Analysis

  • max time kernel
    179s
  • max time network
    179s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240514-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
  • submitted
    17/05/2024, 15:44

General

  • Target

    503d51c4ee816c43168a4ca15212c164_JaffaCakes118.apk

  • Size

    11.0MB

  • MD5

    503d51c4ee816c43168a4ca15212c164

  • SHA1

    c155ab8e82bc5687a7498405cf0f269a718b9fea

  • SHA256

    e7cbc970ec865cbff06b0c7ca5f24ca127489be2e17b1383904299c5e96a8151

  • SHA512

    358e7087885921b8a8c28fd2b5b2acc3af9c4273c2ae5c82b11eca3af2f0a27337e9d367a92b6669ad58e1d8579a645025a2a19b8cc464bceac0f1fdfda789e9

  • SSDEEP

    196608:hlOn+TTChMiXL+C4qj024CiDayXYIluM94rt9cGOLT4J:Gn+TTgdXiCTQpCZyXY04LcGkTS

Malware Config

Signatures

  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

  • Checks if the internet connection is available 1 TTPs 2 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • com.mhealth37.BloodPressure
    1⤵
    • Requests cell location
    • Checks CPU information
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Queries information about the current nearby Wi-Fi networks
    • Checks if the internet connection is available
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4609
  • com.mhealth37.BloodPressure:pushservice
    1⤵
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Checks if the internet connection is available
    PID:4649

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/user/0/com.mhealth37.BloodPressure/databases/bloodpress.db

          Filesize

          36KB

          MD5

          c7f774789f8119da3b75310da56b1f1c

          SHA1

          9b53d091b4d6432b2f9d0ac4afb2fd6aaf37b69e

          SHA256

          a8d7c0400d130961a2ae24bc0b7864d62900c73bd30107c50c07947dbb4da3ec

          SHA512

          ac771bf7c013dc29d34ec5b72b3acc7dc676da33c0a84a839d6c463d537f0dfbdd5c8613b093a600d26773252ad109f8ac2685168892dff32440fa808e934cf9

        • /data/user/0/com.mhealth37.BloodPressure/databases/bloodpress.db-journal

          Filesize

          8KB

          MD5

          92d8b88f5427680f6a6563614c0fa727

          SHA1

          a8ae19df8cc271539410e4fe40d65bd050869c13

          SHA256

          bf7fe3618faf626ee0ee23bc471c025bf46562b0d488a52b906548917b8b798b

          SHA512

          f634994f4c73adfb2b57e8e9673ddc187945316d238781bdb5fbafcabadfd5df0a8974b1604bcae4bc5ae46f0b759cf12d862906ff6dd85f4ca8f690e3bafc22

        • /data/user/0/com.mhealth37.BloodPressure/databases/bloodpress.db-journal

          Filesize

          512B

          MD5

          9148d491ca03b06f7e3aa9167339dcea

          SHA1

          44758a5d4b7ee018ca279924129cd901df954acd

          SHA256

          10cc8771def64e506b2d2d8c5558a7e188d7fbb6a71e4b524337672d127a74f5

          SHA512

          c3a6a0ec6c01bb228d75e96a4f6747b9efdd9c0231313241ef81c90c35019f518483276e84cf9fd451a51f2ec90474dcd26a878aaa18b9bb290b1287186ccef0

        • /data/user/0/com.mhealth37.BloodPressure/databases/bloodpress.db-journal

          Filesize

          8KB

          MD5

          17712ea206d2e4af7bb1a6e752defff3

          SHA1

          0eb7ea920269363a642c5eafc75eb40c0c1818c7

          SHA256

          8d0ea346212d577fed5377f4f1bcbae0a5aa0a5d0789293faefb7fad3413169c

          SHA512

          e1d5786b8b22f8bf6725b6a429d607cf941ec4a9f45331015611cc2e9cd09956bae5776e6920a4cd78ad0367acbf471d3f15ac0c7323fa9a066d1cc3e8b59323

        • /data/user/0/com.mhealth37.BloodPressure/databases/bloodpress.db-journal

          Filesize

          8KB

          MD5

          387d311246554f5dc60662e430ca29a1

          SHA1

          f8ed843b4e08d7c3038c018a88d850d8c032d0c8

          SHA256

          7d72ce0df5cd70106a58a2ce5a77d4da072a2327415fffdc6fa4f717b302f096

          SHA512

          c5fafde8308a73738d16f68d7479a63461d43c8df41b3c0602bc807d7e6c89fcae82c6af25d5985c59c9478daad81d8bd0cb7824d13b213a0116e1686aee9f3b

        • /data/user/0/com.mhealth37.BloodPressure/files/mobclick_agent_sealed_com.mhealth37.BloodPressure

          Filesize

          532B

          MD5

          1bc62f4ded16693a400e139120e20522

          SHA1

          a4ddbaf78b6517feed16f341fc02f1a9434b3251

          SHA256

          6b58148852f766912a2fbfd311a0a442fa29011aa6c402c7b49acedd5be44013

          SHA512

          0780950f64f5dbde0fec702e1debb340eae0ee58c25a17f12486cc2525aceff549fffd81a1a9b43943f0cac151ecda613be659435771498cdb016a57b0755120

        • /data/user/0/com.mhealth37.BloodPressure/files/umeng_it.cache

          Filesize

          148B

          MD5

          140ec5a0ad34530614b979e6c4096a17

          SHA1

          539651f45fa00ed1c33b0e3ea62bcf9240716abf

          SHA256

          0bff2293f9ba2e836da8e0666f22f80083dc6cb5608d46d13a366d340c4abb9b

          SHA512

          bb79750d0684d43abcbb4d7da899d82204b05ed2e1d7b12d10c537f1c2d43f200fc8382f8f904cac6193e90c75df00dbaa4b0cd2f8b22ca00d2c651146f9051f

        • /storage/emulated/0/Android/data/com.mhealth37.BloodPressure/cache/locationCache/journal.tmp (deleted)

          Filesize

          315B

          MD5

          6dec2dd3159c05ddf09bd7921e072368

          SHA1

          9937bafff0155bf627335d082e4e2fc2539f1cba

          SHA256

          1c5fb521967700b41eef230304691cb22ab6ddf5f7904b79063ef534876ba8e4

          SHA512

          ae96d1ec299f552a8fdd864cb774340716a293331cf086cdfb9303bc20ab60a7d6150f005a4a0498ba98525ab5394fcea8a4ed51ba1736a017a999c2783f880b

        • /storage/emulated/0/Android/data/com.mhealth37.BloodPressure/files/carrierdata/1715960753

          Filesize

          389B

          MD5

          f07f4106421832c2dd8ff7b271c2a302

          SHA1

          2c796970b1094bdd2f3871cd3d0bee5f32c3436e

          SHA256

          2f2fc3f7216db6e0884749ec9875580ea1b9b971ca65d830b799293ba6c3ee34

          SHA512

          a956615f3b401ea2046a9fb3293703223f755e5e0bb29b8c718e71c538232d3a724bce88af7f0cd8ea623240e74bce9d8b69df5c898f9ecba2dab0f963bad616

        • /storage/emulated/0/Android/data/com.mhealth37.BloodPressure/files/carrierdata/1715960753

          Filesize

          2KB

          MD5

          cafb780b4e4879184f1f88dfb67d4186

          SHA1

          c11350150ea6409514a7624eebadf5a0f6a678d0

          SHA256

          93b81a813bf991c5be712f0e90e5ae93f6d67346dcfd9666e55f12afb3d402f2

          SHA512

          bd2f846ceaf130619d2543156b3e8080d2d1c0c407aa1a425b58cb380e840812e9e8ea57ddbc19b91a9276d4c7ced82359e5f4bf3f2d7d0c14dfd9c8a05870ab

        • /storage/emulated/0/mipush/log/com.mhealth37.BloodPressure/log1.txt

          Filesize

          224B

          MD5

          8f0ae531836fb6edc9ddee35220818fc

          SHA1

          179609fc9729c6e4a0537b04b2bb2ec6d89222b9

          SHA256

          126896faacf51b7a9cd11265ab42db267f1020c421ad6fe5da75f198c78811f6

          SHA512

          a624afe02af363e3259ff3d27f246b16702764c035171ca9cea6ca535a140f8920e66fcae560293d162f898f033664f7eb2e51f68b6d1563e3d95e3f622111fa

        • /storage/emulated/0/mipush/log/com.mhealth37.BloodPressure/log1.txt

          Filesize

          198B

          MD5

          ce0538db83880a331c4053411674da67

          SHA1

          2dff9e382ec0e60720574cd2d001409bc18fce03

          SHA256

          18985040da74ec57e59ec1a24954056c980c19b6000a13d489e0e5565e7670d1

          SHA512

          3c110df1819274bedd9cab55fc7f528521a81b08191b9544f2ecc484b7faa69451e028da76e96ffb10f12a2bee8cd934963aabbe27851795e4455d46fcfcb742

        • /storage/emulated/0/mipush/log/com.mhealth37.BloodPressure/log1.txt

          Filesize

          260B

          MD5

          2b1b4939115714e4801d2d26ea82ee24

          SHA1

          61da573da1bffda28835fc30a3ef482050bcdb7d

          SHA256

          3a8e9802ed391cb7a6c826b5c25552e0a818ac30bd5bdf4df890f92a5f2c4cbf

          SHA512

          8c3324fecb90929f1d5e605602a0e31985fe06faa2187f2eb04124604b50e775848b4fd2f9c49f7942376e30cd2f1bc3fb83a1d6b98d60204726ba08644d7bf3