a8520cb8e1f421574928afa24e5e6a5d2e1d8637cc35b1501bcc887e38e8ed20

Analysis

max time kernel
154s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 16:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

67e2133fd6088603242c8e15d4110efb_JaffaCakes118.apk
Size

19.8MB
MD5

67e2133fd6088603242c8e15d4110efb
SHA1

97d4bb420b6de993ede52f9e09244aca62700e8f
SHA256

a8520cb8e1f421574928afa24e5e6a5d2e1d8637cc35b1501bcc887e38e8ed20
SHA512

6319802444ddfce3148e14e9dd0421428e86f5388e928fb071604310ee123ab262c1ed3b12c52db95575064f1a34acd1f4d04577394443ee97571d1a98a022f6
SSDEEP

393216:Nlc6/YieGvabeJdSyHxEk66T9guEYYuKHeamYsbi7ul8sUiIu2nFPVe:fh/YieGvQeJdSVkj9y3Vs+6l8sZZ2nFA

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.shendeng.note

description ioc process

File opened for read /proc/cpuinfo com.shendeng.note
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.shendeng.note

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.shendeng.note
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.shendeng.note

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.shendeng.note
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.shendeng.note

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.shendeng.note
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.shendeng.note

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.shendeng.note
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.shendeng.note

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.shendeng.note

description	ioc	process
File opened for read	/proc/cpuinfo	com.shendeng.note

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.shendeng.note

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.shendeng.note

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.shendeng.note

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.shendeng.note

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.shendeng.note

com.shendeng.note
1⤵
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4305

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.shendeng.note/app_crashrecord/1004
Filesize
226B

MD5
07915fc1860deac08de65031af36d3df

SHA1
8111bacdfd35c112fc8a02e2027f5c604be4a84e

SHA256
6f4f814248f61ad995c6199af230627e537d031ad29a58655efb5c262f3974c9

SHA512
b07657a56b38d7156294e304eb1750f21782ea0deebe1d99ea8518c5ab3058e006cc6ec953f9fa2a7d1334cd8397f8ebea437b2da2cebb16767f185489639ad5

Download Submit
/data/data/com.shendeng.note/app_crashrecord/1004
Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/data/com.shendeng.note/databases/bugly_db_
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.shendeng.note/databases/bugly_db_-journal
Filesize
512B

MD5
423c6d4620f72706727a44784ae3b9c2

SHA1
4ca72de1af19d5fd648dfea02de0941ee432974f

SHA256
940f6f8dfbd04cb8ec43243d840a100035f8f14e29c608e01d36ef039799b398

SHA512
6422927e3c0b5197b4207427d6931d402224ee366a9dfcdcb892848ea606dc4aa682422b1b7bc31f8ce0aadb6a0468251877b94c4b57126dbcebfd83a8c87ed9

Download Submit
/data/data/com.shendeng.note/databases/bugly_db_-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.shendeng.note/databases/bugly_db_-wal
Filesize
72KB

MD5
21822214cb65e4b7b53c2f369511f307

SHA1
e39509e376313b24294433f8fe512a0ee444b8ee

SHA256
b4c2bd554b307d028e0bf0a0730efa5ec788c8e595bede20d565d17b617f6fe5

SHA512
2facf8a0bd71c8325c360d513d770f341556d2d8f9bce6b42ea4bfcdb2fdf6f4da17dcf33d07c9aeeaea1641e1bea484e919cd4ddf60884e1afa2df11175dbec

Download Submit
/data/data/com.shendeng.note/databases/thinkive.db-journal
Filesize
512B

MD5
74b05c58ce79c82221fc62e88ab1e9d1

SHA1
c4f5f2c60fdb5dc0fe9b37dcfa8d81fa97ba9c99

SHA256
8b46587d9e9bdc78519b393d81e4d0b2073b899cf4680cbb4f793b369d9ecc29

SHA512
7441e8a2ffe6aa88251c6359c7d975655d04ee3a5248f26370e67fcd705f98716327089e2a17496353c039c41a4982f9cba859df45a28e05ca6e94258a2260cf

Download Submit
/data/data/com.shendeng.note/databases/thinkive.db-wal
Filesize
44KB

MD5
f5f9eea85072650ebbaeca772025fa28

SHA1
eb3596c80b6658f96376850b1ffcb7dd47dd0d1b

SHA256
b206e956f9719be7acd08f41987fe1f5e5a5e3f5add737e386e456dbe27de50b

SHA512
ccc18deca357c3b17a1dd3c20794f58c8f974535e20c3eaf32ed4d61236a109df641d18a48b22540ea91b8eaf80136e70f7c7004f1893b5747b3f001b1ae01bf

Download Submit
/data/data/com.shendeng.note/files/.um/um_cache_1716395317457.env
Filesize
572B

MD5
8f6db86f8819c2df27789ccf4eea5ae0

SHA1
9e463e770cb1bd0b8702b7dbd496ac5d7ea82983

SHA256
4860183dab4b442366f9d9ec41a57f3e196b035387b9ac2727885f629337d41b

SHA512
9b1276a1b822aed11b48a96f1eb05495c4eab21256b1171163aa71149b83573ebf13eb06d94a4aba930e1cbf466615ba571ddde978a07bb4446d2016cc05a35b

Download Submit
/data/data/com.shendeng.note/files/umeng_it.cache
Filesize
310B

MD5
eb32a94eeb85f13cf3cbc1bcb8f8390b

SHA1
d3ee4aae93d62b0e94b4baacf79c1a238262bfcb

SHA256
3ef8108da3b993cc2ab6b6a7984ee8fa994fb2eafa39e85f310d275ed325de9d

SHA512
2c54887db3d796bb40e979365363e7d18fd290e21afc6fbaa404ef46aaafdb7cd557fd55f5d253e49f8f10bd8bd4a3a44061ab37176ca5af8b5d3b1b7ae39066

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
111B

MD5
a5d3d43152bef260ceaeb264171c8500

SHA1
8883fd1cfd3a05a98015879b8b1a3cc5779789b0

SHA256
7b3043cf13d900f8cb934de2f7ffe4ab72c4bbaa681f7bc7cc27381a0877f59b

SHA512
cd4627a8d8c20b2c51a66c6fd05c7534eb002d80d72dd7b99f8e002be2f29a32bab9dce3d1356383f0887b1347e7415f90a1362a059041830e70ece37b542080

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
213B

MD5
766baaa992a7f38400e97e6645342346

SHA1
843749e40473f0f6bde28920053af349b8b18e0d

SHA256
27e01412470e3fba2cc727a65c69bfc087184e91b0dc192bec620f9b2b75aad5

SHA512
a4545cfbd71db22b3ff51f78c8f2a990603b32dc5594073c9becb1e5b01da5fabf546d4fea65c62217397aa6363a3ea02af0ba18100a010b91f874a870d69ddb

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
111B

MD5
57d75e1dce80f12fb4d2a22203cfb947

SHA1
31ae18e831225ee62f25fcf46113117aa9b25b8e

SHA256
3fa4b8bc7b647edf846d82b77c6366afb77f1c0816f2dc92d60a72872de88254

SHA512
1ca3656f3c8d5d60195bcbe72c37d98a2159721a2d0416a3c7b6e61e43b9e37c49d9e883aad1da983f8a9520b240a6e128b32867e5919722ee359e6aca9340f1

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
167B

MD5
598d551a3d1730b5fddc0498c3713614

SHA1
8f89c497e167e9e714cd7a3de6d8cd41a25c0100

SHA256
43e1ef4fd5fc397cfd876923ddfa5964feacfd7f1f28e2b41b3825049bf1197b

SHA512
2976247f24b1cca3cca9f073a00d7903e712fe7187a756b5e7dd06efecbe9d3b22ee76d1d47cee8ab3a9d7ddad9109309224ff6681f6db5649cee3e13063bc95

Download Submit
/storage/emulated/0/thinkive/app.log
Filesize
114B

MD5
2d7013a366fd0257f35d6b4fdd446ad7

SHA1
62e94d05264ad6718d09f5cd73ab6ccd74ffa039

SHA256
6970c94202fa423335a413b3f0f964fdea506822e02316cfad7c7a650a61f90d

SHA512
31a0399f9fbb7d586f7983dda1148be807eb6ea2c53a40a07c50151daa525e5616fd375bc906dd95e0db121575384995ddfb4201ef7daec99348e97f2347d93a

Download Submit
/storage/emulated/0/thinkive/app.log
Filesize
108B

MD5
6c6401148c88f386945547fc4468764d

SHA1
6ffcc95cec0526542fa2dbbbd570f84989f0840b

SHA256
9cf53572ac1b627fa71d41c04fd14a75794e1c3eca84497963b00f71acb547cf

SHA512
2616b7699bb96368a79cfeffac13af9c5636de4873f9736b180c61b58cf44eb2f062d03e6148d3ef31afa36b34cbab5eb481fce76832742f260c9e89a8adf80f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads