6174cc9bfa3c267fc916dbabc3c2885f88d844f1f9b59708f65b9c74a995ae35

Analysis

max time kernel
179s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
21-05-2024 18:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

645d1f6b879a251b9e6108aafdf118c7_JaffaCakes118.apk
Size

457KB
MD5

645d1f6b879a251b9e6108aafdf118c7
SHA1

59b4cc41b579f596b3a48d4a1ce7e21d8c7a452f
SHA256

6174cc9bfa3c267fc916dbabc3c2885f88d844f1f9b59708f65b9c74a995ae35
SHA512

ff8ac0e6bf06f696bf403e464babec95ff4a081fedb1363053b70356482ecfc25239558b3f7cd2f237b3571f7809f8db4c3730a829f006e6adff8d8610aa85c9
SSDEEP

12288:YHLBlRc5lo5UMDZzd9pQIz2MZVfso0tweIYel6Q0f3I/rr71Y9tIry:mLBlRDZzd9pQIz2KSVYYfQ0v671Y9tI+

Score

8^/10

discovery evasion impact persistence privilege_escalation stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

T1628.001

Processes:

com.i6uu.knowall

pid process

4276 com.i6uu.knowall
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.i6uu.knowall

description ioc process

File opened for read /proc/meminfo com.i6uu.knowall
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

com.i6uu.knowall

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.i6uu.knowall

pid	process
4276	com.i6uu.knowall

description	ioc	process
File opened for read	/proc/meminfo	com.i6uu.knowall

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.i6uu.knowall

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

T1624.001

Processes:

com.i6uu.knowallsystem

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.i6uu.knowall
Framework service call	android.app.IActivityManager.registerReceiver	system

Tries to add a device administrator. 2 TTPs 1 IoCs
privilege_escalation impact

T1626.001

T1640

Processes:

com.i6uu.knowall

description ioc process

Intent action android.app.action.ADD_DEVICE_ADMIN com.i6uu.knowall
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.i6uu.knowall

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.i6uu.knowall
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
impact

T1471

Processes:

com.i6uu.knowallsystem

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.i6uu.knowall
Framework API call javax.crypto.Cipher.doFinal system

description	ioc	process
Intent action	android.app.action.ADD_DEVICE_ADMIN	com.i6uu.knowall

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.i6uu.knowall

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.i6uu.knowall
Framework API call	javax.crypto.Cipher.doFinal	system

com.i6uu.knowall
1⤵
- Removes its main activity from the application launcher
- Checks memory information
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Tries to add a device administrator.
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4276

system
1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4402

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/Android/.android/.hzconfig/.okp/BeanZhan/log
Filesize
100B

MD5
17da4cba3b238ff94cf62c3713dd71e3

SHA1
2860bfbf68aca880dd7eb5716204c33b1f0e7534

SHA256
9df1f837be4e75f9fa1bbdf1266632b19bf76fd8d6da26cf43859dc65b3a9a8c

SHA512
a2c251b3d9ba4f89ca65646029cef8ff195441e0632e719cd3dacf72c14b7d875f4cee5985af8eb0981439d8c775c56a225ebcdf05f99edec5e2e241f7867b70

Download Submit
/storage/emulated/0/Android/.android/.hzconfig/.okp/BeanZhan/log
Filesize
224B

MD5
9932ab958a3ad33779e8a1f943831192

SHA1
22ad5068409a9e44903cc1256324a5e3abd96462

SHA256
bfcb81ff5cd3470d212e2bae4a7b872dfdbcd2a4173ee3758d47c94a1c684a53

SHA512
68910ae3d434a069a08c5715e28ec8d0a318ef1143833fb50f2efc1cf13ac0aedc44a78248f37f2e80b702ce125810f774c1f655a5235aa49af897fe424ec3ee

Download Submit
/storage/emulated/0/Android/.android/.hzconfig/.okp/BeanZhan/log
Filesize
100B

MD5
135742eb16b419443f94e025f0fc8b72

SHA1
d71d8bbe0c03f72b1c5e276e213c833e16a25b3d

SHA256
7f7b2e09a8f38432fe7c078f4b65f4e528b832b850dfce83246b74038cbbfd19

SHA512
3f56f6743b25601289570002c55a5a2d3a6903e475db39195b5c57da90d19f168bcc37d2807623c15569d526377c3dca8b98e557cfeac7d8f57a3760a6480d7e

Download Submit
/storage/emulated/0/Android/.android/.hzconfig/.okp/BeanZhan/log
Filesize
43B

MD5
257aff5b76eebd078cd44a412b3c4264

SHA1
2ff8a4542c9ae0a694668c55df691854d9c8813d

SHA256
9fe7fb86b39bbe393f374adc5eddd20f6d4ff2b5178548add095c86240213105

SHA512
e046856e0e4a4555fecdeb965e4d26f620a1e89ec0aefb17a0c75b8ead44bc332e40d4237f3c81dbefa92627cb75bcf2ef79849179b3da7f60f87beecd59353c

Download Submit
/storage/emulated/0/Android/.android/.hzconfig/.okp/BeanZhan/log
Filesize
43B

MD5
00bf99b40e022253cc4cf68578c40fb8

SHA1
fcaaa46e9399868d13d62a3e74cee966f1419a34

SHA256
f2c6bddcf7fe45fb41146a0ef31c3ab612c15061c292df95f1eed4b70a8e4deb

SHA512
15aaecd110d3389c1ac62c9b601d470e887f987a3aa765b8e7cab8923fa1139073901806cf3569898440ffd5fac575472232c50f871e8e07df4e3709358ef6b5

Download Submit
/storage/emulated/0/Android/.android/.hzconfig/993a943c7a6f65c5f8dafb8d30175e0c/c-count
Filesize
2B

MD5
897316929176464ebc9ad085f31e7284

SHA1
09d2af8dd22201dd8d48e5dcfcaed281ff9422c7

SHA256
9a271f2a916b0b6ee6cecb2426f0b3206ef074578be55d9bc94f6f3fe3ab86aa

SHA512
a546d1300f49037a465ecec8bc1ebd07d57015a5ff1abfa1c94da9b30576933fb68e3898ff764d4de6e6741da822a7c93adc6e845806a266a63aa14c8bb09ebb

Download Submit
/storage/emulated/0/Android/.android/.hzconfig/993a943c7a6f65c5f8dafb8d30175e0c/c-count
Filesize
2B

MD5
b026324c6904b2a9cb4b88d6d61c81d1

SHA1
e5fa44f2b31c1fb553b6021e7360d07d5d91ff5e

SHA256
4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865

SHA512
3abb6677af34ac57c0ca5828fd94f9d886c26ce59a8ce60ecf6778079423dccff1d6f19cb655805d56098e6d38a1a710dee59523eed7511e5a9e4b8ccb3a4686

Download Submit
/storage/emulated/0/Android/.android/.hzconfig/993a943c7a6f65c5f8dafb8d30175e0c/c-imsi
Filesize
16B

MD5
11abca93427a493510ed491065c59d7a

SHA1
9008fdfd52416ea229a86c51158b97a8dec99d73

SHA256
6ba1d8b50f60723da697630dea4bd14da5c2230b6c0bce1c2170641888255157

SHA512
e2dddf4a4c9d29758869cbc42c081879f88480c81db3472ece54a972a0aed8732dc43623edd264d4deaeee38173badaebdc034e6051e52a12bbcbf9fc4abd168

Download Submit
/storage/emulated/0/Android/.android/.hzconfig/993a943c7a6f65c5f8dafb8d30175e0c/c-intercept
Filesize
449B

MD5
b68d0e79c4e8e441a14cba2a929408bb

SHA1
82127d8b2466d502294950486e30e7584ee3878d

SHA256
a8b55a9d389ef4c5e03457142b0421421b4873ba011ca61253deeb7726d3ca50

SHA512
010556dbaeaa4cd44ce1773ed35cf893684d46fe9498df97cfc7a3e86c2ce060ef9e7bd14c8c46e19c732de4c1d927281b0009e96ec11529c6183bc03e1348c6

Download Submit
/storage/emulated/0/Android/.android/.hzconfig/993a943c7a6f65c5f8dafb8d30175e0c/c-lastTime
Filesize
20B

MD5
1f954c543b8468ce8405e446f652b3bf

SHA1
2127043125b03aeb089ec644005f572d5bc53a77

SHA256
3e637eebdccd8fd582775f8c7a32dd3aa7314e594783684f08e9e5b872083c31

SHA512
f176797debb4ff5018351ad65e84e636cab11b15c6c97405132b14a24d9103e9dff71bb6785bf410ccd8ac893bb4f94dc2b1a3e5df7fb5f9d3fc3517f44c16e4

Download Submit
/storage/emulated/0/Android/.android/.hzconfig/993a943c7a6f65c5f8dafb8d30175e0c/c-nextAdTime
Filesize
20B

MD5
adb03945d0f69e0f8e29e0e58d07d02b

SHA1
3f6efcd4de10f65d159fd9fdb940530ce453a05c

SHA256
f2a8881e9a3808c94de5edae8213b7d3bc5c10d6574805867decff716a2af814

SHA512
5c09d06131dafee1ee142df237edb05898b908c77b5aaf499177b01cf2a5e66a118793d44ae82c987696c88e298c59db935bf13edae50e6c59eb09a49df84b09

Download Submit
/storage/emulated/0/Android/.android/.hzconfig/993a943c7a6f65c5f8dafb8d30175e0c/c-nextTime
Filesize
20B

MD5
e0cf812053ffac15e6aca336855f3c07

SHA1
9f92b2edee0a4ca808385f2888d2efd051a64e46

SHA256
ef68587e6ac4b05484a0ee6901d8534d6af4d22d770d8173d66087d791a5c0db

SHA512
ee7ea6eea4511c565ac2354b51b74c50adc016d96e05ed19c001ec939c3a1c41ea4d00f1f00fba0cb833fdff6d880abea169891fb2fa6fa0701532fb74e356b7

Download Submit
/storage/emulated/0/Android/.android/.hzconfig/993a943c7a6f65c5f8dafb8d30175e0c/c-phone
Filesize
641B

MD5
03c03447e1afadbc7b36f708595c5d44

SHA1
c4fc425270d098606f7e79b756bd6fbaadc2a718

SHA256
84b9be03b1628f5c6b57506aa699daff7a0ddd54588a63e70dc3570f302fa930

SHA512
8ad31256b987843ce79e327cfabfb8c3d00968573ecd97c081577725acff32c8c5b8cfe7193833aa5be321dc9cafbb0fadf9e4ce06f98b06580709d1544bb9cb

Download Submit
/storage/emulated/0/Android/.android/.hzconfig/993a943c7a6f65c5f8dafb8d30175e0c/config
Filesize
577B

MD5
2cf4c28468037cc93de7b41e627cdb4e

SHA1
8b2c5ffbfd1273600afd48632cc0eab64f827952

SHA256
71117afaa4b3d414d4dc5a74e1061f1745a2b7e9f3d25a5220d51f3172201683

SHA512
228d2260f1c798fe2ebf357c2652ef951a3d015818bae5798cf90b99390578548fc9e7d30a261ac56e1a9436804b6c3802645c2474fcfdbf227954a964a9b42d

Download Submit
/storage/emulated/0/Android/.android/.hzconfig/993a943c7a6f65c5f8dafb8d30175e0c/index
Filesize
4B

MD5
a3aefbcbf31fa0bc12b9a73bc9d67976

SHA1
b9584684faa01e39bf3fa4db606dbaa86bb46943

SHA256
99a357b646bc6d0d81ac188c8bfffcbf6ab8f8f72a5d262fe81624f6f9a9a66c

SHA512
cd4cac5877e1c6998bb8e17966de516c6fa3169df25e81a8a3d3754288274c6312275782c52ca63bc7b443f4fb6cc629cc65f155ad290458f52abed8225ca5da

Download Submit
/storage/emulated/0/Android/.android/.hzconfig/993a943c7a6f65c5f8dafb8d30175e0c/index
Filesize
4B

MD5
ac63f03f800c493b3c24d008a55bee43

SHA1
21199b85aab05db95777c723799a71eb759a66f9

SHA256
4ea437cacd9ae36c26f66a0e6cb928dc583b669a1f1e01ba67a3c45c9929e875

SHA512
e2593bef6957521ab4754ae7cbcb71c4463fceec7dbfe27d843fea392976e511258feea946269b47e7bdef5bec4044573fe098f6a73d2590af7986c9dfdbff74

Download Submit
/storage/emulated/0/Android/.android/.szconfig/.okp/BeanLin/log
Filesize
34B

MD5
e11138cf3171a61f82f68128617ab523

SHA1
190aa7e54847de54497f75bbb022899dbffdc0ba

SHA256
f21bfe1efbeac3f88091a66c2f71cb3c838f75368dfc93eaee8213216018d773

SHA512
387613c84abe233b9a3f0ae0990a0e976db89ff031ac8241048546dac0bc13c7f17c02af6c09576723a85586b701b70ea2cc0a1e57e6342ee5b3150ee3d4de84

Download Submit
/storage/emulated/0/Android/.android/.szconfig/993a943c7a6f65c5f8dafb8d30175e0c/c-intercept
Filesize
449B

MD5
0a909baa2a7964f6876d98b5924da185

SHA1
17fe9662c6b9ae4e4b642c47529976e69f877670

SHA256
e8bbcd33ef7d5142b898fa7a8727bed5010c3d9e381fb46c658503669c0aa0a5

SHA512
7485b503687c7c173371a03041c153543d2e2c9fd8b183ada4ce7547b65f78c5e712a7274e059ae9dab7a2edc959a7fd4bcb220aa8a680a10d0d2365761d3293

Download Submit
/storage/emulated/0/Android/.android/c-imei
Filesize
15B

MD5
748d9beeaa1899252a7365b780b95fb0

SHA1
2158cbe9044f2b138df0094615afe6616e526c9d

SHA256
59290d2d5a77605f8140feb82e44e8438115fb2f93dc56ed4c225b88c21baaa8

SHA512
cdeb0c4cebf1cc96ebda6940763a940df76120ee991bc7f003480caf055a970f16e4a19ef2ba2c56fa056d539b981e16542ec7239a7b91dd3828585bc2d1e440

Download Submit
/storage/emulated/0/Android/.android/c-imsi
Filesize
16B

MD5
4b75c50754c47755bb6178f186fe81d9

SHA1
052f5e320f526cf3cb4ce981fe49b8e1f5d6464e

SHA256
db76e954e8a83bf685d0ae8f4d80a14ada31d442f60aeff7423457a2474931b6

SHA512
51c5d86f35f4cf6fad0753e03ece31b7d17f1e2be8e63e013dc91b9ace99b1ad92608791495592311d71e53a6f377b0e7eced23ea91be2ed1a19f20420d3cf9e

Download Submit
/storage/emulated/0/Android/.android/c-userAgent
Filesize
170B

MD5
d3c6e16dad4f6aa1e4619391b9eb63ac

SHA1
62534310880c5c89e6739c383975c26b6a7b4d36

SHA256
3bc2accee0bd9675584d0073832695e7e76bd2d47d80ed9883e6b6184f3dfaee

SHA512
e20a51645fdb7b7a4c783e8458f0cd06e2a506d225386fd44313ec329c46bfab3fbb1d2bca972cdc808f9598619cac1655f7702fed2c0da1054c709d62da5be0

Download Submit