d6493008ecf25d8c7683c0e38264367f2ba7d32dac49f3be2a437be2a107863a

Analysis

max time kernel
65s
max time network
150s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
21-05-2024 14:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

638f6d37087a8a3b7b7ae55b8fa9188f_JaffaCakes118.apk
Size

9.8MB
MD5

638f6d37087a8a3b7b7ae55b8fa9188f
SHA1

8a7db92f615b022d4ac7f992003b4e58a614bfc2
SHA256

d6493008ecf25d8c7683c0e38264367f2ba7d32dac49f3be2a437be2a107863a
SHA512

59287a4be53482225717d3afa3975065ef74d36f215215dd3e527e1da872b34b1cbb9592a67622b3abb2c20e2120ac421e7caccfa037b0eda8a6ca10bcd7d849
SSDEEP

196608:HbIBCf8L4EKrq5QFSa75gXeMVV4fsBlnmP2+xL5bAFyHAHaMhNASQ6:8BC1BrQOjfsBJmP2+xL5c0gHaMhNhQ6

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.xmcy.hykb

description ioc process

File opened for read /proc/cpuinfo com.xmcy.hykb
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.xmcy.hykb

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.xmcy.hykb
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.xmcy.hykb

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.xmcy.hykb
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.xmcy.hykb

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.xmcy.hykb
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.xmcy.hykb

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.xmcy.hykb

description	ioc	process
File opened for read	/proc/cpuinfo	com.xmcy.hykb

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.xmcy.hykb

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.xmcy.hykb

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.xmcy.hykb

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.xmcy.hykb

com.xmcy.hykb
1⤵
- Checks CPU information
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5179

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.xmcy.hykb/databases/cc/cc.db

Filesize
36KB

MD5
67c12933d1e0e63d9801a6aa43092ce7

SHA1
b6936908554e4a1986b8eb08289e2d3545e8ff74

SHA256
abda5dd4cc2e7dbb951637c4b49d6990f9f34411fab4dee1a387dbcc8e7eed40

SHA512
db8b818daa3ff4ec7678645f84bf8b45c809bcbb758ea78b28982d071572655bba2d20e6f1ca4f0d057ab34fa655c5bc40457dc65050180351a2fc04a47175dd

Download Submit
/data/data/com.xmcy.hykb/databases/cc/cc.db

Filesize
36KB

MD5
0908e924aa236931dc7166fef6e00862

SHA1
7782648d6d8f6e835bd47058d4852932c096a467

SHA256
38f8548795ca7470b449dd1de9598c07a247ba59883c0764c9c96ff0b7d31d7f

SHA512
3c16fbc5172aed04cd206e776c46d26e911732c6e3631536410a71f1d217449475727ac9b3175e827c5ce645a1da9e05900258ee6ca27c936a9060f241361dee

Download Submit
/data/data/com.xmcy.hykb/databases/cc/cc.db-journal

Filesize
8KB

MD5
433da7db2d01e765b2d9a2da559829f8

SHA1
d22741e7f3de59526f23d9be43edf8d7a5627512

SHA256
aa4ad6cc85d4ee627d4493cc148afeb270b108f66739546d8d244face971e3fc

SHA512
26b6d3689cffc96f669aaed8cd57bb5ebda2d724bec6ef073376c745bbe3f32dcb2959f2d1dff9812c72a030adb6c0732b4bb74296c12a55924bbf3de9fa0a18

Download Submit
/data/data/com.xmcy.hykb/databases/cc/cc.db-journal

Filesize
8KB

MD5
733b11c8133807b91f381f512697d496

SHA1
3697e1bace600875bf421d6926ba44d50cd4909f

SHA256
14280ae3b65a646cf4bf316942a1e1bb42766afcd58151d740abdd7ab22d8928

SHA512
53a21549aa9fd84a6054553f4800c5468048f481be09abd442d5940a1c929f4e100992d0528611e02ec46840a518e48bee102c8f1444a6b1d27ae3af9c851b00

Download Submit
/data/data/com.xmcy.hykb/databases/cc/cc.db-journal

Filesize
12KB

MD5
0b06e00414d8feaa0ae74f92f05bfbc9

SHA1
ef9afc4f6fcb0c0c450b28939636304636374433

SHA256
c7e37fd4c987cd5dcecfe434f7d7a863c5f965e6782e01248b3e4174767e8c16

SHA512
74d7a259aee6defd4da4d10ded2b397dba8916c974a5bfbd2b922ac86a0f4670a539666c8f656c1e5867764f3fb433b0a5ca29c837586a39914f791fbd8de8af

Download Submit
/data/data/com.xmcy.hykb/databases/cc/cc.db-journal

Filesize
512B

MD5
d34287931674142391167cb203b722e7

SHA1
62599b7477e09a96b71e74b08610f90eb2e5eee3

SHA256
437e55ccbedc6f61edc0de0c0340655bdee6bf6f983251cbb7530bfab8330dd1

SHA512
5fe6c790886d88a4f06410824c99705cf6ae6a7d9d17d423f90f417ee27801de86003b55c16e22acf53ab8083ff0dfd4c52d9a54ac424da1624b302fa63937f2

Download Submit
/data/data/com.xmcy.hykb/databases/cc/cc.db-journal

Filesize
8KB

MD5
aab160ad7d1a8bb189b09296299dadbc

SHA1
a6ab2c37f15635255073bb2411abf35f851713a5

SHA256
d8d7756844e7e23f190fe25cc361106a1c774656600284d4a390e17d19627966

SHA512
ce4a88204245837cf76444ceca60fc1898d4348232bb0e6c69af7806ab2ead2b88a6f8679a180ea43693e293c3db39bdaa40d19907a2bee73281871eb47d54e8

Download Submit
/data/data/com.xmcy.hykb/databases/cc/cc.db-journal

Filesize
8KB

MD5
2fba302ec3c6c4f60f3906297077b03e

SHA1
0f1d4eb1d19c51d53edffbf291ef6280947e50aa

SHA256
71a707223985442deb38fa52b247ce58ea107c5cfb0ce8d3ae352d8fe02712bd

SHA512
cab4db6ddf9e9a2c852d219b7cac375738e4109f4fe057348617415650d7b5a8d61fa22e2c33096b92b892652404559c91dc4e79c556ea10f11642b9318e713f

Download Submit
/data/data/com.xmcy.hykb/files/.um/um_cache_1716300558894.env

Filesize
1KB

MD5
5cbe46a392059a09d8e9b9314077310e

SHA1
e64c9d27801decaac804691eb26c878261f88218

SHA256
e67da02ee657ac0366878b8b46a831eb373672d9d7f2d26098f2408195f0c7ac

SHA512
92fd4e3ac7de16205f9275dae08e67a36e1e27595b4538c86b391ced5770c025d374e6e793dac6bb45c2a195b5334de13c4d1c745aac264e1c14cc534aa479d3

Download Submit
/data/data/com.xmcy.hykb/files/.umeng/exchangeIdentity.json

Filesize
162B

MD5
5bab76d124fbde2aa21d2e2a5f342615

SHA1
805e2ee55a5cf7b87a2f909437cfcd9905279f0a

SHA256
fadf3ecc3965150bc3c7ec8111fe1222de8aa24076b3ef17a3577a931bfd6228

SHA512
b5f39627bd324d1ea04a4450528a7d222137fcde2f66525bf705792c0e26ed1954cde05cf3ae3c68ee52a9c7406f7ef6b703f051f3e61d9bae281fceb45004a1

Download Submit
/data/data/com.xmcy.hykb/files/mobclick_agent_cached_com.xmcy.hykb204

Filesize
1KB

MD5
115af2cf3b369397dba4ed1aae0363f6

SHA1
0bfa47acd935e660414aecd16c0c45dd25d9e1de

SHA256
2733b5a69ed208a1d0a43a8f63e8956d6bc62197eff3dbcb577e9087cd99c7c3

SHA512
b5886749fb884a210a91a0210fbba00b6b23896b4dee71c675226ba0d89e94afd1493d0496b29cae9d5cb7927763bbc9e82b374b6315d9b04b1fede1f94bbf8f

Download Submit
/data/data/com.xmcy.hykb/files/umeng_it.cache

Filesize
348B

MD5
a2246618553923ac7ef38d07f8e6cc67

SHA1
1f7de000b4b88ed412371e7d4e5abc34344e9861

SHA256
a56c1108a3c30672559b62d6888c6e4b16ba042d34e5f96c6504ae576c2d63d9

SHA512
0bbc948d365e7140aac7b8690a57be17f7cbc923b4531f093e6d8e11acb50f7c92f4246a55f9ca5d5245e40d87a111f2ee55d74c41b409585d68e515a81a0004

Download Submit
/storage/emulated/0/.Android/hykbData.dat

Filesize
34B

MD5
dad78f8701ea9595e08abe52227a1190

SHA1
d2d240180fecb47253882182b31dac6ae8fa18db

SHA256
6fc5c24ddcfc04bc024938ff3be491bab06c819a76c901933f00aa09a0160371

SHA512
f47f8743d57065d3ee53df6f176dbfbc31d71fef5d782d5575ebb2438770d40d473fb82e0aab887c09c09651abf18e931f34105f1cba72ee457f6267d4021926

Download Submit
/storage/emulated/0/Android/data/com.xmcy.hykb/files/tbslog/tbslog.txt

Filesize
11KB

MD5
72baa4f5c47e65f6ff329b849261d877

SHA1
ced85431ac4f670d340931478a393dc8d8e3118f

SHA256
ccf080c47cd51b5fb55b162275bf60984cd975885f95e71af79a87dc198e0f11

SHA512
adb2a0c498d7d7a4488e3b9e2132b466c251516caa23ab1b93128ca4636eef688050c21499e17940027b49ba80d8b63adcbdfbfac414301c432bf6faa7437729

Download Submit