caabebe2461da28001f0eefc7ed19e68c6d1f8067cd0a9c7e07c8418786c8d81

General

Target

054e60f9ee37974520ea50150b93bceb_JaffaCakes118.apk
Size

1.8MB
MD5

054e60f9ee37974520ea50150b93bceb
SHA1

32648bf136383490e1c734bd9d4012774eb27ed3
SHA256

caabebe2461da28001f0eefc7ed19e68c6d1f8067cd0a9c7e07c8418786c8d81
SHA512

1a4862587ea017013c07698da94f9bc322a02a5d6a0c75644188e6c67ae19a06d45f9a07797e95433ef7770ec5dcbf3a3fbe75bda86acfd454c7589da71f08b3
SSDEEP

49152:GlhZ5zApcRgrJpKLQ/Y+DEQlarRzzCtO5F2C:GlRzApcGrJsMYxQl+tGtoF2C

Score

7^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.wmgoo.www

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.wmgoo.www

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.wmgoo.www

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.wmgoo.www

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.wmgoo.www
Framework service call	android.app.IActivityManager.registerReceiver	com.wmgoo.www:pushservice

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.wmgoo.www:pushservice

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.wmgoo.www:pushservice

com.wmgoo.www
1⤵
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5030

com.wmgoo.www:pushservice
1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5085

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1

T1624

Broadcast Receivers

1

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

2

T1633

System Checks

2

T1633.001

Credential Access

Clipboard Data

1

T1414

Discovery

System Information Discovery

2

T1426

System Network Configuration Discovery

2

T1422

System Network Connections Discovery

1

T1421

Lateral Movement

Collection

Clipboard Data

1

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1

T1471

Data Manipulation

1

T1641

Transmitted Data Manipulation

1

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.wmgoo.www/databases/pushsdk.db

Filesize
48KB

MD5
21a551f19563f8c1ab0ee5e6fc475888

SHA1
fbd779fa1715c432ca099efe77c9cd738ca8a8e4

SHA256
a92e9102fd5338115e9f6ca892477053c5df9c59c4eb0c9c29ad26d540370fe3

SHA512
51d3430db231a1b3eff9a2db2bf57df3ddcf9c96012c60049ae96dd2d18d6e66081178b682c6c2b04a00edb6c4beca1031b3cf804e8cd4b2a4398b1085ec2163

Download Submit
/data/data/com.wmgoo.www/databases/pushsdk.db-journal

Filesize
512B

MD5
27d06a175319b9bad77d6881b73f7cc1

SHA1
61fc117bb9a4d88b32ee548623e25ed0fce107d9

SHA256
5f8cda549d5c9ee0051045d0569e766053a827836cabafc14e616ecca49d9b5b

SHA512
5f6e3fa2ddd0467fc1d65ea04f2c2ae5a9b35f954833afcd800eb2817a94d5e17db6632c2464fb1598e29f3cd47daf40b871eebf25ad22f684ab8b011cbd9ca1

Download Submit
/data/data/com.wmgoo.www/databases/pushsdk.db-journal

Filesize
8KB

MD5
a035690991fc6e0dd327217e3a3a630c

SHA1
1d44cff9c746f2d251cc8731b31f5a2d536277d0

SHA256
79b466575d12d984332ad79f2b16f8aac134045b232dc2e7ea5be7def9d5f645

SHA512
b739b017876f0c4c9b94a0bf409e1f8165e8e8b2fd34e1f2814bd59c1dd245ccafb1ea92572a4c548ee487d243a55fe83530e60e30e87e5bc23bfc02e219ee2a

Download Submit
/data/data/com.wmgoo.www/databases/pushsdk.db-journal

Filesize
8KB

MD5
7088d7b079250d7842c40a3e42f07f77

SHA1
ed984d993b1771a69c1ee418a4edc5f56527dbd1

SHA256
e1cf73b777ac8547630fe22fb78d0a043a53ce7ee07aedd9ccec522e5b047ff3

SHA512
bb02e91f713a3ac472613f360cfa9ca43a14f3aad978d1e1cc3cedb43514dd0080b5fb18d6a0154340c7dc883e5b0a3673fbffa471f7b2e010d915e914353484

Download Submit
/data/data/com.wmgoo.www/databases/pushsdk.db-journal

Filesize
4KB

MD5
56c417504610b6530a8f1e11cb32f92d

SHA1
aabb52848014d3c326a51a59423c45b98e6f7655

SHA256
2d42d51406a7bb7e7602bf218f90cb4f6144651157df8c8962c60b1658bf00d2

SHA512
8fbead91783c85b2d151d30148e128335d3e5c5a4bed9ffecfbccf36c5ebe7b2512bbc216238b45210b0aabfe68349188f79261b99c5ee943611e6c3f5240b18

Download Submit
/data/data/com.wmgoo.www/databases/pushsdk.db-journal

Filesize
8KB

MD5
d9f5dfea290a39a989873c709aba9313

SHA1
db01ef75a48e21bea7152b96c27c0684c66c4a59

SHA256
8f9ba21660fccc57c638b73dab7b64098dc080462c37a16f07ac5e75f5700a7f

SHA512
8e2af1c3605ac11f6bb2f688019c35547495abfa2661f889bea5a39c6e058b3889ca546ef22a26a2697c75104ca834eda351ffba25ed2704bd868d84875c471d

Download Submit
/data/data/com.wmgoo.www/databases/pushsdk.db-journal

Filesize
8KB

MD5
5c8f210fb26ee28b1c09add78f0f30de

SHA1
5c0d8cba07d426c26cb988ca7b58c17054a02e7a

SHA256
c3d945b35a168c92c24d4192f5352a5c7f470c080c293e8192d688de149dba59

SHA512
bf043ff83279d1604460b4c48e437d21af97fe27046270bf5659395aabbf0fe10b8f5bc7d1c942387a74d168350649e6b5a31725a19b13a0b4dd29d2d016f650

Download Submit
/data/data/com.wmgoo.www/files/init_c1.pid

Filesize
14B

MD5
680dbd3a270a33b3d826dbb7e1caf1b8

SHA1
39b096ec30d19902c75ca1dbdb5c5fa718358895

SHA256
68447e601f15734d440dfdc74d898c8a1438a95b51b4029d4c36c933c7850235

SHA512
bfdee909831053cc501a45b9338d4d79cecb2a7b5f06fd55a7b7d195254431221e32c17ddbdff568f3d951a3216396cbbe992bb2ebaff9fc9c59cfc5d5cd857b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads