611034244742e3dd88bdfca6c43d8b40454509873e81bb25572265aac5f8699c

Resubmissions

23/07/2024, 13:29

240723-qrc1havgrh 3

23/07/2024, 07:59

240723-jvtdbsvhqc 8

Analysis

max time kernel
157s
max time network
133s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
23/07/2024, 07:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

66bffe0de65f2bdf16a85ebe3153c261_JaffaCakes118.apk
Size

2.3MB
MD5

66bffe0de65f2bdf16a85ebe3153c261
SHA1

7e11e1a6c35218610a27b1a2a5e04258146fc0c9
SHA256

611034244742e3dd88bdfca6c43d8b40454509873e81bb25572265aac5f8699c
SHA512

86c98ef137cd10baa8b792ce4b939d3817b5c52947cea2155c627f2b065c11541962fd8ad40c222fd5b22470fd641032a87878b17790f68d722a913816df9730
SSDEEP

49152:DtkpnQ6qYqCo3+NzMFVI/ij1PSs43H3vf+Gg:1b+1O433HfPg

Score

8^/10

collection credential_access discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.yxxinglin.xzid665

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.yxxinglin.xzid665

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yxxinglin.xzid665

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yxxinglin.xzid665

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.yxxinglin.xzid665

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.yxxinglin.xzid665

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.yxxinglin.xzid665

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.yxxinglin.xzid665

com.yxxinglin.xzid665
1⤵
- Checks if the Android device is rooted.
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Listens for changes in the sensor environment (might be used to detect emulation)
- Checks CPU information
- Checks memory information
PID:4456

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

User Evasion

T1628.002

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.yxxinglin.xzid665/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzIxNzIxNTk5MzIw

Filesize
1KB

MD5
8ceb57b05577d35b46fb6a608d61e61e

SHA1
d82e6be93c7d4baecc76a3343c4b9240cf4154d9

SHA256
0a2f0ab7163afc57d71c00e7b3835c1b7012540145b11d8539965cf43ead6274

SHA512
d952dfc5f07dd2b96d980858ef982bca706192e8708dd12d22aff5465f83f6f54e6be54cdd829434467308cdfca3b3e8bcfa217ff78d00f110a356fbd0875b0b

Download Submit
/data/user/0/com.yxxinglin.xzid665/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzIxNzIxNjI5NzAz

Filesize
1KB

MD5
2c90508b5f3720f9be66761eaca134ba

SHA1
21ffd9a0347d6b4472db6461849de7003be2fad0

SHA256
53ff9070a344aba9b924a6323b34b619498c8cade8b7578b95f727eb7b39ec2e

SHA512
d02c139cd1ff14824d258f6d39585d6e4c22862110603de1b569a79136184363876c9e97f46c3730fb65d3f0b9831ab1e135e4854050958eb9728b00dd104c96

Download Submit
/data/user/0/com.yxxinglin.xzid665/files/umeng_it.cache

Filesize
350B

MD5
3dd43e79a1b578419cabdc18d2baab0e

SHA1
a3d5332306fa64efa5c117d1357b8db83ac89396

SHA256
d9613107335b8afe8b1d7c1d546c6396ea45d3c004331b858af79c36bc61872a

SHA512
44f8b6fbebc5039f570e13680eb1f6eaadfbfcac9de3713d6746a2443d720f75f8f6913033a72b29ad39b34d23b952d28e040a08136b8ae8b675fbcd40a350a8

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads