Analysis
-
max time kernel
65s -
max time network
177s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
14-06-2024 08:16
Static task
static1
Behavioral task
behavioral1
Sample
a8b15d1b29165f61b73433bb32d93e5f_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
General
-
Target
a8b15d1b29165f61b73433bb32d93e5f_JaffaCakes118.apk
-
Size
3.6MB
-
MD5
a8b15d1b29165f61b73433bb32d93e5f
-
SHA1
1d0d6511c795c230d5398180db256d44f49a17c8
-
SHA256
5aace895c04ea73887458ffe2e718b7278c667f748c8291b08c74ea3f3a58af6
-
SHA512
b3e6b319870baad0144da9f3ac49cbebd5cadcb029179a88305970bb91f553b4136e63a6958fe32062e822db672359cec78863a18f2f7fe8cc259e47b1405be1
-
SSDEEP
98304:me4/0TexyJ8E5SlkrtGM+4tQGXrO7jaRm93:mevGyJTU6J3+Ovojac
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
Processes:
com.yxxinglin.xzid449155ioc process /system/app/Superuser.apk com.yxxinglin.xzid449155 -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.yxxinglin.xzid449155description ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.yxxinglin.xzid449155 -
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
Processes:
com.yxxinglin.xzid449155description ioc process Framework service call android.net.wifi.IWifiManager.getScanResults com.yxxinglin.xzid449155 -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.yxxinglin.xzid449155description ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.yxxinglin.xzid449155 -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.yxxinglin.xzid449155description ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.yxxinglin.xzid449155 -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
Processes:
com.yxxinglin.xzid449155description ioc process Framework API call android.hardware.SensorManager.registerListener com.yxxinglin.xzid449155 -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.yxxinglin.xzid449155description ioc process Framework service call android.app.IActivityManager.registerReceiver com.yxxinglin.xzid449155 -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.yxxinglin.xzid449155description ioc process Framework API call javax.crypto.Cipher.doFinal com.yxxinglin.xzid449155 -
Checks CPU information 2 TTPs 1 IoCs
Processes
-
com.yxxinglin.xzid4491551⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
-
getprop ro.product.cpu.abi2⤵
-
/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.yxxinglin.xzid449155/files/.envelope/i==1.2.0&&1.0_1718352995108_envelope.logFilesize
2KB
MD55f536f78af87e181d75a3ca3d0f9eb8a
SHA17a0c0a959bebe280b357cb8b8a3040f97991ce06
SHA256cb31567ad510d76574ba3ae97c3ce0c4688e16149e4b956426b8008de17d4fda
SHA51271de19890fb68644356e227f3807fd43dad1785590c1127c41da763a1177b02a6bbcf28d585a577408e0882240023d2cc238b5a0a2ecf853f5e867a4c64ee6ab
-
/data/data/com.yxxinglin.xzid449155/files/.umeng/exchangeIdentity.jsonFilesize
162B
MD546796555b7aef0eef920aaeda356b42b
SHA1d3a63b4274b3458c2ec04f5a9e421f63827674bd
SHA25600cb4e7698a596665413f0fe4cf1e34030f77147dc3f3ca77f6298d1d96bc22f
SHA51263cb6a375e3f0260f2108224bc50d0c62664035d376a8b247ba7c186b4d2e096a02f8b1fff821752a51c9f085204f5cb09b58ecb0b43aa2b0a68880bc9000153
-
/data/data/com.yxxinglin.xzid449155/files/exid.datFilesize
62B
MD5e645730a4fae19fde39d9ca92ceb605f
SHA1418bc9ecabfa338e08f1cef5c072d35309fe1b8c
SHA2568b927859dc6c63dbf041f5e5b6c0a9b47af8bc14f77476c49b6e725e5aa9b11a
SHA512466076baf3d3e973ac8a9aa9b98d767fc772f3068d12c793862734d2ccb0585aab78bf22416f1da1de3cdb1ec255e3dd8a5e2a50b23f976f6f8733bc257738d5
-
/data/data/com.yxxinglin.xzid449155/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE4MzUyOTkzOTk0Filesize
1KB
MD5109b15d59e643d07d6aaa3d622415851
SHA1fdf0daf94e087eb76f22da7e58771a2553ac20c8
SHA256a5c516af5211dc28e99d2e1a9adf7e8de692c9563c197ab65ce999579b902308
SHA51200dec4327b7e4379dab99c38a67e34c10fe1c0d4ee31c7247ee3edc6e844210ee46f433b6dea11daf408edcc216229d97979079f1f1ab7435fbe9e864baa70c4
-
/data/data/com.yxxinglin.xzid449155/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE4MzUzMDI0NjgxFilesize
1KB
MD5f48e812fb7f7fcc54cec9bdc4b4ebc7b
SHA18ef4b87a5d07451e9fecdb3073601a7e57da7199
SHA2567272120bba73f564e848cccba850dda12a8e33054719cfbeff91dceb9979816f
SHA5121df66746dafa68b534f932641b6a7dba4beb7f72812d2f11a5f3c3c09b53d1f962a6282dfca0bc7a6ceb438d281e26e426ab7aa2c8c7873e4a1da9fae3b20653
-
/data/data/com.yxxinglin.xzid449155/files/umeng_it.cacheFilesize
415B
MD5cc6734a570b549f9a6edbcd543edcfe9
SHA18de2cab84839d7d3c1267a6019ece658edda64cb
SHA256f25ff97f64747456acc8b7afa410a633450b8df3facfabf900e29a53d3fd5359
SHA512747253fd7f7739f0fc7f19337948d1e1e2023dfa8dcd1cfdc4ba2f3d94bc8bf75cfcccca2a1376970baa9e666cedc9274b4eed6f1b7efd4e4e43393d5c53191f
-
/storage/emulated/0/Android/data/com.yxxinglin.xzid449155/files/tbslog/tbslog.txtFilesize
9KB
MD5c37368877711436a8e8b8c2cd9bbb484
SHA195ec86e5b8cbfa91e766e4988cccfbc681fa899a
SHA256c6e9faf28253ce145335992bbf05acf68c47de2244729f8f65391842622353ea
SHA512d866c2d14ca546abf5d58cb92f1fee2d2f53cc60392a0f966f49b3f8ec5a099f794e93f88603bd58141166d632435053c08ba86ffb3977ad3e46efb5bbacb8de