8fdacfcc166109a267fa3a58c55c2931aaf3efc4271597c6d58006d48552a129

Analysis

max time kernel
169s
max time network
185s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
22-05-2024 08:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

66b2a285edc9d36d0447a512276300ba_JaffaCakes118.apk
Size

10.4MB
MD5

66b2a285edc9d36d0447a512276300ba
SHA1

23ea7f979e20954d16d3c69ed280fd06608002e9
SHA256

8fdacfcc166109a267fa3a58c55c2931aaf3efc4271597c6d58006d48552a129
SHA512

8d291d3e2c712c8bae6d55463d200652013854d05c023de572f59a46f5e2b87b875b846d6a3a621bf4e1ae52775813d536855bb8e4aadf41713ef198066aee4a
SSDEEP

196608:9JlXdaxwXpwYkDNSKjbBcEqdR2x58XO6fFC6x2cj0Cw4kiAL/1/39ywub:93XdPuBI72Xjb6x2hCw4kd39yH

Score

7^/10

discovery evasion impact

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.poetry.kernel

description ioc process

File opened for read /proc/cpuinfo com.poetry.kernel
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.poetry.kernel

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.poetry.kernel
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.poetry.kernel

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.poetry.kernel
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.poetry.kernel

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.poetry.kernel

description	ioc	process
File opened for read	/proc/cpuinfo	com.poetry.kernel

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.poetry.kernel

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.poetry.kernel

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.poetry.kernel

com.poetry.kernel
1⤵
- Checks CPU information
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4561

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.poetry.kernel/2.4.3.txt.jar
Filesize
92KB

MD5
3df15aad08ec23cb5114d0cdb48b54d1

SHA1
c5d9b2a4252b0dfa96fbb90a072f718133bbb19a

SHA256
5967a871e704ac296a813e4a1b10d429ddf6670f7fc7bce2a06804b6f1206def

SHA512
b1b46db57ce2e37a7029bc30b843953fcd7b358e69ed412f5297d3f58880863ccafb97eb2151839d0858255ac6dbc3124c4064e81ad09c9ce121746c5f636e7d

Download Submit
/data/user/0/com.poetry.kernel/cache/Analysis/avoscloud-analysis
Filesize
420B

MD5
a5f12f2419bdddba4e5dc7567ddb8ba8

SHA1
6738656769a423319b356fd083c039372a5e897b

SHA256
18b93486800e1c9a4641bb7b06413cd41bd043cb8f7c3f3b51cb57e91d5a5127

SHA512
8ecb2f718d3d35c8453c8de3dcde606c9b6a1f8f38045e7e729d7feb3a09978fb4e559af1f7ab1203e5155b76981f4b24daa42ea6030915171e68c5a525205eb

Download Submit
/data/user/0/com.poetry.kernel/cache/Analysis/avoscloud-analysis
Filesize
420B

MD5
ce16635a70f4d6843906a12e8094ebee

SHA1
947905f31aec4f839d5d84e2c01e41568fd6af12

SHA256
f4366609969803b5c99ba40347b38a3e4c79fc85ed5b964608830f0ebd9caca7

SHA512
ebd9a918ab9e7de0dd2cef5da60f495b1446840e8f5f5a51d05772a6095b2ca2c644711a62257a16f3aa30c23be1bb8be56e4d06e2246df904881eefd4b52b33

Download Submit
/data/user/0/com.poetry.kernel/cache/Analysis/avoscloud-analysis
Filesize
652B

MD5
3f656abd40bc20f023c805e2c2d99434

SHA1
0778d2345ce21ce1f10ea834a65146ba4b42d904

SHA256
00719cfbb846b6a058a61f5ff61202d64a31b1b1bc77dcdbd146ed64616340d6

SHA512
ac481cf4053e458a025cda885757879efcfe7bd623c5dc2a60b689bb8caeeb002aab8559ee70ba1e00627ac2eafc4f4e41037ea073540754290ab1c1053fb3eb

Download Submit
/data/user/0/com.poetry.kernel/cache/CommandCache/415f9c19f3f5720001443a80e9121dba
Filesize
1KB

MD5
e1c045fa5e779fb61e1ce97a98855baf

SHA1
125759300f44bd307c5f78ddfd258d71aad6a414

SHA256
8577274168f062749122f633867fcaece463b1d060bfd28677dd7a1f56792f35

SHA512
177d0a41a6874db6182cd6843ab0af44a4707d428172257654007bdbc17a6d36cb7005a74244e42ff8282d575cb427cb2ca45500cfeefc9519b8fa93a5915851

Download Submit
/data/user/0/com.poetry.kernel/cache/CommandCache/4e87962f6f7cfb24cecf9eeb0a45a90f
Filesize
972B

MD5
daa0318292b6a42b811dd2c2462b60b3

SHA1
02501fbca8243ad62d40b37506b24d64b3d5d08d

SHA256
9698a1f81a81e05f923769f22fd63ddb26febc480bb16f6a1f75be26a6249a64

SHA512
ef75a4c2142f94babec6c7772192842e1defeba2373d9aa369d82caac1327f4a7391235ef559d890b8863c0ff3cef28a3175bc6b83ef0b48af6944185aea900e

Download Submit
/data/user/0/com.poetry.kernel/databases/sutra.db
Filesize
48KB

MD5
484114bad7d47aacaeb0b138aaae7e20

SHA1
e821970089f2382b143897d87a0c546b08a93d75

SHA256
e2a1d1523221c1ca8ec463daab1ce49c94fae886bf64997205e2cbcdf793bbb5

SHA512
265617f9364522a16351ccaadb94557f5493258412977588c1f7e558759d1ff3408ad7ccbd6f9a4db4cf97f73147d4a5b51cb89c5ac690d0fc291e473c1c16d1

Download Submit
/data/user/0/com.poetry.kernel/databases/sutra.db-journal
Filesize
512B

MD5
68b260d39fb0a38756bce530dcd86819

SHA1
75131ec2350375624100c89ffbb59281eb373f72

SHA256
ca27df5be93270dc426569b647034e1d124e1904358f796a0a643095274ab49b

SHA512
197abe4f046a23e94c3b8a1379d723944aa7713a178b7865211bd2ffc0a1774f2591f92c65c94478d406e6aab96b72e8947175ab5ac03bc9ea02e1058398cd6b

Download Submit
/data/user/0/com.poetry.kernel/databases/sutra.db-journal
Filesize
8KB

MD5
ce933477bb876c4ba8732673cdb03c02

SHA1
a292e8baa4ec05a19e4a6c7ff3e6ffb3fac66f1b

SHA256
9244b7d17e8855ab75b368e1a610e7989bcc20bfc54a301e83aa52c28a42e834

SHA512
fd31529e154e831bd1c10684b9ba599dca4cc54441de31618f79d4db354a51202e4f106585ef3b4a103943765af0d8f4c5c1cdb842d85cd29d83752975bd1fd0

Download Submit
/data/user/0/com.poetry.kernel/databases/sutra.db-journal
Filesize
8KB

MD5
988042c25a242de09fb4def2fdda8748

SHA1
4ef8ed09433a47f79f6ba11fcd953c8b09f73e8b

SHA256
155392e482f6a7e058c0bc74ab305cd9dbc957255adbabd05c9a2c5bc6156b49

SHA512
8a6d379873f25346d7e8ab770bb06a25b123b722cb305808d78cec5a548198cd822100b166c8a574d87803496a21c48bb35e188e25c68317cabc747d43191357

Download Submit
/data/user/0/com.poetry.kernel/databases/sutra.db-journal
Filesize
8KB

MD5
13c72228320101bb92d1a8db73ff2b62

SHA1
ccd9a108327c7aa7741b56426a97bb804155a86d

SHA256
9e4588de79d2f762ba245c8880d42cb9450727c0a5dafd5d62db5a56102d2698

SHA512
da8f417d9396ecb6da7cee1c30cf56b661ebff700d1e905afba13df4735b919c450b8dab8951193543227d9b719b383fc91ab8562baa752504b914791bc9cec7

Download Submit
/data/user/0/com.poetry.kernel/databases/sutra.db-journal
Filesize
8KB

MD5
32fe1f026c411b8fb9afbe3c185a5c82

SHA1
b8cf22196a7e74ce77c84cdf1a3b66eec0dc8480

SHA256
09dcdeeaa5076821eff01378c50afea5834e7a8d92c85b0e9784d13046f0ce82

SHA512
a5b73dcaf61b2657e593f34aa15a07d4b21c866e4a0d606a73f574cff8de61ddc1882d588bbdf90e3b0c0857bf30b5e50909320ee13fbe1da30b51089037299c

Download Submit
/data/user/0/com.poetry.kernel/databases/sutra.db-journal
Filesize
12KB

MD5
26177739b656f1e2ba26d4f804b6be58

SHA1
e4502a74ea25140b3dc629005175e252271ff6fa

SHA256
97e7011857c450ec75a9988458190e1b17faab02e48ef1e6e03431987c003a14

SHA512
c06a7214979fd104d15591088164220aaf953a1ff48c39aafc9d7d54392b9c471491f3f96bca4a608d827de64f32b1378c29eb0d4e1d85c4e45ce3b478784ec1

Download Submit
/data/user/0/com.poetry.kernel/files/.um/um_cache_1716367926643.env
Filesize
541B

MD5
086fa6a06800d6231c3af7bc0ada5dbc

SHA1
8fb35c6467808fa580cee43b71ad679ac44a211e

SHA256
82165a013f67d05633097c39e79a996b1c6f19cec42c9c430cd39c0b93513d7d

SHA512
c6cddb1e5883ce4bbfc79f78a6fdaec1d4a95f91b4be8458cce7b2cff5dc6c38314b84ee4dae0c173be81b618f8b528b96fd804c277eb267e61f8ba79a315d5d

Download Submit
/data/user/0/com.poetry.kernel/files/umeng_it.cache
Filesize
245B

MD5
00d6c7facf91078b9fc6cfd969dd723d

SHA1
1ddca1af72867b1687fe6b2d668a10e0dfcbe159

SHA256
7e2cec00e8f045d30e2fbffc1666babf1eb86fa16062b50ab57f7f0c374da8d4

SHA512
70f6387218d3f115ba276b7d9482a9be909703d8fd19817714598df602e1836fc9921422597dc63bd669fb800a71d48163688a64a46d68194ef749d2097e1241

Download Submit
/storage/emulated/0/Android/data/com.poetry.kernel/cache/uil-image/journal.tmp (deleted)
Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/storage/emulated/0/诗和远方/.背景/经典水墨#224KB$0/background.jpg
Filesize
58KB

MD5
3f76332da8c0ebd71e40ad11b08a651e

SHA1
3497c71ec53a3c7af629b7e88a5b425286e4f6ca

SHA256
a0f43888ca726aaf30fef42a792a05568ca7d1444a0cfe1b4fcc8ac182f16966

SHA512
f968e1b3a3cc446a413627def23fee85d20194b1bc305d25be576dd7d750bafc68baa18e04b8e7bf7c0af799af9f5a9355581449ddab229704e95af60754c82b

Download Submit
/storage/emulated/0/诗和远方/.背景/经典水墨#224KB$0/face.jpg
Filesize
18KB

MD5
ab0023b05c9f109985469a663aa6d654

SHA1
b0c4c7ac97563352f023098d95372236ae777c3c

SHA256
188ca46f91825a79f54ff918d19741b1a9a7d36f3a73db676cb5f924b0b3614f

SHA512
436b6b55741eb85a1613a0d8fa0bb2207aac5e042ee7b37356981d3afaf725e24129f51ac40fb2fdf9fd7216986e7f648320224ac35936df4ffe6318d3479692

Download Submit
/storage/emulated/0/诗和远方/.背景/诗和远方#504KB$0/background.jpg
Filesize
523KB

MD5
198fc53d2c6180c2cd19fc84a11e6f2d

SHA1
7bc1dab1ae571f5ce7930edc7a0eeb98aeb97a3d

SHA256
c6048f8240f2125c3251355ab2d772da1b00f0acb5a4f770d088871abda0b823

SHA512
7ebbc7acbf8eb9a568929b45dabd1716a212ae39624a293d07ef20576514e51eee2c4ced757a3c9f42f92fddf1ce37406c6137417fe6fc5f23da0f85fad34a01

Download Submit
/storage/emulated/0/诗和远方/.背景/诗和远方#504KB$0/face.jpg
Filesize
36KB

MD5
4059a0365bad7af6eaed593521622774

SHA1
7235ecadf58c955af6d3f95e90c677f77b16ec2e

SHA256
fcfaf70027c426ecc61cb60e1218217bf8f15842ac9e30215234651a61874e9f

SHA512
a7061ab6228c7ef84da579c395b5a3bae14497607efab02801ff5a76f68b676cc71d0c1cef9cb4ce066ec3ade13acc616a78f1456f193352dcd0aae51f4ec317

Download Submit