a5a64b088603d9b9dc6236274422dd481eb3188bfb400b48f3a3885bacaecdc8

Analysis

max time kernel
127s
max time network
176s
platform
android_x64
resource
android-x64-arm64-20240611.1-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
submitted
17/06/2024, 07:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b753330a5e2ee22ad26f737845d1113e_JaffaCakes118.apk
Size

10.8MB
MD5

b753330a5e2ee22ad26f737845d1113e
SHA1

483e388287be882e7c4fb87491c49a562ac5a451
SHA256

a5a64b088603d9b9dc6236274422dd481eb3188bfb400b48f3a3885bacaecdc8
SHA512

41e5c6f8e61b90899e832b6766ae55dcac3bdd3bd838f3462eda8fc48793fb4986b08bf5e8b3af90becde27d95a59e56ce73baba744c45bf6862d7d9bab8eab9
SSDEEP

196608:CX9ruPwaJaq4e3DO6DDALAQu8oNuSYBMwo48717qRe4lf0VZjG1C0QXuZLOt4fy2:exq5DOybQGNeU4RYw0VZjGxyTwIQ

Score

6^/10

discovery evasion impact

Malware Config

Signatures

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
29	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yxxinglin.xg128994

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.yxxinglin.xg128994

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.yxxinglin.xg128994

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.yxxinglin.xg128994

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.yxxinglin.xg128994

com.yxxinglin.xg128994
1⤵
- Queries information about active data network
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4424

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yxxinglin.xg128994/databases/cc/cc.db

Filesize
36KB

MD5
4cfe777c9f6e7859f5efe2197401d8e5

SHA1
bb3774e8879ad5f6db0c37f151c3d6bc7b4b207a

SHA256
c422190539b6414072fc3950da19a17985c0c4c2172740b2f74682b520af5231

SHA512
6be469864edaf8eaa110f618f8abd27962da92e20945dcd38073ade2b60b10f00552d54d5db9d9f75ca133213031030e71e2e30113ff033e5ef507a28fe0b1de

Download Submit
/data/data/com.yxxinglin.xg128994/databases/cc/cc.db

Filesize
36KB

MD5
86752a4be6564d8370f2f0e403995003

SHA1
29f7d50675f6e59f3b808eb6dcc8619384412115

SHA256
50484dcdc6b9c2801773018386a8143a52a5153eb2eeeaf5be8bbe46a49ca90c

SHA512
79c9435c1e0d41a3f97784be3e5a3cd8c0bd2d32ecdf326808bacb00c76d876d0447617d6e72ef04cd4b996c92eda4eb7bb200987ae7928ce2e0e7c8e807a5ec

Download Submit
/data/data/com.yxxinglin.xg128994/databases/cc/cc.db-journal

Filesize
512B

MD5
e4477aa22daa386b631c041286a2cb67

SHA1
0e968784c16bdd5973aefb29c48ea16a738c56dd

SHA256
f25d6e0e7fb8efd7e367298781ecbfc35c8f18eb97ac8a40fd65a9288d3efb90

SHA512
cfec7e213e415783a32fa7129da81ba5ac7d57bc2878fd7546893b8fc8fe27a86943d6451cad302de8bff438bd74c3b10ed3090341e8db5044978cfece6f5215

Download Submit
/data/data/com.yxxinglin.xg128994/databases/cc/cc.db-journal

Filesize
8KB

MD5
589373c171526174e0abbfdc5ed83aa0

SHA1
88ad6a8434b01158f23f681111e37e5301c55029

SHA256
738da5ae9892a7e3c75daa6899c7a9c6d2b651e8341958a1340afe3f976f2289

SHA512
4c7264d1685b9e379b03f2a8cadf0e370ea1233de03ff4f837b119060dbba257cf1b5057e8341f1c67643e8f7c1775340c15bee098f4d522d376def6e62ffc4d

Download Submit
/data/data/com.yxxinglin.xg128994/databases/cc/cc.db-journal

Filesize
8KB

MD5
68da2c04c1ee8209d3ab139208f04d0f

SHA1
10a7dd1dd5f5f73eb442a0751ab5ff3896dee669

SHA256
bc579758aea1461228b4e6757be441f9179306eaf2968d939f2e03306f5c0362

SHA512
59bd38f5a51fd290a82373e07f6654681065842d7cb1d8e0ab41be2a1cec0ef5ed6cff6dc21ec04f1d58897b9dfc1018d2f18dada54a11e8dd47d830923b7895

Download Submit
/data/data/com.yxxinglin.xg128994/databases/cc/cc.db-journal

Filesize
8KB

MD5
4b3e305ada7c0b6633d1724303a09e44

SHA1
947835deaf88398be6b3563d5065dc8791f65b8a

SHA256
7e0db0d20211d12525dfb559ea2db772b2a65f63af0b96d26ccc0cb3b3af0ea7

SHA512
2c5e78b7a33e5835a1d20ae578c76fd5a45ede6a1a29d26f3c9f0e222da389cf4fcdf87443a3c0eb1b99d60b67652d59a67a39bc36d0427c9d3b326e2d679a65

Download Submit
/data/data/com.yxxinglin.xg128994/databases/cc/cc.db-journal

Filesize
8KB

MD5
aa2070c0a68a7c6491758b3b73e50236

SHA1
7791cd623f96ca9e3a7ba64ea9749bcb638158a8

SHA256
6a7af03af6872c47a75ff097483b20eda26ecf3d8626cce84cdcc4a5b4e6c73c

SHA512
02551b959397668406023bfce219ad4a177dd39e117fda015bc474eaf2c53f5b1b4ae0ad59fe463fcc7ab453c7a2b1abbd7f75ee2a3006c88bca1a35cc35b46e

Download Submit
/data/data/com.yxxinglin.xg128994/databases/cc/cc.db-journal

Filesize
12KB

MD5
5f4c43ac2395934659fbe3d2bbac93e1

SHA1
270b502b2e81d4cd2e5f893d8321c74a3b99cdb4

SHA256
ddef74e8fa2b8b8667e8dd8b0a61aa1ca44afd48beca6c90c604cdb933fc903e

SHA512
6c6d545a858fd4da214b0e3d9d6c668a2d13602c51e5c841d02336d9543f235d38ad8a49fa39dbbf566dabb1397a96d498318d5dca38dd71fa927b6cad41455e

Download Submit
/data/data/com.yxxinglin.xg128994/databases/ua.db

Filesize
32KB

MD5
aa29ec64eef0144492c40e26a4eaf108

SHA1
0aaf6f27f112ad77fff1f140ea53d4a5142ff9f3

SHA256
f5a0fda9d7b2a0dae94e6a3a9d8a04590d9244a62fc864b2e5f794fe516e5078

SHA512
b90b69de201e0eb359489ca49542370cf25c56ea45b8e1a467c1a468d0e660e74f9ab8db108ed765d461f6b2cad24e3457c9cb06aff8ef73b894b8ca809c4a8c

Download Submit
/data/data/com.yxxinglin.xg128994/databases/ua.db

Filesize
32KB

MD5
4cac7d31fb94d5c9581893537f64c5ed

SHA1
96bef3288546196ac3058b5eeddbe9da1d999fe5

SHA256
d1b111041f8aab3269f3da846b2ea199498d99f6905174a9d641f0faedca41c5

SHA512
0ab95e51a640148ac007d47afd5b9fd03ae5a3b9053e5e19a4f0b8089e17e41e311790ee9fe486b6752926799577bee041ed67b64d8772794e9d2329a96ce747

Download Submit
/data/data/com.yxxinglin.xg128994/databases/ua.db-journal

Filesize
512B

MD5
097d7257f6bed7efab382ef37cd09020

SHA1
6f261b4b00ccc83dec80337fa9a141dcca08991e

SHA256
de1111939628125b32930c2941dc924327ff0ed67a0c5dfe5d62ebec3a8d1eae

SHA512
45f0d73f0e9195306fea77149320f833f9c7108d25fca81cc7ba68d868c0f20c231881c2e28bf3b9491271b664d43d8bc4c24910b69bb1023ff4662c4fd83248

Download Submit
/data/data/com.yxxinglin.xg128994/databases/ua.db-journal

Filesize
8KB

MD5
9676af10e4bd73f3c2497cd4ead26136

SHA1
d7be9d8b3189d6e1f16f50af62d37d3d74a8313a

SHA256
ebe70db53f8d351e8ae9766e0fa84b2ba36c358910d648000d87b053454b5eb2

SHA512
1bca872fade1b76c4ceda5c0820f831d4dc49d6c7855105394b1cd11e1ceb4ee1bf43568b4e16f77d6042131adb59f76c04915b4154fbde7265b090b1ae7c9a0

Download Submit
/data/data/com.yxxinglin.xg128994/databases/ua.db-journal

Filesize
8KB

MD5
fb1cfcc57c9fa68609d7937c516f03c5

SHA1
4d669842d5a980efa6f14c5de9e8683b53a124ee

SHA256
8f4d3244948b41d96e93efe07c40487a64338988c232d310b55ed6059f0c176b

SHA512
ae24fe07603d5da91fbd17645a7a2edea545526f328c00a7fd034e05aa57663b49de808153ad10614a236acbad8d61d7f21babfbf2851e60e8b2d4976b79b989

Download Submit
/data/data/com.yxxinglin.xg128994/databases/ua.db-journal

Filesize
16KB

MD5
fcf6b1351f70ede4f9dcf4513b614e18

SHA1
b749bf778027f5e680da42edcc678facf75aafd9

SHA256
dd65a83fff2877e383d26aca84f4b2faa8a0cdfab6ff99e50d912d7bc657eca0

SHA512
1b258fe8943c10c08d842f4c54fdc57e71d23d75edc65c08bbcbd933729a54449dcb0c5ed44ec97b575a6c93ccb73432c2a6b39d48fedd7970d966e31308576b

Download Submit
/data/data/com.yxxinglin.xg128994/databases/ua.db-journal

Filesize
12KB

MD5
29ebe5c6f9f0881e5e80e73e095db1c8

SHA1
bc042af4e551981b13bce72fa839586344855ce4

SHA256
ebc99b77eb1fcefefa225847f49ec885c97ce1e2d245eae01f8bad1cf194f87a

SHA512
74ee649938d4d1d1f51611e4902e2cd2cc995b70ac8a6a660861a83f2da7199c5294539ec0a4c919ad2a0bf872035cd0659f838ec733bc323f98e68819c22b88

Download Submit
/data/user/0/com.yxxinglin.xg128994/databases/RKStorage

Filesize
20KB

MD5
75b5a3dbfafc8bb741024953ff19954e

SHA1
9959652a3310af6640586355968ff08da53e8a0f

SHA256
f6e991f454e4aab56dfdc9cf0e1442241a4661f520e74568496b04cc02a980b6

SHA512
989075be6abe1cac51181cb5f731a43aa2a2dc69035c70eb9fd9cc024f790b3325812edfefc1479c5d5c943c4adf85c7421316d06678997fe0ca4a0c91a4ad42

Download Submit
/data/user/0/com.yxxinglin.xg128994/databases/RKStorage-journal

Filesize
512B

MD5
0ecd91592108990a272c408360db0605

SHA1
9304887a9904a357b90999c24f53bc6138a3824d

SHA256
bca6b2bed07e92b7886aab635053d6bc188565733293e6c38437184ed54896e2

SHA512
c1326f9ae613e2e3147abb78e231bf38d87a6516f1e017e82abd14f1995102aa08cec607b9c624cdd77fb884f99aed31e853e1bf70b7177cc994bdddfdeb881c

Download Submit
/data/user/0/com.yxxinglin.xg128994/databases/RKStorage-journal

Filesize
8KB

MD5
e94a3b4adb2bfb7e90c37f0a37061641

SHA1
992ca6103eecf30ac8d170bd62244197b64bce6c

SHA256
29aae3efc3434d0505c9e1f7f5e838de5abd8a64911e92155bb7c81194be9da7

SHA512
f708e2461684d8ce32c4bc906ee7016f57eb2ea729ef002d5b9c6759745c24845b36248d8bc12cc383096ad58e48cd514ddb1acfb08e4be84be173c3736c00d8

Download Submit
/data/user/0/com.yxxinglin.xg128994/databases/RKStorage-journal

Filesize
8KB

MD5
f3e0684fdb2159e6453aa56362c04874

SHA1
e193e8671965e2dc2ba1378d7f7a2647498a0bd4

SHA256
9765207be5bfd9077fe755c2fc8805692a9102ecffb2bbf043cebd916c3c7c18

SHA512
29e7eab94017813eaeb4151d2e87cdf4a9a352886addd0e1c2f85ec590fac9226af9abbd487a564a7fa658acd4855f142e67df7d890dfc939c21e3d15fc9999f

Download Submit
/data/user/0/com.yxxinglin.xg128994/databases/RKStorage-journal

Filesize
12KB

MD5
be99b3df43ba987c18598f0fa05a7015

SHA1
7a761d6a75e1f5f250f069e054315e6e105ba872

SHA256
0ae18592237710795629c15b589722f28a510a63eb3c87d06211e17c7bc73e7c

SHA512
83a67c7a629083901ceb1e0a6dc2ede0a2df893126832ce12863bb7b1c408f683e582c4cedddefa886849af61f83e21774675744a72af72b31ff6b202c1c551f

Download Submit
/data/user/0/com.yxxinglin.xg128994/databases/RKStorage-journal

Filesize
12KB

MD5
cc92240c0ac2ed8a4e52c21dd931724d

SHA1
915e4628d6fd843c07cd47801c67ecb293072c1b

SHA256
12703b31d8990dcc409ee434fb24a545b65d5409f03151ad29d33f5ef0f8cc2d

SHA512
2008d0de4f0d3adc395c2ea2bbba234a24287b786382feb820d78578dd282770e19c22ea2b80dd9d97013be814a645a45fb510cedfc593126182188090174588

Download Submit
/data/user/0/com.yxxinglin.xg128994/databases/RKStorage-journal

Filesize
12KB

MD5
519f565620c646bb41b6a5e86b8229fa

SHA1
07982f026e7467eeb687536da3aa1b8428a14fd8

SHA256
a83c961ccd729f7b8546358ba32549d5041c19e95f0bd681898d323a489d75b9

SHA512
c9b49fdd50fd0908fd5e555744150a721509dc8ebc0c5e338fcc22104234a72a4e5b457a8acb482a7df12d2ab6ddd15cee43f9c8c1566b4b9eaa7805b1c435eb

Download Submit
/data/user/0/com.yxxinglin.xg128994/files/.um/um_cache_1718608477489.env

Filesize
1KB

MD5
8d7f18b9d66518f99bb81e7986aa2847

SHA1
24bab0b69f26bacd5cf8130c465837abff0c126b

SHA256
453130368807219190fb6ef27b39554325e65781e4c8a827b7b99769aad8fac5

SHA512
94f4635e4f9d53ffc42e9c4e569bd5eb2322b7bfed205e9c41304b58afed53b5499084ed024a6665b856e5df4526192f9f0c0a8aaba70a01031af9f54ab4d21f

Download Submit
/data/user/0/com.yxxinglin.xg128994/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
0f535ea063403ad1bb482c8847afecaa

SHA1
83c081dd9485122df086ee07ce38f206ad305321

SHA256
a26fa2fe20f21288fb988ec0449c3aaa43f05df974ea733338d1ff3415c7f194

SHA512
2e9f3680fc151ad4231100dbebfecc37188d51be8c4ca52369e44d6eb566561de7ffa60673c95185e71f887d12e7cdb14b72020a7e8b95e5fe81911c597774fa

Download Submit
/data/user/0/com.yxxinglin.xg128994/files/exid.dat

Filesize
54B

MD5
588bc339ce69edf3c227cf6c21f70d6e

SHA1
4099f0884afe4cf02a465ef72bebe0a264941256

SHA256
b296333fde47bc3cc77940c5750bc3241c25afa0871587e5d2c056c548b8b0a3

SHA512
e4599f34a3c41bc0a8593815c5dd7702c90bb69a03d4c251d3a1a44c1e2ccc7a170634d3c07a4a65059b4c94b9c0810060e40168097820de5a45f66d5f9eaf69

Download Submit
/data/user/0/com.yxxinglin.xg128994/files/umeng_it.cache

Filesize
350B

MD5
5d54e12b3c9938cc9e7beff3a1482ac7

SHA1
7282fb577ecbbb1c88e255bbe7de346aa9d5dfb5

SHA256
f56239b0ff4dcf15a83cfaa29eb2e5ad363cf47347371abfa81b26184d3c3d49

SHA512
b1765cb306bbbcf31456070bc7b78317656f1ad9f8c09c35348434a35871285bae4da25332205e0ae4af65d233e10d9a7d3a0757fd21168bbf2099bb6ed5910b

Download Submit
/data/user/0/com.yxxinglin.xg128994/lib-main/dso_deps

Filesize
204B

MD5
3bb9a51590da24df7e4f735a7837c474

SHA1
8ce09c5c52a973c50dd08294459ee4b917ef1252

SHA256
571d77bb94de7fa0038795e41687684c1eadb8650ac3c996c269e52182b9f89c

SHA512
80f21bee272923dcf4fc5bd6525f889be431c1d381f96a130f3d038c96021bf6fad331ceffc80a5f7252cdb5fde703e502fecc7790601f65cfb52ec93c4462d9

Download Submit
/data/user/0/com.yxxinglin.xg128994/lib-main/dso_manifest

Filesize
93B

MD5
f049019de27a3a937680ead2d2ab0491

SHA1
da7e30a8e411aebc0174a4029287a911bd8ab260

SHA256
055b4a2335955bb0b7fbf290cf19489b457757b0f5ff4684dce994a88aa9df03

SHA512
04089120a08f9e18fc528d84f727349c5197e6a6dd494921d7e293e6dd5824d56a10eb832b5d058d6fb8dd555c2e645c00f338ca9ca7734a6b9f70ced405e2cc

Download Submit
/data/user/0/com.yxxinglin.xg128994/lib-main/dso_state

Filesize
1B

MD5
55a54008ad1ba589aa210d2629c1df41

SHA1
bf8b4530d8d246dd74ac53a13471bba17941dff7

SHA256
4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

SHA512
7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

Download Submit
/data/user/0/com.yxxinglin.xg128994/lib-main/dso_state

Filesize
1B

MD5
93b885adfe0da089cdf634904fd59f71

SHA1
5ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA256
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

SHA512
b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

Download Submit
/data/user/0/com.yxxinglin.xg128994/lib-main/libjcore110.so

Filesize
77KB

MD5
304c4775c940633d9bcd763ef3c59ff6

SHA1
88cec29d0123a91bd5fc01adf460d75137592998

SHA256
718cdf15c87ac89607e548ac80b4e22499afbbdf5f5df77aa8fb3e2776e719ad

SHA512
8265e7dfc99e7ab6195d879a6fe3ad0cd5e33919d75c6ecf33d38d301b754a2c576bcaa73e56c8b305838f726577fc042ee7e8ddd88cea05e25eab4fec82cc43

Download Submit
/storage/emulated/0/JXCP/aff/com.yxxinglin.xg128994

Filesize
8B

MD5
e61695dea94455d97e633de52a9cbe8e

SHA1
9ec709ff95a02509ccc3f8da311ee399248feb0b

SHA256
23be0441c2f2acab5a105e9c51cb8481faa8e0b0149b7b1bdc24cbb34d21281a

SHA512
6cbf04ea0847e5c54c05979e5f06171b75dcc29cf95ad22446c4c46c7fcaa90a4157a7b314c1c9eb64a5217825b7ef46d92eabdc594c431fb1176656569f3dbb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads