a54d7ce55011577a1f7fd028d0a20de5170514a40cbe6c584fe6e7d0837da0b9

Analysis

max time kernel
156s
max time network
184s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
15/06/2024, 08:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ada14a5e5609c7ab5dafd9d14b75edb4_JaffaCakes118.apk
Size

30.1MB
MD5

ada14a5e5609c7ab5dafd9d14b75edb4
SHA1

389f4578f653db64145e902c8188c5b3bbd7f5dc
SHA256

a54d7ce55011577a1f7fd028d0a20de5170514a40cbe6c584fe6e7d0837da0b9
SHA512

2be98600d0e8069e3545ab8cfbc5aa68f000150042f14a44648ee122684ef2edaf1009e7713a5aa785fd3b8ca2bbc358222e7f4186cd9d2f8f2b6b96302cb45f
SSDEEP

786432:vOUkP1LIC7nG8Mc3Ah4JZPdxsE+ff7+pULECiQvmYeO:m18C7nGDL43PdxsLn7+KLEjM

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 4 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/xbin/su	com.yxxinglin.xzid558796
/system/app/Superuser.apk	com.yxxinglin.xzid558796
/sbin/su	/system/bin/sh -c type su
/system/bin/su	com.yxxinglin.xzid558796

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yxxinglin.xzid558796:channel
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yxxinglin.xzid558796

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yxxinglin.xzid558796
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yxxinglin.xzid558796:channel

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.yxxinglin.xzid558796

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.yxxinglin.xzid558796
Framework service call	android.app.IActivityManager.registerReceiver	com.yxxinglin.xzid558796:channel

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.yxxinglin.xzid558796:channel

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.yxxinglin.xzid558796

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.yxxinglin.xzid558796

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.yxxinglin.xzid558796

com.yxxinglin.xzid558796
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4270
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
  2⤵
  PID:4373
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
  2⤵
  PID:4393
- /system/bin/sh -c getprop
  2⤵
  PID:4469
- getprop
  2⤵
  PID:4469
- /system/bin/sh -c type su
  2⤵
  - Checks if the Android device is rooted.
  PID:4495

com.yxxinglin.xzid558796:channel
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
PID:4521

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yxxinglin.xzid558796/app_crashrecord/1004

Filesize
242B

MD5
cfd46fd7c27adabbebd2348acfbf58e0

SHA1
31b5b883c47763051fb7007c3150baced0954a66

SHA256
52892a776a1190ec70731928b7a87bf7ff3863760df7da950e5151869f43a293

SHA512
7b44a2bfe0820710f5cab400eb1002d31ca1e9730b6c3e974304fc8154f6c2ae85298c36c6c093d59da597669b327edfbf8b1a1312fce75215cb541bfa98c3af

Download Submit
/data/data/com.yxxinglin.xzid558796/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.yxxinglin.xzid558796/databases/MessageStore.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.yxxinglin.xzid558796/databases/MessageStore.db-journal

Filesize
512B

MD5
2729b702537cd2cc3558db4f0f2ecafe

SHA1
1b6de1e2de680f9fe0d0653c46fa43f267f03d99

SHA256
4c4b6b6b70b894d898d0eb6d7cfd78078ea634fe3c8abdf3c7ab608b2b4bd1d5

SHA512
77fbbb4cc1a71a0d9854757b9c208b641be1af8f38303fee2971a2dbfba012f4e890dfd9804d2018d0c380e7d55ace6184b32f90307dbf8ede4f106f758f4c95

Download Submit
/data/data/com.yxxinglin.xzid558796/databases/MessageStore.db-shm

Filesize
32KB

MD5
1982e59a73aaef662d6ad31896aea9d4

SHA1
2b55a9e61bd0274b0fdb924a53c3fa0f22da0565

SHA256
4a046cafba4057bf92306a206eb2199c47a05e9d946728ff107a77b5ae301068

SHA512
8d75d4fd983f83b53bece796e40ba29874e9f7a5e74e04e75f8bde7e6b890632427085a1a91ac51a6eb01f215c5adbe861a6b7deddb217554c5a91a3e2ad3b3a

Download Submit
/data/data/com.yxxinglin.xzid558796/databases/MessageStore.db-wal

Filesize
48KB

MD5
0fabe1d8815c9b6323c37b73573a64cc

SHA1
c899bc0a2bc268fec7db15fc437acbb4b17c49d3

SHA256
15d298907583309888949facb917a9ed26a36b02cfd62685b24c7f26ce10e8ae

SHA512
5c41ed263aef335b8c5e6d6d7e2206092d5558984d669ffd7b71af80bb50caeefc756a2fd804b760d3df0e045fb937bb474040fd684db88fb552719dfd3b2205

Download Submit
/data/data/com.yxxinglin.xzid558796/databases/MsgLogStore.db

Filesize
4KB

MD5
1cc5bb53897f8c9c9e949031d4e9261f

SHA1
8c38c33c7b76ebaf6f7dbc6cbae9beed23c9443c

SHA256
01931137b6b80bd44cd39da18efab8a9fb4c25b78b92e16dffb30b32c401944b

SHA512
07ece0e8c6ff72e11483afa850e93627afb465974a261881c90a82dbab942ad47dd1955a2677bcf247058164e361eaf684ca43d8ffeefc33888fa70694456f82

Download Submit
/data/data/com.yxxinglin.xzid558796/databases/MsgLogStore.db-journal

Filesize
512B

MD5
51936ecfd70420f393254c3c25b9eded

SHA1
f14031393fdc9fa5179f46a1d0a3ca733d0d962c

SHA256
d54baa2fe9d7fd5e0f5df724d4564cd635207aff34bd3837cfd97799b9d4d19a

SHA512
1d25929bf3cdea208e7abbd87c22cebc03baed0d5db0dbe895033892673d628f0bde2ade289e9d808a163ed92cf985597732af19f1c7756dd9452b6a7d54a496

Download Submit
/data/data/com.yxxinglin.xzid558796/databases/MsgLogStore.db-shm

Filesize
32KB

MD5
be570a6bf9ed7d68114254ba99e08726

SHA1
4c6a567b00e0a23bb4fadda26a33690c36b5817b

SHA256
a8d3608df90d95a1aa0b11a5886596460aa1cc8942d56dca10020d47069b354f

SHA512
285a16c73ab7a7168225c8269d2ec1b3b781b8bda11e8861678be9741c658ec916ab020cb8cc8cd738151d09a05f079fe3766342ccb2c986da50d806741bb6af

Download Submit
/data/data/com.yxxinglin.xzid558796/databases/MsgLogStore.db-wal

Filesize
68KB

MD5
8acbb09244fb64f9e92470f39fa3aa81

SHA1
563ea68410288b69e8f50b46a708a57c2f2a8f0a

SHA256
afa514687fcdb4e2626c358e131617a8f7540174b03cbc4666085b479324ecb9

SHA512
438d86c8e143261cf466bfa3c17f95f64324533d9ec421c423072c9be4f80ceb2d393ea0947d3f2940dcd78ce030fb7800be2a9db7ac6b4389d0e3d37972d062

Download Submit
/data/data/com.yxxinglin.xzid558796/databases/accs.db

Filesize
36KB

MD5
486e2bac2b3e9e1cb411d2838a4854bd

SHA1
81dd0a7537f4af319b830ae834908986be85da8b

SHA256
5644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57

SHA512
c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681

Download Submit
/data/data/com.yxxinglin.xzid558796/databases/accs.db-journal

Filesize
512B

MD5
5fee1e413c30a4430d799b0482620781

SHA1
ed121ed2ab9ce700e36f0ce41ca6ff0aefa15d08

SHA256
dd5e2f8e74e4ecad86c1bef3c4d84275bc8d64d8fff22e2205b78da823264d9a

SHA512
55c8238867a1e3fa8e721b4978f0b4f16459c7bff6daf9585f50811d65ce7866fe8f7eaf1b3a4f3d0705b933467ba7ba7ead5d2e1514204f96e63bd4a8057ffd

Download Submit
/data/data/com.yxxinglin.xzid558796/databases/accs.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.yxxinglin.xzid558796/databases/accs.db-wal

Filesize
48KB

MD5
1ec302296210cbba9a87d85380d122f6

SHA1
4872284386bb95c932853557a56b8bafd869ea7a

SHA256
4656cf2547287a6d2668112c26c22ee6ef67bf2abedfaf9b5c8c585f90514414

SHA512
aac63fffeda4e246f363cf529c6272ccbf7960f8d1aeed82e7bfc95a11858dcdf02ee8ab2375dff59312bc07833920b4aeba7a857bbbe09b35d19a2cbc3d086d

Download Submit
/data/data/com.yxxinglin.xzid558796/databases/bugly_db_-journal

Filesize
512B

MD5
aacc45d6b1bacff0a7fcedc1ae0d17a4

SHA1
2b1548a3da35a1e7a658313c60932da9e33ca7e1

SHA256
e875f6287d756126dd77a70f3c6ee0f298e4bad501634a3d43dcb460ba21049a

SHA512
b6d72ad2a8f8e6ae1e271d246fb85c4e4fc8c5609b5a848cf8a22bacb51d6f16fa61f40057a4502bf7d076e294a7b9d96200868c0264ba46a39678433a769311

Download Submit
/data/data/com.yxxinglin.xzid558796/databases/bugly_db_-wal

Filesize
72KB

MD5
1311046f7f6b212d56aadcacf76a9f4a

SHA1
277488f8f0a2d3d3b2c9706d3518940d13242cc7

SHA256
bdf2bc5f9463e69f60eaab91e11643510782f35a52c85580683cb47e91d2d44d

SHA512
70d123eba7fb02d15bfacd22350ad4cfbbafb81ce18c79432895f0a13e4c109a73a1ce1e76a6c8fa34b4c9f2ae7c06455c887669f946eebb9563e1ad60cfb61b

Download Submit
/data/data/com.yxxinglin.xzid558796/databases/tencent_analysis.db-journal

Filesize
512B

MD5
b8dabf017476c928f3bcffafcb23698a

SHA1
a419fd641a4d11b497a3f2d1ffbd44c915bf460a

SHA256
3e4c7e34e88b93692a58b95826bb1921774c96a0939d71194fe717b0183ea5d4

SHA512
e293c7a4255cfef2fff13d34f55869ae96d96a1f7cfa7676fd381967764b8ba17c27172b68551c0d4ed69c523bb424077e60586d000a1d68a317bb33d59088aa

Download Submit
/data/data/com.yxxinglin.xzid558796/databases/tencent_analysis.db-wal

Filesize
76KB

MD5
c759a459ad0e2ff33ed770db254a6baa

SHA1
b5a50a0dfdcf20decf40fbe7ff8147765cfeffbc

SHA256
0754a96d994e4f0266fd7ab711e1bbbc979830a40c063f9522d3fcc56597182c

SHA512
efa318ea0877a89f146bbe92c3d5625f07f1191d49476b7ea79f90a7d494ec7ba0ec11a122e7b01ac8fbd570d9bb8cb06111ad18ff54f194c6d5a371be90a593

Download Submit
/data/data/com.yxxinglin.xzid558796/files/cclogs/2024-06-15 085341.log

Filesize
1KB

MD5
56d1cf62ad3adb68949dc8a718aaab7c

SHA1
aae76a409ae57fd54ea4bc714e867b56e6b2a8fc

SHA256
767948f2e60ccd9caf2cb76d3712b6cf4fac733abad6bbb230d4252200f23ad6

SHA512
48ee3829465161b7b78da51acb1c8bf3ae6ed1843ecdeb4f4050680a15b3ae0731cd4e2c304f2287534ab8f143e414f08a302ae150db9365d4ad980b6cf868bf

Download Submit
/data/data/com.yxxinglin.xzid558796/files/com.tencent.open.config.json.101400326

Filesize
1KB

MD5
f526172de1566b34fdcea744710d9559

SHA1
000cb54d9a008a807a1c5a3fd2b2e7cb41e7939d

SHA256
8572be02b59f4d514000939ec04a9b4e2380c55265256b724a617d8d0f4c6940

SHA512
dc81f0fe345b18c96b1638c67b9ef4c5e60059dfc4a02f3c30a23645d4847abeef46cf467d044c42597115c48052ce0e8ea24328382114a544c5dfd039a95e7d

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
f27a94715f52d240c078ac1968fe8f8a

SHA1
cc81b0cea0a637b248e5c956f8c252726249cac9

SHA256
6675c531ea89a0866f7fc4e60c1ebd7a47e509aca45ea7936f1493b88090a927

SHA512
6866dd47ac0ec13ef7c4aea44b27db3a9093ad1ae954a45633bfe0f95701128dec345a06dfdf5d6c35a0c18b7df388d73334edc57fd2e6c159d311395a832237

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
10a078bba48661d423215512a14261fd

SHA1
fba7e81f8b7b475f60763a070f8ed8d501a2e8e0

SHA256
709aebc08465eaece30de17ae3d4a41a24a31fe07a3e2b0a55b1e3f8eeae09f2

SHA512
48cbb71aee588813cc5ff230fbce9877b9b5ff62df73276a9ca822cc6e13a1d8eef1a80b32b0690614d1fac1f41d21f0594678db58160ec6a85e2c45a43daa90

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
381B

MD5
18fbd4e0e5642d1cb3b4c825839943f7

SHA1
9099330275527b22b7b98da08a28b1bae3126144

SHA256
f02d3767f3f979d5f7a8e992b7e8d9f2777f9b1016e09ca52f98844b7b0a52df

SHA512
a124f22dc6c1a294a1c2d40ef7c16fcce167d151ef8afcd97ecb449af8d1cdf983027eb2b7980b4519e988fce0ccb007c6a5a7927a210d1ff4ed3149a942a2e3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads