cdcdc0b2b40575758a20749ed9cf2c7791af662ddc56aeb97c147f20b2c67503

Analysis

max time kernel
166s
max time network
146s
platform
android_x64
resource
android-x64-arm64-20240611.1-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
submitted
17/06/2024, 12:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b88f36123a44c6ec03c836809bda89fa_JaffaCakes118.apk
Size

10.8MB
MD5

b88f36123a44c6ec03c836809bda89fa
SHA1

cb08f2eedf87cf05865ef6a61d164f3c8cfd3e9d
SHA256

cdcdc0b2b40575758a20749ed9cf2c7791af662ddc56aeb97c147f20b2c67503
SHA512

e442deb39e18490f7fd517864963c05dbcb220cff5cf5e78558f82f4e9dd6214bb22767d21108270c3c5f5707c8d8dcd3481ca06feccbee1f5ebf093361887e6
SSDEEP

196608:Hv9lN1iJosXjW4WMIuoEuduSYBMwoJl71DMbe4lf0r//TGAki6JkXuZLOt4fyXSN:KosXjW4NIuNueUJQiw0r/CAki6kV/iIw

Score

6^/10

discovery evasion impact

Malware Config

Signatures

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
28	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yxxinglin.xzid118923

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.yxxinglin.xzid118923

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.yxxinglin.xzid118923

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.yxxinglin.xzid118923

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.yxxinglin.xzid118923

com.yxxinglin.xzid118923
1⤵
- Queries information about active data network
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4635

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yxxinglin.xzid118923/databases/cc/cc.db

Filesize
36KB

MD5
4cfe777c9f6e7859f5efe2197401d8e5

SHA1
bb3774e8879ad5f6db0c37f151c3d6bc7b4b207a

SHA256
c422190539b6414072fc3950da19a17985c0c4c2172740b2f74682b520af5231

SHA512
6be469864edaf8eaa110f618f8abd27962da92e20945dcd38073ade2b60b10f00552d54d5db9d9f75ca133213031030e71e2e30113ff033e5ef507a28fe0b1de

Download Submit
/data/data/com.yxxinglin.xzid118923/databases/cc/cc.db

Filesize
36KB

MD5
86752a4be6564d8370f2f0e403995003

SHA1
29f7d50675f6e59f3b808eb6dcc8619384412115

SHA256
50484dcdc6b9c2801773018386a8143a52a5153eb2eeeaf5be8bbe46a49ca90c

SHA512
79c9435c1e0d41a3f97784be3e5a3cd8c0bd2d32ecdf326808bacb00c76d876d0447617d6e72ef04cd4b996c92eda4eb7bb200987ae7928ce2e0e7c8e807a5ec

Download Submit
/data/data/com.yxxinglin.xzid118923/databases/cc/cc.db-journal

Filesize
512B

MD5
020ad229275506df27563b232e427122

SHA1
6b5036d3e5ce52e924300e41211f01014dcf0278

SHA256
08ebad61605df311c872ed9ef0d48f814f9ad2549f7159286a3bd1dd9f96f5b0

SHA512
0e462f92c4630e8f62a9cb05bfc0b30896f61df9d1ab1416b2a65d78bb5a5a41371d1514e5b393a8d5da83a3a1aa013e77a21915a20169a99faee4e494a7816c

Download Submit
/data/data/com.yxxinglin.xzid118923/databases/cc/cc.db-journal

Filesize
8KB

MD5
567453f293e18653f4f74a37596fb698

SHA1
7c64bb2e00b6fc3c6a62a2eddb7ebf09c84aae56

SHA256
a61482e8c4c659b6055c7b6108383fcd5e7b053f53be75276c063d8995479a1d

SHA512
c5b2f1f76526ca33c794e0ee9be6ba870f58c4423ba79541b23176dfd8db4149930ddc92b44adcdbe83eccfb815460b6d2bcfc3c244a00a26923fdd94c9adf2b

Download Submit
/data/data/com.yxxinglin.xzid118923/databases/cc/cc.db-journal

Filesize
8KB

MD5
690f87638eb477e1576a56b6ed756062

SHA1
84bec5698afd0d1b5ddbda39c0ffca8ed0b5e729

SHA256
f9e3f53a2b2b85f533fe2e993b4929652c9cff42603a9f621a4f58b820449de5

SHA512
301e30d8a92c57bcd76c87ff92e8d0a04daaa205f998fdd6e291e1ac03f409e64bb446de72081fded8ac2b8c813cba0f933cb281205196ffe2f72141f6663dbd

Download Submit
/data/data/com.yxxinglin.xzid118923/databases/cc/cc.db-journal

Filesize
8KB

MD5
0ffe93743e5c8309cfc62d9f077f5d99

SHA1
ac923b3651fb29e13bca8616bdad9d6fbdddb5c9

SHA256
6a7e9106fda980e2528e5b50af5afa97816261aa683cac020e798841b1affd74

SHA512
9702f7653cb7d2fa2d2fc19b0b62245f1dfbc170ecd9ecd06f1f6379ed1d4514aa7f67666ab291e849579a36514a43ad83402cd15e46a9abf8530e8de2f19dc9

Download Submit
/data/data/com.yxxinglin.xzid118923/databases/cc/cc.db-journal

Filesize
8KB

MD5
fe8c61c97f43d851f6305d7b60f5171e

SHA1
19f5bccb362f347b35d99d759941349602d0e58b

SHA256
d1de091a3ad59a49f15bd348deb83710eff5bc4dcd6a2ba02234b05b6a176052

SHA512
3ee2fcde08c2f1387c37114d8a1a972c1c3f60198ddc5fa644cf2c0fbaede6f4c25f009eed42474e5d0c4bf526e0db15bed0eebcce31816ee599d9f22525511a

Download Submit
/data/data/com.yxxinglin.xzid118923/databases/cc/cc.db-journal

Filesize
12KB

MD5
84abf9d2dfe3ba5377be1348548c1c5e

SHA1
3c099a06b6debd1ab9eab68584dfe0ab03648e3e

SHA256
912b36af3704bcfc0331338c89e0982d34cc384170137a217513ecf36c2639d3

SHA512
1f995c80cb4f3b3e2a0436fb12f12d028fa1dadb409fd2d9320dccfde10cee5bf1ccd1d84c38e78f4cbbac464a8339966c7a74e22abf34e24c70f8b3f828effc

Download Submit
/data/data/com.yxxinglin.xzid118923/databases/ua.db

Filesize
32KB

MD5
926ccaf470147b15cb4a8681032e8e45

SHA1
4fbce514e967925784ff310feb47bc2f5f8eb21c

SHA256
2c90d7b1539123d05b03fb1dd28a0415959a789b2206117529e36359c3bd5e8e

SHA512
7a966ca2a581ada665c7bff9775065a8c006b8d439d9fbec9c6f5b0d06c371113ffe0735386bca34ce3bc7207f5ec33b5ba872789e1700c5973caef454b458f2

Download Submit
/data/data/com.yxxinglin.xzid118923/databases/ua.db

Filesize
32KB

MD5
4cac7d31fb94d5c9581893537f64c5ed

SHA1
96bef3288546196ac3058b5eeddbe9da1d999fe5

SHA256
d1b111041f8aab3269f3da846b2ea199498d99f6905174a9d641f0faedca41c5

SHA512
0ab95e51a640148ac007d47afd5b9fd03ae5a3b9053e5e19a4f0b8089e17e41e311790ee9fe486b6752926799577bee041ed67b64d8772794e9d2329a96ce747

Download Submit
/data/data/com.yxxinglin.xzid118923/databases/ua.db-journal

Filesize
512B

MD5
3f9bf62af2a174ff72e36ecd4ae2e2c7

SHA1
2c22d2d30d34196c61299a4ef14fc1fa893aa273

SHA256
3567ba67b2387a1b3809e63bf28ea476da7b26439faeb103d535a66bf67c571f

SHA512
0c43f427a82553751ad47a585aa4ec8d55e61363555cd3af50b4e68394e2d785699550eed9230a307e804330bf583248a0afabf3d06d5556eb47c65499e198df

Download Submit
/data/data/com.yxxinglin.xzid118923/databases/ua.db-journal

Filesize
8KB

MD5
6a8a241cd638411c5421853aa855e8cc

SHA1
a636011fb81afcf8a23523e1730280bde314b0b0

SHA256
2684c6526c12f36ce670ada6286db4a9fb388f39b403baab1f72e8ae9d532c75

SHA512
6e6a3e9c5824a374521836e6bb907c75967e66a2be9f17e49c93edae6c2c46f8cb66895e54bafc09ddd8bb60ff1b1af15db6b0dd42e9904bca92e218ab6838cb

Download Submit
/data/data/com.yxxinglin.xzid118923/databases/ua.db-journal

Filesize
8KB

MD5
3698a69742e1b59175fdb7c0e998f6df

SHA1
570e0c8835619cdea69ad649b0c0f724ac31a2ad

SHA256
e3deece747e5a6897667e666bc2460448ac6706812c2141b71f3b1e812500df7

SHA512
b9a116bfd9664ddd31b7fe7f2229a8627b3e4c2060347c3735cb5f998017cd472c11ce8a423eb5ced400dad34b43104b647ef3539bb2bd95f68885ec30df09b5

Download Submit
/data/data/com.yxxinglin.xzid118923/databases/ua.db-journal

Filesize
16KB

MD5
31e6835b17d4b2dfa0e3077353e9918c

SHA1
565d0f36517843fc16b822037dd96f1099322f4a

SHA256
ca281a5d07ab65719a0d63e0f469010a484ee0543ed1107db91cc44e26441c53

SHA512
3c733c260835a3f7d510af68fb20b7dfbb1f390fdac96541dcc368a0c3f1fba3ca852811963412f4545ec3475d4e0ce00eee02ff80c1270d87264ceab7634234

Download Submit
/data/data/com.yxxinglin.xzid118923/databases/ua.db-journal

Filesize
12KB

MD5
5b971fa3d476f087575190c828fe08d8

SHA1
0525d13bbddd9c496e7bad0d4f10c5fd67d4cf7b

SHA256
8005729bcd996211c805a8dd6e00cfb36379f22d501e560eec56ec85aebc0ae1

SHA512
54db6e85d813bad62067408fb30c63159883f8419009860083c8af9f742fcb184eb8df0bf72ce8e52087fa7177cfc7ad9673df2ad5f2cfd4720cb5ec61942915

Download Submit
/data/user/0/com.yxxinglin.xzid118923/databases/RKStorage

Filesize
20KB

MD5
a89f83a9b93ab9e7d2a5cb650e5d83e7

SHA1
d71d674ff3fb0d880f4b601dccb5af96294e787c

SHA256
a771473b319fbee139b66c5b58d671719d1794df89c8fbb57f8d6155317db761

SHA512
9a16cacad566233f658996a3541305ab7c2927c71615a25bf3a0e79608b067be2ed151011214760f983013460c3bbaacc4bee33abe5d1ae124e4fa757c0bb1eb

Download Submit
/data/user/0/com.yxxinglin.xzid118923/databases/RKStorage-journal

Filesize
512B

MD5
2393bfdb5076d59f7e33fb045437a7d6

SHA1
86d95f42b4ad0fa63f0b82f3000d412a6d291d44

SHA256
51c5da6ae2b4bccd253224fd350599c0d44a11d4a8448092a43aad3a1aff70f2

SHA512
4d7d4849a3ca394835c5d7b6278b85af29537a705f8b912e1f70f7c8eef6fe358a11a982dd99e3540c1a6da79cb63f577455892ba82d578f6f54429d6d0de2ce

Download Submit
/data/user/0/com.yxxinglin.xzid118923/databases/RKStorage-journal

Filesize
8KB

MD5
4b035727fdc75e7a4205c480fed7698c

SHA1
77bedfe7639e8a292c353eedc1b8317486d3859a

SHA256
1096f339d1e99ded247e0461089c19f58b888fb0ea2d853e0d8cc47e1cf36917

SHA512
77fdb6747a696cb8f3f364f52031aad079e4d3ad32632742ee40c6cc62db0c9d05d57fbe5d81c0c78981a510edff0c9b16fa1833f29cea4b5dc4b7e5b87c0379

Download Submit
/data/user/0/com.yxxinglin.xzid118923/databases/RKStorage-journal

Filesize
8KB

MD5
7f8fe860f9b43b443b124b7bc463b9f9

SHA1
228225d8550d6dcf7857ef6beaf448aeaf91a1ed

SHA256
a9b9dbca21714688c3615c2f2c5e7faf39695167b393eef8928e21a6d9b28585

SHA512
1f79f7b74fc12809693212f6e60a79ec97a67802b24d0b92c3d9c40c1e2f66c042914997e89f2fe859c0a318f69ce3460b710ce053f78a7bf3a09b68a28a82b4

Download Submit
/data/user/0/com.yxxinglin.xzid118923/databases/RKStorage-journal

Filesize
12KB

MD5
3a070adf789085977eaab0db1e97a68c

SHA1
8c16701d8a8f5d0327c7499f3cae5c668c7ea737

SHA256
329a1af7770402d5167db57037e9232a713e2177e28d250e95cf2fcc58655f8e

SHA512
57424db182310cdd119ff88458f1d29bf1a7eb70e3c5f1e396893c5d69ea9d7873d125fa1be3e0fdc7012328a7fc2a98b05940b3fcf76264a4b1543a2d75ef13

Download Submit
/data/user/0/com.yxxinglin.xzid118923/databases/RKStorage-journal

Filesize
12KB

MD5
fabd642c9ac7a99147f0fbdf80927cdc

SHA1
5e6fd6bee940125207668729480224279b13be96

SHA256
9472e264c6351746c0408dbe4c8c804413c8b0469b412473298af846f4696394

SHA512
00e79d6a7453c1f38e3565f1617dd1a76bb9b9f2e311231b2b7ac86a44c44cc2c8e0e9f149983eda34ff9ef00a8976b5911f6ce431e3aac7da18d5179472e942

Download Submit
/data/user/0/com.yxxinglin.xzid118923/databases/RKStorage-journal

Filesize
12KB

MD5
fc0c3cdd58c32aba96d7293571440389

SHA1
c9cf7bb7541ad1bbf02f057ffe92ab97c353bb09

SHA256
c7f71b05970621d229e93041c83a02b0d3e5cd9ff37f29159211059cc7d01b85

SHA512
e39a6642f7cb27142a50d6a4943ff590ebf08d9b377c427b42c02afba457e547135a788dfeab72f05e10d461ee8ca87efa10de67e666d1f2ae9a6251a9243ef5

Download Submit
/data/user/0/com.yxxinglin.xzid118923/files/.um/um_cache_1718626559968.env

Filesize
1KB

MD5
8a3196d915c94715756274145b837a72

SHA1
a581e57fd46b996266c42fad058b3e382dcdb214

SHA256
19781b9533e1755e9ce049d8752264375a54fa371d2349d2e480b9497b1208da

SHA512
315416dc38ed8ce1dd2ce39fdde53fba9b7a47d4a97cde300584093a980d1e6ee8741987c3611066bcb14d1ca88a323fc31cc817372546540e829d3224490de1

Download Submit
/data/user/0/com.yxxinglin.xzid118923/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
83c96cbbb10d48931c3e9513a649c7bd

SHA1
881abc318399309fad50a439799ebe651fc4ee64

SHA256
3ddda65b1a39c4d995542b8e51fc542c1de93c1dafb05396303eaa36172b7fda

SHA512
babe6e4288c4422c3e5e493daac7c80f269786e7204b1abf90ad51a170fe478d6dae9c50050269aa52c54e21ede48d5b1e4fcfe1f8297c3d75255daa1497f3b4

Download Submit
/data/user/0/com.yxxinglin.xzid118923/files/exid.dat

Filesize
54B

MD5
813b3f6ceef8cb1d33c939332bbb999f

SHA1
de6b453d91940a80598178014106e1c81d18a01b

SHA256
47891120aeaa030d99927adb1c6ee39ab6734e17707abcb9df318988fef0f1f5

SHA512
002456f63193e84b2c15f1b119a2599cab00b846de81fc3b3a83e8d7053c34159c26a8f3ef76f41dfc424b749a386a37bff32d5e89735198306d0c30f91ca930

Download Submit
/data/user/0/com.yxxinglin.xzid118923/files/umeng_it.cache

Filesize
350B

MD5
7597b7b0881448db0149c9d4bfb49ef9

SHA1
403dcdc37d7c62135a5403963103576184aebac1

SHA256
6d1d2e7ffa1b63f9f66573c2a71047ecac887e26374ddb1a470e82bbe2090db5

SHA512
62ac2352aba36abd43e0aa82de042080ba983c400de16c6fdfa3369a1a07df220db7c71ff0d3b10cbb19b58ef2818dbb71bf661c30fc8d200ba8d274f60215b4

Download Submit
/data/user/0/com.yxxinglin.xzid118923/lib-main/dso_deps

Filesize
208B

MD5
0b2a24fcab5b0ab6c23c1548106ffdee

SHA1
c808dd3a0c5261ab535785eb12aa1e534766be29

SHA256
d9f781fa40db8367426703f4867f9d37ff391a6289cb302070325977ebcc2014

SHA512
a77c74795f1bdbe20af46c47c346fc2e2829050e642b6b370017382ec91788a23c644e0d97e64621cee04afcb939aca0c9df9a003053d971f3d8a5df242d6bc0

Download Submit
/data/user/0/com.yxxinglin.xzid118923/lib-main/dso_manifest

Filesize
93B

MD5
f049019de27a3a937680ead2d2ab0491

SHA1
da7e30a8e411aebc0174a4029287a911bd8ab260

SHA256
055b4a2335955bb0b7fbf290cf19489b457757b0f5ff4684dce994a88aa9df03

SHA512
04089120a08f9e18fc528d84f727349c5197e6a6dd494921d7e293e6dd5824d56a10eb832b5d058d6fb8dd555c2e645c00f338ca9ca7734a6b9f70ced405e2cc

Download Submit
/data/user/0/com.yxxinglin.xzid118923/lib-main/dso_state

Filesize
1B

MD5
55a54008ad1ba589aa210d2629c1df41

SHA1
bf8b4530d8d246dd74ac53a13471bba17941dff7

SHA256
4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a

SHA512
7b54b66836c1fbdd13d2441d9e1434dc62ca677fb68f5fe66a464baadecdbd00576f8d6b5ac3bcc80844b7d50b1cc6603444bbe7cfcf8fc0aa1ee3c636d9e339

Download Submit
/data/user/0/com.yxxinglin.xzid118923/lib-main/dso_state

Filesize
1B

MD5
93b885adfe0da089cdf634904fd59f71

SHA1
5ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA256
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

SHA512
b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

Download Submit
/data/user/0/com.yxxinglin.xzid118923/lib-main/libjcore110.so

Filesize
77KB

MD5
304c4775c940633d9bcd763ef3c59ff6

SHA1
88cec29d0123a91bd5fc01adf460d75137592998

SHA256
718cdf15c87ac89607e548ac80b4e22499afbbdf5f5df77aa8fb3e2776e719ad

SHA512
8265e7dfc99e7ab6195d879a6fe3ad0cd5e33919d75c6ecf33d38d301b754a2c576bcaa73e56c8b305838f726577fc042ee7e8ddd88cea05e25eab4fec82cc43

Download Submit
/storage/emulated/0/JXCP/aff/com.yxxinglin.xzid118923

Filesize
7B

MD5
e00e988e8751defd343d495400c790b8

SHA1
42b8c1eaf5e5344d3c2b2e74425e6ed1879f0408

SHA256
6002e253ed3bbe03c751c835ab254934d553c39f896f446ce9ca6a1d22077208

SHA512
84b41f459b87d28f82aa4aa10562cf2fe4e7a0717f222b7e694d36a1536ccd1b1854d6b37346ebe0a69849ac915e5c15575a02317af84baac0a41012e9241c3c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads