Analysis
-
max time kernel
154s -
max time network
187s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system -
submitted
22-05-2024 16:27
Static task
static1
Behavioral task
behavioral1
Sample
67e2133fd6088603242c8e15d4110efb_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
General
-
Target
67e2133fd6088603242c8e15d4110efb_JaffaCakes118.apk
-
Size
19.8MB
-
MD5
67e2133fd6088603242c8e15d4110efb
-
SHA1
97d4bb420b6de993ede52f9e09244aca62700e8f
-
SHA256
a8520cb8e1f421574928afa24e5e6a5d2e1d8637cc35b1501bcc887e38e8ed20
-
SHA512
6319802444ddfce3148e14e9dd0421428e86f5388e928fb071604310ee123ab262c1ed3b12c52db95575064f1a34acd1f4d04577394443ee97571d1a98a022f6
-
SSDEEP
393216:Nlc6/YieGvabeJdSyHxEk66T9guEYYuKHeamYsbi7ul8sUiIu2nFPVe:fh/YieGvQeJdSVkj9y3Vs+6l8sZZ2nFA
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.shendeng.notedescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.shendeng.note -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.shendeng.notedescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.shendeng.note -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.shendeng.notedescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.shendeng.note -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.shendeng.notedescription ioc process Framework API call javax.crypto.Cipher.doFinal com.shendeng.note
Processes
-
com.shendeng.note1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.shendeng.note/app_crashrecord/1004Filesize
226B
MD59fb70293b4c05e1ce80a827fdf743791
SHA15b081d06174cfe391504e142313f07c69fe7f32b
SHA256c5993d9a2811ede9aadecea77ef1f8e690ea548719786e97b61c73a14e632441
SHA5124ef4fb5c009920f9679a1ac76ff116f3630bef996688968f91f112a24c6d3a59133386a9cced49ad49cbfb10da15ee58d15e60bdac85df27097a6104a5408eb5
-
/data/user/0/com.shendeng.note/app_crashrecord/1004Filesize
58B
MD50d210bfb2a0e1f1b4c082a6a0f79de07
SHA1bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1
-
/data/user/0/com.shendeng.note/databases/bugly_db_Filesize
52KB
MD5e07738b9ed4eb397fa80ad84d0f1d2d7
SHA191b0e0aa4764b783333963018157dbf312104e8a
SHA2560d7f1a5679cc800c6baf9b9bb50382be432593eb17ba427fa23219823a9ab6eb
SHA512efc8997abc5b188dd0b297be61681a833e6fd02cd5b46142b0216731f8aa8bb1b2ca54bad8fbce178ecef15e8bc66005fc1db5b9b7c76619c3d67cd591b2635f
-
/data/user/0/com.shendeng.note/databases/bugly_db_-journalFilesize
512B
MD5ab346597cf104d785b15fdf880ea1ffb
SHA13c1997a30c660252b06c21daa8e7c7e188c94280
SHA25699e457e40f59abda80b2c41b99a2340c42626465cb56096a35504af750053122
SHA512dcc6c8be8dcc52a742baae604cb7245b8299c463e47b60119677ae89af61064dbdf2f9d036a97b30b5725769f6e12c3f100008a94b42e8b5c2a85b54da4a1a97
-
/data/user/0/com.shendeng.note/databases/bugly_db_-journalFilesize
8KB
MD5cbdc8a9edf24c1fee982bdb9c8fb6577
SHA140b8cdf8381ca18454e54a610337d139db36961c
SHA256138874973121af61cd241bc0257a2c5e3034c8d8db487ebf480642c84ff812b6
SHA512e3ac20c4dc65a131fe2557dc2ba3cf28e91f330eeab76dc282f9faa5ae436070fe8d74253a368adb26916b391e969ebbe0d7db238b63e226f5b0854c8a46cf63
-
/data/user/0/com.shendeng.note/databases/bugly_db_-journalFilesize
8KB
MD50ee63fef83de1e0ddd4f06ec61c2f294
SHA18091ac5fc82eddc1c352eeda4cdd57c1a7b835d2
SHA256f4dc953e67370da2d97044af65bb3537d7d14de5559342989dab0973a005d4d5
SHA512db94ceb71a0dc7502a7a4c18f3115648f81220902a49d98b3fdc6d578de93983795e2471894a4b5712d56805881bbb4223c725d1638030e86ec0fac6fb74bbcd
-
/data/user/0/com.shendeng.note/databases/bugly_db_-journalFilesize
8KB
MD5fde63f31eb21f84eee4efe8763bb2d9c
SHA15613734958135436434196a752ae9df286494902
SHA2566cb5a26a0e680e8ec248de88071602a2ad854e92459f82407148919c1d2f45e1
SHA512f6a79a43fb9193919ac4fec67a176346289b087cafbca051ff0ebb620260c0bc2cb6da591a88ea034ac4ef2e7338071dcb887c2e9b52c123ed5f98363a1ad8cd
-
/data/user/0/com.shendeng.note/databases/bugly_db_-journalFilesize
8KB
MD5544971ac5d11388d1b7f9ad62c1536b0
SHA11a68e2101b1f30b283b41da50916a5aac6344947
SHA256d8d8996ee1f3a2d358bca3a507035367258a8cc3fa00cc3fc476e1e65b5f447a
SHA512ec321da5eaa67168efefb3c64e8931f2bd42ceb7df9b0a7a2cc51b0da94f1d778ebc5c2cf51af70cd473841d14a3385f4c8f188b836010a56c203dfac23319ef
-
/data/user/0/com.shendeng.note/databases/thinkive.dbFilesize
32KB
MD59f871ee9706118cee3914f7d4cb77a46
SHA17620bd6021f0cb1e75edf5d6687897d873f1c2de
SHA25687eb26f6a27678f62d0d6ddbe1d1e0c6ae5cb577986ac2a050b1fc85af6e8371
SHA51210bdd38e591498396d73506834e8cb5210db9e442b8e77a0dcf22391fe59ba2a80dc9ea4f27738db883cd8499abee45710df0286e926859af03d3ecb1a2c5496
-
/data/user/0/com.shendeng.note/databases/thinkive.db-journalFilesize
512B
MD5f9a58bdd000fd8e97f92c4d0adf93047
SHA1f16d1e49066cbd4dc642739200c903c0dd4b0576
SHA25644f9501111cce816fd6d9e125fae02c75d226870aa57da693b3e45a2a640a272
SHA5123aa1ff16896a6b4c028e80f3959e1bbc470a73f2cbb9dc2d3dbb335e6b1fef37e29af4b04e1a3525806f1a6597bb12d038d97e24803a294d4b5208717a978512
-
/data/user/0/com.shendeng.note/databases/thinkive.db-journalFilesize
8KB
MD5d28b3b239cee2aef62c67a07908c659b
SHA1a4fcd4a8adc87786cdccebea67d7c83e74fe3bbb
SHA25606864dc8a0c98b8a56931fd3ab18905696a61eb53ac489eb5c2709fdef66816a
SHA512d0556d5d972b983eece2f17ed384e335d4af19c74f1577ea1d5cb184d88f4246e91fb8d48727024a550a80c3572c2f961b4289dcbfbf29e6a3c427dee79b7a11
-
/data/user/0/com.shendeng.note/databases/thinkive.db-journalFilesize
8KB
MD5e8765d1efe0260bc0b1b2586b14d54de
SHA15fa5e4312ad2ba0b3b8100aa8a5f109139b7df2c
SHA2564f17579ac0ebaa027e5bf26e815a1b78923f985652cae988b3b44f1ed9ccfddd
SHA5128a8fbd26fb4380756f7a0df53795e83b25134208aff51d7970424a4624dfc9cae5e03087dc62d39d6389e1055132f02f0203dc82ec65ab4dfbbc49f7e0365038
-
/data/user/0/com.shendeng.note/files/.um/um_cache_1716395312740.envFilesize
547B
MD58b27de59576eb58ebbc1a8542f051d3a
SHA127c185a20b31671f9543a119c2ff48f5e5e9a6fd
SHA256d6b8497ae744aea5222a2a93e19b1021dc4c9ab3d49cf47d42798a8dc50d3202
SHA512ff2556e47ed66eff57b37e096f570156eaea7d5036a4d74dc4472afed61d8ef0b51a6daddb711bfc0c30f6762dbf83ef92344acc065b61b57c70503274f4393a
-
/data/user/0/com.shendeng.note/files/umeng_it.cacheFilesize
245B
MD53cfc8a336e1acf5816a488f1173e983d
SHA145de4a1f2f02145c0d585ee1171818d7574a01c1
SHA256949a8a4794fd75d426505ffe7eeba28f6249db1bd69537f1ee70acc59d2a89da
SHA512c438962f88b3cbc45a36adcf1bdd8318d35da0ad241b65747893903c7c68e3f4adad400f13e235e86717627ed1768d0ddbb87476a1bc419fa73d8e939a7be349
-
/storage/emulated/0/.DataStorage/ContextData.xmlFilesize
111B
MD53fa266637c06fe1fd300b10b2ac078f4
SHA1b76335386137d954bfecee2e43c81fbd3d7e3ac6
SHA2566cadef9d528f3a7e72a2b34ec31956d30b883707f74ed38e9ae298edcd0bd88d
SHA512729f7753c9f2585dadf863f85153b10b1a562bfb9b1f098811c47acccd306c81a56207101f8b43f237f6719521d9fbce7a6eda2ea97609e78844ac06268bb5ce
-
/storage/emulated/0/.DataStorage/ContextData.xmlFilesize
213B
MD5fad175d8ba867621dd91a6cb0e83dffa
SHA170ce46cf032b235ff2f587e212a6f1bc06fcaa0b
SHA256bb947a2909613a9041c4a9ea30af4118d4575d0b95f9ad24ac73972e86d2ea08
SHA5126cc9c6e6c244a3a329282e90ac82702125ef0eca538bc06cbbfe47f4aaf8c3f2205aecd7967b4e8f281bbd0160d296e013714ed3d6a2344ff22895264a96e774
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
65B
MD59781ca003f10f8d0c9c1945b63fdca7f
SHA14156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA2563325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA51225a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
111B
MD51d92125d34eed2130be7cf60d57c6ec1
SHA1f07ecaf6f90b7ca4aa4d33bebe0e92d6e110ff01
SHA2569a12762e44a5d49dbc4339f8ab5df4305d611dd3581796694000ad3a5ddc7a69
SHA5122c1a865d3816c2481b1cf85eab10a0cc382ea89587b4a547b03ce871d047e64884da8fc73a89877d187912c4bafdbf4bcd59f758e5af3eda540ece7ad33e3649
-
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xmlFilesize
167B
MD5f477f354ed2b24d66aa5739f362f71c7
SHA1d7f3805cd962d6e1e385cef4a942969cff97e290
SHA2560552dfb656a61944ff29e76b8ab25bfbae65f182cef4216f47c036e89f5a91ec
SHA5124db1f60def592f5ed8f7f3ef860710d97fc3e5e91820ca4f6ceb46e3d5ee4a99abaa83146f6d0365bafb0100595cad17bceed0cba4205f9badacfaa4e29eb1b8
-
/storage/emulated/0/thinkive/app.logFilesize
114B
MD593f3fc764bfa0d52edabe073de799805
SHA1b46ac8ede1f0bf74a07d9c7cabe88539b7d68781
SHA2565927e68d363cb0c54033a4ce156a544010f33b25c635124fd8b18cf92d3bb50d
SHA512dbf51be4d781e579ed15e5385b28c60c219007b2b0a2a620f514e5b0a3c3ac647212983fef9230ce0a3fb523072f570384bafcaad30cfcc26624ba5f930a4377
-
/storage/emulated/0/thinkive/app.logFilesize
108B
MD5e5f6e431efb05dfcda2faa2cfe47f81a
SHA13f3e61f24f7ca83f68f2d9b7be33cc0b386b2a4f
SHA256ec3edf6f1bd92db79d1ca5f75449d03d014cb7730aee7bda014b934206fefd3a
SHA51293f4308886a3142731738f69152d75f18a8e5f5454d45d31b619646515e44047a667acdd87421c6654e1eabd323d877e7b30c552f55ca4cf703a88db3e3e85bb