Analysis Overview
SHA256
48ff55a0155f9229742fc18eb68a888c7d863405312917d128b65909eb9ce2e7
Threat Level: Likely malicious
The file a7a671992660973d6d30587fa19de37d_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Checks if the Android device is rooted.
Queries information about running processes on the device
Queries information about the current Wi-Fi connection
Requests dangerous framework permissions
Reads information about phone network operator.
Queries information about active data network
Registers a broadcast receiver at runtime (usually for listening for system events)
Schedules tasks to execute at a specified time
Uses Crypto APIs (Might try to encrypt user data)
Checks CPU information
Checks memory information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-14 01:58
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 01:58
Reported
2024-06-14 02:02
Platform
android-x86-arm-20240611.1-en
Max time kernel
157s
Max time network
186s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/bin/su | N/A | N/A |
| N/A | /system/xbin/su | N/A | N/A |
| N/A | /system/app/Superuser.apk | N/A | N/A |
| N/A | /sbin/su | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.yxxinglin.xzid135526
/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
/system/bin/sh -c getprop
getprop
/system/bin/sh -c type su
com.yxxinglin.xzid135526:channel
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.180.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | cgi.connect.qq.com | udp |
| HK | 43.154.252.110:80 | cgi.connect.qq.com | tcp |
| US | 1.1.1.1:53 | api.weibo.com | udp |
| HK | 36.51.224.49:443 | api.weibo.com | tcp |
| HK | 43.154.252.110:443 | cgi.connect.qq.com | tcp |
| US | 1.1.1.1:53 | umengacs.m.taobao.com | udp |
| CN | 36.143.252.112:443 | umengacs.m.taobao.com | tcp |
| US | 1.1.1.1:53 | pingma.qq.com | udp |
| CN | 119.45.78.184:80 | pingma.qq.com | tcp |
| US | 1.1.1.1:53 | amdcopen.m.taobao.com | udp |
| CN | 203.119.217.116:80 | amdcopen.m.taobao.com | tcp |
| CN | 203.119.217.116:80 | amdcopen.m.taobao.com | tcp |
| US | 1.1.1.1:53 | pv.sohu.com | udp |
| GB | 43.132.64.25:80 | pv.sohu.com | tcp |
| HK | 36.51.224.49:443 | api.weibo.com | tcp |
| US | 1.1.1.1:53 | kefu2.qkagame.com | udp |
| GB | 163.171.129.134:80 | kefu2.qkagame.com | tcp |
| US | 1.1.1.1:53 | update.qkagame.com | udp |
| GB | 163.171.146.42:443 | update.qkagame.com | tcp |
| US | 1.1.1.1:53 | down.qkagame.net | udp |
| US | 1.1.1.1:53 | android.bugly.qq.com | udp |
| CN | 14.22.7.199:80 | android.bugly.qq.com | tcp |
| US | 69.28.62.188:443 | down.qkagame.net | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| CN | 36.143.252.112:443 | umengacs.m.taobao.com | tcp |
| US | 1.1.1.1:53 | umengjmacs.m.taobao.com | udp |
| US | 1.1.1.1:53 | umengjmacs.m.taobao.com | udp |
| CN | 36.143.252.112:443 | umengjmacs.m.taobao.com | tcp |
| CN | 203.119.217.116:80 | amdcopen.m.taobao.com | tcp |
| CN | 203.119.217.116:80 | amdcopen.m.taobao.com | tcp |
