Analysis
-
max time kernel
179s -
max time network
179s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system -
submitted
17/05/2024, 15:44
Static task
static1
Behavioral task
behavioral1
Sample
503d51c4ee816c43168a4ca15212c164_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
503d51c4ee816c43168a4ca15212c164_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
503d51c4ee816c43168a4ca15212c164_JaffaCakes118.apk
-
Size
11.0MB
-
MD5
503d51c4ee816c43168a4ca15212c164
-
SHA1
c155ab8e82bc5687a7498405cf0f269a718b9fea
-
SHA256
e7cbc970ec865cbff06b0c7ca5f24ca127489be2e17b1383904299c5e96a8151
-
SHA512
358e7087885921b8a8c28fd2b5b2acc3af9c4273c2ae5c82b11eca3af2f0a27337e9d367a92b6669ad58e1d8579a645025a2a19b8cc464bceac0f1fdfda789e9
-
SSDEEP
196608:hlOn+TTChMiXL+C4qj024CiDayXYIluM94rt9cGOLT4J:Gn+TTgdXiCTQpCZyXY04LcGkTS
Malware Config
Signatures
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.mhealth37.BloodPressure -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/cpuinfo com.mhealth37.BloodPressure -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.mhealth37.BloodPressure Framework service call android.app.IActivityManager.getRunningAppProcesses com.mhealth37.BloodPressure:pushservice -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.mhealth37.BloodPressure Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.mhealth37.BloodPressure:pushservice -
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
description ioc Process Framework service call android.net.wifi.IWifiManager.getScanResults com.mhealth37.BloodPressure -
Checks if the internet connection is available 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.mhealth37.BloodPressure Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.mhealth37.BloodPressure:pushservice -
Reads information about phone network operator. 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
description ioc Process Framework API call android.hardware.SensorManager.registerListener com.mhealth37.BloodPressure -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.mhealth37.BloodPressure
Processes
-
com.mhealth37.BloodPressure1⤵
- Requests cell location
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4609
-
com.mhealth37.BloodPressure:pushservice1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
PID:4649
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Execution Guardrails
1Geofencing
1Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
36KB
MD5c7f774789f8119da3b75310da56b1f1c
SHA19b53d091b4d6432b2f9d0ac4afb2fd6aaf37b69e
SHA256a8d7c0400d130961a2ae24bc0b7864d62900c73bd30107c50c07947dbb4da3ec
SHA512ac771bf7c013dc29d34ec5b72b3acc7dc676da33c0a84a839d6c463d537f0dfbdd5c8613b093a600d26773252ad109f8ac2685168892dff32440fa808e934cf9
-
Filesize
8KB
MD592d8b88f5427680f6a6563614c0fa727
SHA1a8ae19df8cc271539410e4fe40d65bd050869c13
SHA256bf7fe3618faf626ee0ee23bc471c025bf46562b0d488a52b906548917b8b798b
SHA512f634994f4c73adfb2b57e8e9673ddc187945316d238781bdb5fbafcabadfd5df0a8974b1604bcae4bc5ae46f0b759cf12d862906ff6dd85f4ca8f690e3bafc22
-
Filesize
512B
MD59148d491ca03b06f7e3aa9167339dcea
SHA144758a5d4b7ee018ca279924129cd901df954acd
SHA25610cc8771def64e506b2d2d8c5558a7e188d7fbb6a71e4b524337672d127a74f5
SHA512c3a6a0ec6c01bb228d75e96a4f6747b9efdd9c0231313241ef81c90c35019f518483276e84cf9fd451a51f2ec90474dcd26a878aaa18b9bb290b1287186ccef0
-
Filesize
8KB
MD517712ea206d2e4af7bb1a6e752defff3
SHA10eb7ea920269363a642c5eafc75eb40c0c1818c7
SHA2568d0ea346212d577fed5377f4f1bcbae0a5aa0a5d0789293faefb7fad3413169c
SHA512e1d5786b8b22f8bf6725b6a429d607cf941ec4a9f45331015611cc2e9cd09956bae5776e6920a4cd78ad0367acbf471d3f15ac0c7323fa9a066d1cc3e8b59323
-
Filesize
8KB
MD5387d311246554f5dc60662e430ca29a1
SHA1f8ed843b4e08d7c3038c018a88d850d8c032d0c8
SHA2567d72ce0df5cd70106a58a2ce5a77d4da072a2327415fffdc6fa4f717b302f096
SHA512c5fafde8308a73738d16f68d7479a63461d43c8df41b3c0602bc807d7e6c89fcae82c6af25d5985c59c9478daad81d8bd0cb7824d13b213a0116e1686aee9f3b
-
Filesize
532B
MD51bc62f4ded16693a400e139120e20522
SHA1a4ddbaf78b6517feed16f341fc02f1a9434b3251
SHA2566b58148852f766912a2fbfd311a0a442fa29011aa6c402c7b49acedd5be44013
SHA5120780950f64f5dbde0fec702e1debb340eae0ee58c25a17f12486cc2525aceff549fffd81a1a9b43943f0cac151ecda613be659435771498cdb016a57b0755120
-
Filesize
148B
MD5140ec5a0ad34530614b979e6c4096a17
SHA1539651f45fa00ed1c33b0e3ea62bcf9240716abf
SHA2560bff2293f9ba2e836da8e0666f22f80083dc6cb5608d46d13a366d340c4abb9b
SHA512bb79750d0684d43abcbb4d7da899d82204b05ed2e1d7b12d10c537f1c2d43f200fc8382f8f904cac6193e90c75df00dbaa4b0cd2f8b22ca00d2c651146f9051f
-
/storage/emulated/0/Android/data/com.mhealth37.BloodPressure/cache/locationCache/journal.tmp (deleted)
Filesize315B
MD56dec2dd3159c05ddf09bd7921e072368
SHA19937bafff0155bf627335d082e4e2fc2539f1cba
SHA2561c5fb521967700b41eef230304691cb22ab6ddf5f7904b79063ef534876ba8e4
SHA512ae96d1ec299f552a8fdd864cb774340716a293331cf086cdfb9303bc20ab60a7d6150f005a4a0498ba98525ab5394fcea8a4ed51ba1736a017a999c2783f880b
-
Filesize
389B
MD5f07f4106421832c2dd8ff7b271c2a302
SHA12c796970b1094bdd2f3871cd3d0bee5f32c3436e
SHA2562f2fc3f7216db6e0884749ec9875580ea1b9b971ca65d830b799293ba6c3ee34
SHA512a956615f3b401ea2046a9fb3293703223f755e5e0bb29b8c718e71c538232d3a724bce88af7f0cd8ea623240e74bce9d8b69df5c898f9ecba2dab0f963bad616
-
Filesize
2KB
MD5cafb780b4e4879184f1f88dfb67d4186
SHA1c11350150ea6409514a7624eebadf5a0f6a678d0
SHA25693b81a813bf991c5be712f0e90e5ae93f6d67346dcfd9666e55f12afb3d402f2
SHA512bd2f846ceaf130619d2543156b3e8080d2d1c0c407aa1a425b58cb380e840812e9e8ea57ddbc19b91a9276d4c7ced82359e5f4bf3f2d7d0c14dfd9c8a05870ab
-
Filesize
224B
MD58f0ae531836fb6edc9ddee35220818fc
SHA1179609fc9729c6e4a0537b04b2bb2ec6d89222b9
SHA256126896faacf51b7a9cd11265ab42db267f1020c421ad6fe5da75f198c78811f6
SHA512a624afe02af363e3259ff3d27f246b16702764c035171ca9cea6ca535a140f8920e66fcae560293d162f898f033664f7eb2e51f68b6d1563e3d95e3f622111fa
-
Filesize
198B
MD5ce0538db83880a331c4053411674da67
SHA12dff9e382ec0e60720574cd2d001409bc18fce03
SHA25618985040da74ec57e59ec1a24954056c980c19b6000a13d489e0e5565e7670d1
SHA5123c110df1819274bedd9cab55fc7f528521a81b08191b9544f2ecc484b7faa69451e028da76e96ffb10f12a2bee8cd934963aabbe27851795e4455d46fcfcb742
-
Filesize
260B
MD52b1b4939115714e4801d2d26ea82ee24
SHA161da573da1bffda28835fc30a3ef482050bcdb7d
SHA2563a8e9802ed391cb7a6c826b5c25552e0a818ac30bd5bdf4df890f92a5f2c4cbf
SHA5128c3324fecb90929f1d5e605602a0e31985fe06faa2187f2eb04124604b50e775848b4fd2f9c49f7942376e30cd2f1bc3fb83a1d6b98d60204726ba08644d7bf3