3a15ac97abe33306250c353dda5cb8d6abb3a3dc54ad6b16e58935c8e0b39fb5

Analysis

max time kernel
154s
max time network
183s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
22-05-2024 22:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68e23c251edec78b1388479b3a624c68_JaffaCakes118.apk
Size

4.3MB
MD5

68e23c251edec78b1388479b3a624c68
SHA1

61560000b260ef395912d00b42cdfd45c37022ff
SHA256

3a15ac97abe33306250c353dda5cb8d6abb3a3dc54ad6b16e58935c8e0b39fb5
SHA512

3bf4960d5244b202d997c91492a00831df0df2ead3f4c755c758d682c718fa23aef2e979c9096170c56bfcc6324f406df6466cbd82e03f95c883b4fb7f7ba378
SSDEEP

98304:3idjivEO7yThKWzF6TZcEpHt4SzMKcQOZZOg6qpV064mqfrg6nF:S8vEOWThKrT0SzbKD6qj0pL

Score

8^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

T1426

Processes:

xyz.hanks.note

ioc process

/sbin/su xyz.hanks.note
/system/app/Superuser.apk xyz.hanks.note
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

xyz.hanks.note

description ioc process

File opened for read /proc/cpuinfo xyz.hanks.note
Checks known Qemu files. 1 TTPs 3 IoCs
Checks for known Qemu files that exist on Android virtual device images.
evasion

T1633.001

Processes:

xyz.hanks.note

ioc process

/system/lib/libc_malloc_debug_qemu.so xyz.hanks.note
/sys/qemu_trace xyz.hanks.note
/system/bin/qemu-props xyz.hanks.note
Checks known Qemu pipes. 1 TTPs 2 IoCs
Checks for known pipes used by the Android emulator to communicate with the host.
evasion

T1633.001

Processes:

xyz.hanks.note

ioc process

/dev/socket/qemud xyz.hanks.note
/dev/qemu_pipe xyz.hanks.note
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

xyz.hanks.note

description ioc process

File opened for read /proc/meminfo xyz.hanks.note
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

xyz.hanks.note

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses xyz.hanks.note
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

xyz.hanks.note

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo xyz.hanks.note
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

xyz.hanks.note

description ioc process

Framework service call android.app.IActivityManager.registerReceiver xyz.hanks.note
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

xyz.hanks.note

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo xyz.hanks.note
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
evasion

T1628.002

Processes:

xyz.hanks.note

description ioc process

Framework API call android.hardware.SensorManager.registerListener xyz.hanks.note
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

xyz.hanks.note

description ioc process

Framework API call javax.crypto.Cipher.doFinal xyz.hanks.note

ioc	process
/sbin/su	xyz.hanks.note
/system/app/Superuser.apk	xyz.hanks.note

description	ioc	process
File opened for read	/proc/cpuinfo	xyz.hanks.note

ioc	process
/system/lib/libc_malloc_debug_qemu.so	xyz.hanks.note
/sys/qemu_trace	xyz.hanks.note
/system/bin/qemu-props	xyz.hanks.note

ioc	process
/dev/socket/qemud	xyz.hanks.note
/dev/qemu_pipe	xyz.hanks.note

description	ioc	process
File opened for read	/proc/meminfo	xyz.hanks.note

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	xyz.hanks.note

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	xyz.hanks.note

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	xyz.hanks.note

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	xyz.hanks.note

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	xyz.hanks.note

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	xyz.hanks.note

xyz.hanks.note
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks known Qemu files.
- Checks known Qemu pipes.
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:5136

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/xyz.hanks.note/app_crashrecord/1002
Filesize
224B

MD5
dce2664565aa6e8b5b03b6e0a8d6eb5d

SHA1
21ae9de008fe6c4c3b7caf146b7c23b1fdcadd06

SHA256
7a01bf2dba7c401bdac032c1c6b6f49b2a4b839d75af0e382e02271ac56a14de

SHA512
6d549705f08a838820f0377111a59d3c317b0bb3a53bdd5bff3b8c615ce46c2384500438401cfb6e52aee857766d8d67de7f71827a71bd176558786d9e8b0eea

Download Submit
/data/data/xyz.hanks.note/app_crashrecord/1004
Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/xyz.hanks.note/app_crashrecord/1004
Filesize
224B

MD5
b3ad712b178e018497bce1bd8363cbf1

SHA1
05865c6b7731285b21ca5eec75fb4a2edd4a6b2c

SHA256
fde956b2a7523c3329622b3b3bfe06a9bd1bae9232e4963422929b0e4de066b6

SHA512
25b096dbd66f3b96a8c5ae6136300cf9a5e4eaa8f01f29449e751cdc14f5f444ce2069ed7af3f3949644f2315b91409fe77d451bf08101bbeadad119183922cc

Download Submit
/data/data/xyz.hanks.note/databases/bugly_db_
Filesize
52KB

MD5
494f19f675c8728896f1c636b4b738ec

SHA1
af8a5345226f28b5493b17f3ff1ff95653655e6a

SHA256
73d41b81adbd2cbb96e462cd75da346a5b1dd8de1b6997c51c894fb5a91daccd

SHA512
71025065071b6843dce7fecb828ad90228da9548daefd99ff56c78f0d91554bf5c5ad9aa51760a69d30ecad788c3d0f984022dea5d222b69e9a234826298645b

Download Submit
/data/data/xyz.hanks.note/databases/bugly_db_-journal
Filesize
8KB

MD5
d5716af4817adaedd29b16761c7328d7

SHA1
c8b3546bc80cb0ecff91b525aba3c2e0c3ab7d8e

SHA256
0e0712e7f9049915dfdde295031dfd84b64000a88f4c0d9b7313542f2d63810b

SHA512
818dc7a296feb34f1a4c9eecf2f5e96064da774f66914c37f2f77c489903ec3f6a2de2127c01c55dea764b3bf8d478634686d1bbce21ef279b357676bd76aca5

Download Submit
/data/data/xyz.hanks.note/databases/bugly_db_-journal
Filesize
8KB

MD5
73e291e2155e36c3a6536ae76d256dc7

SHA1
5ad908bcfe76f4205c92dade2ef2a4fcd5d4877c

SHA256
e96d0257c28e0c5fd583fa7decc04c34ba8536c1e902869e5a9f631086b9ecd0

SHA512
0a05ba8ea231b7e69e2b616001034716200376caeb57787d59106c0cb0aae842fab56f188ef20d93961aa6bfd05867334a1107db309aa18b41a3b7056abd7bfb

Download Submit
/data/data/xyz.hanks.note/databases/bugly_db_-journal
Filesize
8KB

MD5
3b9001d49372a8bb0f6baec013869ac2

SHA1
b9775a612cf4048d2472f2f44914895bc5b68afc

SHA256
721b149c827ae6712b1770bfd269508da1eb5b328f2e7d7968bda6c05f561f46

SHA512
dbfb9ee52f47da89456f2e73b7968c0416818009432f5c23621c62a51a0d8d384753b5e5d89ebca254ee09407e4094d5badefd71045fef7e36ed8baa024025e5

Download Submit
/data/data/xyz.hanks.note/databases/bugly_db_-journal
Filesize
8KB

MD5
1620db0c90e69dcfe93cb875c6d7dd09

SHA1
f27f40158a36e7f932eb6db4c23b90b5e25ec1a4

SHA256
ba37096f208d86949f875f0fa6a0131f83f8c575a9aafd1bac79ad9053854127

SHA512
217a972de53542d134cd7a775f404121434a93c6eb5e3f764a52eb7868f236f4821b55f7c16c6b2a5ab9b3767dc79268d344023bc7a3f3781726f87814083f60

Download Submit
/data/data/xyz.hanks.note/databases/bugly_db_-journal
Filesize
512B

MD5
67c640bd21143c2c0b2463becb261414

SHA1
f59ac9c90c3abd5c1b511ea789ccc3f662081e87

SHA256
0ad5fab8c0b1299d9a6fead7790b8eecc673e8cff89e5ce2a827afddcf839ad9

SHA512
78b65824777e868848bbd22cb373bcaeb29f172dc446bd13e472788e3a9d0f1d57e8d058382c1999d137cef16e9fabd6f52cf5032eb170077fece35bd3c4186b

Download Submit
/data/data/xyz.hanks.note/databases/bugly_db_-journal
Filesize
8KB

MD5
466aaa4dc3d8783018d5f872bd2269fc

SHA1
bc5f37ff47ddd6b933a407670c3b3a14609cdb31

SHA256
0622ffdcbf8920d4fd73f46a34190328e8f00cbafb09e7179d4dffb6dd8d1a66

SHA512
c2228ea6e1bfa03a22d02ec52ca8f7ff29565517c637b6e841d3fb8f1eb0e1cbcee7661369815a5760209f1d523369c679b4d49339fd5a929df66ded4a63078a

Download Submit
/data/data/xyz.hanks.note/databases/note.db
Filesize
40KB

MD5
099e5dd68efd185cbdad2241166b64ac

SHA1
f0ed15de289ef8df4599014ace7455b44eca2141

SHA256
6b4df21b9d41c6e3a408b90729b201740cad00a8ff4a3bc720d8bf057319d78d

SHA512
44dd864ebf303075e77f4ca8bc7d0039766a1a2ca8bf7dc4fa5b8b807c448bc5b288868a4d984b2d56964b208db1d3303cc2644661ba5805a0e210a831cf1461

Download Submit
/data/data/xyz.hanks.note/databases/note.db-journal
Filesize
512B

MD5
ccababb848debbc75f927125ea84b916

SHA1
bda0a3d3cc0b7f3929f81d7faa1671da0d050c29

SHA256
b3929ae8395d02536786a8ad167730c5421ac97d71abc0675fc4c1755cdbcc41

SHA512
f4e3154e479f46bda7801a6ebd202b14844eb51ccaf13e5cb28c6a5f03ce9a39aae63f72e859854612738e09afd97639505eea4b88cdb70cfc601d11c6f863c6

Download Submit
/data/data/xyz.hanks.note/databases/note.db-journal
Filesize
8KB

MD5
b50a76a07cd22ef5e8bb8c5d726771a6

SHA1
57bbacb16b3923f54e8d2ff06fb5d7dd3b44fee7

SHA256
0e1c1a7c630ecc7a3c8b077b9a887cb6d5d8c4f100e32055cb2d998112bdbe1f

SHA512
c7896eebb56a03d5cd3489fef2315595cfa9b0cf9c9c48b00335336075f64e555a1a1cf5803ae12bb864cc76622b755cae312821c84660b933754828e8906cf9

Download Submit
/data/data/xyz.hanks.note/databases/note.db-journal
Filesize
8KB

MD5
0ff3d8765bba6a8580f7343be7a76b1a

SHA1
ed2de43bd423a5f72092065f6046bc3751a30c30

SHA256
5907616ba12bb13267cf81e9c99dfe4527b3dbfd1b302019e7b4daf2e7855bc1

SHA512
26ac8add0e1ccb8844d23bb69fa9a9a6b08c48840c93091eaf4a6a0a26e149c32a4ad58ab47c12503de1c03c8995e9fa740cd4fb61ab3d9c59f8db370312a544

Download Submit
/data/data/xyz.hanks.note/databases/ua.db
Filesize
40KB

MD5
a342af56ea950c9380be27c3d7367861

SHA1
135ebdd4d3f0bc23534e3d01dea5451924246474

SHA256
11a75167d37d8639f826800a09d15d24a5649f2f268acb4fb9ca5af44ea45bd2

SHA512
a5984169c9c0f5baaf01b4da27cb5db4de4021b296b3d709a5c27548b0dd14e56278338020fb9788a0170c034f61086be8599f8d1c96f46352644885c84bd378

Download Submit
/data/data/xyz.hanks.note/databases/ua.db
Filesize
24KB

MD5
41095504b72a43ff553d5cec388f475f

SHA1
dd158285ae336f8ca0890bd9cd19fc08f7ea0204

SHA256
ea4c34147a183bc10450e595d45d15a86c656a327c238d01d188b5493bcd8cc1

SHA512
6e3dfddf57a1992b7d332774fd4dce61ac18c6dd8595c26793399761584a0e1adff7f0f455359adb4fd669412a98d9a683e0846d57f4c8d9fd2caa7b28bf697b

Download Submit
/data/data/xyz.hanks.note/databases/ua.db
Filesize
32KB

MD5
febe256437e59d8fa0295ac8c1c9e99e

SHA1
583db2692df1e246e538862e526a432312c6884e

SHA256
e975a312fea3dc1c8e47a7924af3070d38586f91128201b83b12459d7e699154

SHA512
f6fc63dcdda057581d1e47939d4e669a9e3e2d87da38db22339b2d4930a6c353b09c10c5343c55ec285baef36186981c68af0e99b71ba0bcaaa7a9f58d1b782c

Download Submit
/data/data/xyz.hanks.note/databases/ua.db
Filesize
32KB

MD5
2cc0571b3bf90b13167829416c74791b

SHA1
6f03c4f1c289b9eaeb0e568164d81a932a465960

SHA256
cb1bf09a181a532733bf1511dce0ceb43fabb11641a54b92faaecd54c855156a

SHA512
e8a37ac4426f473467d31ce5e1bd63dff421be1a5467a5ea612b82e646e75ffbcb16b3c474c5d267e40e25d3f4b69ed41a3e4f9b86365f379fca1b200cf51e46

Download Submit
/data/data/xyz.hanks.note/databases/ua.db-journal
Filesize
512B

MD5
86545474032cc537e17333c47be8b234

SHA1
c2ab19e359d8da6d879f0ac6ffc73b2f0e10912f

SHA256
950144aa2dd75fb0ec1a6cbc421776b7739c5076778d37daa8232d1346bdab14

SHA512
2dbe671700be93f9af20adb1713dc4c6710c2dd3599c85128c1de123a5d79170a728ec6bb41f2bc7a1773b5dc4935121b04c1aaf4b5717431b3360d115eb508e

Download Submit
/data/data/xyz.hanks.note/databases/ua.db-journal
Filesize
8KB

MD5
a84de1736b9a94b785011c0446d05e46

SHA1
77ed19e423f696718fdb8a0e1ca6f238de80a424

SHA256
c7cb7564b3f25024649ae08db9c9089b94521504576a838b494a40f16a0e4248

SHA512
d599705fd8c5dc9a5e87570546baec5dba7ba3775e95175b2cd626829fd26ac4106340d948dbbfac5910d3a2729f9399fcfe2b268bbd4209fb931237dbec9a60

Download Submit
/data/data/xyz.hanks.note/databases/ua.db-journal
Filesize
8KB

MD5
f2bb6497fcf06b32618c190fae0b5d4d

SHA1
9707508e71b148dcdb6aa09c19d92e38be120b5a

SHA256
e8da0b76e85e49b62bd46110bcdce04686dc5bb37ad957d34f828ecd8177c0fe

SHA512
cae0918ff5b7ae86d912282b547fd0035092c61a68326eb6825de0db22904871f5b0c6f4ce6b06cfbd64005ed38c48a1ef76724eb3febc7530209dcc264f48ff

Download Submit
/data/data/xyz.hanks.note/databases/ua.db-journal
Filesize
16KB

MD5
bdf667d7ae9a9c3f0ac2434bb6b59cba

SHA1
e905361dad118c587e9e534c8c30e5bb5dcdf2bb

SHA256
523fea9cb5dabf06026e8914e30fca12d206b8c1ebc6b95dd935e50b312b0ceb

SHA512
faf40e626811e3df6ff493d7f5d1e3844b3809b501900897acdeae3c0081759a540f501cade224eeefd8ba966f5334298db417a4e2b57a3169e0ed07a89fc6c9

Download Submit
/data/data/xyz.hanks.note/databases/ua.db-journal
Filesize
16KB

MD5
afade463f30eaf127b0cf3f1f120ac83

SHA1
b8bd03ea3f4568bb72f211014b13b1be1b5fb89e

SHA256
b56646d9e6f6da6bb64c3089cb2f6afd434e48c4d0a431d2b319ade881e60572

SHA512
e738d4f9f512c9373c886c29d0f1fda6ed4a15ccfe159cbb612f2a42b9c9cc456c16e493540af0b240a79e02d78bc3824e26d86c91d736f7da23529199ddcc21

Download Submit
/data/data/xyz.hanks.note/databases/ua.db-journal
Filesize
12KB

MD5
f70b088068d3009c687e28a73375ca65

SHA1
920a83f40dd416127e2d17860cb9170edc8334aa

SHA256
a4c4ab9d74841e16c8396e727ff8bbeeaa6be8c8851f7d5bd7fc88c6408dd00e

SHA512
320fea5e1d68cde7954ca9085545493f31de0c8013331160aeae77ed5b8a4e6a491d028247f912b306acca914df7158cf106341ce7aaffa1f4848458e0e7535b

Download Submit
/data/data/xyz.hanks.note/files/.envelope/i==1.2.0&&2.8.5_1716417908061_envelope.log
Filesize
2KB

MD5
bb016fb752af45e23fad0670bf08d91c

SHA1
941ce6053f8bdb7ecc091235fb82438ec507dc5d

SHA256
b739f8bcdaa44cbb23d547a6a193a7fffca961f6bfb021cc78ced172bcdfd485

SHA512
6f7eb00b03efd15bfcb5d37556ac90c2051be197f3c3aa0f4e8ccc831e805786c068b4c42aafd9686f3d1a23972d7d0e0e658dd72c6f684adc49ceafd3c8f368

Download Submit
/data/data/xyz.hanks.note/files/.envelope/t==8.0.0&&2.8.5_1716417909599_envelope.log
Filesize
1KB

MD5
735e9108a486d2495a2e90d636e52079

SHA1
ebc6c91a93e4f7c81bf2633c12d74785d2f1dfaf

SHA256
161dd82a4064096a865cfde18ab7b674f1fa26461bb8c6046dfe2f61a5b50fd9

SHA512
ad414ef31c7643cbcd433b6054468b28ab72ba274e494128686f2d76e0fcc066eedf22a34ecddbc5e0fb4c6a353d2adf0a8249dacecbc6e5c67d333085bd8ef8

Download Submit
/data/data/xyz.hanks.note/files/.umeng/exchangeIdentity.json
Filesize
162B

MD5
5bae51de40a7470070710807f2051f22

SHA1
cd89e0ea9a68eaf2d465ec3283322d8396fb7837

SHA256
7f13d1c254313dd8191a6d1dadf1c7e5ea3ec68d0da4180272f0c89a32b02e3e

SHA512
3f230083d808c360a6f90e426c79f21678a5341e609fcd090408a3d155766ef953f4af1def456c89ef025104b43feecfb93c26f2b69a4022d3843f77ab352657

Download Submit
/data/data/xyz.hanks.note/files/exid.dat
Filesize
57B

MD5
ad694f3b4d71937fcaf83904c7c13f6b

SHA1
b1cd89a0d04e3f4c5af4ce2d2f2c892ad19e152e

SHA256
4f4724e46799367dbafa4324ff5e1c0e3b40df42df078d75b237d2ac5e6bd154

SHA512
9658e15226ddbdd5ad88f04ac591ec512a8820238641034c0d246a64c91b885a8bb45d0011dd6240e010d5bc94ef8bacdfda55167bf1190cd0d56e9480668e02

Download Submit
/data/data/xyz.hanks.note/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE2NDE3OTA3OTk3
Filesize
1KB

MD5
a6a715c8b22ea78240c907130666265d

SHA1
99a97dd5db26153086c5dd1798cb3a74d6563e72

SHA256
75ab5ac646fae815831e7e1977473ebd3bb211210ca743a79935d5b6f0c57971

SHA512
4205fbbe42d05c3fc08453d70311a9269cdef572c1f9b03c34d3697e5625af3107b403f1b57054158fe6cf3a1abbf08d1d752b9c31f3cf8af22d0ee88337c245

Download Submit
/data/data/xyz.hanks.note/files/umeng_it.cache
Filesize
350B

MD5
268242bbc6590fd7ec0cd42cebf60979

SHA1
7275624472203ec51ed658d91d092996d3731a6d

SHA256
9063dc616d8c2068d4fcaac52da52c47373d4b789a7ea7392fdea1642825554f

SHA512
adb27303c9113b098b9ff30e423e0af8a9f32694fe972ce8891df60d1708686ad666ef335cb59156318364c7d8c26e91d7e2d13b4b073429b351111624547099

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads