d6493008ecf25d8c7683c0e38264367f2ba7d32dac49f3be2a437be2a107863a

Analysis

max time kernel
65s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
21-05-2024 14:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

638f6d37087a8a3b7b7ae55b8fa9188f_JaffaCakes118.apk
Size

9.8MB
MD5

638f6d37087a8a3b7b7ae55b8fa9188f
SHA1

8a7db92f615b022d4ac7f992003b4e58a614bfc2
SHA256

d6493008ecf25d8c7683c0e38264367f2ba7d32dac49f3be2a437be2a107863a
SHA512

59287a4be53482225717d3afa3975065ef74d36f215215dd3e527e1da872b34b1cbb9592a67622b3abb2c20e2120ac421e7caccfa037b0eda8a6ca10bcd7d849
SSDEEP

196608:HbIBCf8L4EKrq5QFSa75gXeMVV4fsBlnmP2+xL5bAFyHAHaMhNASQ6:8BC1BrQOjfsBJmP2+xL5c0gHaMhNhQ6

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.xmcy.hykb

description ioc process

File opened for read /proc/cpuinfo com.xmcy.hykb
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.xmcy.hykb

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.xmcy.hykb
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.xmcy.hykb

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.xmcy.hykb
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.xmcy.hykb

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.xmcy.hykb
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.xmcy.hykb

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.xmcy.hykb

description	ioc	process
File opened for read	/proc/cpuinfo	com.xmcy.hykb

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.xmcy.hykb

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.xmcy.hykb

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.xmcy.hykb

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.xmcy.hykb

com.xmcy.hykb
1⤵
- Checks CPU information
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4312

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.xmcy.hykb/databases/cc/cc.db

Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/com.xmcy.hykb/databases/cc/cc.db

Filesize
36KB

MD5
5d7ea1a23af19b4340cc8d90f28297d5

SHA1
4cfe95b23a9e98378d69c4290af81b51fbe76aea

SHA256
474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

SHA512
33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

Download Submit
/data/data/com.xmcy.hykb/databases/cc/cc.db-journal

Filesize
512B

MD5
e294b6597b506c2858d10ac6138a0006

SHA1
8b697088c47e65ac252cdf1ae508224657fce0c8

SHA256
0b5c9e1420b377491779a8fbc97704f27a830bb04f8935a5be9fe89af5459a08

SHA512
e3040bd4b079953eb47e1863221a1838d413305fe06f72b8711900c02766a9f7aba785eafd1a105d23a1222da973e18135e69adb7a959575fa9e7587bf099d28

Download Submit
/data/data/com.xmcy.hykb/databases/cc/cc.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.xmcy.hykb/databases/cc/cc.db-wal

Filesize
16KB

MD5
ae5c62747aa9323c2930f287f026cf56

SHA1
03e99da6b61d1a063d0485c7dbf94d58169aa2fb

SHA256
f8a768a29244b6f0fea4478f8a3cbf84f019b940bf8be88c1ccbb7a488be718d

SHA512
a03e4e4582dd10e6fc09c5ac226c767758a056d01bd2d38566c9999af3114b98765fe0651ab2b9f51568bc893d07e2381b6d917420852c9f4c27c5fd515c0b0d

Download Submit
/data/data/com.xmcy.hykb/databases/cc/cc.db-wal

Filesize
48KB

MD5
d339d41344dba45dec5ee4f1a0466a5c

SHA1
b07569c077859ad0c990ec4b1e3a8374ae711c6d

SHA256
0cac3b1d838bef3dbc5ef1845280c694c86e500b604b217c6c4cacba9d3bbf9c

SHA512
549d0792b19fb05270c1736ef107db12036a2e664a4ba29d2d1b31c1e9cf0423360d844f82335327790649a25f2bb3daecf48acec3a6045c41031a6da3620953

Download Submit
/data/data/com.xmcy.hykb/files/.um/um_cache_1716300556019.env

Filesize
1KB

MD5
0bdb2da99be96a1737de94e35ee9f192

SHA1
dc2bd5dfde753456957a766fc76f802d1c1ed7a5

SHA256
9a18f05651f33f4995a51fb7c972cf091475f7c9042155f50bf93aecf222ea75

SHA512
111448a85788dc7d74dd29e0014f28fd04d9dcec0d7629cf00f52280ef93b53dbcec6f81f4c7cb1332405e3f2eb8212cf6e11679bef157535362df5a4033d50b

Download Submit
/data/data/com.xmcy.hykb/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
1eb8c0dd26973efa9c7ec9d56a732efd

SHA1
4ef58568ead56bd1c3f22118c2d755a195a4034e

SHA256
8398c02124c4733d46c14c4119b29110c38e9b38c8ca3851d1e555af28028f96

SHA512
d3b21108f5c72a59f7c88ae3878e5a1df36ecf826f8b55796106f478b70213b4f5a079e41904bb5c8ccb50f13089250b45be065945c1ba531b0a91b71087b447

Download Submit
/data/data/com.xmcy.hykb/files/mobclick_agent_cached_com.xmcy.hykb204

Filesize
2KB

MD5
a45854c065899e7fffd60a1318b8ee42

SHA1
26b9767f9d1ef58c375a188d5a23c00f1c6ae20f

SHA256
55d24f589593e3daa3ce4e194bca9c7d0c7e545fbd8b6546f8143bc43e0d7612

SHA512
ed091193cf1ba844c98da9692d5763ed5366faa84e7392e842fd5e09656bbb42a3cb91ade596665223d5d1b0a00aad4474daf3d673dd2d1484be234e31fe5412

Download Submit
/data/data/com.xmcy.hykb/files/umeng_it.cache

Filesize
415B

MD5
b22782cdee99edcdd1711565db5c2a18

SHA1
2e061cb625b80982f0663dddab81086e084bbce2

SHA256
f754f5ce26d8af1b1571297ca03e50bedc63c7cad83ac5ac6ea97412d0a22f2c

SHA512
6ac5ff6b7786823161ed40e7bb71793cefad23856869efa03ed15bb344322dab94566cea99f9d1ad12167cbb9d126784ff33a271de23ba90f5d80dc6e1276f1e

Download Submit
/storage/emulated/0/.Android/hykbData.dat

Filesize
34B

MD5
cced08fab151ac766ec3201b313b4af3

SHA1
5560efdee2df3dcb029daddbbb702dc5f8f9f6af

SHA256
e9f61f5bbea785087e3d569d8e392a93e6780c2a6734b2dc623329c6ebe6dc50

SHA512
5044a4b2582fa59559b438aa20342065cc056bc5cfd637f54d4840db183ef6175dd154615259267e88d72b8d89e20c7a2508a29128e2304a807e2d70e1575c45

Download Submit
/storage/emulated/0/Android/data/com.xmcy.hykb/files/tbslog/tbslog.txt

Filesize
11KB

MD5
faa34e5776d4ed24b5245abbd31eec86

SHA1
8600eb607c73ed3d7bfd568e81b73fcf48af01fa

SHA256
3ad0825624793865fefeb52898295e524f4a7a0723018dd59f02e86587da9e2e

SHA512
c23763482c9c5b9d498df5030b9f35c51c3c6650530c22f8bb4457df0f35a13fc8d6a287eac2123f16ffd663206d7dc5cdfd5c4c34d81084e68a96cce2021b58

Download Submit