| CN | 203.119.217.116:80 | amdcopen.m.taobao.com | tcp |
| CN | 203.119.217.116:80 | amdcopen.m.taobao.com | tcp |
| CN | 14.22.7.140:80 | android.bugly.qq.com | tcp |
| US | 1.1.1.1:53 | amdcopen.m.taobao.com | udp |
| CN | 203.119.217.116:80 | amdcopen.m.taobao.com | tcp |
| CN | 203.119.217.116:80 | amdcopen.m.taobao.com | tcp |
| CN | 106.11.61.137:80 | tcp | |
| CN | 106.11.61.137:80 | tcp | |
| CN | 106.11.61.135:80 | tcp | |
| CN | 106.11.61.135:80 | tcp | |
| US | 1.1.1.1:53 | umengjmacs.m.taobao.com | udp |
| CN | 36.143.252.112:80 | umengjmacs.m.taobao.com | tcp |
| CN | 119.147.179.152:80 | android.bugly.qq.com | tcp |
| CN | 36.143.252.112:80 | umengjmacs.m.taobao.com | tcp |
| US | 1.1.1.1:53 | android.bugly.qq.com | udp |
| CN | 119.147.179.152:80 | android.bugly.qq.com | tcp |
| CN | 36.143.252.112:443 | umengjmacs.m.taobao.com | tcp |
| CN | 203.119.217.116:80 | amdcopen.m.taobao.com | tcp |
| CN | 14.22.7.140:80 | android.bugly.qq.com | tcp |
| CN | 203.119.217.116:80 | amdcopen.m.taobao.com | tcp |
Files
/data/data/com.yxxinglin.xzid135526/databases/MessageStore.db-journal
| MD5 | 2e1273a4a0e78917021eadb23f0375dc |
| SHA1 | 4cb392b673d6451c4b9ee02e6c65fed541f78af0 |
| SHA256 | d18a0330b0cd18cde48cd02cbf534a9890338133bdb4d0ea6c3c7d38e79d34ec |
| SHA512 | be8c70af9f6efa20a56da8ace4bb8ca33185620130abaa1c6d45fcc3a760f1289c6219d92cd4e351685d1ef697df6513f4e73052fd654a887fe0ea44853cbe7e |
/data/data/com.yxxinglin.xzid135526/databases/MessageStore.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.yxxinglin.xzid135526/databases/MessageStore.db-shm
| MD5 | 00e50c369601fb4dac7c0edc961621ed |
| SHA1 | 073bad2014d94169cf71754e386adf016c446c82 |
| SHA256 | 377207465387f012436521d97524dfd6b4d6952f0ae665f55fa066b00f508acb |
| SHA512 | 470494bb7b59ce3497a4591eca424dbd2aa681edcd87863dd8808c5b919aeb88e8571ea5edfc8fb40c3254f5c4fdfbb8332fbb0c11c6322d12f397853e2d1373 |
/data/data/com.yxxinglin.xzid135526/databases/MessageStore.db-wal
| MD5 | cc6af09549f6540540cbc2f07428e814 |
| SHA1 | ecae48afcb534b281b285c9accb1e44c104e7aa0 |
| SHA256 | 187da21aa710ad4225355587e9be792775627cb6a07c1354e14375054f21cace |
| SHA512 | a768fe835e6c817297f139a64329b1ead375ed47157f76a372972218e6fd7e73ee751778492764372586f3f95fe4b571d6de4e9480e34032d86516c97ad0ee6b |
/data/data/com.yxxinglin.xzid135526/databases/MsgLogStore.db-journal
| MD5 | 2d6c824e3d3fa9296247bf209bb988d1 |
| SHA1 | 4564461c891009b34f654615510566829c1cd631 |
| SHA256 | 60727237f2d2407822ba1fd4479cc4d0bd49ca4adf6fd45167bce72dab6bb11d |
| SHA512 | 83844fd2627edfb2b32f137a11be518e13864305e0d6dffd835508763d0a21d150cd9b1494a4991bbdf4f7231a43fcf6dd3c8cff99fbea38c8bac485ae969412 |
/data/data/com.yxxinglin.xzid135526/databases/MsgLogStore.db
| MD5 | 28ae945fed017391c17c4d60793572d8 |
| SHA1 | 69043a5472816e811aabfedbe8ab716b5be7eef6 |
| SHA256 | a429a7f4358717627569f59d03c058f16a60e6523f5d0d157847f0efff57b6e4 |
| SHA512 | aadd619e6dc35ac29d2bd33d09a6628a5a9cdb6914d26460a70872cea4e81cabd29657667b34ee59db3dfd32c66dc97cc600b5db48d2d598fee53b377f7f304c |
/data/data/com.yxxinglin.xzid135526/databases/MsgLogStore.db-shm
| MD5 | 69b856f9ab704a2f6c1ca0cad25e4810 |
| SHA1 | 48781894beab78632c2d1187b2df7e8fdf9bd656 |
| SHA256 | 790d34dd226883bed5d8db49daad36f5abda15d8c0f4924276b2466476ab0196 |
| SHA512 | a8d04b1a6bfd47bc10a6e0e9d59ad41dd5decbbefa40b1c1f0d2628fd996dcb21ccf5d7eeeb0178cfc7069b2db6884f3638dde6d4ffa40fc11621cf17e5bd2db |
/data/data/com.yxxinglin.xzid135526/databases/MsgLogStore.db-wal
| MD5 | a0d7f9e635a99b3b985f34f009c01b1a |
| SHA1 | e07a1784484d95591c9390de282d0e7f8a9bae4a |
| SHA256 | 1be6494f803f2b5fd828b394f50a39f4a92afb310a884a859228322223e474cb |
| SHA512 | 828469852cdb4090dab7585479988b3775644ae0425b727ed144999615a44504a6f1d26bb5f3b56b4e1b6902da5741b11e15b9a47d3b32900be925493a559fd7 |
/data/data/com.yxxinglin.xzid135526/databases/accs.db-journal
| MD5 | ba9fc171b0d9d2a7c0c01d08535791d9 |
| SHA1 | d87c4d6fa82fab3a2ac279621c29b529f5f2a680 |
| SHA256 | 05c3e6f89dd4d1af45e4d3d47071ceaa3187c79b82cf3d68191ee6d99b4b55c0 |
| SHA512 | 7d81737aaf892309881d78a1a662aaa29171937f02d6e9f002b2bf8b6e96802bc3d181777467aa57dbdd33cba1788a0b5a1c77c54666112cfe6835b13826738a |
/data/data/com.yxxinglin.xzid135526/databases/accs.db
| MD5 | 486e2bac2b3e9e1cb411d2838a4854bd |
| SHA1 | 81dd0a7537f4af319b830ae834908986be85da8b |
| SHA256 | 5644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57 |
| SHA512 | c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681 |
/data/data/com.yxxinglin.xzid135526/databases/accs.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.yxxinglin.xzid135526/databases/accs.db-wal
| MD5 | 5029886418626f921b3722fe52dd24f9 |
| SHA1 | 85393a94980cd41027533bd2a2c57ff2a547f64e |
| SHA256 | 83c78485e6c43f486ec1b0f2a36267080683102fc485eb94dfe9a555268e5bf3 |
| SHA512 | ef4ba2054cf64f68d5887e89bdc09cf8eb64d0561cc4bee957013af568af7d76dac1c26735b3f5912b764d4488294997e0a4eac4448cd245bc9f9031d6ec88a5 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 9781ca003f10f8d0c9c1945b63fdca7f |
| SHA1 | 4156cf5dc8d71dbab734d25e5e1598b37a5456f4 |
| SHA256 | 3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793 |
| SHA512 | 25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | f374f2a7be8e873a2792debaf37a9f11 |
| SHA1 | 4d1fafbd9dd57607e4eae81ff9e8d242ad6abcd8 |
| SHA256 | 01e49e4e892e3652ea8f4dd37de2240b012e2b4d7b2146c3f76b9eeef1923644 |
| SHA512 | 20c0c19573730353f5b77304c6bf098df7e8dec0d723b4a86d1bee95a944ad5170bc3b33a8c72376880da91543c92910ef36a5a4610cd304e188460e165774c0 |
/storage/emulated/0/.DataStorage/ContextData.xml
| MD5 | 96979b0539c6fc06e5bc3556cdcacb0d |
| SHA1 | 3a0c5784f48295dedaaff8c63bc47cd751039142 |
| SHA256 | d53d11442f333925b4c34569936b4d3926b457c8a821c549018e6697957b72f5 |
| SHA512 | 84cc7e766c6a9ca515f2784eeaebf54cad7e3548f766e4a44ca6c188860a29005ed028efa9e40aacb12fb95cb0d8072b4e2349c382d72b076c43f70bfe48c9e2 |
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
| MD5 | 4169ec0f128410073b4842fe9753c637 |
| SHA1 | ea69cbac5fd6403aa93d0e1f1740cbf1b69c26e5 |
| SHA256 | dd550cd779083971d67917034f429382ccf0153fbadbb3d6c74535984fb80517 |
| SHA512 | 45bc11993dee2f32eef182fdee6554fa90d011418ef787d043c5817f04902c4a19863ee6f38c647f50e68766439b3214f62da487a3dc90122570f85b61653a75 |
/data/data/com.yxxinglin.xzid135526/databases/tencent_analysis.db-journal
| MD5 | d46ff86016b3d87ac2fe57e9a89d2707 |
| SHA1 | cd2201d09aa03a4b4f4386d3bb13abe11f7423b4 |
| SHA256 | ad6caba6375c6bebf136655bae5d047046292f222aab8f2d61c4739c7227f53b |
| SHA512 | fc3b363a4f0750d79ae444c8d57b6a37f26325ecf7c290b8f7fd14e740293aa13735fc00fb3953bfc173cf9154bbfb6579854245b889151d5adc0b9d4a8c6908 |
/data/data/com.yxxinglin.xzid135526/databases/tencent_analysis.db-wal
| MD5 | 214f206903c92e7b9cfc4ac94018b2f6 |
| SHA1 | 7354ae9adc3b47ca8a7687e93150fdc330cc2e66 |
| SHA256 | 5e709715040075dbdba6fe6baf43f2e64962b95763131b7a1d7e3b161b89a00c |
| SHA512 | 72f09f7c7fe8100e1c58ad1f5780b8c7a709f270e63b43475d2ffc19fae9aef35a04ece5eb87344a79c73f8357c19961f37a684917234baefbe7007e54dfed0f |
/data/data/com.yxxinglin.xzid135526/files/com.tencent.open.config.json.101400326
| MD5 | f526172de1566b34fdcea744710d9559 |
| SHA1 | 000cb54d9a008a807a1c5a3fd2b2e7cb41e7939d |
| SHA256 | 8572be02b59f4d514000939ec04a9b4e2380c55265256b724a617d8d0f4c6940 |
| SHA512 | dc81f0fe345b18c96b1638c67b9ef4c5e60059dfc4a02f3c30a23645d4847abeef46cf467d044c42597115c48052ce0e8ea24328382114a544c5dfd039a95e7d |
/data/data/com.yxxinglin.xzid135526/files/cclogs/2024-06-14 015908.log
| MD5 | 70bcb97bc198245f462ecc98b401adae |
| SHA1 | bd216acb89b87555ebc018c00783d7fdf054fd3b |
| SHA256 | 045083afc309655fd5550c2a9678e949948a4d453c64f2211583d9ff96147f7a |
| SHA512 | 9455478e343cbff2791dde5ffdc408724f071912a62c8798068fefcd3eead472249ebf61d59c0e884a7c084af2f0f08e68ae89b78df4cfc24db045272349e297 |
/data/data/com.yxxinglin.xzid135526/databases/bugly_db_-journal
| MD5 | a37ddfb561b50c018ae8b84b825df1db |
| SHA1 | e6b35f3626d62b000d4ba4d4e25449850a390718 |
| SHA256 | 39d3e866757aad831fda024121bdc8b1943e7a9d349d738a97e7f3c9f0766116 |
| SHA512 | c64fc0779c434dde7b82b397f418e9bf0e5c43197ebd62def68cd9546fc874667f58b30cebd06ff08ffe66779254be150739c02e5052cb5551ae8ba5f574c687 |
/data/data/com.yxxinglin.xzid135526/app_crashrecord/1004
| MD5 | bac6dcbe30ebc91a4039da020fc455a1 |
| SHA1 | bded099cdc4f96aba4934796066e52d163db17b9 |
| SHA256 | de8fada4903a5342f8e5d52dcfe4711e245ccee2427f244486fb1578b7b75605 |
| SHA512 | f898d3e9fa6d442b7f2d93f52a19241b720c792d7851e8d3e4d9ac72195a6e79ae848e059965ea16fdc74238059d56b4b425378a123c3fb2d9d9b29e7b546d12 |
/data/data/com.yxxinglin.xzid135526/databases/bugly_db_-wal
| MD5 | a3e3035b7a865bfd01c61cb98fec1cf1 |
| SHA1 | 53911b9a8c8eeabb77e39fa5e87be4bbe557168b |
| SHA256 | 36bf441c78762937022972b323a50ce0f2a6ae08db602ccd5b33de6cf5789585 |
| SHA512 | ce9d352ac168b39577b3feb36af23e5cbcb8ec2ce4f98e3a8de77de14be2085ea39bcd616c6bf088d197f2c0f0e8df20c0611bc3b03a6ff8f5afe9cde242b5d0 |
/data/data/com.yxxinglin.xzid135526/app_crashrecord/1004
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |