dae6532ee6f8a9b0ac93ced01adec6a2f424d49d0fc77ee36dd35e48cb39ad12

Analysis

max time kernel
146s
max time network
153s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
19-04-2024 13:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fa73c3b2c5bfa60db34b87c1d2722b7e_JaffaCakes118.apk
Size

5.1MB
MD5

fa73c3b2c5bfa60db34b87c1d2722b7e
SHA1

dca8468f65cfae41ea6b309fdf428abf2f73cc59
SHA256

dae6532ee6f8a9b0ac93ced01adec6a2f424d49d0fc77ee36dd35e48cb39ad12
SHA512

7c9177fcc3cf65f9eca84358ad513a163f1cf6f058d745f93daa34260f7975933108c6b222c6e35500c623c981faee9da5e14351ad40493ee113804b33f8b823
SSDEEP

98304:gFtu6jFCSHeUuimveIa1BzZmNfgd7MdhKb2NCOQlyZSZMMw9EnM3Th+71QpRDhH:euHCtuiwer1Lm298QkZSZJUhu2X

Score

8^/10

collection discovery evasion

Malware Config

Signatures

Requests cell location 1 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
collection discovery

T1430

Processes:

ChinaNote.Activity

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation ChinaNote.Activity
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

ChinaNote.Activity

description ioc process

File opened for read /proc/cpuinfo ChinaNote.Activity
Queries information about the current Wi-Fi connection. 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

ChinaNote.Activity

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo ChinaNote.Activity
Queries information about the current nearby Wi-Fi networks. 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
discovery

T1421

Processes:

ChinaNote.Activity

description ioc process

Framework service call android.net.wifi.IWifiManager.getScanResults ChinaNote.Activity
Reads information about phone network operator. 1 TTPs
discovery

T1422
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes:

ChinaNote.Activity

description ioc process

Framework API call javax.crypto.Cipher.doFinal ChinaNote.Activity

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	ChinaNote.Activity

description	ioc	process
File opened for read	/proc/cpuinfo	ChinaNote.Activity

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	ChinaNote.Activity

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	ChinaNote.Activity

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	ChinaNote.Activity

ChinaNote.Activity
1⤵
- Requests cell location
- Checks CPU information
- Queries information about the current Wi-Fi connection.
- Queries information about the current nearby Wi-Fi networks.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4473

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ChinaNote.Activity/databases/access.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/ChinaNote.Activity/databases/access.db-journal
Filesize
512B

MD5
28a2a6b260b545ce99292eb0ef6d1028

SHA1
b0645a323b60db5bf56d78a097d35042802d711b

SHA256
3b678ca07101066dc67389abe7a5ae946fca94dce5393e0ef91e678fb4a9941e

SHA512
fa73d9efc68e90d4d5239ed60f49adb96c137dbfff661c24b661c92089273ab5eb8d80cb02b886f98d945d863b6362d4c41f011d292fe28ebafc9f6a23c0a4b2

Download Submit
/data/data/ChinaNote.Activity/databases/access.db-wal
Filesize
32KB

MD5
aba90c6f4ce8f9e3ca0b434e32fde556

SHA1
7d1010f85fcdf9c55b451e18f8791fda65149694

SHA256
99a69eb43af64b0b3e5448b1e71d32378e36cfca46b4280f5b99bd210418fc98

SHA512
9ae6f3f1bfd606b205599ce6a1454a9a3e767de3acb8842ac1e9701fab4e893de64c562312fb170abcb0384cdb936e8287736eaafc8bc55b3216c48527f1275f

Download Submit
/data/data/ChinaNote.Activity/files/.um/um_cache_1713535245513.env
Filesize
597B

MD5
98c5df062c1f03edec86932afc793be3

SHA1
bc9353a517e590eb4f7973f053682373d3af6f88

SHA256
b6c48a1190295bd9c1837430a2d1badcfa8cd5ed2789909bb41919d3264b062b

SHA512
ad9a97e9923c875e46505ceba3654aea7fb61ef3eded0b665db248d0e2fd35c7bb209b0412ad956ab51a0dd498817c80420308f2656e41ccce7d9a54b21aa58b

Download Submit
/data/data/ChinaNote.Activity/files/umeng_it.cache
Filesize
310B

MD5
fcdbdcb6d1e754137657d0514c2d02c7

SHA1
eb1e3beae0fd8a657b35891352f95c3e2f935146

SHA256
1104b6e5eb1e49075f3432a20b268277270464e31177d9d41b25af1a015dce4c

SHA512
0ccad8e3e054d71aefdbf15df91efb76891735020f2632fe87f8f4b77fdd455f245225acc79a268b394478d9619afa74649f8fd831e0e748474aa970e7412ff2

Download Submit
/storage/emulated/0/ChinaNote/ChinaNote.db
Filesize
10KB

MD5
c1c7718cc2885c988510c98cc09506c7

SHA1
d1bc9877d4f969c680f758bdc422b0b68d23f4f5

SHA256
7b30ef4c5094a4302b736871d794c31bae4c869ecdfe712b0b13392726a22ed6

SHA512
0f12c9c9e721ea76673876f685f26424697488c781d0014cf2ed89164e32d4db38185bf2235a8978e5d452c295f303d3db3f4e9d81f382b4a308f114d31d41d0

Download Submit
/storage/emulated/0/ChinaNote/ChinaNote.db
Filesize
1024B

MD5
87f4c55119f1ed757071713249bda50a

SHA1
465f84b44fd0b7a7c0463e16b672fbe9c8782c58

SHA256
d47e5eb72d34d2e2e1f42b8e43fd91498ced42d7646d777cad2404308f16f86a

SHA512
2248a964bfae21d9fd4e986dcf926e631f40843e030326755fda04c4256e73d60f88ba5ed20a1fa0bc9dd0e61a8b5ee43e619b294df2c6e6deed77d34fcda8d2

Download Submit
/storage/emulated/0/ChinaNote/ChinaNote.db-journal
Filesize
1KB

MD5
ad259a382f894017bf86ae45cd4e04ab

SHA1
d1186322efd44a632353873a41be8a86462e19a1

SHA256
23dfdc7b21535f32a38a868832f08bc75dccfc39989d193d8fd7c554c871115f

SHA512
838ee7b069aaec887a385706b428c20d253d9ed06c7dbefb9ac16c42995448408d412ccf5a3aaab61e72dfcbf17c30044fbf2982f19c55e74f24f5866700c199

Download Submit
/storage/emulated/0/ChinaNote/ChinaNote.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/storage/emulated/0/ChinaNote/ChinaNote.db-wal
Filesize
6KB

MD5
2069bb5fb328e946f25f725a4e25617e

SHA1
07d92a8243ed0bff7b0c18d224461cb002206d68

SHA256
df1672fa074058734a42eb0d55d9afbd7fbacd35ce595730f694a4d9d9a498dc

SHA512
74186d6748ac2ee86b46e11b7383f6ee19963a24a8219beaccdec9875dfedf49ad54f3af3c27b54a1451a2375aa09f82107892110ee705811525709ee6ce46ae

Download Submit
/storage/emulated/0/ChinaNote/Fonts/硬笔行书.ttf
Filesize
3.9MB

MD5
3ac6a29e0dbd93a29f2655fdb30d17b8

SHA1
1c053f5e91a3d70a2674db8937090274b2328ab8

SHA256
ccceef21d246bc7f8164732da74310bd89e260a1202cabc391c254bc08565b5f

SHA512
00f11a09b591d20b9721746487625c7809787e92b2c42692a01774fd09c6b010c85b6d9413682a99d68982cb3f3ef5dd731d57e54e38be873aa6e112aa30e2ff

Download Submit
/storage/emulated/0/ChinaNote/Log/run.log
Filesize
74B

MD5
ac6c648fec18a925bb968cd072aa6941

SHA1
ebaac7890d44e08e6a5038f56a6dec75318c9a6d

SHA256
c3ef9e3644df8651c78966da46133c3d4a0146d5079b776e3848764b22363877

SHA512
c699dc3fabbdf7ada1379c08c3dc851c03a157ef3e471c7b31345d72e28856b4dee90c86f81b3be5565f5fd8915b752666de785e06ac751c619040933f8fd613

Download Submit
/storage/emulated/0/ChinaNote/Words/image.db
Filesize
4KB

MD5
3d31001bffaccc4eee898cc9e1149f33

SHA1
164e2181e2ceeea1733e2360e54e6dfeb783e19e

SHA256
de315ae55f6c067802ebabdb2f04d3b7607570c84e8eca15ec812f4f88e95586

SHA512
e65ee7c9d50b15d061b5f0d6936a6c189776f9100b602dc91c853be6819948edd3a46b735f46c309445ce50a6fd19fda981dbe56b95829006281e30941cbcb91

Download Submit
/storage/emulated/0/ChinaNote/Words/image.db
Filesize
1024B

MD5
6a4078293322d40e8094760c80935d80

SHA1
cbd984909bfa3e92c91757153b6bd8e1deae7f98

SHA256
29462f7ae5104299ca54949b2b1613ef10bfa2a27501b5d3bbaf9ff1b5ec3ef7

SHA512
2cb638b4d311e6979ef44d3a56a50b216a02dbd04bc10dbd70353998e50b98afed6bcd914aa2962030d21e62d410b5389f9ce033d98826ac14cb615e82d553b4

Download Submit
/storage/emulated/0/ChinaNote/Words/image.db-journal
Filesize
1KB

MD5
93ec65f154b62df64d56f5709026a78a

SHA1
3093d88da89b3a8f17c46100bddc156b7d4bc4ef

SHA256
cbefc4675d53c267ed0927c7cdc063f8e36f773ced992223996a025dafb33dae

SHA512
31962fc06d016ca018630fead1f83c9b23f83ed72a12f4b167fd766b5aaa1547347d680c1b47ebf5f8b7a653e7285fbeff71cf608318c1e7d2446f0d200a16ee

Download Submit
/storage/emulated/0/ChinaNote/Words/image.db-wal
Filesize
6KB

MD5
fffdf7499e2c21cb616640c1db94b889

SHA1
4af4eb8a00a140c237440e0c47fbeaa56d36e4fd

SHA256
492a5757507e893cd60cf07283e322454fba351eda71651fff5b4a90671f277a

SHA512
dac5e5d3fdbbca2fca32588eec8c05ab3e382014cf4e7bbc147bb0748f8add813d648dea52c2d4b0ad9d5df458fa67e4c726fca60841e436e2de8ddfce81b113

Download Submit
/storage/emulated/0/ChinaNote/bak/ChinaNote_20240419_tmp.db
Filesize
10KB

MD5
ab563890e831ff13c069f87d32a6cd03

SHA1
8367d4986659f47a05769fb953f242bfd72dec85

SHA256
ce81f96445a8b8617e3249fb79d5f4addc237c2eb4befa2decb9631eec3258d3

SHA512
9216efec7fac13f05548fd2ea898f51e6ce7b5900baba8ebbea92e6d6dd1d24b8956bfafb1c7fc0f67ca697bf653f70760509a44b3fc0477aaffc5a894e792c3

Download Submit
/storage/emulated/0/ChinaNote/info.ini
Filesize
32B

MD5
ea5d98d6c6d9eb7c51b79ba002684aed

SHA1
08473de1b8f337efe7c7bc3e4f1bd583770f840a

SHA256
425f57960b1a1b0cacf7bafe12371e921f039091c49583b29bbbb63c6f4776a7

SHA512
d9dc9782ef3fdf1f04b47e4008dc801193ac1636635b582356424a606a6b41256a6e9de000788a37969d214905a87ffaee08fb1cf490279956a1555f34f649bc

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads