a8520cb8e1f421574928afa24e5e6a5d2e1d8637cc35b1501bcc887e38e8ed20

Analysis

max time kernel
154s
max time network
187s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
22-05-2024 16:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

67e2133fd6088603242c8e15d4110efb_JaffaCakes118.apk
Size

19.8MB
MD5

67e2133fd6088603242c8e15d4110efb
SHA1

97d4bb420b6de993ede52f9e09244aca62700e8f
SHA256

a8520cb8e1f421574928afa24e5e6a5d2e1d8637cc35b1501bcc887e38e8ed20
SHA512

6319802444ddfce3148e14e9dd0421428e86f5388e928fb071604310ee123ab262c1ed3b12c52db95575064f1a34acd1f4d04577394443ee97571d1a98a022f6
SSDEEP

393216:Nlc6/YieGvabeJdSyHxEk66T9guEYYuKHeamYsbi7ul8sUiIu2nFPVe:fh/YieGvQeJdSVkj9y3Vs+6l8sZZ2nFA

Score

8^/10

discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs
evasion

T1426

Processes:

com.shendeng.note

ioc process

/system/app/Superuser.apk com.shendeng.note
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.shendeng.note

description ioc process

File opened for read /proc/cpuinfo com.shendeng.note
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.shendeng.note

description ioc process

File opened for read /proc/meminfo com.shendeng.note
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.shendeng.note

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.shendeng.note
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.shendeng.note

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.shendeng.note
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.shendeng.note

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.shendeng.note
Reads information about phone network operator. 1 TTPs
discovery

T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.shendeng.note

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.shendeng.note

ioc	process
/system/app/Superuser.apk	com.shendeng.note

description	ioc	process
File opened for read	/proc/cpuinfo	com.shendeng.note

description	ioc	process
File opened for read	/proc/meminfo	com.shendeng.note

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.shendeng.note

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.shendeng.note

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.shendeng.note

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.shendeng.note

com.shendeng.note
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4526

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.shendeng.note/app_crashrecord/1004
Filesize
226B

MD5
9fb70293b4c05e1ce80a827fdf743791

SHA1
5b081d06174cfe391504e142313f07c69fe7f32b

SHA256
c5993d9a2811ede9aadecea77ef1f8e690ea548719786e97b61c73a14e632441

SHA512
4ef4fb5c009920f9679a1ac76ff116f3630bef996688968f91f112a24c6d3a59133386a9cced49ad49cbfb10da15ee58d15e60bdac85df27097a6104a5408eb5

Download Submit
/data/user/0/com.shendeng.note/app_crashrecord/1004
Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/data/user/0/com.shendeng.note/databases/bugly_db_
Filesize
52KB

MD5
e07738b9ed4eb397fa80ad84d0f1d2d7

SHA1
91b0e0aa4764b783333963018157dbf312104e8a

SHA256
0d7f1a5679cc800c6baf9b9bb50382be432593eb17ba427fa23219823a9ab6eb

SHA512
efc8997abc5b188dd0b297be61681a833e6fd02cd5b46142b0216731f8aa8bb1b2ca54bad8fbce178ecef15e8bc66005fc1db5b9b7c76619c3d67cd591b2635f

Download Submit
/data/user/0/com.shendeng.note/databases/bugly_db_-journal
Filesize
512B

MD5
ab346597cf104d785b15fdf880ea1ffb

SHA1
3c1997a30c660252b06c21daa8e7c7e188c94280

SHA256
99e457e40f59abda80b2c41b99a2340c42626465cb56096a35504af750053122

SHA512
dcc6c8be8dcc52a742baae604cb7245b8299c463e47b60119677ae89af61064dbdf2f9d036a97b30b5725769f6e12c3f100008a94b42e8b5c2a85b54da4a1a97

Download Submit
/data/user/0/com.shendeng.note/databases/bugly_db_-journal
Filesize
8KB

MD5
cbdc8a9edf24c1fee982bdb9c8fb6577

SHA1
40b8cdf8381ca18454e54a610337d139db36961c

SHA256
138874973121af61cd241bc0257a2c5e3034c8d8db487ebf480642c84ff812b6

SHA512
e3ac20c4dc65a131fe2557dc2ba3cf28e91f330eeab76dc282f9faa5ae436070fe8d74253a368adb26916b391e969ebbe0d7db238b63e226f5b0854c8a46cf63

Download Submit
/data/user/0/com.shendeng.note/databases/bugly_db_-journal
Filesize
8KB

MD5
0ee63fef83de1e0ddd4f06ec61c2f294

SHA1
8091ac5fc82eddc1c352eeda4cdd57c1a7b835d2

SHA256
f4dc953e67370da2d97044af65bb3537d7d14de5559342989dab0973a005d4d5

SHA512
db94ceb71a0dc7502a7a4c18f3115648f81220902a49d98b3fdc6d578de93983795e2471894a4b5712d56805881bbb4223c725d1638030e86ec0fac6fb74bbcd

Download Submit
/data/user/0/com.shendeng.note/databases/bugly_db_-journal
Filesize
8KB

MD5
fde63f31eb21f84eee4efe8763bb2d9c

SHA1
5613734958135436434196a752ae9df286494902

SHA256
6cb5a26a0e680e8ec248de88071602a2ad854e92459f82407148919c1d2f45e1

SHA512
f6a79a43fb9193919ac4fec67a176346289b087cafbca051ff0ebb620260c0bc2cb6da591a88ea034ac4ef2e7338071dcb887c2e9b52c123ed5f98363a1ad8cd

Download Submit
/data/user/0/com.shendeng.note/databases/bugly_db_-journal
Filesize
8KB

MD5
544971ac5d11388d1b7f9ad62c1536b0

SHA1
1a68e2101b1f30b283b41da50916a5aac6344947

SHA256
d8d8996ee1f3a2d358bca3a507035367258a8cc3fa00cc3fc476e1e65b5f447a

SHA512
ec321da5eaa67168efefb3c64e8931f2bd42ceb7df9b0a7a2cc51b0da94f1d778ebc5c2cf51af70cd473841d14a3385f4c8f188b836010a56c203dfac23319ef

Download Submit
/data/user/0/com.shendeng.note/databases/thinkive.db
Filesize
32KB

MD5
9f871ee9706118cee3914f7d4cb77a46

SHA1
7620bd6021f0cb1e75edf5d6687897d873f1c2de

SHA256
87eb26f6a27678f62d0d6ddbe1d1e0c6ae5cb577986ac2a050b1fc85af6e8371

SHA512
10bdd38e591498396d73506834e8cb5210db9e442b8e77a0dcf22391fe59ba2a80dc9ea4f27738db883cd8499abee45710df0286e926859af03d3ecb1a2c5496

Download Submit
/data/user/0/com.shendeng.note/databases/thinkive.db-journal
Filesize
512B

MD5
f9a58bdd000fd8e97f92c4d0adf93047

SHA1
f16d1e49066cbd4dc642739200c903c0dd4b0576

SHA256
44f9501111cce816fd6d9e125fae02c75d226870aa57da693b3e45a2a640a272

SHA512
3aa1ff16896a6b4c028e80f3959e1bbc470a73f2cbb9dc2d3dbb335e6b1fef37e29af4b04e1a3525806f1a6597bb12d038d97e24803a294d4b5208717a978512

Download Submit
/data/user/0/com.shendeng.note/databases/thinkive.db-journal
Filesize
8KB

MD5
d28b3b239cee2aef62c67a07908c659b

SHA1
a4fcd4a8adc87786cdccebea67d7c83e74fe3bbb

SHA256
06864dc8a0c98b8a56931fd3ab18905696a61eb53ac489eb5c2709fdef66816a

SHA512
d0556d5d972b983eece2f17ed384e335d4af19c74f1577ea1d5cb184d88f4246e91fb8d48727024a550a80c3572c2f961b4289dcbfbf29e6a3c427dee79b7a11

Download Submit
/data/user/0/com.shendeng.note/databases/thinkive.db-journal
Filesize
8KB

MD5
e8765d1efe0260bc0b1b2586b14d54de

SHA1
5fa5e4312ad2ba0b3b8100aa8a5f109139b7df2c

SHA256
4f17579ac0ebaa027e5bf26e815a1b78923f985652cae988b3b44f1ed9ccfddd

SHA512
8a8fbd26fb4380756f7a0df53795e83b25134208aff51d7970424a4624dfc9cae5e03087dc62d39d6389e1055132f02f0203dc82ec65ab4dfbbc49f7e0365038

Download Submit
/data/user/0/com.shendeng.note/files/.um/um_cache_1716395312740.env
Filesize
547B

MD5
8b27de59576eb58ebbc1a8542f051d3a

SHA1
27c185a20b31671f9543a119c2ff48f5e5e9a6fd

SHA256
d6b8497ae744aea5222a2a93e19b1021dc4c9ab3d49cf47d42798a8dc50d3202

SHA512
ff2556e47ed66eff57b37e096f570156eaea7d5036a4d74dc4472afed61d8ef0b51a6daddb711bfc0c30f6762dbf83ef92344acc065b61b57c70503274f4393a

Download Submit
/data/user/0/com.shendeng.note/files/umeng_it.cache
Filesize
245B

MD5
3cfc8a336e1acf5816a488f1173e983d

SHA1
45de4a1f2f02145c0d585ee1171818d7574a01c1

SHA256
949a8a4794fd75d426505ffe7eeba28f6249db1bd69537f1ee70acc59d2a89da

SHA512
c438962f88b3cbc45a36adcf1bdd8318d35da0ad241b65747893903c7c68e3f4adad400f13e235e86717627ed1768d0ddbb87476a1bc419fa73d8e939a7be349

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
111B

MD5
3fa266637c06fe1fd300b10b2ac078f4

SHA1
b76335386137d954bfecee2e43c81fbd3d7e3ac6

SHA256
6cadef9d528f3a7e72a2b34ec31956d30b883707f74ed38e9ae298edcd0bd88d

SHA512
729f7753c9f2585dadf863f85153b10b1a562bfb9b1f098811c47acccd306c81a56207101f8b43f237f6719521d9fbce7a6eda2ea97609e78844ac06268bb5ce

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml
Filesize
213B

MD5
fad175d8ba867621dd91a6cb0e83dffa

SHA1
70ce46cf032b235ff2f587e212a6f1bc06fcaa0b

SHA256
bb947a2909613a9041c4a9ea30af4118d4575d0b95f9ad24ac73972e86d2ea08

SHA512
6cc9c6e6c244a3a329282e90ac82702125ef0eca538bc06cbbfe47f4aaf8c3f2205aecd7967b4e8f281bbd0160d296e013714ed3d6a2344ff22895264a96e774

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
111B

MD5
1d92125d34eed2130be7cf60d57c6ec1

SHA1
f07ecaf6f90b7ca4aa4d33bebe0e92d6e110ff01

SHA256
9a12762e44a5d49dbc4339f8ab5df4305d611dd3581796694000ad3a5ddc7a69

SHA512
2c1a865d3816c2481b1cf85eab10a0cc382ea89587b4a547b03ce871d047e64884da8fc73a89877d187912c4bafdbf4bcd59f758e5af3eda540ece7ad33e3649

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
Filesize
167B

MD5
f477f354ed2b24d66aa5739f362f71c7

SHA1
d7f3805cd962d6e1e385cef4a942969cff97e290

SHA256
0552dfb656a61944ff29e76b8ab25bfbae65f182cef4216f47c036e89f5a91ec

SHA512
4db1f60def592f5ed8f7f3ef860710d97fc3e5e91820ca4f6ceb46e3d5ee4a99abaa83146f6d0365bafb0100595cad17bceed0cba4205f9badacfaa4e29eb1b8

Download Submit
/storage/emulated/0/thinkive/app.log
Filesize
114B

MD5
93f3fc764bfa0d52edabe073de799805

SHA1
b46ac8ede1f0bf74a07d9c7cabe88539b7d68781

SHA256
5927e68d363cb0c54033a4ce156a544010f33b25c635124fd8b18cf92d3bb50d

SHA512
dbf51be4d781e579ed15e5385b28c60c219007b2b0a2a620f514e5b0a3c3ac647212983fef9230ce0a3fb523072f570384bafcaad30cfcc26624ba5f930a4377

Download Submit
/storage/emulated/0/thinkive/app.log
Filesize
108B

MD5
e5f6e431efb05dfcda2faa2cfe47f81a

SHA1
3f3e61f24f7ca83f68f2d9b7be33cc0b386b2a4f

SHA256
ec3edf6f1bd92db79d1ca5f75449d03d014cb7730aee7bda014b934206fefd3a

SHA512
93f4308886a3142731738f69152d75f18a8e5f5454d45d31b619646515e44047a667acdd87421c6654e1eabd323d877e7b30c552f55ca4cf703a88db3e3e85bb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads