b53bba9017f1bab8719103d94a134d935da4cfbaf44e127976e545b0bbb52767

Analysis

max time kernel
3s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240611.1-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
submitted
13/06/2024, 08:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a48ad2ac27e8eb3eec881563009a2e5f_JaffaCakes118.apk
Size

17.3MB
MD5

a48ad2ac27e8eb3eec881563009a2e5f
SHA1

066840b8ed3ba904981a3f65a8e8a1e752ffd3b4
SHA256

b53bba9017f1bab8719103d94a134d935da4cfbaf44e127976e545b0bbb52767
SHA512

da9e31d4060b3bdc30b4f60e365e8056d2a3196b28635fde33c3a9a64a0a2cb1426233e6e3b289c450c2b577b84be269ee5541e20f2af9da69e8b7ec5dab4d60
SSDEEP

393216:9GOkbrcuTuACdYcM01wJILFwboDUAXwQ8qUIWpBxzKQqrB:f4cI0dYcj1wiLFh4AAAdqBxPO

Score

7^/10

evasion

Malware Config

Signatures

Checks Android system properties for emulator presence. 1 TTPs 7 IoCs

evasion

System Checks

T1633.001

description	ioc	Process
Accessed system property	key: ro.bootloader	net.apphezi.yysbox
Accessed system property	key: ro.bootmode	net.apphezi.yysbox
Accessed system property	key: ro.hardware	net.apphezi.yysbox
Accessed system property	key: ro.product.device	net.apphezi.yysbox
Accessed system property	key: ro.product.model	net.apphezi.yysbox
Accessed system property	key: ro.product.name	net.apphezi.yysbox
Accessed system property	key: ro.serialno	net.apphezi.yysbox

Checks Qemu related system properties. 1 TTPs 7 IoCs

Checks for Android system properties related to Qemu for Emulator detection.

evasion

System Checks

T1633.001

description	ioc	Process
Accessed system property	key: init.svc.qemud	net.apphezi.yysbox
Accessed system property	key: init.svc.qemu-props	net.apphezi.yysbox
Accessed system property	key: qemu.hw.mainkeys	net.apphezi.yysbox
Accessed system property	key: qemu.sf.fake_camera	net.apphezi.yysbox
Accessed system property	key: ro.kernel.android.qemud	net.apphezi.yysbox
Accessed system property	key: ro.kernel.qemu.gles	net.apphezi.yysbox
Accessed system property	key: ro.kernel.qemu	net.apphezi.yysbox

Checks known Qemu pipes. 1 TTPs 2 IoCs

Checks for known pipes used by the Android emulator to communicate with the host.

evasion

System Checks

T1633.001

ioc	Process
/dev/socket/qemud	net.apphezi.yysbox
/dev/qemu_pipe	net.apphezi.yysbox

Checks the presence of a debugger
evasion

net.apphezi.yysbox
1⤵
- Checks Android system properties for emulator presence.
- Checks Qemu related system properties.
- Checks known Qemu pipes.
PID:4475

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/net.apphezi.yysbox/files/libexec.so

Filesize
419KB

MD5
c1fc4f2b5d8fa9dd603d29d2eb6907b8

SHA1
2f247fbaddfb14f4167eb83bb449f6143839244c

SHA256
34add2a63a2aa20f435664b17b5021e26df9f68c303733a3b0a933e984a24464

SHA512
a2b7469e49c8c77dce6f76520c5dfea2fdc781e802b35ca51f3376aedcead67778f5d2c6e942edbc0ae584631ce95d32edd52fd2ab2f41846bbb28637adf248b

Download Submit
/data/user/0/net.apphezi.yysbox/files/libexecmain.so

Filesize
5KB

MD5
fe7c7b8467302941f8dd4c02297b0f51

SHA1
22885dc2c6381b2254a2b24c9f9e6f7f4f612c0f

SHA256
83d8f2ba3574e80746e2a337f158b0471f048009c24edab938b4206a768b9bc8

SHA512
b9085ada66ed73ab6a9b93d4216d57420b39e6d3d77883f8dead5fd38b6fa684a94f253e5cfd0454f72512987e036388061ccbecc1990547e89c2a92646401d8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads