8fdacfcc166109a267fa3a58c55c2931aaf3efc4271597c6d58006d48552a129

Analysis

max time kernel
170s
max time network
187s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
22-05-2024 08:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

66b2a285edc9d36d0447a512276300ba_JaffaCakes118.apk
Size

10.4MB
MD5

66b2a285edc9d36d0447a512276300ba
SHA1

23ea7f979e20954d16d3c69ed280fd06608002e9
SHA256

8fdacfcc166109a267fa3a58c55c2931aaf3efc4271597c6d58006d48552a129
SHA512

8d291d3e2c712c8bae6d55463d200652013854d05c023de572f59a46f5e2b87b875b846d6a3a621bf4e1ae52775813d536855bb8e4aadf41713ef198066aee4a
SSDEEP

196608:9JlXdaxwXpwYkDNSKjbBcEqdR2x58XO6fFC6x2cj0Cw4kiAL/1/39ywub:93XdPuBI72Xjb6x2hCw4kd39yH

Score

7^/10

discovery evasion impact

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.poetry.kernel

description ioc process

File opened for read /proc/cpuinfo com.poetry.kernel
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.poetry.kernel

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.poetry.kernel
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.poetry.kernel

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.poetry.kernel
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.poetry.kernel

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.poetry.kernel

description	ioc	process
File opened for read	/proc/cpuinfo	com.poetry.kernel

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.poetry.kernel

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.poetry.kernel

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.poetry.kernel

com.poetry.kernel
1⤵
- Checks CPU information
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5202

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.poetry.kernel/2.4.3.txt.jar
Filesize
92KB

MD5
3df15aad08ec23cb5114d0cdb48b54d1

SHA1
c5d9b2a4252b0dfa96fbb90a072f718133bbb19a

SHA256
5967a871e704ac296a813e4a1b10d429ddf6670f7fc7bce2a06804b6f1206def

SHA512
b1b46db57ce2e37a7029bc30b843953fcd7b358e69ed412f5297d3f58880863ccafb97eb2151839d0858255ac6dbc3124c4064e81ad09c9ce121746c5f636e7d

Download Submit
/data/data/com.poetry.kernel/cache/Analysis/avoscloud-analysis
Filesize
420B

MD5
ac957c35d8b10e374e481d6215be9b29

SHA1
376c69b479572fbf769e7ea6671e931406fa6abc

SHA256
870107219c1aad61be47da0abb8fb345842de295dfd719c830016f7747be29f0

SHA512
b171013d34e9acc705d06510d3e50904c9a2be12ee10d80a345ece03e4f5bc56ca0b306f3a8566d918d52904201fc8175366e70420bc72caa23957e7dceb6e98

Download Submit
/data/data/com.poetry.kernel/cache/Analysis/avoscloud-analysis
Filesize
420B

MD5
ee21ee20759c9a0d72ba251da8f71610

SHA1
71695ca6f46007de7ad81509e8ed75cd22c3c1ee

SHA256
f110f10901b116006020593977bae724bc1e17d22279e9b228953877e80fc636

SHA512
238ee46aea60bb370503f5f9bab90e0b611f66551d1d1c70d7eb0428a7818430699fcc4f1415cd0d12b3bb564fee14934aa433a11bfd748a0de5581ab1511531

Download Submit
/data/data/com.poetry.kernel/cache/Analysis/avoscloud-analysis
Filesize
652B

MD5
a2d3581d55b9b04364b6489e982ece5f

SHA1
2ca0c81657a1ce9aa0f7b284bbcbad1d64c8e375

SHA256
2458bf739485c61618c8db9326a016b83a9b212dd156e4650e473269407e6bc0

SHA512
12dfd34f3610b16161c8aee60414eacc6b29d055b7edf91d63a4d10a2e3f558c3e856629e20a0e70e3e4ebf6dd72db2aeba68175755ea6b01aba29257a4aafdf

Download Submit
/data/data/com.poetry.kernel/cache/CommandCache/4d12514c4bbaabb894c620558504ac92
Filesize
1KB

MD5
8041f3894ef14ef026db9fc4c4e304a7

SHA1
92737360182e9480f11ff06416f9fc938a861f64

SHA256
3e03e269f2a6e54b587daad4bb5fdeaaf129b3996f14a5cc0ef0f2e6d88c5688

SHA512
130f36c3f2f336905e8a82fb20e6b643b8613f77800ab76a960de697929a93a1f380b6f18bde04b200047e39c796f4efa0750c5055edda7edddf3227eae2a8ec

Download Submit
/data/data/com.poetry.kernel/cache/CommandCache/63d43e7a2f8f0adf0834f47a51257387
Filesize
972B

MD5
f01f909bf89a0b1ee2586665190512d9

SHA1
547b67ab449044c0f8fa6e3a335fc4051134cefd

SHA256
2a10b772bb31dc13d3190b70d1e687f10c6915ab400fb07717bb85f36409f724

SHA512
66b5bc27740a81c643336b01ee0ee94b98796ae88d2066979003731f86e92ae932daf275221021c4e0943fb4c0c6d76bc360f10482d2c0c58bfc718c3cf739a5

Download Submit
/data/data/com.poetry.kernel/databases/sutra.db
Filesize
48KB

MD5
7c719bf0a00e4c8df43faeb14f3a10c1

SHA1
13131b4fdca88684b605613c7e7548df4e3dceac

SHA256
853df3989413e9cba566e663a3b72e581bddb2b3ddb366f988f34a0faabc45b1

SHA512
8cd500de2da2a00cc7d800b10cbed7a9c10c1cf33808a028dcce34440437eb0f4733b00f8b0b88c20880d4eb51c66ff2e67f086f583a892a5f0b8d5a725e2e3d

Download Submit
/data/data/com.poetry.kernel/databases/sutra.db-journal
Filesize
512B

MD5
9b8af0c34c3ceedd669c0fbcbb3886c3

SHA1
9ef4fe845f62181942589512714a22bbf8ab5214

SHA256
0cd89d41c5226343c4fd5d20584166f7cf7846461419af75016f0c045f090568

SHA512
8d53caca1dda57055ba6ac75768538ffb62725b01865eb4f2e40abc5fbc0e58f5f596928cdc7dab42e2d349281263a9a5d1b792155e6fe3840945b7f6771ab91

Download Submit
/data/data/com.poetry.kernel/databases/sutra.db-journal
Filesize
8KB

MD5
84387a8c2b61e2bacca2315eab918c85

SHA1
904bebc3e778f16f51762e504a6bb186bbc5c259

SHA256
f73c5d7e783a9033cecccf99674e7ec4a5dd2308559676c2ce57c3d47c38298a

SHA512
b47ff0da2c025d7653335ef127d8f141b7f4701b11cb0eb8f830222db98cc4992c88ddc0846f8bbf6af50aa2f5f35b6a3ffe8655d92a98e250692ac4e325ae0c

Download Submit
/data/data/com.poetry.kernel/databases/sutra.db-journal
Filesize
8KB

MD5
5172707ee44bf01fd6696b1839ce9d28

SHA1
921ab6b3e73f22b64c1c4039a43f27524352bc44

SHA256
adc4cbaf24c899cdcb5882d85e731a9fb96e2dcc88e828b42d5ea3d437a6b500

SHA512
7dbef07669cdb11e2112445d492c5ae805b952d111cf3d423a8952a7e9927a9760419c9972ff9a3c598e5a5f2e9aa3817595561da94fd3d70697217045437de0

Download Submit
/data/data/com.poetry.kernel/databases/sutra.db-journal
Filesize
8KB

MD5
adbaa4f31254b60f44fc2e9f038c09d9

SHA1
125b62d51fc15ef19667de664cd1719a5fe55742

SHA256
a2416598a3849a324a12094eb45ab3bb5e20e1d32c1ae286eacad7a36ac57c3d

SHA512
28cd074bd370d8f98946028279aec5691845827394d712ecfee9ffa00cf5adadb1d260bc9b9836265984b3f2fb2e958156db29418925b6b29d309a288bf9b9dd

Download Submit
/data/data/com.poetry.kernel/databases/sutra.db-journal
Filesize
8KB

MD5
e043e7a038bb6302152cc125dcd40df9

SHA1
0046a561373b173d56b8a41102bba719ee1cb53f

SHA256
0e00287dbe7573fa04ea77163e57bcf2ba9e922da8a752f9dc5e336d7a2f36d4

SHA512
6fd5cf9120bf1a445e61a0a0c952f04f0383b438eda5e18d985c7d3a81eb76784f6bd907b5d7e31e44773b7a4d7bec9b9c2e4df3ef27a6c6bc92a4a3eef6e339

Download Submit
/data/data/com.poetry.kernel/databases/sutra.db-journal
Filesize
12KB

MD5
463259fde9c01f04cee9dbf986fd576e

SHA1
c11b5976f0a556e59809fa1b5537421c483069b5

SHA256
9528991ce0bc0d59be9a27f796b81be3ebcccbf65ecb63a9ecb799463c0caaec

SHA512
d61a82d6ecfedcb180aa0332e054fe7cf4674d8c2064dc6d6da57fd49c05a0eba2605c29a0e7586d849382efeb72f31a47cc94695a8f805f489cb416d32eae02

Download Submit
/data/data/com.poetry.kernel/files/.um/um_cache_1716367928380.env
Filesize
548B

MD5
7fbeb11249b3093438db6b732f17c381

SHA1
6d12877c0ba60f2ad08beb240e5135c3853c4ec4

SHA256
73a7df3be1f4767467ab65e97d31b25251cf7189af994c9bcbe991aeb4b6356d

SHA512
38bd2738e7d9dc8c0b5009ce368faabe44b470453510ce206448f5de1758094705dc0c321a1b5ca7cfff60a7a24fd681879b2a439eeb67dfe12685d8fe1bdaca

Download Submit
/data/data/com.poetry.kernel/files/umeng_it.cache
Filesize
245B

MD5
fc57bcbe58ba9926b6bd428684707aa2

SHA1
45f3e4a1786017068960296e9147cea5271ef641

SHA256
2341e0d4d6cd54cdcdb732bb930b664077d8c61a4d86a1314a3a70fe924dd799

SHA512
0efcef7425d56121721588c46305612c6f47d68fc6a88da9d1caa8591b43c56eec81674ab1b6439204bc083c054b5b3a3e28f0f321f48953adfeda1e609607d2

Download Submit
/storage/emulated/0/Android/data/com.poetry.kernel/cache/uil-image/journal.tmp
Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/storage/emulated/0/诗和远方/.背景/经典水墨#224KB$0/background.jpg
Filesize
58KB

MD5
3f76332da8c0ebd71e40ad11b08a651e

SHA1
3497c71ec53a3c7af629b7e88a5b425286e4f6ca

SHA256
a0f43888ca726aaf30fef42a792a05568ca7d1444a0cfe1b4fcc8ac182f16966

SHA512
f968e1b3a3cc446a413627def23fee85d20194b1bc305d25be576dd7d750bafc68baa18e04b8e7bf7c0af799af9f5a9355581449ddab229704e95af60754c82b

Download Submit
/storage/emulated/0/诗和远方/.背景/经典水墨#224KB$0/face.jpg
Filesize
18KB

MD5
ab0023b05c9f109985469a663aa6d654

SHA1
b0c4c7ac97563352f023098d95372236ae777c3c

SHA256
188ca46f91825a79f54ff918d19741b1a9a7d36f3a73db676cb5f924b0b3614f

SHA512
436b6b55741eb85a1613a0d8fa0bb2207aac5e042ee7b37356981d3afaf725e24129f51ac40fb2fdf9fd7216986e7f648320224ac35936df4ffe6318d3479692

Download Submit
/storage/emulated/0/诗和远方/.背景/诗和远方#504KB$0/background.jpg
Filesize
523KB

MD5
198fc53d2c6180c2cd19fc84a11e6f2d

SHA1
7bc1dab1ae571f5ce7930edc7a0eeb98aeb97a3d

SHA256
c6048f8240f2125c3251355ab2d772da1b00f0acb5a4f770d088871abda0b823

SHA512
7ebbc7acbf8eb9a568929b45dabd1716a212ae39624a293d07ef20576514e51eee2c4ced757a3c9f42f92fddf1ce37406c6137417fe6fc5f23da0f85fad34a01

Download Submit
/storage/emulated/0/诗和远方/.背景/诗和远方#504KB$0/face.jpg
Filesize
36KB

MD5
4059a0365bad7af6eaed593521622774

SHA1
7235ecadf58c955af6d3f95e90c677f77b16ec2e

SHA256
fcfaf70027c426ecc61cb60e1218217bf8f15842ac9e30215234651a61874e9f

SHA512
a7061ab6228c7ef84da579c395b5a3bae14497607efab02801ff5a76f68b676cc71d0c1cef9cb4ce066ec3ade13acc616a78f1456f193352dcd0aae51f4ec317

Download Submit