cbf534a9890338133bdb4d0ea6c3c7d38e79d34ec

SHA512
be8c70af9f6efa20a56da8ace4bb8ca33185620130abaa1c6d45fcc3a760f1289c6219d92cd4e351685d1ef697df6513f4e73052fd654a887fe0ea44853cbe7e

Download Submit
/data/data/com.yxxinglin.xzid135526/databases/MessageStore.db-shm
Filesize
32KB

MD5
00e50c369601fb4dac7c0edc961621ed

SHA1
073bad2014d94169cf71754e386adf016c446c82

SHA256
377207465387f012436521d97524dfd6b4d6952f0ae665f55fa066b00f508acb

SHA512
470494bb7b59ce3497a4591eca424dbd2aa681edcd87863dd8808c5b919aeb88e8571ea5edfc8fb40c3254f5c4fdfbb8332fbb0c11c6322d12f397853e2d1373

Download Submit
/data/data/com.yxxinglin.xzid135526/databases/MessageStore.db-wal
Filesize
48KB

MD5
cc6af09549f6540540cbc2f07428e814

SHA1
ecae48afcb534b281b285c9accb1e44c104e7aa0

SHA256
187da21aa710ad4225355587e9be792775627cb6a07c1354e14375054f21cace

SHA512
a768fe835e6c817297f139a64329b1ead375ed47157f76a372972218e6fd7e73ee751778492764372586f3f95fe4b571d6de4e9480e34032d86516c97ad0ee6b

Download Submit
/data/data/com.yxxinglin.xzid135526/databases/MsgLogStore.db
Filesize
4KB

MD5
28ae945fed017391c17c4d60793572d8

SHA1
69043a5472816e811aabfedbe8ab716b5be7eef6

SHA256
a429a7f4358717627569f59d03c058f16a60e6523f5d0d157847f0efff57b6e4

SHA512
aadd619e6dc35ac29d2bd33d09a6628a5a9cdb6914d26460a70872cea4e81cabd29657667b34ee59db3dfd32c66dc97cc600b5db48d2d598fee53b377f7f304c

Download Submit
/data/data/com.yxxinglin.xzid135526/databases/MsgLogStore.db-journal
Filesize
512B

MD5
2d6c824e3d3fa9296247bf209bb988d1

SHA1
4564461c891009b34f654615510566829c1cd631

SHA256
60727237f2d2407822ba1fd4479cc4d0bd49ca4adf6fd45167bce72dab6bb11d

SHA512
83844fd2627edfb2b32f137a11be518e13864305e0d6dffd835508763d0a21d150cd9b1494a4991bbdf4f7231a43fcf6dd3c8cff99fbea38c8bac485ae969412

Download Submit
/data/data/com.yxxinglin.xzid135526/databases/MsgLogStore.db-shm
Filesize
32KB

MD5
69b856f9ab704a2f6c1ca0cad25e4810

SHA1
48781894beab78632c2d1187b2df7e8fdf9bd656

SHA256
790d34dd226883bed5d8db49daad36f5abda15d8c0f4924276b2466476ab0196

SHA512
a8d04b1a6bfd47bc10a6e0e9d59ad41dd5decbbefa40b1c1f0d2628fd996dcb21ccf5d7eeeb0178cfc7069b2db6884f3638dde6d4ffa40fc11621cf17e5bd2db

Download Submit
/data/data/com.yxxinglin.xzid135526/databases/MsgLogStore.db-wal
Filesize
68KB

MD5
a0d7f9e635a99b3b985f34f009c01b1a

SHA1
e07a1784484d95591c9390de282d0e7f8a9bae4a

SHA256
1be6494f803f2b5fd828b394f50a39f4a92afb310a884a859228322223e474cb

SHA512
828469852cdb4090dab7585479988b3775644ae0425b727ed144999615a44504a6f1d26bb5f3b56b4e1b6902da5741b11e15b9a47d3b32900be925493a559fd7

Download Submit
/data/data/com.yxxinglin.xzid135526/databases/accs.db
Filesize
36KB

MD5
486e2bac2b3e9e1cb411d2838a4854bd

SHA1
81dd0a7537f4af319b830ae834908986be85da8b

SHA256
5644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57

SHA512
c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681

Download Submit
/data/data/com.yxxinglin.xzid135526/databases/accs.db-journal
Filesize
512B

MD5
ba9fc171b0d9d2a7c0c01d08535791d9

SHA1
d87c4d6fa82fab3a2ac279621c29b529f5f2a680

SHA256
05c3e6f89dd4d1af45e4d3d47071ceaa3187c79b82cf3d68191ee6d99b4b55c0

SHA512
7d81737aaf892309881d78a1a662aaa29171937f02d6e9f002b2bf8b6e96802bc3d181777467aa57dbdd33cba1788a0b5a1c77c54666112cfe6835b13826738a

Download Submit
/data/data/com.yxxinglin.xzid135526/databases/accs.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.yxxinglin.xzid135526/databases/accs.db-wal
Filesize
48KB

MD5
5029886418626f921b3722fe52dd24f9

SHA1
85393a94980cd41027533bd2a2c57ff2a547f64e

SHA256
83c78485e6c43f486ec1b0f2a36267080683102fc485eb94dfe9a555268e5bf3

SHA512
ef4ba2054cf64f68d5887e89bdc09cf8eb64d0561cc4bee957013af568af7d76dac1c26735b3f5912b764d4488294997e0a4eac4448cd245bc9f9031d6ec88a5

Download Submit
/data/data/com.yxxinglin.xzid135526/databases/bugly_db_-journal
Filesize
512B

MD5
a37ddfb561b50c018ae8b84b825df1db

SHA1
e6b35f3626d62b000d4ba4d4e25449850a390718

SHA256
39d3e866757aad831fda024121bdc8b1943e7a9d349d738a97e7f3c9f0766116

SHA512
c64fc0779c434dde7b82b397f418e9bf0e5c43197ebd62def68cd9546fc874667f58b30cebd06ff08ffe66779254be150739c02e5052cb5551ae8ba5f574c687

Download Submit
/data/data/com.yxxinglin.xzid135526/databases/bugly_db_-wal
Filesize
72KB

MD5
a3e3035b7a865bfd01c61cb98fec1cf1

SHA1
53911b9a8c8eeabb77e39fa5e87be4bbe557168b

SHA256
36bf441c78762937022972b323a50ce0f2a6ae08db602ccd5b33de6cf5789585

SHA512
ce9d352ac168b39577b3feb36af23e5cbcb8ec2ce4f98e3a8de77de14be2085ea39bcd616c6bf088d197f2c0f0e8df20c0611bc3b03a6ff8f5afe9cde242b5d0

Download Submit
/data/data/com.yxxinglin.xzid135526/databases/tencent_analysis.db-journal
Filesize
512B

MD5
d46ff86016b3d87ac2fe57e9a89d2707

SHA1
cd2201d09aa03a4b4f4386d3bb13abe11f7423b4

SHA256
ad6caba6375c6bebf136655bae5d047046292f222aab8f2d61c4739c7227f53b

SHA512
fc3b363a4f0750d79ae444c8d57b6a37f26325ecf7c290b8f7fd14e740293aa13735fc00fb3953bfc173cf9154bbfb6579854245b889151d5adc0b9d4a8c6908

Download Submit
/data/data/com.yxxinglin.xzid135526/databases/tencent_analysis.db-wal
Filesize
76KB

MD5
214f206903c92e7b9cfc4ac94018b2f6

SHA1
7354ae9adc3b47ca8a7687e93150fdc330cc2e66

SHA256
5e709715040075dbdba6fe6baf43f2e64962b95763131b7a1d7e3b161b89a00c

SHA512
72f09f7c7fe8100e1c58ad1f5780b8c7a709f270e63b43475d2ffc19fae9aef35a04ece5eb87344a79c73f8357c19961f37a684917234baefbe7007e54dfed0f

Download Submit
/data/data/com.yxxinglin.xzid135526/files/cclogs/2024-06-14 015908.log
Filesize
1KB

MD5
70bcb97bc198245f462ecc98b401adae

SHA1
bd216acb89b87555ebc018c00783d7fdf054fd3b

SHA256
045083afc309655fd5550c2a9678e949948a4d453c64f2211583d9ff96147f7a

SHA512
9455478e343cbff2791dde5ffdc408724f071912a62c8798068fefcd3eead472249ebf61d59c0e884a7c084af2f0f08e68ae89b78df4cfc24db045272349e297

Download Submit
/data/data/com.yxxinglin.xzid135526/files/com.tencent.open.config.json.101400326
Filesize
1KB

MD5
f526172de1566b34fdcea744710d9559

SHA1
000cb54d9a008a807a1c5a3fd2b2e7cb41e7939d

SHA256
8572be02b59f4d514000939ec04a9b4e2380c55265256b724a617d8d0f4c6940

SHA512
dc81f0fe345b18c96b1638c67b9ef4c5e60059dfc4a02f3c30a23645d4847abeef46cf467d044c42597115c48052ce0e8ea24328382114a544c5dfd039a95e7d

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
111B

MD5
96979b0539c6fc06e5bc3556cdcacb0d

SHA1
3a0c5784f48295dedaaff8c63bc47cd751039142

SHA256
d53d11442f333925b4c34569936b4d3926b457c8a821c549018e6697957b72f5

SHA512
84cc7e766c6a9ca515f2784eeaebf54cad7e3548f766e4a44ca6c188860a29005ed028efa9e40aacb12fb95cb0d8072b4e2349c382d72b076c43f70bfe48c9e2

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
111B

MD5
f374f2a7be8e873a2792debaf37a9f11

SHA1
4d1fafbd9dd57607e4eae81ff9e8d242ad6abcd8

SHA256
01e49e4e892e3652ea8f4dd37de2240b012e2b4d7b2146c3f76b9eeef1923644

SHA512
20c0c19573730353f5b77304c6bf098df7e8dec0d723b4a86d1bee95a944ad5170bc3b33a8c72376880da91543c92910ef36a5a4610cd304e188460e165774c0

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
381B

MD5
4169ec0f128410073b4842fe9753c637

SHA1
ea69cbac5fd6403aa93d0e1f1740cbf1b69c26e5

SHA256
dd550cd779083971d67917034f429382ccf0153fbadbb3d6c74535984fb80517

SHA512
45bc11993dee2f32eef182fdee6554fa90d011418ef787d043c5817f04902c4a19863ee6f38c647f50e68766439b3214f62da487a3dc90122570f85b61653a75

Download Submit