36f7fddcea9b92869a582e43772f86e17d996d73b9f172ff5be834c1f8649a18

Analysis

max time kernel
68s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 13:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6777d1c63e11aeafacfb47a0bb505672_JaffaCakes118.apk
Size

1.7MB
MD5

6777d1c63e11aeafacfb47a0bb505672
SHA1

adc269db01b7a96da27459c5f3652ae9a5947dc6
SHA256

36f7fddcea9b92869a582e43772f86e17d996d73b9f172ff5be834c1f8649a18
SHA512

dce9e1e5cc4f8c4668cac8e39c4b52f5a2560220aed94cf972d29ce2fbe34fcc8e9ef340f7de29491b827af099ec7c5ae8a7a82d9e72eac51fbeb359e42a098d
SSDEEP

49152:VVni4ZT5MQdRL/2dZb5aWivyWGwyLY8Xt3HOPIqGXSh5:Ti4ZTaQdIl5m6lw0Pd3nK

Score

8^/10

banker discovery evasion impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Checks Android system properties for emulator presence. 1 TTPs 1 IoCs
evasion

T1633.001

Processes:

kx.app.notes.diary.memo

description ioc process

Accessed system property key: ro.product.model kx.app.notes.diary.memo
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

kx.app.notes.diary.memo

description ioc process

File opened for read /proc/cpuinfo kx.app.notes.diary.memo
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

kx.app.notes.diary.memo

description ioc process

File opened for read /proc/meminfo kx.app.notes.diary.memo
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

kx.app.notes.diary.memo

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone kx.app.notes.diary.memo
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

kx.app.notes.diary.memo

description ioc process

Framework service call android.app.IActivityManager.registerReceiver kx.app.notes.diary.memo
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

kx.app.notes.diary.memo

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo kx.app.notes.diary.memo
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

kx.app.notes.diary.memo

description ioc process

Framework API call javax.crypto.Cipher.doFinal kx.app.notes.diary.memo

description	ioc	process
Accessed system property	key: ro.product.model	kx.app.notes.diary.memo

description	ioc	process
File opened for read	/proc/cpuinfo	kx.app.notes.diary.memo

description	ioc	process
File opened for read	/proc/meminfo	kx.app.notes.diary.memo

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	kx.app.notes.diary.memo

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	kx.app.notes.diary.memo

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	kx.app.notes.diary.memo

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	kx.app.notes.diary.memo

kx.app.notes.diary.memo
1⤵
- Checks Android system properties for emulator presence.
- Checks CPU information
- Checks memory information
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4331

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/kx.app.notes.diary.memo/cache/1582435991586.jar
Filesize
9KB

MD5
e8e0527a01aefdb89afd2c508f131da1

SHA1
f1103e6b260c657ceb3d95f1b023af3fda8b133a

SHA256
f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce

SHA512
fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

Download Submit
/data/data/kx.app.notes.diary.memo/databases/note.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/kx.app.notes.diary.memo/databases/note.db-journal
Filesize
512B

MD5
4e2439dacc86243f8eb1c393a7b11289

SHA1
078a780621a86511b2fbb5b8221537ebe24ce940

SHA256
24db42b9c03a21275e97b0ab2a212b4a360714d710ee46a959f53db5d30e9939

SHA512
f10207bd9c2d5d2a7fa14180f1aab66e81154a8524d1dd20a0c73ab32ab19d320d0e4cd8e28f90abc7ef8e7957b011a5df6678f15e9666339777894d10ba722a

Download Submit
/data/data/kx.app.notes.diary.memo/databases/note.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/kx.app.notes.diary.memo/databases/note.db-wal
Filesize
60KB

MD5
58508500876c013a50afeebe18ca967e

SHA1
75a6a29a70a173dc71d825919f2798961c5a9987

SHA256
4cdce9d65f93ba9a7a2c92aabe10cd232c60481ab4a784b2fdf8dd450f05ce6a

SHA512
ede0494fd63e65be65f9e3938004d96638e5ced89c7fe2495f15d64a6a6a1fe75ab409bf0126a208b8e62366af6c505fc343678d91c6c77a988ddc34020ba1c1

Download Submit
/data/data/kx.app.notes.diary.memo/files/mobclick_agent_cached_kx.app.notes.diary.memo
Filesize
121B

MD5
9dd64e77198123b51473b8d000de61b1

SHA1
2b1767c40f204ccc03115f5c56fd48a923a79c5e

SHA256
27af28a238bcf6497cffd20cf510cad3bf35d356071f03e61d8ad2a88d5bbc1d

SHA512
1f74a7ff2f3330d28c6b917fa21077493a6aaef33e3d81d5a27957f1a2e350e4327b6e76165f0e2d78dbd8bd94f0e80164332a540a598577739432a3fb8a5813

Download Submit
/storage/emulated/0/gift/hd.camera.photo.gallery.editor.cc
Filesize
11KB

MD5
91fa277ec9ca66a8f08dee6e7d3abc05

SHA1
474d7647bb06c15e7c01e8199316d0f01b45a891

SHA256
d5a82451822919a78c05871a9ba0b6d0032538619a2bd39481fdbdfede252812

SHA512
8dcfc2945eb0091d1f65438c104afe8d04f363394880fae29cd0b66a6fa8a20b42eba650acc36810e9a5f6879267da864fc19111996eb640507b072c6f7a40a4

Download Submit
/storage/emulated/0/gift/kx.photo.editor.effect.cc
Filesize
10KB

MD5
08b17796b7ef0c74f4904125a25be59e

SHA1
fa0d48484ed34214623b5f3b9a7526fffe658257

SHA256
3744fa31d2406dfa2cda308e470ac605175385b669cbc3aa31d8ea8e76feb93b

SHA512
2d18ecf25494f5b4592647010f517cf02d7720b30f06b861ab915edbda838d06e1edde76182d0303f025444fb8e2948ed77543ed7afdb90f41e830e4622dafbb

Download Submit
/storage/emulated/0/gift/picture.image.photoeditor.photogallery.folder.cc
Filesize
9KB

MD5
30d8054c9e94aad0811a4b4572c04655

SHA1
cae7dc46ec6cbe665b751877b426c145d5ae3607

SHA256
176aa5f662ecb6d6c16c2d5cd05241bb47aa5fc4c235ae9543c39c2a8d1a20cc

SHA512
b7eafa83425c4c3b4e8d946ab0fd20bb885b386ff6ef30b8e03b20752b7a99178893b0b4797a5a8095743250a46e82892c480a013fb71e1802c039c02af82686

Download Submit
/storage/emulated/0/gift/tools.scanner.barcodescan.cc
Filesize
5KB

MD5
76da067927aec3ab9779da7d9d0d38a2

SHA1
50ce936df89d32ac8462aee1b77b45dc5ee437fd

SHA256
fbf3716610d8816d06530d296e84b200b5f0457a1dc8053487ab15c84d0678a8

SHA512
e72e9a8e1c54a1dbf03468a87ca612321210b7859bfae4db51267aecc11ac9f7e1f6d5993a395fa33dff9683d9ac658041ad95b561242999934d7f75bb248d9a

Download Submit
/storage/emulated/0/gift/tools.weather.forecast.cc
Filesize
17KB

MD5
e2f3f8e9cc9e06676544112970a98f67

SHA1
7aab947a8fe159e936fbfad5f1b3db7e8b859b5c

SHA256
2b7a57e33f30e9a8175ff66c25cc8bd71812cc56a4e76ada99daf20f0d237a44

SHA512
9832908b0b8b2c42dc73f0d071168d5581603fbc54ac05a07fd4e3aca02060e3f84985f6dce8737019d03d93d60278b3ea032900757ef7aef53a0fbe2fb187d4

Download Submit
/storage/emulated/0/gift/yong.app.notes.cc
Filesize
8KB

MD5
f86173a753d3035eb606ae552def33c6

SHA1
d1d22b0973dc0a7a9546ba25f143405ba4878f14

SHA256
4d1156d9b55fc48ac14bfce72c260ea86640d5aef0fae65a6af715ab89ebbf0b

SHA512
d6a66bec9a5e5a4b21a71782f15ad49d90f18f0cfdfc92878454d3427d37d48dbb9d83ccd791c0e2dd99478e0c76a079b497abe1fcdb059cbe7b977699331682

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads