93273d89cb6ee36db352fa95880564156dde39a69648beb3b9e01fd71d2aab88

Analysis

max time kernel
144s
max time network
151s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
19/09/2024, 03:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ea834930c43a76d98efad6f8b053987f_JaffaCakes118.apk
Size

30.2MB
MD5

ea834930c43a76d98efad6f8b053987f
SHA1

802aa3e9971bf16c2b8c979bc975aa450454808c
SHA256

93273d89cb6ee36db352fa95880564156dde39a69648beb3b9e01fd71d2aab88
SHA512

4eff371d175b0a37fadad423538c502ec9fdb8748d7024ca3479dd76cf54d8cdc919f6846f3d4de7e59018966e264962819c13a61bc7cd445ece60fab632ffb3
SSDEEP

786432:AgfB1xIC7T6NMImmdupZPAAsEY2MuvZAgo+/QvznjC:d1yC7T664uXPAAsR7uvSgonG

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 4 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/bin/su	com.yxxinglin.xzid16853
/system/xbin/su	com.yxxinglin.xzid16853
/system/app/Superuser.apk	com.yxxinglin.xzid16853
/sbin/su	/system/bin/sh -c type su

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yxxinglin.xzid16853
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yxxinglin.xzid16853:channel

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yxxinglin.xzid16853
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yxxinglin.xzid16853:channel

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.yxxinglin.xzid16853

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.yxxinglin.xzid16853
Framework service call	android.app.IActivityManager.registerReceiver	com.yxxinglin.xzid16853:channel

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.yxxinglin.xzid16853:channel

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.yxxinglin.xzid16853

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.yxxinglin.xzid16853

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.yxxinglin.xzid16853

com.yxxinglin.xzid16853
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4254
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
  2⤵
  PID:4348
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
  2⤵
  PID:4367
- /system/bin/sh -c getprop
  2⤵
  PID:4415
- getprop
  2⤵
  PID:4415
- /system/bin/sh -c type su
  2⤵
  - Checks if the Android device is rooted.
  PID:4442

com.yxxinglin.xzid16853:channel
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
PID:4483

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yxxinglin.xzid16853/app_crashrecord/1004

Filesize
241B

MD5
a9de480f093982b0de1046727a4e9332

SHA1
c3dc04a7a1e54572d1eb22ad70892ace71f3db62

SHA256
e88a6aa6113750ee8c862fbe0701eff734c18a9838331a5aafad08f46dbb08b5

SHA512
bf656f137da2ce1423c3f0ce86b64ead3c3cdfb530b5db1bf59d59b67171d47bd148498d969865667dc38afa7699f2ddd11b4271bee021b329dd7990dabef903

Download Submit
/data/data/com.yxxinglin.xzid16853/app_crashrecord/1004

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.yxxinglin.xzid16853/databases/MessageStore.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.yxxinglin.xzid16853/databases/MessageStore.db-journal

Filesize
512B

MD5
ba8150092b26d20c7cc535fc65b1486b

SHA1
0acbaea40a8f9a6746c982b3940d579e71f61ae6

SHA256
5488de8e822ae74709ea99ce55772c1f3e020309e63a0c71be043241fb09560e

SHA512
68739d4f5b42d0e7fc3e8f3c74424d53541c457640addbf03a55f92e788e0fcaa04655e2940e8e8ee206d959a4edaedfc03bfed486f69818e4f4f0b500e08f96

Download Submit
/data/data/com.yxxinglin.xzid16853/databases/MessageStore.db-shm

Filesize
32KB

MD5
94d00831db8ac350001c17d3ac9f1eec

SHA1
8a3e67ede096ae900b13331c0be34f5dd8a74e7b

SHA256
6e5709d333b9b0aae333ec0d0e2046cfbc32fa8f961a76f7cea5f99e122f1ca7

SHA512
ddca5ca7e8bf073fa02aae88fda0a17a3edd8efd12c25b83c2e57f18f25fd950797d8152501b4ba813512ec07105dfecc46156282ef71a965b6f661ed43bb2a7

Download Submit
/data/data/com.yxxinglin.xzid16853/databases/MessageStore.db-wal

Filesize
48KB

MD5
3fe06c6e572f708e313e859750a85a7e

SHA1
4e047a1f60a2316e06e17ef5c8bc233b99686540

SHA256
6a138c3033e597187dbf2c930ccac01a19e118b337f6e7461218d1b5013204b8

SHA512
88dc47e35c833197d2d4b2c2eeeed2333b24113c307a708ae5882e91ec52d20168fd46eb81555bd021da4b7eecc1b3ac60b26a2550d24ca821c4036bec891962

Download Submit
/data/data/com.yxxinglin.xzid16853/databases/MsgLogStore.db

Filesize
4KB

MD5
d909d884b0ee62ccb6d6ef3cb94f118e

SHA1
542aa00725b8cc701160797240d8ce6e73ca5fae

SHA256
31984713af9ddc0968ff68d831ea61292c81a7bb8e7a6916e86ab7196b8abf17

SHA512
a8fbfdc1c5ad90311ada8eaded7fec31170cc9baceb7211d7b945061d7660c8efc1a852d10209e58692ff5f19b4dd7c676ebeb7d9cd281cefa269bddedd03a3a

Download Submit
/data/data/com.yxxinglin.xzid16853/databases/MsgLogStore.db-journal

Filesize
512B

MD5
7bd1fee2af5e2be63f574ca70293b74b

SHA1
50c39f57658212adb30c225fdaa0b9db467b8066

SHA256
3833a1f0e7a6fdc692664a114624c1fae24c00aa4e0a281235bb78c14e14bd09

SHA512
5a27b89f075d63c8ddfd48305f4922befc01a7550f40074328e53b5a4223bd4d261e63c2392fd82f2d21c9f69e58e925599011be9a1e6fe9a4d5dc96b08ee4f3

Download Submit
/data/data/com.yxxinglin.xzid16853/databases/MsgLogStore.db-shm

Filesize
32KB

MD5
df2f0bb4e3cd14453041917353618a3c

SHA1
10b6e7a8fea42baaffd06ee0bb40a8c85e113c45

SHA256
9b0590bebd712e5af1700589f3bfc9bcfc4bffac03fbb8599823ca3cac4e88ab

SHA512
d8edf6ddc7d5342f7f44c6f966bf9d70b744e4eeaa18feb773e12cad32577625b40df8f2661cc5a47cde82b6bb29eeba25e88ad610d678ab51db600a1a8785cb

Download Submit
/data/data/com.yxxinglin.xzid16853/databases/MsgLogStore.db-wal

Filesize
68KB

MD5
e9fd78506c0030c9087912f793e2e45a

SHA1
cb1964d79c4d710ac35ce534d4f0bb4368835f2d

SHA256
f33719cce89704330d02a8639938323200d65fea869eaad455433c147f278279

SHA512
70ed96b47e2c01893efad341582784c43c9455638a1f7188eb30d9417b603797dfed790ffc841b34da75c248137872c1051c78eccb9beca753badea422af39be

Download Submit
/data/data/com.yxxinglin.xzid16853/databases/accs.db

Filesize
36KB

MD5
486e2bac2b3e9e1cb411d2838a4854bd

SHA1
81dd0a7537f4af319b830ae834908986be85da8b

SHA256
5644a250fa6cef16c2c802b98275656a5fc39dcf89bcc22193742d85c7313f57

SHA512
c146789563dae163e373489b3df53f22efebd32b69643992969241eb5ad5eec668de67e7cd2aaf5c3a8af57b0842115d00183825734f57643d3fdb09835fe681

Download Submit
/data/data/com.yxxinglin.xzid16853/databases/accs.db-journal

Filesize
512B

MD5
de937a48b8ad289de169e722f49cde76

SHA1
51e4125546157a59e0cdfd7ba36591d386c36d1d

SHA256
d209708ecaf539f9777a087f6afb296b90c757eb6a26792f4bad335cf2aa91e0

SHA512
20833ad673d7a24c8c4ef0dbd2d09f29cce71daaccd3c610581ee6a10232c900bdaee473059389d57e793c1a90d72379b3d12879db845e0820e41a129be97808

Download Submit
/data/data/com.yxxinglin.xzid16853/databases/accs.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.yxxinglin.xzid16853/databases/accs.db-wal

Filesize
48KB

MD5
d676a40cebe0bf754dd32a1e7c0d1cdf

SHA1
0746c28ff584547ee75529183179b038fb7d91e3

SHA256
5ac01a003d3ac641eab732304abb432fd241fd894ce5ec1eb147111d9213e15b

SHA512
4809684e2e488987ec3d546e9b66096fc1d023f927773e72d152e5f32a7bad0702d35be530f77e29a6307d0f6dda80b58ba2158e59470c921f18df3dd049ea93

Download Submit
/data/data/com.yxxinglin.xzid16853/databases/bugly_db_-journal

Filesize
512B

MD5
ff20fba01303099053cf10532d71a87a

SHA1
7a6f9c91af221f6a9a8a2d4bc135992c507f084d

SHA256
22b433615157f8b7e1c9a6041b76b951f50c3d39921ee8a734f11a8dc5436dc7

SHA512
a5be2b3b014f1e4e83c7783569257335d540cd303e7fc1bfda035ddd51922d742d691d27fbec0ee3111d2abaf14bdb191554490b8d26b77de7e584b927d3e0cf

Download Submit
/data/data/com.yxxinglin.xzid16853/databases/bugly_db_-wal

Filesize
72KB

MD5
5faf8540c23f074109024b889720d841

SHA1
a91c51e9049f6f420d9c910769e95469732abd67

SHA256
f695d1a2559d1677ea0227a8c60d75428edb3d30119d1a509af58ad62f04e17b

SHA512
b83facd2dc3be2216528df2dc164ef333e14750f00a1d528e520d3b7fbe253f04e828e3bef50fed5312c4741057e53809ee81baae40d40c922ee4a321e1c1275

Download Submit
/data/data/com.yxxinglin.xzid16853/databases/tencent_analysis.db-journal

Filesize
512B

MD5
b19440a9cf3a5f344e325f90ed2c74fd

SHA1
fea9baa643eb76523cdd381f7d3c7933c92a2c5f

SHA256
bd10b2293f97d1b040ee6938b683bf16137adedd6eb456f950452d78d71b77e2

SHA512
1721e5a565b74a89433846036194df66cc8435708bdda79f3151f788a00c89b3d6c94029ab4d6142465c769921cfa13fa8d292873b0dfbe774e2493413eddb8d

Download Submit
/data/data/com.yxxinglin.xzid16853/databases/tencent_analysis.db-wal

Filesize
76KB

MD5
110c125bc9db80f46e196e7559329d04

SHA1
7ddd913bafc720ab7798a5e3cf40de28445e269d

SHA256
32bf447627c8cbc82f0a342edcbb339e95f8b54a78f00933599845e95996d8c1

SHA512
356c880d72e20ee42856bb04ecc6d452da5e05de41ecb1d94fb1f0e425ea38bd1bbf3e51923215da8756859f77d89ac4a6a74e52f41e98ca8a4d61aace122aac

Download Submit
/data/data/com.yxxinglin.xzid16853/files/cclogs/2024-09-19 033758.log

Filesize
1KB

MD5
f72ba79c3b0017dfbf9f487ea13c87b0

SHA1
921e6970d81e4212726102ccd51dd91bf8ea817c

SHA256
d19105e1e7ad0bce2c739f407202f8af920cc2fcc41a9f3ed2f4ebce6198b52e

SHA512
ce211ca599de42b630f0731ea8f6b11aa2d89335dd6440a773b3fab0f12b3902cb90430fe78e722f19d9dc02a5d36550c93a3d9a6664a700d464d1d69c5beca7

Download Submit
/data/data/com.yxxinglin.xzid16853/files/com.tencent.open.config.json.101400326

Filesize
1KB

MD5
f526172de1566b34fdcea744710d9559

SHA1
000cb54d9a008a807a1c5a3fd2b2e7cb41e7939d

SHA256
8572be02b59f4d514000939ec04a9b4e2380c55265256b724a617d8d0f4c6940

SHA512
dc81f0fe345b18c96b1638c67b9ef4c5e60059dfc4a02f3c30a23645d4847abeef46cf467d044c42597115c48052ce0e8ea24328382114a544c5dfd039a95e7d

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
f515d2c852a1d32cdc3328caf733dcb1

SHA1
f22fbbebfee714355c0ba6380e543193d4938735

SHA256
99d709301cb60e0691d622dca8e4e071a9888bef47c64d98d2153fbd74b70a64

SHA512
b4ecee23d400a13c6e2c79698420da6612c647953cc04ed040b6acf9563aeb741002b18bc18312151852655a935e1fbc5d21e49e96ba350ec3592b50b0f4de1a

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
8df98b7e7bd54e747c1765a0225d9b03

SHA1
7cf0b1e2b016cb55459d68478f4ae0116aa2ade3

SHA256
0146989838b64942170e4ccf3eb4889790ff6004d342f119120ade2299c0c41d

SHA512
f2a014a63939bc4018131ef0279781eb2ac974f23c3cd171dc557652878f3c8be4a56fee0b9e2cc63c5b53cc885fd3842640306c0ffdfc6e2343a64b92fc5079

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
381B

MD5
15d61327e635409605f1166cf237c3a5

SHA1
7e385086a88fb164eb912c1c40af4d8f3e04a542

SHA256
02ea97d33c3a2c1d3660649e2e43307eb95cba9998825c2298b98b1f78d46ae6

SHA512
b2127345d1052eee607427ed708925853481adbff39fb83b4bead0280ee286aa75035465a6d460fba1361d78c8417c01116b56bf626861884a2088b3cdc46484

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads