9cf542903232785e6719f05d0773b0b5a494edea45a335336a82691ce6027cbb

Analysis

max time kernel
126s
max time network
149s
platform
android_x86
resource
android-x86-arm-20240506-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
submitted
10/05/2024, 00:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2c75049f9e6a498b23efe9c793c3d43d_JaffaCakes118.apk
Size

18.0MB
MD5

2c75049f9e6a498b23efe9c793c3d43d
SHA1

d7d38e7bfa5ec54c739487020dd622995d3bf749
SHA256

9cf542903232785e6719f05d0773b0b5a494edea45a335336a82691ce6027cbb
SHA512

0702a4fdbd6b75ed58eba1f38e2ae040c1c5779e3339d2d6f275153d9a4744432e190af7f82057dd30e280a59c00333fa5015c904c437e5bd18cd8e5ca556c05
SSDEEP

393216:oUxn8XQ5LcpAHOu0dqtoclRm5QfIG3rDBbywfA0E+IZ:oUJRLcpAZ0weclNnJyOvE++

Score

7^/10

discovery evasion

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.mobigrow.canyouescape4

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.mobigrow.canyouescape4:ngds

Acquires the wake lock 2 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.mobigrow.canyouescape4:ngds
Framework service call	android.os.IPowerManager.acquireWakeLock	com.mobigrow.canyouescape4

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.mobigrow.canyouescape4:ngds

com.mobigrow.canyouescape4
1⤵
- Checks CPU information
- Acquires the wake lock
PID:4276

com.mobigrow.canyouescape4:ngds
1⤵
- Queries information about the current Wi-Fi connection
- Acquires the wake lock
- Checks if the internet connection is available
PID:4314

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/.ngdslog/com.mobigrow.canyouescape4/pushv2_part_one.log

Filesize
1KB

MD5
6d80846efaaef9941da9bcb022556e1c

SHA1
add058064ccfb60b3af73ca91ab5b936309db866

SHA256
b9f8ac7fd15316393f7a7c637e08f685fcfe1a62451542e96ec98d5407440c8c

SHA512
cfd893fbb8f876f73b9ae1c38c65a6c83ab9dafc79258251fbe5e76263a3dd3be9c093b1ef56f29997a3d9dda2e20356c1e7791864586adeacd30c2a3daae2ce

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads