8fdacfcc166109a267fa3a58c55c2931aaf3efc4271597c6d58006d48552a129

Analysis

max time kernel
169s
max time network
184s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 08:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

66b2a285edc9d36d0447a512276300ba_JaffaCakes118.apk
Size

10.4MB
MD5

66b2a285edc9d36d0447a512276300ba
SHA1

23ea7f979e20954d16d3c69ed280fd06608002e9
SHA256

8fdacfcc166109a267fa3a58c55c2931aaf3efc4271597c6d58006d48552a129
SHA512

8d291d3e2c712c8bae6d55463d200652013854d05c023de572f59a46f5e2b87b875b846d6a3a621bf4e1ae52775813d536855bb8e4aadf41713ef198066aee4a
SSDEEP

196608:9JlXdaxwXpwYkDNSKjbBcEqdR2x58XO6fFC6x2cj0Cw4kiAL/1/39ywub:93XdPuBI72Xjb6x2hCw4kd39yH

Score

7^/10

discovery evasion impact

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.poetry.kernel

description ioc process

File opened for read /proc/cpuinfo com.poetry.kernel
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.poetry.kernel

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.poetry.kernel
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.poetry.kernel

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.poetry.kernel
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.poetry.kernel

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.poetry.kernel

description	ioc	process
File opened for read	/proc/cpuinfo	com.poetry.kernel

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.poetry.kernel

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.poetry.kernel

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.poetry.kernel

com.poetry.kernel
1⤵
- Checks CPU information
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4311

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.poetry.kernel/2.4.3.txt.jar
Filesize
92KB

MD5
3df15aad08ec23cb5114d0cdb48b54d1

SHA1
c5d9b2a4252b0dfa96fbb90a072f718133bbb19a

SHA256
5967a871e704ac296a813e4a1b10d429ddf6670f7fc7bce2a06804b6f1206def

SHA512
b1b46db57ce2e37a7029bc30b843953fcd7b358e69ed412f5297d3f58880863ccafb97eb2151839d0858255ac6dbc3124c4064e81ad09c9ce121746c5f636e7d

Download Submit
/data/data/com.poetry.kernel/cache/Analysis/avoscloud-analysis
Filesize
420B

MD5
95cc72e4c014fa805fb2da4a046ad6b0

SHA1
0f07bc15d8730c8c5c72eb94581acd298541f1cf

SHA256
8f3b82cd2dde924baad0c6e2baf958629b8dd0a51454b2b9e2e6a6c90a1cf632

SHA512
574853ca2d9aba9f9564a9345218b7a3593ac33697c77dc808668308667396ff1e7a06722f60d6d1218e1655c75cdb64433965905e1370030f7cca08b00dcdb8

Download Submit
/data/data/com.poetry.kernel/cache/Analysis/avoscloud-analysis
Filesize
420B

MD5
769ba6f1b69c6ccd884c8b9cee282944

SHA1
4cefd7a99987549fa1cb7f20ad63afed38c18a65

SHA256
465ed49dcfcbd54923d228dd92ab8a06ce759115d20c48111eaf4701d517adf7

SHA512
74623498793f639ec9a678b5bc6104b3502f819798b0bb8784a6e098bae86e14631de2bd87baf366cacd15d294f87b116b570d998010526817f8be7c31184293

Download Submit
/data/data/com.poetry.kernel/cache/Analysis/avoscloud-analysis
Filesize
652B

MD5
64f3cc34c824961aa2d2f9493929d35c

SHA1
fe18d11264d13ec28a2bae5d35ea4081ce94e087

SHA256
507b4ea5dbd5567b60eb680ff8df89b0398a628afd3c1aab5f9f46b012d1c06f

SHA512
531384d493776f8760bdbbb44fb38b86bd3ac54bf24f1465f57f8c4c96afa8bc74c54e98e33806295f05f97df7e62e50ebfaaf0a7031485c162bbad604aec3cf

Download Submit
/data/data/com.poetry.kernel/cache/CommandCache/2097454ec8e64febe49c34a21b6af001
Filesize
970B

MD5
bac212ad8bc0e7a17126232e6fc1a82f

SHA1
b77174fd75a8e1ba5a07cc55625425b12104f17c

SHA256
bac6c79120c0041583b771e767af2102e03c801911dd97e2f7ba792d5debc16a

SHA512
f1eaa88013d65fef7b4a26d1c9601cf750a801f9fbace0efc0072cf7ed3777d68bc81d8d785b4fe765fb1c425a89d9aca89b8fd4e8e734be06ccb6c819cb699c

Download Submit
/data/data/com.poetry.kernel/cache/CommandCache/7c2296e2c320951d2a6dd522c86ccac2
Filesize
1KB

MD5
9579893c2208bf510f2101fd9566b543

SHA1
56923f755a003f2edef7519da72c542fdf923200

SHA256
c48ecd40309431d913f636244282f0ed0ff73324488efa50290cb1956c7c2ede

SHA512
084b52d4c5f41b5aa980c2ba880a0c4c1f4f1140a7f694ba0859c2f815b5cda7b3529700960641198ba8544830ad35be8b592a6fcf240851f5353fd797613b2c

Download Submit
/data/data/com.poetry.kernel/databases/sutra.db
Filesize
44KB

MD5
9ee4e78c6cbbbd7c16ef2a80acade438

SHA1
18cbdbd720d27447c40fd9644fbf84d13afb528c

SHA256
9d6e28cd621936277455d049589e44fc1f4073426cfec14e9b88e6211cdfa6e9

SHA512
4f283e0e2c28b2ac0c074b89afde0c37879a86658838fe8a699e1322db5c32a14efd1d5df3ff83c6000e70e070b6a20450a68bd038ab5ebf2d8266f1669ec220

Download Submit
/data/data/com.poetry.kernel/databases/sutra.db-journal
Filesize
512B

MD5
43d29acbea73c8ffca4b51db27674404

SHA1
e499e4d715cd16a48211a03a13db0b36aa60e63a

SHA256
3cce5b9ce7d085ca39298a65f790814896656fb6a0d04b948b581cdab1853bb1

SHA512
61c006481ee7b3b093c6e4719fb7d7d580f271756600040a7dcc30ecdf9985129666c24a814cd0334e7884c655a61e8ae838dc4057e54fd4156d78a763cbad58

Download Submit
/data/data/com.poetry.kernel/databases/sutra.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.poetry.kernel/databases/sutra.db-wal
Filesize
402KB

MD5
ac317a89cfc509992fb5f39ce185d174

SHA1
61d7950c36abf3ae49967738222a1b343f024845

SHA256
4a4ca97c3b0e399892982aebe8f7a5596439cb6f8a8257e170135358f129df2a

SHA512
58ca67a13fe121da8a4b6353c40139a3f81e2f30850a149509560c2fd0700e739f2aeee075acb6ad3293522c07d052c3e455385ceaae45be6696fb614f1df48e

Download Submit
/data/data/com.poetry.kernel/files/.imprint
Filesize
896B

MD5
8617e0408d97fb4986db902dac75e40e

SHA1
b53da1eb7a4f851856d855620ac3f91e9b0c6d18

SHA256
2db09ddebf72fb19df1c0884d1f1bfe6a64dc17e56dbe5842a0e26bc3c30373d

SHA512
bd50703aac307ac924c5283e3e2f55b88d108a136f58b1df6b2727dac909e090dfc85b757ff3b7ced08f263bc63d9a535e7f0176e12f522ca6b83058f23dedf8

Download Submit
/data/data/com.poetry.kernel/files/umeng_it.cache
Filesize
310B

MD5
5ccf38a32e4c9aa3b55da2424906f74e

SHA1
e157f6540d8f4e7d4d5bb2e2532a11c91cbe3c14

SHA256
2af36926582c3788d2d8f485cde5fb5c274a20b6c7c86bd7c1d13ffa384c8f95

SHA512
58886de3a72e038ff36f39790ca3bcec96fd0d9591ec5a6c6fff94a1d2658450cf1daf860685564e58fd1771ca7a3f1e0077bd6f35dfbdadc4aca4deadb494bd

Download Submit
/data/data/com.poetry.kernel/files/umeng_it.cache
Filesize
158B

MD5
867cf4bc7e7e1f02870a735469d291b6

SHA1
b1e7615357f0d7ae6204c85a529f94ec40e2bb1d

SHA256
38ca83ba8f8d9a7e8ca378db20bd8ee70e8b7c16be3a3ab05d0ceda642e583f7

SHA512
afbb6d2c570ec6507064501c4f0f21669cd4078fd892f11065de42a226ae76928137f186aafdc48a03863ee012f997bd17ac42060931f28360c8308424f74e96

Download Submit
/storage/emulated/0/Android/data/com.poetry.kernel/cache/uil-image/journal.tmp
Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/storage/emulated/0/诗和远方/.背景/经典水墨#224KB$0/background.jpg
Filesize
58KB

MD5
cdeafba6a7f74d49cc69d96df3b92ac4

SHA1
2c1e2e37ca5035e3f264e89f01f6dce5199f02b1

SHA256
143d9c7b19536abd15e4df75246502da0794791743e70e944788a32e5aab3649

SHA512
0e34201085accb0dc31eafea2ecdcbb2afd7d192d1dd51b19cb0b629ada86d96216c5c5279ecf5a48b6010d5e50d66870dfddf267092dd33810111829296f872

Download Submit
/storage/emulated/0/诗和远方/.背景/经典水墨#224KB$0/face.jpg
Filesize
18KB

MD5
ef0753e2a85bb4fd044dc4c09edd21b2

SHA1
9bd5962e5155ca330d8c509f0b4753a1959c22ad

SHA256
726cd7bbca4380fc37340cd7e6507abf0503fdda102816efbb848092f9242194

SHA512
b99f49f9e57b4c56e00c1e071664febd1b13301fee7aa210a810ac1d54e994be3216eed82a6ed3939d20779bbb542abfd12e7eecbc8a6fdba2bd3bb1c531580b

Download Submit
/storage/emulated/0/诗和远方/.背景/诗和远方#504KB$0/background.jpg
Filesize
523KB

MD5
4e4e7e456dd00b9099e0c8679a2216e9

SHA1
c1fc8fb1295435b528cba5cb9f6b6de9f121f0d8

SHA256
8225bdd06ce2b05b1dd52e1bcdc8ce145803c320f05a203f129c0884ad520a50

SHA512
afa8d4149a81e07d6d6803daaaffbacc137d74a4d30795b6b70cbd48fad2a9e4cdb384531c7b02ee36821c2239335a15cd00d84b04d813344828a257327f3898

Download Submit
/storage/emulated/0/诗和远方/.背景/诗和远方#504KB$0/face.jpg
Filesize
36KB

MD5
5a57daccfd7b6c20d8c68106dfd1f94b

SHA1
96e5b132bb9eb76dedeaa9fcfb798966727f024d

SHA256
ab5af2592590f591e98834fb0fa1075b3e5beb5a3ffe6490ea39a4d9dc300d49

SHA512
6686942c602cbbdc368d6e17ac303fa0cf1c92e2bc1f372d1519a5205091df61b223aef77caf84089d00c9d2a1f6396ca00d1b3863b8ab03cb46844eb870fe4e

Download Submit