1fd9811ee3647fe50ceee8f98cabdcdcdb768b0f0fb122f75ff827507cd4e000

Analysis

max time kernel
11s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
14/06/2024, 16:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

aac19e47f5f50df1950a9c49b997d601_JaffaCakes118.apk
Size

31.4MB
MD5

aac19e47f5f50df1950a9c49b997d601
SHA1

848a1dbc63f4215172fb4706fd7dd3eba3e97761
SHA256

1fd9811ee3647fe50ceee8f98cabdcdcdb768b0f0fb122f75ff827507cd4e000
SHA512

cb42868ebbc6220790c940ec953e7fb3e7a1e828cc8fd22d4ef7e11940ad11b71c9fd2e623779dcd0e9948f4bc44a654b01f75399f12a4393fa2fb6129c69be3
SSDEEP

786432:eca/7Y/3m2MGRi6rbmGdbVHCkMxsUX/dazg3wtx591NdUYqmvjnsa:eL/7Y/d73PPdbMxBXIzg3Ivb4TmjP

Score

8^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.xunlei.cloud

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.xunlei.cloud
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.xunlei.cloud

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.xunlei.cloud
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.xunlei.cloud

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.xunlei.cloud
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.xunlei.cloud

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.xunlei.cloud

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.xunlei.cloud
Framework service call	android.app.IActivityManager.registerReceiver	com.xunlei.cloud

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.xunlei.cloud
Framework API call	javax.crypto.Cipher.doFinal	com.xunlei.cloud

Checks CPU information 2 TTPs 2 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.xunlei.cloud
File opened for read	/proc/cpuinfo	com.xunlei.cloud

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.xunlei.cloud

com.xunlei.cloud
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4287
- /system/bin/sh -c getprop
  2⤵
  PID:4333
- getprop
  2⤵
  PID:4333

com.xunlei.cloud
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4419

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.xunlei.cloud/app_crashrecord/1002

Filesize
232B

MD5
a382f0190dca7292c3cc393a102f8485

SHA1
cba96673707086c1238d765760999f1b44e73f01

SHA256
a3fb61f98cb11d5e9d385bed30efac4a995385174e39f8c175c037411ef847aa

SHA512
a7a847208c87093c45472620a7e061f451fd74788f1f612bbec20e79da5f8ccc7c973c19a9435b7366e5a4173eeabea613438387c293edf7cdcc7a4ff664c186

Download Submit
/data/data/com.xunlei.cloud/app_crashrecord/1004

Filesize
232B

MD5
1446d517dab3a14e8f15f730c9b6ea5a

SHA1
aa9ede5e811d681d911df7468e3162225cb5bcd0

SHA256
b2707b6e4539e259c888339877a0bf259ccfc72212dc284f708215bd40678629

SHA512
a80b0ea2623c68e200cd173245e5c37ab2ccaf0b556f9b266185fed4196d53c19ea6311190b075bdf4246b81066f60670a39791039b2497518cd05b021bddfa7

Download Submit
/data/data/com.xunlei.cloud/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.xunlei.cloud/databases/MessageStore.db

Filesize
4KB

MD5
aa99281ce0cd69a9302f8b64b918ad75

SHA1
ccafc0e5fb16198e466b209a888301f4100fafe8

SHA256
a3cde8388c50e78c7b3c8dab1d0c46c64c375248031adbb6a5802e3da65bb431

SHA512
a8b80f09a555652d3e4b9775b6aa58341dad7fb120509e128df417533ba361353b19530306e8691f1ce5fc0c69f1a89d29bd2eb176291a5e85b945d14c9eb085

Download Submit
/data/data/com.xunlei.cloud/databases/MessageStore.db-journal

Filesize
512B

MD5
07a3d1ceedd6467fc822311e36c81e66

SHA1
a05792210b5136175af3184197e4e8cf94ba9328

SHA256
d0f9b76a0827402d9c59d79b26bdc9ca0e46e61a11219da7d70c9c002348166f

SHA512
93aed362b93493b6375658af8bf55977ff8e3e5889d91edb1d43f826df61ac43c91b581b7ea7801a201aeac54d551ba7af470b6d865843f5b98e7d95cf8c2fe8

Download Submit
/data/data/com.xunlei.cloud/databases/MessageStore.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.xunlei.cloud/databases/MessageStore.db-wal

Filesize
48KB

MD5
396bcc6b997563adfb8f26630a91ee39

SHA1
0d8129509245264217959d27e0345b6d084a0b5c

SHA256
25e7d1e28e807158a38c47e1e8e09a3a34f043c27231a4fd9017c4b91a5bce57

SHA512
f5aa050167087f42f33590a14a8a4d8fd7757c335fbe82cd3c2e76cb371d6762942c7a65e5158d50f8d2b0393672acb014f9d2f2a9442fc58e03900ec4b30559

Download Submit
/data/data/com.xunlei.cloud/databases/MsgLogStore.db-journal

Filesize
512B

MD5
8bd1016703a2fb47836247be8a9d9367

SHA1
fb3532a8a7c09c786b61eda7a5d80ce67e513f4f

SHA256
575f1c920e55d9c76564785df0b0e5b618e244219ac402a16af59f01952fed2f

SHA512
9574b1c0bad6a219c1282c6b2bedb55ae0fb74eabdc2808649bb24a950f044d21ad824f1e028aa7aeb586d7c99d00b401baa6ecfad412162646aef0a3f3a6c55

Download Submit
/data/data/com.xunlei.cloud/databases/MsgLogStore.db-shm

Filesize
28KB

MD5
b354a3798d70ae0a36c4359aac6a5a58

SHA1
591bf4d73a4ea2ede29f25db14d53f0a63b0323d

SHA256
9e3ca451e62c6db03da38f24710d89f83aaa89b5278cecaee6931edb367c249f

SHA512
96a1831defe9bf18c8a1b5b22e7c102da6f63c2e42b30ddc9a428fde7a986d877f0fa848ba8d860946007557146c7d94a87ca9e967dde46e53574b56318eea96

Download Submit
/data/data/com.xunlei.cloud/databases/MsgLogStore.db-wal

Filesize
68KB

MD5
095ae41df92264aa44e90885a3bb06ed

SHA1
c66c3e81a068217ffbf42405f00a97d56b11ce38

SHA256
a8136070f245300dfb48998005bed8c147502a4419392d60e90ad66707268aeb

SHA512
dd148716d72fe7fdc098a864ce68237ecefda64b551837d5edcd42bb71d09477c13415a429e7fd5dc5004817d0a85ca86e24d7b440c88debc09e2fbe4c060dab

Download Submit
/data/data/com.xunlei.cloud/databases/analytics.db-wal

Filesize
48KB

MD5
18b0400978579302822a8927da2dd564

SHA1
6e648b69abc7e751ea5a27ab1a17918d73898cf6

SHA256
5a67996e7ef098db0f91c7d6f34c373747a00949899109ac359fcae51929d80a

SHA512
c144e55a883a682052f00f2c2fe29c5d16d0bc1e83a8ea8caba2911fbca36248aa52706973113a5c718a227a410588fb22c7c17c8aa9e7f264dd4dee776b2563

Download Submit
/data/data/com.xunlei.cloud/databases/bugly_db_

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.xunlei.cloud/databases/bugly_db_-journal

Filesize
512B

MD5
9070fa7a5ff88e95bf1449ebcfdb9d44

SHA1
ab3387d2c2f8741ee39f3506f242a05145e4dc09

SHA256
1f686c89a495c1297c64da9836833b2fd0301a64b3fb9bfd10db30a1a519124e

SHA512
0f41c4a4217b524d0fabc0301dcab83c499962773a170bdfe8ea51f2410bae40dd73e7e9e1d1eef7b84901d1de57cdca79f294e6bde59573ba07f20b7ed48d4b

Download Submit
/data/data/com.xunlei.cloud/databases/bugly_db_-shm

Filesize
28KB

MD5
7778798e5d1ecfd3372e53ee98059e0e

SHA1
576ca93d8fcc352619633312ad194a66b6bc488b

SHA256
23163df7e1f4d65158d62b62a95ad02c371dd3371c42aeaa3fe8b266b9a274fe

SHA512
91ac6e9a6723d6e09242714830edc95185ac29ade1b1cd8079ddc884fe488724304b37439b32d85f967c5ce8a5dca3c28f5b42c4735d041011d647891685a560

Download Submit
/data/data/com.xunlei.cloud/databases/bugly_db_-wal

Filesize
76KB

MD5
0125d8a4af36bea62df933c7924fbda3

SHA1
b8fc0ec0e3faca8ebfb340ee8e0cdb5e1b0b53e0

SHA256
734fb7f68140f38297f598cdcdc9d4b205c50cd3d84b3a6ddc66bed27dd88700

SHA512
18ac750314895b2f790e051dc1a4436c85c484b03bed5644185f7d846424dfd2906623e450034726886258f827ca8f3f5630e785b5b8cf561a288e3b42b55a66

Download Submit
/data/data/com.xunlei.cloud/databases/xl-acc-stat.db

Filesize
4KB

MD5
052454eab376d1c2092bbbfbb7b0fc07

SHA1
8e47be7ab60102929558a15d10f994a870a9bb51

SHA256
a731cf92157b3df467a8fc067de07af507c3a08b359cd36ce2605754dd45de03

SHA512
9f67b3e4c07777ecc12d418212ac568437f8e43e4a27e67936ea3850bb6c081bd4f733b6861ebc70eb0b8d39d7a1449c20379d468b80810b0e018c1555340d1f

Download Submit
/data/data/com.xunlei.cloud/databases/xl-acc-stat.db-journal

Filesize
512B

MD5
1ae5e406ff6f806e89e62cd6dd1d603b

SHA1
0d598a6042fcdd0c47148323a800797bcd38efef

SHA256
77774baf54ea2510b17145f75984926ee1c7c58f1672a7ff07318855af7c3caa

SHA512
62fff414665722277481f6b0667d4f1885b9fae33478cc212bc891cd988fc841b44497262ffaa89eadcaf65bace0d02d6e7dba73745a38722bdfae99238dd327

Download Submit
/data/data/com.xunlei.cloud/databases/xl-acc-stat.db-shm

Filesize
52B

MD5
ec2fa700b2866f60bca276f13418b1ea

SHA1
b3f67aaa61c329ff4aa038b60b972a21e6d8f3a5

SHA256
b8921aabb489391c3520a4bff51da935b703280390eb6a5e374ee38b6d3dab3d

SHA512
d7d324e4745b44bef488135d0645872b37a755db16c24c7af8774e46f15b643f86692ebd3c99318422a301f1b03752b2673daf786a1938f74c1f6cf3719534d0

Download Submit
/data/data/com.xunlei.cloud/databases/xl-acc-stat.db-wal

Filesize
32KB

MD5
a7a40f6d481380768b2a405929413d45

SHA1
30d5969e41f4f90565f7f4e7bf082885381a5e0d

SHA256
77ba09143a267bab632681f2b32ceceba506a03273860c485581b7624651a2ba

SHA512
869857df4bc13cd534dac6c10dbd20b10fd3879a05da0a24830e1f8c68e50326a9d7cac8059fd8b92ab805cbf7fdb3c0911dd85df52e5375477f6a1bd37bca1d

Download Submit
/data/data/com.xunlei.cloud/files/.jglogs/.jg.ac

Filesize
32B

MD5
fcc924f7f1c45b37e0993c9bbf95204d

SHA1
a43dbdd21ae37886421387b6d33e3e7edf5ccd7c

SHA256
52bbc2d213a6455d57206505bf527b7d7f3bfc7acd5ec052fe2d128450da802e

SHA512
2c9e208a49117217f0be46deaa891c106e7f164c1e356e8d388b859a02497c53bab28cde789b310f703c04c6ff0e60b1cd285a196ddd106e6c5c03e12a0257f3

Download Submit
/data/data/com.xunlei.cloud/files/.jglogs/.jg.di

Filesize
28KB

MD5
cdaed27595a96481686b89a91b049275

SHA1
50435b2bca5773b36e9c52e132c4155d83b4f8f3

SHA256
93a1cfcc6c86ae048b7ed6dc54361f57ca1f3439e0160434597a25eb290f991d

SHA512
3ad502d1f108fe32cd699ab474c03d01f7e82a4f6cf930ec21547fed7ae9f34f5c4792cbcfafd1df51e2371cfab399e579bbc45385585f9af411f0c2dc6e910b

Download Submit
/data/data/com.xunlei.cloud/files/.jglogs/.jg.ic

Filesize
32B

MD5
758046886c6ceef7002aeea3f43b21ee

SHA1
8e099c9fb0c2eed127d9b2b1e3a022b3a2c2287e

SHA256
0155720cafdccb2209ba4e2755c5ac7b11e0731914142d45d8f253b518575a0f

SHA512
2b5ec32b06b188f232ebda9b479bf80b1238db42df9505587516c4f1d5a52294912f17d9865482aa51301f9a46c80ed51f3d57ae47e89eb6005453d9ffbe6fd3

Download Submit
/data/data/com.xunlei.cloud/files/.jglogs/.jg.rd

Filesize
28KB

MD5
7631b3c62c08e328920a84451e45174e

SHA1
d099c151e45b8153cbe1c27cf27517b1f4c5fc26

SHA256
831eed8cfd0a8655ff03c4202698c52ad04542cbddd7d601c1c4e27432f32d1d

SHA512
0b41636f8dd85cc593db79e9e05d1ffe2e28f09fab5acc0038aec352bcb2b57a48f5cd0cee6f08d62f9b20ee7e2ade8dcbf82dc6a8d0f6f7ad6c00356445af28

Download Submit
/data/data/com.xunlei.cloud/files/.jglogs/.jg.ri

Filesize
314B

MD5
01592dee81b1d448f69b1a2d6894c49c

SHA1
fd3443d33754aba2d72bf98700ea0a1f2b3eca83

SHA256
1d9d03abba558f45293e4c774fc749fb0a516b8da313ed368b8d6696be743cc6

SHA512
bb0b4bab882e7ff7b1d1231ba61edd2198c31854cfbacb41fb4a5daf6d9152f1aa52b0da4448511cee115d772f3fd3e89f4442d94a22cd22ba5718ef1c4f6c9a

Download Submit
/data/data/com.xunlei.cloud/files/.jiagu.lock

Filesize
60KB

MD5
e162590c827cab62e1eaf6a424f06cdd

SHA1
1fcd12a66ed8a658bd57e3806257ada0f413280e

SHA256
6b60f19e6af32554260689186809efe1b1b50d723df548a9683bf2d90be79e18

SHA512
0cd5c5080d169dfaf21bf4daf94c5b1e66f7ec81c2e4b1a4390ba9c7edc4c530c0d175aa2fec6a4f3d05df3ceef59e0d83346a7b1a630db57886afbd884be159

Download Submit
/data/data/com.xunlei.cloud/files/.mainiconfig

Filesize
527B

MD5
4c690c0ac2d51be5718a83ca87b1da4c

SHA1
ae22cc1deebb5fc39a6e118e9d86e8678206f196

SHA256
338b8276ccde40ed2fd668784460204dff55a08b32517d6ce28d53a63132c53e

SHA512
9204eb46041d7ae93abb523d8609e3fcc959276d6e11d9e34d33ad16cf9142653e7afb3944a671407200068e0e0b8cf5322646d3382a3a5aa851627d66bbd6b6

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
117B

MD5
01421dc5cac8bf53fc3ed99875f11fcc

SHA1
a366168960d8cba1af85ac27cd87c1017687cac6

SHA256
c882aebfb7ef270785c5f323b7cbfc71f76536f5da346816d81c2203c362a2a1

SHA512
ed079e4b5926272927ec1dcb4e859b18a6a9c28987b201896188bf18eeced7a31f69203061bdb8b5fc63c1dde1100138d7867f0c8e8f7d4b9fc70db2e12704d5

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
244B

MD5
cfbb1897b4e341311025739476118917

SHA1
ee8d46724397afbfc33efbcf3e9e811268e8a958

SHA256
c1078ec07c7a2a023ddc068e32a1e9a9e67dd9f2f0ae4cdfea19b75c6989bda3

SHA512
78dea46324e86e98704836037038add3a36004e0f7c480ce429bbe9f217887227be404342e4a569c03a0689bd2c335041a9a77612b931114dba4bde66871d991

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
67B

MD5
c9f53b7c6d957ef1760168860a09b5fb

SHA1
edbb436a469edc1885383f974cc9cac42296ad0e

SHA256
661fa4b7fac147a68edbd5fc1ec2246576870069433f2ad88773e9df5a457b6d

SHA512
33723a075bd2a7e8c342dbc09802f571e76c84f1ce00659003bcdc81eb5f3aa6e6eeb06e3300af211f6bc0f29f35ecfea6a7198285339a978d6631825cfc4c23

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
046b1478d0c25f60a5fd8934558e4a49

SHA1
0afc28d7bfa661abeeafdc43b9026e9eb5061856

SHA256
f475dbc71b1146e4d51ac3889dcfcf8cdd5bb01987c036fb50033bf670e5776c

SHA512
3d252b8fbbb061da21ea66265efb58e88fcc19a7a0d682d93e481f009a199315d66db0563aab154a94896ec3b5f5cc6e95bcb14706049696672731a6601bac33

Download Submit
/storage/emulated/0/360/.deviceId

Filesize
88KB

MD5
d4ae2812d273e86a7738ae9d652ec9e7

SHA1
f4cb804da296ef21f416e2a431b68caa8780c8e9

SHA256
3310ce502a05dcda1ee4a4acb2225e1e7ee90d866cbc01ee3e941de7ee142019

SHA512
8f6570e30fb1f170a7ecaec4007387c31a86e913c7417c7270d608862887e21b25314872b31f78fd42e0c6233dfee3917e8b000c5ec0814fc39520b42fa9b346

Download Submit
/storage/emulated/0/360/.iddata

Filesize
32B

MD5
1921694fdd6fba3d6beb28909d48dd6e

SHA1
0b2241e1567261ae98a85f292dede09e941b5070

SHA256
fbf05884aec341688343548b02baac46ad22d5feb63631dd99faeb8e0fde0988

SHA512
96062661804fd36a2543e9e3650f0a58eb17a13697d7bdf6e7cdf4062318689a4fd627bffd97db1ab2b48ae10e2a86c468eb1d719af9256b8aaa39f31a36b35e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads