Analysis
-
max time kernel
41s -
max time network
157s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
17/05/2024, 15:44
Static task
static1
Behavioral task
behavioral1
Sample
503d51c4ee816c43168a4ca15212c164_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
503d51c4ee816c43168a4ca15212c164_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
503d51c4ee816c43168a4ca15212c164_JaffaCakes118.apk
-
Size
11.0MB
-
MD5
503d51c4ee816c43168a4ca15212c164
-
SHA1
c155ab8e82bc5687a7498405cf0f269a718b9fea
-
SHA256
e7cbc970ec865cbff06b0c7ca5f24ca127489be2e17b1383904299c5e96a8151
-
SHA512
358e7087885921b8a8c28fd2b5b2acc3af9c4273c2ae5c82b11eca3af2f0a27337e9d367a92b6669ad58e1d8579a645025a2a19b8cc464bceac0f1fdfda789e9
-
SSDEEP
196608:hlOn+TTChMiXL+C4qj024CiDayXYIluM94rt9cGOLT4J:Gn+TTgdXiCTQpCZyXY04LcGkTS
Malware Config
Signatures
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.mhealth37.BloodPressure -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/cpuinfo com.mhealth37.BloodPressure -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.mhealth37.BloodPressure Framework service call android.app.IActivityManager.getRunningAppProcesses com.mhealth37.BloodPressure:pushservice -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.mhealth37.BloodPressure Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.mhealth37.BloodPressure:pushservice -
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
description ioc Process Framework service call android.net.wifi.IWifiManager.getScanResults com.mhealth37.BloodPressure -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.mhealth37.BloodPressure -
Checks if the internet connection is available 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.mhealth37.BloodPressure Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.mhealth37.BloodPressure:pushservice -
Reads information about phone network operator. 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
description ioc Process Framework API call android.hardware.SensorManager.registerListener com.mhealth37.BloodPressure -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.mhealth37.BloodPressure
Processes
-
com.mhealth37.BloodPressure1⤵
- Requests cell location
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4275
-
com.mhealth37.BloodPressure:pushservice1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
PID:4308
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Execution Guardrails
1Geofencing
1Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD59d43d6faa9c76e67fc11d5620606ad58
SHA1eb14bb968dd77383719768375027471c7bba250b
SHA256022e0c06b2f72c2f501802126535d9d0118dc0e746b7b8ac91bf8fd11eb06650
SHA512022e7e9183679e67d0783fa54de8cbe90e7f46854fbf365cd5ef7e2bbdce3b6fced0e51f94ef3562e24093f56f256b0e105356dcc423537d16826c1f45daac7f
-
Filesize
512B
MD5b40aaeb42c8a5195b9833b02b6f67a4d
SHA11a1e1df40d4950bb8203123d7effa5497fd484fe
SHA256c0d011dc2c6d87e1ad168fe532fb80ef761c18a4df252954df2f313565d64218
SHA512f4ee2a6b071c199b9444d294f94cf1b71ad3268e9de9fa2daefbf3a2833813c1864862bf3cd9764fa3b0d5e449671bb359e3886844a5949661ba9c911c1dd093
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
52KB
MD56fd290aeecec3bdd53a5d69469489388
SHA136a107e9960fba67b20696a7c0e425efc8cabc00
SHA256aa08967862edcdf352d6c6f8a37931c5531fa8581ffe153ce2be0cf5fc3c5d8d
SHA512698c41b44caf94e2cd755a061c45933774c01ca9717ca25712e84c19012f701453bace3d142444d2cd9b72d7c23df9d6558b8573af5def89b59bf28c2aa2e251
-
Filesize
211B
MD59ed02567c25e1a061079268a61378c0d
SHA1e6cc5eb50ccbe0426811fcb5c39851bd021d5239
SHA256dc9a90b79de64e41a3988d610ddfa6e07acadf3fbfffd01a81c80f65150ae068
SHA51208b38a9a6d082155f37da3d23d9b77d0133f7d161b1dfd889a938001c22e866e93166dfe8cea42af78cb543f3b709ec228967af5b341ef76e37dbe1a5ec55e0c
-
Filesize
260B
MD5b8cbc35d2a3c83c33ebdc11dbf67e01d
SHA1db20f5d11aa1ccad82a9bd917322856e7c6de7a4
SHA256ce7dd77d4b9702727c3612655b9110590cdedc155cd28733787ff4c4aa10898c
SHA512ea83ce28cbc52170d400f45d0468dcff75a13028572c1a5861bbf3609f31093c871b238ef766a03386d87c1ecc1d7c37468932ad7dea169c77a114d297f12088
-
Filesize
224B
MD5e3aa6b1a7bc567131190bc859d8c4392
SHA137ca44e3e208c81c49132ef28993ac00b1ece55d
SHA2565e2c53a4aefa6fb74d61223870f6ddb2cc9d3a06eea24597670a283e14821a62
SHA51238d80b9ced39906735c3b9faf500d2583b79e50492fc4970de65b489ff7e97ceeec3687ca03488406194294f9bd603c3385262283420921a188c9b3146280842
-
Filesize
198B
MD5da16256cc81e0ce1bb78db01c95c5214
SHA11061597c791a39cfc1302e82670d96f90b0cbbf7
SHA2562624821a350dcaadab0cc3d40d3718dc03eacbdf5ab78bb42f226b33b0de66ab
SHA512626c7e5e047124d1909b2006fb8a6f3e9439da45bbb12e2c6320d3b75a24fa18de62f990c279d0acb8876108922a2baa82c9f56ef90aa528dba30d78c0b25480
-
Filesize
315B
MD56dec2dd3159c05ddf09bd7921e072368
SHA19937bafff0155bf627335d082e4e2fc2539f1cba
SHA2561c5fb521967700b41eef230304691cb22ab6ddf5f7904b79063ef534876ba8e4
SHA512ae96d1ec299f552a8fdd864cb774340716a293331cf086cdfb9303bc20ab60a7d6150f005a4a0498ba98525ab5394fcea8a4ed51ba1736a017a999c2783f880b
-
Filesize
65B
MD5ecce89c3180776878f3e72d66e9181dd
SHA12396afdd6ed5c9ed73c5a80e3bc6a5959e5dd848
SHA2562bf56ce92963dd152aabdcb027305545fa8db8dd475ee8efc0869e412346b2e9
SHA512d68bbd5122c16101284da74c301ca84b64b3f94089af17dece2d0279fa23f5b1f241e58648f49b3d5f6f072c50e801a910964fadfab6566d0bd127253c7d4717