cdcdc0b2b40575758a20749ed9cf2c7791af662ddc56aeb97c147f20b2c67503 | Triage

Analysis

max time kernel
167s
max time network
160s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
17/06/2024, 12:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b88f36123a44c6ec03c836809bda89fa_JaffaCakes118.apk
Size

10.8MB
MD5

b88f36123a44c6ec03c836809bda89fa
SHA1

cb08f2eedf87cf05865ef6a61d164f3c8cfd3e9d
SHA256

cdcdc0b2b40575758a20749ed9cf2c7791af662ddc56aeb97c147f20b2c67503
SHA512

e442deb39e18490f7fd517864963c05dbcb220cff5cf5e78558f82f4e9dd6214bb22767d21108270c3c5f5707c8d8dcd3481ca06feccbee1f5ebf093361887e6
SSDEEP

196608:Hv9lN1iJosXjW4WMIuoEuduSYBMwoJl71DMbe4lf0r//TGAki6JkXuZLOt4fyXSN:KosXjW4NIuNueUJQiw0r/CAki6kV/iIw

Score

6^/10

discovery evasion impact persistence

Malware Config

Signatures

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
18	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

System Network Connections Discovery

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yxxinglin.xzid118923

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

User Evasion

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.yxxinglin.xzid118923

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Broadcast Receivers

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.yxxinglin.xzid118923

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Data Encrypted for Impact

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.yxxinglin.xzid118923

Checks CPU information 2 TTPs 1 IoCs

System Checks

System Information Discovery

description	ioc	Process
File opened for read	/proc/cpuinfo	com.yxxinglin.xzid118923

com.yxxinglin.xzid118923
1⤵
- Queries information about active data network
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4305

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Hide Artifacts

User Evasion

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Information Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yxxinglin.xzid118923/databases/RKStorage

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.yxxinglin.xzid118923/databases/RKStorage-journal

Filesize
512B

MD5
002f0175feefbb7932b111af830ff4a7

SHA1
2b9ea3490f5aa491fe09ff70afc2b2e391c71349

SHA256
c6b8874896fe8d1af3fcabf6866c22b978c1eedc228206044fc137373cfbef1f

SHA512
9741ad03ac9ec51c50e9f7bf90d1ab20a87b00a5548a8a03c199feac8880611dbe0f4fc588e1b4e74ad271b3c26194aa7b0bd4c97849acd17aa147324a96a84b

Download Submit
/data/data/com.yxxinglin.xzid118923/databases/RKStorage-wal

Filesize
72KB

MD5
03ba3e32bc6b8f09563d30f1eb547a8f

SHA1
4ac701692553511269c64b3e6ce8aa9cb6b80d8a

SHA256
0eee89b0f4d4a2ff1df6ad3667875e4323d18ca561dc587ff881571a84c8662d

SHA512
48e0c174d4d425317c1e1e5bb10169c88bb89af6496e783c5a08602921d27e444d41b919efc1a0ec79b6b4fdbc9ca0128b63c5192ce4521286bca53efa1dea10

Download Submit
/data/data/com.yxxinglin.xzid118923/databases/cc/cc.db

Filesize
36KB

MD5
5d7ea1a23af19b4340cc8d90f28297d5

SHA1
4cfe95b23a9e98378d69c4290af81b51fbe76aea

SHA256
474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

SHA512
33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

Download Submit
/data/data/com.yxxinglin.xzid118923/databases/cc/cc.db

Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/com.yxxinglin.xzid118923/databases/cc/cc.db-journal

Filesize
512B

MD5
30baf30a5bb6b6d5007ea50ba3ec3520

SHA1
b9a376a7b402d18314ada2a3a5873ed943db7eae

SHA256
ed2f548fcc363de1dc4214b4f123ca3cda7a9681b744d685cfee1bae78069dd6

SHA512
d378c81930a65027b0c394ef06329ae8c0a9dcfd9e1b8caa18f4d72cd2e98896fbd07b1bd0562695eccf02a4def5313c173c668681b57f92736e50cf7ca5e943

Download Submit
/data/data/com.yxxinglin.xzid118923/databases/cc/cc.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.yxxinglin.xzid118923/databases/cc/cc.db-wal

Filesize
48KB

MD5
557f4306675ebfe11fd4e5fba89d3a98

SHA1
b5c8e604277163100b687cadf7b025f8cfce8fb4

SHA256
894218c9b6cda273ad34fd872461e8a6c137845411a39386ca9f0ffa633f7b49

SHA512
00642a7ea892f10b37a9c21c9a3cd4d185a386d48bb54941250e9a21ff6fbb2405d93f21ea951beeac7ec821c47bfd4892d2b778bcb433aa477930b555d0028c

Download Submit
/data/data/com.yxxinglin.xzid118923/databases/cc/cc.db-wal

Filesize
16KB

MD5
3285a93af1eaa4b7b0048c2d8054c3c9

SHA1
99d3cf33fe8d0320dbe25d271bc694ce37cd5408

SHA256
a092b05cd0bcb3fbdcba2fc21a697db7a7a33dbaa2a258a64e4565b49b749741

SHA512
b362642bdfc9dc1b42e6c134cd7e7b327dd9ae12b9efc27b1729be310cbc10fed760fa4a8ca457483c5ea5c0fbb0e0c647a0e917222812e399c8021831d71683

Download Submit
/data/data/com.yxxinglin.xzid118923/databases/ua.db

Filesize
32KB

MD5
6e94f9c24889963f37d8ef011b63af31

SHA1
926f17d7c90a0f71a3c6d943caa374495470fe53

SHA256
b4ef89ad16a3452ac9d979102b7a5e5002e958e0e79f0dc60157eb4848e91db8

SHA512
936fd30e1799acd3e4d7398db4cac0aed03fde8ef93d19b4d7704c024272a0e6dc4d447f9c7d72b262a9d8625451d205905c8120a24294d26141e637ebf7468f

Download Submit
/data/data/com.yxxinglin.xzid118923/databases/ua.db

Filesize
32KB

MD5
d604a3bf1f8d992cc320ea5b1f7609bd

SHA1
247f88df0b55c7d523ea5398637711a0e4a483a4

SHA256
329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17

SHA512
67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

Download Submit
/data/data/com.yxxinglin.xzid118923/databases/ua.db-journal

Filesize
512B

MD5
5851db8bcb9fa914bacb3eccbd6b6d46

SHA1
0bd9928e7d2eb3c7a2b5e143ae15dd439ad96e86

SHA256
76486fcc49a95df8f927c2bd463ed182de84859e258c76d92001be6163a391e0

SHA512
0f9f2bbf26b6348b58a2c15e1378d70404239e6e00165ed66a357bd57ccaddbf32936bef4623a1f24090eab2544a68d657826bdce004ecea4ba8e1fff382fbe0

Download Submit
/data/data/com.yxxinglin.xzid118923/databases/ua.db-wal

Filesize
56KB

MD5
86f61a4e99890b054cfdc941e987ff2b

SHA1
f22673dc7214b8cf364b36e148d67d3da10f381e

SHA256
aff98d92d0d034dcfd6b9fe32b57eb285201ac3f70807a2f26482dbafafc4701

SHA512
1bcaafeeac238e3d451e8b937c78842825a4a589a1b4ce4dbef78ca5e6a9c73362a9d628b5d441f4166ae1c59eb97fa282fe14d92924f4f41d7d8a5313c7ae7f

Download Submit
/data/data/com.yxxinglin.xzid118923/databases/ua.db-wal

Filesize
8KB

MD5
99fc9cf3ad4f776654f6f7ee6413e554

SHA1
a38208069af235c28763c1e38f2a9980f661e69c

SHA256
18fe0ec1b17d52b4427078d70aaf9e7cde4628f86e904599d9baad8deb11c772

SHA512
8812f4e3ae4fe1e7e599d24c1afd28b40f4821c6ed29d7d1098fb89eab792c633e02290d507122ee71165d42cb4c1b7daeb61c8a178cbade1049958459f88f54

Download Submit
/data/data/com.yxxinglin.xzid118923/files/.um/um_cache_1718626558131.env

Filesize
1KB

MD5
644797af3ec4cdea20a9276b26da8681

SHA1
a0b8efc2d497b8987569b02d7a6903a6f3782792

SHA256
6eceee109be8d3b949b59d1d264383356e1844be34bb8a14c31b1626291e0171

SHA512
10dbe9908285a6f8f8e91276ea55b87db33b500ec2b390a8fc8ca0c4704fc807e7b467cc19994cd60ec573db26b8f803bec7adac26e8bb2d5686fa374956d0d1

Download Submit
/data/data/com.yxxinglin.xzid118923/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
3d7a135171b64a4aff0fc099a3055f85

SHA1
f3f3179a9240be2e841fd012b88070c7c042f9e7

SHA256
e8f9af1798367cdf5e5399fda5583fd601fb1f7cb9d30f715a903054a71f8213

SHA512
7e601ebb4acecabbe693b61c10ee048d4e846c31a198c43737efe39a9950731f68ad07d869dd6ecd80a9715c12e560a3f510b258f83a381269cf94ebc25bc32b

Download Submit
/data/data/com.yxxinglin.xzid118923/files/exid.dat

Filesize
54B

MD5
813b3f6ceef8cb1d33c939332bbb999f

SHA1
de6b453d91940a80598178014106e1c81d18a01b

SHA256
47891120aeaa030d99927adb1c6ee39ab6734e17707abcb9df318988fef0f1f5

SHA512
002456f63193e84b2c15f1b119a2599cab00b846de81fc3b3a83e8d7053c34159c26a8f3ef76f41dfc424b749a386a37bff32d5e89735198306d0c30f91ca930

Download Submit
/data/data/com.yxxinglin.xzid118923/files/umeng_it.cache

Filesize
415B

MD5
be4d6d32127e1f28924601b909e0a9f0

SHA1
a2ff7b52faee3b57e88e7359f13086b44ed02605

SHA256
cd02dd7f1e0e785b02b9e124fe470d6b582169f641bb2ba3b2f5c94b67e78d10

SHA512
705036c58241c79d431d7930c925bfe8c7630655cb0269d379e83e44864f0d0beb4d02858c9e4dfad6b9de4cd8cee445d2e1c646dbfde9ae09b031b5b3d2d005

Download Submit
/data/data/com.yxxinglin.xzid118923/lib-main/dso_deps

Filesize
156B

MD5
f957fa3d459b177bc4fac9a7923617ee

SHA1
cd88a2126ed9d3e8f9668d0ca60cb10a314772dc

SHA256
ca723470ff3655c67c2f4651074f66f410d8e2abc4e3918eeebce45ec78a6ad7

SHA512
0ffa593a52d43bf425e032c7463777fea54e1a7b7dbbdc551ed38d92d814edba1483adaa7c903b8aa7188061421b20f41bac2e07acf52ad12362122131e246ef

Download Submit
/data/data/com.yxxinglin.xzid118923/lib-main/dso_manifest

Filesize
93B

MD5
f049019de27a3a937680ead2d2ab0491

SHA1
da7e30a8e411aebc0174a4029287a911bd8ab260

SHA256
055b4a2335955bb0b7fbf290cf19489b457757b0f5ff4684dce994a88aa9df03

SHA512
04089120a08f9e18fc528d84f727349c5197e6a6dd494921d7e293e6dd5824d56a10eb832b5d058d6fb8dd555c2e645c00f338ca9ca7734a6b9f70ced405e2cc

Download Submit
/data/data/com.yxxinglin.xzid118923/lib-main/dso_state

Filesize
1B

MD5
55a54008ad1ba589aa210d2629c1df41

SHA1
bf8b4530d8d246dd74ac53a13471bba17941dff7

SHA256
4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

SHA512
7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

Download Submit
/data/data/com.yxxinglin.xzid118923/lib-main/dso_state

Filesize
1B

MD5
93b885adfe0da089cdf634904fd59f71

SHA1
5ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA256
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

SHA512
b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

Download Submit
/data/data/com.yxxinglin.xzid118923/lib-main/libjcore110.so

Filesize
77KB

MD5
304c4775c940633d9bcd763ef3c59ff6

SHA1
88cec29d0123a91bd5fc01adf460d75137592998

SHA256
718cdf15c87ac89607e548ac80b4e22499afbbdf5f5df77aa8fb3e2776e719ad

SHA512
8265e7dfc99e7ab6195d879a6fe3ad0cd5e33919d75c6ecf33d38d301b754a2c576bcaa73e56c8b305838f726577fc042ee7e8ddd88cea05e25eab4fec82cc43

Download Submit
/storage/emulated/0/JXCP/aff/com.yxxinglin.xzid118923

Filesize
7B

MD5
e00e988e8751defd343d495400c790b8

SHA1
42b8c1eaf5e5344d3c2b2e74425e6ed1879f0408

SHA256
6002e253ed3bbe03c751c835ab254934d553c39f896f446ce9ca6a1d22077208

SHA512
84b41f459b87d28f82aa4aa10562cf2fe4e7a0717f222b7e694d36a1536ccd1b1854d6b37346ebe0a69849ac915e5c15575a02317af84baac0a41012e9241c3c

Download Submit