14983cf15c58b27c08de473585d20c8feb6e44339cd402c84f1137ab1559c4aa

Analysis

max time kernel
156s
max time network
187s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
16-06-2024 05:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b204ccd0f7bec601aa5147cf19640d62_JaffaCakes118.apk
Size

30.3MB
MD5

b204ccd0f7bec601aa5147cf19640d62
SHA1

bba046fc1c1ebd319780497acde3490a7e3b359b
SHA256

14983cf15c58b27c08de473585d20c8feb6e44339cd402c84f1137ab1559c4aa
SHA512

27034a58e0f8f42526c2e5c61f41105b8dea6c01f68368e3bc912920c785b47ff08e2e9f963d10e14d01da51fccd13eb7ffd9bb7ca424d0cdf32cad25d2a7a88
SSDEEP

786432:BhmQVeiKTsEBNIC7MYQXZP7EMUt6FemvMgUy31vkWR:HDe5sUeC7MYQpP7FBFe7gT1r

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/bin/su	com.yxxinglin.xzid22451
/system/xbin/su	com.yxxinglin.xzid22451

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yxxinglin.xzid22451:channel
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yxxinglin.xzid22451

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yxxinglin.xzid22451:channel
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yxxinglin.xzid22451

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.yxxinglin.xzid22451

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.yxxinglin.xzid22451:channel
Framework service call	android.app.IActivityManager.registerReceiver	com.yxxinglin.xzid22451

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.yxxinglin.xzid22451:channel

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.yxxinglin.xzid22451

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.yxxinglin.xzid22451

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.yxxinglin.xzid22451

com.yxxinglin.xzid22451
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4321
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
  2⤵
  PID:4420
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
  2⤵
  PID:4440

com.yxxinglin.xzid22451:channel
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
PID:4575

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yxxinglin.xzid22451/app_crashrecord/1004

Filesize
241B

MD5
1c64672a49396c2a11ed6d6eed72906c

SHA1
d392cf1f28e05cb4ac421620b0952a33968a6e64

SHA256
45b23e5972c231cd55eeed4541073a11e65263509ee92fd246cb60924f37d876

SHA512
0be4a4caad414ce8b6860d806adaa2df7cf690c9ff02b46b64b5c2461c45bd758e53e6d8eac46cc781df226b1efc0f0aeb2a8177a5e875565fda42ce044abf81

Download Submit
/data/data/com.yxxinglin.xzid22451/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.yxxinglin.xzid22451/databases/MessageStore.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.yxxinglin.xzid22451/databases/MessageStore.db-journal

Filesize
512B

MD5
f6c101b84c2fbfcfb732fb7be93f9b81

SHA1
07ef8539d3a4ff8e9c516e3ccaaed2e26d471686

SHA256
147ffba02e8d13d4514091325d9cba687a3a88fc95efcba6127a5eba3678f42d

SHA512
b1dc7315492e6eed333835ac407705383035d49408109916afa2e8a310586e1d2e3b850a31f36627dd2efbf8f1a618896f5e3f1b357c1b461a6a236b7a151562

Download Submit
/data/data/com.yxxinglin.xzid22451/databases/MessageStore.db-shm

Filesize
32KB

MD5
349ebb81c301b0d4b7f3749dab6aa240

SHA1
becb46569e38701c45acc4c9da68b4a6ec06b767

SHA256
8791ce8c6523004b84f3d09475410da61240f34f885bb8090831f008952c56c0

SHA512
9c52f7fcf54cdc205e2c1af5f4a27de5a43db3f1c2a84d86e2718a3442540e1d69aa25b3192e5adfb1e927b0025274c80d8bab02caf842ef7236b910a9004169

Download Submit
/data/data/com.yxxinglin.xzid22451/databases/MessageStore.db-wal

Filesize
48KB

MD5
a3d6e21b5d250711a6f5463f43fa8205

SHA1
6749cb4d760d69d5799fd252ced9c52ad176266b

SHA256
92a9c25fce2dc2bcd9fb79bbefb6ed44e324792cff7d750c6339373e79e23a3d

SHA512
5c07a0264cc45bb1e9d381717e7ea06518201a5ac6422bd1375e8b521a6ae2ff98463d7429c53282d4e8483983b12a299aa771ac511e6f2a8df8a58f12dde81d

Download Submit
/data/data/com.yxxinglin.xzid22451/databases/MsgLogStore.db

Filesize
4KB

MD5
922ad50589549cecbb10fe8de35cfe20

SHA1
57c58177607de421339e0ee2e7361f4303a77e99

SHA256
906020474b4bcb1d63563ef5f2fb5b8220c9e67efcf514d0a8e00071835b493a

SHA512
65899f4fda97047db842e7601a511a3945fcbdbeb0c2e00da55deed57d7a166976e40c9d48046d77f6930849cb5d21e181d66f684b08fe8a3c89ad2f3a55a9c2

Download Submit
/data/data/com.yxxinglin.xzid22451/databases/MsgLogStore.db-journal

Filesize
512B

MD5
5a5b71f5ab3f12c1e7c1e7f65339924e

SHA1
6c2924bee1eaa35092813a3a8e2a138d67e26cae

SHA256
ce94d6418a50f5a6d7a094a4b38bfb162b25eecad0889c604e38b1c8922bb50e

SHA512
7676d9f38f2da2cb177362c1d59c5fa4f858336e848d75825a24b33e92a7ff3b01afe60cc4b7212c99e6ffbadb0eaa178591f596cc1dd1d19a498ba5c8d5a013

Download Submit
/data/data/com.yxxinglin.xzid22451/databases/MsgLogStore.db-shm

Filesize
32KB

MD5
b7ecf142c90585b388d4c681488c4f8e

SHA1
523f8237ba48656b1b500fe9c82c77e23317f687

SHA256
a995cf3025e14fd7b27648c4cbb3ec13b5301ee05cd91d2fc939c26120a04b2d

SHA512
39c45f3fa40b10bd37f523be0c11adb016cd3ad9d9fcf2384a2a381c585d183744932f6d100005352bb14130cd7757f6193e2a48c765a222f9092169d61176d7

Download Submit
/data/data/com.yxxinglin.xzid22451/databases/MsgLogStore.db-wal

Filesize
68KB

MD5
d451c3df6f35be804150c45acde7b8da

SHA1
3161be151733fe5fb6fa86db1cfd0076e3ead5c0

SHA256
f96bb67370804c4b6bf2a175e089d6899493559a4a17f35dfdf3236c4b9cd68b

SHA512
5630195ff2a7c1cdd04577f09977715e885649e80ba2bcbaa7e117dd66238e07d76694bda325ef4a90006cd5bf0d8eacc64553c6886618b43a5298b51caad861

Download Submit
/data/data/com.yxxinglin.xzid22451/databases/accs.db

Filesize
36KB

MD5
486e2bac2b3e9e1cb411d2838a4854bd

SHA1
81dd0a7537f4af319b830ae834908986be85da8b

SHA256
5644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57

SHA512
c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681

Download Submit
/data/data/com.yxxinglin.xzid22451/databases/accs.db-journal

Filesize
512B

MD5
3a15a21921b91184e4b07b8d88a6e854

SHA1
32d88b777d6ff8e8f4cabd001c33ab054910b75f

SHA256
860b60f805a9e90c17dfebd3853af7f90f01acf02bd1dd53010e4ac1a750ff98

SHA512
58104ccf1cec4b9b56ffd1efde7ecddc1cfc5071aff82754bf2bf4d6818bc143e8cf40e4df52899c5a3d443b3e377f228f071cbde29171ee9ffbd9cefdf3a2fe

Download Submit
/data/data/com.yxxinglin.xzid22451/databases/accs.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.yxxinglin.xzid22451/databases/accs.db-wal

Filesize
48KB

MD5
c28c5f2d706d88c4e97183a715fbcc6e

SHA1
297c2eb949519c8c070160617ac25a1f9ee24af2

SHA256
0229ceeb7579240081f4156b199ea01ffe620b87e913537bd27ee75ec8c6c639

SHA512
fa72c737ebf58f43addcc2514cd537cb1efedb2c10a33b2b49bc3486f2fd0e32ec66a290f0d78d88a7ba3709355c1185c1ae6b4ec61632c8433d9e9487ab2d8c

Download Submit
/data/data/com.yxxinglin.xzid22451/databases/bugly_db_-journal

Filesize
512B

MD5
c59b73003c851472b6f89fe39f273378

SHA1
dba4eaf524ad8a0cf3fc6813ff9343a487a8f065

SHA256
84fb06aef0b0a26d37021893e446b8c7cb271a822201f3e5c329a13aa7951b26

SHA512
aa78af1f4f9d7604f653321a7999145ad66a63b56f75f2e9a42fa1c4ef3a7d973dade411273b5a9b8eb10ec1c3bb731f8287b1dafd0442c62ccb64459fac5ddd

Download Submit
/data/data/com.yxxinglin.xzid22451/databases/bugly_db_-wal

Filesize
68KB

MD5
a8a7364853324bc3dd1ea660874ffc9b

SHA1
34d770262bf624c962bdc588598a321b46155a1f

SHA256
c07cb8417ae1bc2f6d2a66c10da185de139bb4700a5c06f75a44a949aa11452d

SHA512
e90a202634cfd660fcde2b69bb3c3f924d129de831e2c9f3222e0bffde6d4d1bab6ae08c2a5cf51ee201e69711b5140b48df8478b6e954ef01607e23a7fbe336

Download Submit
/data/data/com.yxxinglin.xzid22451/databases/tencent_analysis.db-journal

Filesize
512B

MD5
e4ff57afcf433f4d6a427502c64377a4

SHA1
a679efbe8b39349c556ae964755e306b3b2f8619

SHA256
db210e1e5929a9c0da3dcea79354c4e7cc4835e02abe8a5489868f33f184ce3d

SHA512
e9fd7a9365ea6f6542be893d6eb4dabc2e42308027c20cb433f65aa9bc494e4c610591c266371eeae3298f7ecd8a9ccd19933d07d5370b358ea020684df098ba

Download Submit
/data/data/com.yxxinglin.xzid22451/databases/tencent_analysis.db-wal

Filesize
76KB

MD5
f2c874fa86cf8cf068c1706ab4ffb4d9

SHA1
72cb97aa5190b9e99f915c85c080744439ff85ad

SHA256
da4eb071440d80b95a4594bcf73df801bca6bdd2a02fadf5bb722d33ecd18c0b

SHA512
88d0ff4511da75ee541c4a7f57b4209e84102e9dbee9ecbe35630c469a163eb72970bf3191e03465b605a2601aa147e70efc943f41673bd8fa87249521dc23b8

Download Submit
/data/data/com.yxxinglin.xzid22451/files/cclogs/2024-06-16 055802.log

Filesize
1KB

MD5
7db4a197a791eb8b1d11cf3b3a77d15a

SHA1
11c6466147ca2f0c7e7f272250d08fe099b82685

SHA256
169deb183aa4fb3f4f09576861bb7e43234488d7c74d28f5a49583a98c1eeb6c

SHA512
6ca6f76305d8655b02fd6c1acbcb44dd389a77bc7115fba1d36038b9b70d7fb005007b25113580535dd6d0a407c439302ccb1b6ac8eb3bffb0a86868a00902c3

Download Submit
/data/data/com.yxxinglin.xzid22451/files/com.tencent.open.config.json.101400326

Filesize
1KB

MD5
f526172de1566b34fdcea744710d9559

SHA1
000cb54d9a008a807a1c5a3fd2b2e7cb41e7939d

SHA256
8572be02b59f4d514000939ec04a9b4e2380c55265256b724a617d8d0f4c6940

SHA512
dc81f0fe345b18c96b1638c67b9ef4c5e60059dfc4a02f3c30a23645d4847abeef46cf467d044c42597115c48052ce0e8ea24328382114a544c5dfd039a95e7d

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
e1bc4fac88a5a10ec4e782f5a5ba0f26

SHA1
e45f2a407be96176e8016dd5c054903a59443b3e

SHA256
ddb881bdb41f9d64a3f61a51ae5fb5595f3e55bf0361deb7740b159ee85929ee

SHA512
67eb05b21a65f4d3d652944fb369dbef39cccd7ee6f063d1970e2513357a7fc54c15fa383b2d9c4a8308732ac82eff9bb7139a8169605a0342418fe3e76eb839

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
53d506f0a23bd434314e69edea032187

SHA1
c55d81dab520929b11830ba3f1d53305c69e580a

SHA256
61f6d46eef4d2435f8d80402c82205d858b4d8c48fab7c8604071f9057b919ff

SHA512
90a0bba326af9e4c6b6c81a6c65bbf6fd72595a0ba950fec1d04b92eb1112a3b2bcc1de87635ae387bb6cfbf6a2bb1e3a112aac6278a6a436e771ce070d55d07

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
381B

MD5
1a43e93e0b2fbd5e21d66739ad966db1

SHA1
448f1804bbc880e18a6489a45a7cf3f32f0a91ea

SHA256
4d4b1ac668717b34dab721834a4f253b74ab7af43ed578aa7a88bc5d535af7a4

SHA512
e39907bac454b2877b5e5091498d1b2ed3bece27997f68eccaf0b8057b1c91cfb417bd68f96ad9ad4e84b3c700bab797d3fec62bad77f7dec021b6cfb2be579d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads