Overview

overview

7

Static

static

6

102ca0dc05...18.apk

android-9-x86

7

Analysis

  • max time kernel
    8s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20240221-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
  • submitted
    03/05/2024, 09:19

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    102ca0dc058c3307835e910af845be55_JaffaCakes118.apk

  • Size

    10.8MB

  • MD5

    102ca0dc058c3307835e910af845be55

  • SHA1

    5e9541f320114171e312df1cecc0c8afd8a0a8a4

  • SHA256

    88c423eae0f20e657f0a8fd60cd5f770901858efd5a04be8cdd328b4eeb20369

  • SHA512

    21bbf7991d111a673502bb7a9dd8498e8e13e4eaed32d28486d5a436a4ce8dd6f7d9fd5550c2405fdc821e5075452a5298c36c127d1faa75e37cb869c1d6d725

  • SSDEEP

    196608:yge8ue5qrmQ1dFT/UpGtQZr3t7nUzZW+yjtUZoTNjobUVDsq9OTdj2:3hL5w1TUpGtQZrdLUzZZ7mTNjo0I7BK

Score
7/10
discoveryevasionpersistence

Malware Config

Signatures

  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion

Processes

  • com.highlight.mjpe
    1⤵
    • Checks memory information
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Listens for changes in the sensor environment (might be used to detect emulation)
    PID:4179
    • /system/bin/sh -c type su
      2⤵
        PID:4292
      • /system/bin/sh -c getprop ro.genymotion.version
        2⤵
          PID:4314
        • getprop ro.genymotion.version
          2⤵
            PID:4314
          • /system/bin/sh -c getprop androVM.vbox_dpi
            2⤵
              PID:4341
            • getprop androVM.vbox_dpi
              2⤵
                PID:4341
              • /system/bin/sh -c getprop qemu.sf.fake_camera
                2⤵
                  PID:4367
                • getprop qemu.sf.fake_camera
                  2⤵
                    PID:4367

                Network

                      MITRE ATT&CK Mobile v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • /data/data/com.highlight.mjpe/databases/bugly_db_
                        Filesize

                        4KB

                        MD5

                        f2b4b0190b9f384ca885f0c8c9b14700

                        SHA1

                        934ff2646757b5b6e7f20f6a0aa76c7f995d9361

                        SHA256

                        0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

                        SHA512

                        ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

                        Download Submit

                      • /data/data/com.highlight.mjpe/databases/bugly_db_-journal
                        Filesize

                        512B

                        MD5

                        28b97f4bdec1229761602de68b22ccac

                        SHA1

                        ee996950b9ed85159562f7527de6db7dda1279a2

                        SHA256

                        45402b9da183114dd6b795f572611a93aef1ece709a2fb5270389a0df1f67311

                        SHA512

                        02ee084377885588ff2780e5e0bb65b08351d05247ef4357529c4591fa619c524cef418a982f17613736831ffe061d40e10b6d427150f11f38bcb0a69bccd972

                        Download Submit

                      • /data/data/com.highlight.mjpe/databases/bugly_db_-shm
                        Filesize

                        32KB

                        MD5

                        bb7df04e1b0a2570657527a7e108ae23

                        SHA1

                        5188431849b4613152fd7bdba6a3ff0a4fd6424b

                        SHA256

                        c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

                        SHA512

                        768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

                        Download Submit

                      • /data/data/com.highlight.mjpe/databases/bugly_db_-wal
                        Filesize

                        96KB

                        MD5

                        5f7d6610c27cf51cb89572ba6cb02f6f

                        SHA1

                        a2ba69a4a8ba38f5ecd2088f2aef88ff2a7d4b68

                        SHA256

                        9e5950a1ea5e3edf5bbe78b3b35b8a9ae8a0de8f755e8576514788b6adc819bb

                        SHA512

                        bd690531f6a71395faa282e8929de225b23eb90557d3fec974379d7979d0eb0834df009283163a6f95f090e787ee897c62772fea06d64a8b2a7ddec3b98f017d

                        Download Submit