7a901a11ae081075db190cb341f1ca61c7756ff65e2b80695c8634ccfc0a662e

Analysis

max time kernel
6s
max time network
139s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
20/05/2024, 15:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5fdbf35c3cc98005aff45ed969c41d53_JaffaCakes118.apk
Size

15.4MB
MD5

5fdbf35c3cc98005aff45ed969c41d53
SHA1

9cc4d9e69802dc4452ea691e64d747ab80a4c32b
SHA256

7a901a11ae081075db190cb341f1ca61c7756ff65e2b80695c8634ccfc0a662e
SHA512

0c34c343a0bfc4a770b9db78266cacff17f4a778c5a7484ef81c493df5aef69d98565beb24dc3788e0ee0753ec346c1c7e16481c75d9d44404becef670ccd7d1
SSDEEP

196608:luW6DABwhrWaaCW4ouvBpkGNhYEv5A/8Isl1cn//RD6kMbj/bv2H7zrp6/zBIka:imqaCYMBpkGQXLCY/ejSHfrpxka

Score

8^/10

discovery evasion

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/bin/su	com.gunros.gweta.fwea
/system/app/Superuser.apk	com.gunros.gweta.fwea

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.gunros.gweta.fwea

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.gunros.gweta.fwea

com.gunros.gweta.fwea
1⤵
- Checks if the Android device is rooted.
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
PID:4258

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.gunros.gweta.fwea/files/c2dmConfig.properties

Filesize
52B

MD5
3e3c4d625c9a8f8420e23c6946276b76

SHA1
14ccd7ad7ad61b34d1d088681f2c7fdcd7f7e197

SHA256
ebc7e944b9abe9a6da4f9943cf2ecce6e25c89e0598be8ac3bfb22a253693637

SHA512
db4b23a45b1037e8b6de34574aab22f98511760e99c85f9673ff51fe84e6166045072a95eeaba5bceb14650f67aa1a5c530ed8c7423a3f4aa34571bbc72962d0

Download Submit
/data/data/com.gunros.gweta.fwea/save2.dat

Filesize
2B

MD5
c4103f122d27677c9db144cae1394a66

SHA1
1489f923c4dca729178b3e3233458550d8dddf29

SHA256
96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7

SHA512
5ea71dc6d0b4f57bf39aadd07c208c35f06cd2bac5fde210397f70de11d439c62ec1cdf3183758865fd387fcea0bada2f6c37a4a17851dd1d78fefe6f204ee54

Download Submit
/storage/emulated/0/Android/data/com.gunros.gweta.fwea/files/texture.store

Filesize
8KB

MD5
e875c0a90d05d7a17367c721a89569de

SHA1
fa0ca42fcdc7b495b04899dc829cec0a0cad7e51

SHA256
0cc35d914100110bdcce6779a4a905ffcb69805cc673725101d38e1845e01081

SHA512
3375261e25f9e9d0b80832d9a8ba6354b526ca3b8aba960a3049763435f5a7b9087a4640bd8d2805e5ec0313126fa52f0c0494750f20f8f409d7cf28022741ea

Download Submit