29b7be0ded9b6bda289ee1ebc17d27dac1246361bafdcf567d874a4a4a673018

Analysis

max time kernel
155s
max time network
169s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
20/05/2024, 18:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

608b97900d47df11895c5bb7f02e15b3_JaffaCakes118.apk
Size

10.1MB
MD5

608b97900d47df11895c5bb7f02e15b3
SHA1

87b2e3bbf209d4015a83a603a73a92161a141d3c
SHA256

29b7be0ded9b6bda289ee1ebc17d27dac1246361bafdcf567d874a4a4a673018
SHA512

3de903b8c1ae8663acbbbe4328ae344d9ac2f03ed4cebcfe9d3ff2d09c908123ded04ceaeda1951e558450f79d82df1270d40fcb0ccbe7321843c21113da2779
SSDEEP

196608:NMi8enElvZ+hhEa/d/Ki2Dc1XOgdkpcuF97FRzQNhDT0xnicFqso7uvxZ:NM2QvMlGDc1ddCS0i/soKvxZ

Score

7^/10

discovery impact persistence

Malware Config

Signatures

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.alawar.paranormal.gplay.premium:ngds
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.alawar.paranormal.gplay.premium

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.alawar.paranormal.gplay.premium

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.alawar.paranormal.gplay.premium

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.alawar.paranormal.gplay.premium:ngds

Checks if the internet connection is available 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.alawar.paranormal.gplay.premium:ngds
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.alawar.paranormal.gplay.premium

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.alawar.paranormal.gplay.premium

com.alawar.paranormal.gplay.premium
1⤵
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4254

com.alawar.paranormal.gplay.premium:ngds
1⤵
- Queries information about the current Wi-Fi connection
- Acquires the wake lock
- Checks if the internet connection is available
PID:4283

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.alawar.paranormal.gplay.premium/cache/__chartboost/CBRequestManager/83009550000

Filesize
194B

MD5
eab238e23f10d70a5fb1c84613ec514a

SHA1
50324c11dd255e2ce4056b6b1a3d7bb12e72c0b7

SHA256
e23e3f98fc0459a7f80c1645c4010713943aff964e4e0f3fcf3f653c09098791

SHA512
f225cde28061b42371851174ad24e24db79bea77a16b1787d8467937321c19052f109b671b18b17d0b09b2a2475ce44f266cd987f923b526bd4330006b62db2d

Download Submit
/data/data/com.alawar.paranormal.gplay.premium/cache/__chartboost/CBSessionDirectory/cb_previous_session_info

Filesize
189B

MD5
4fbb36897d1359f85a1be92d618778d2

SHA1
7a7ec0310deace7689189b08fa8ce3026105a00a

SHA256
07e78417b59a58e03d5c21b01388c80c6b85e01cc09032e43db3973f2b50a0fe

SHA512
8eab8984a296ae430dc3c1ccb7a8d5fb971aef0ba3d3154a79c18498056fbc466b92197572074a2bc967392773b72fca7585110b908f79da9c1625a9a4d99b19

Download Submit
/data/data/com.alawar.paranormal.gplay.premium/cache/__chartboost/CBSessionDirectory/cb_previous_session_info

Filesize
189B

MD5
a1441e4c0619b56148e3063e660b1b64

SHA1
3e0705b72c44ba78e47e29e5c98f73e4d42ae8a5

SHA256
698997533d47c5f6cad672ab08da3f0397fd1903d3e35afacc47c3347fefafca

SHA512
3fe3db1a6b06bb081128214c7a96b0190b854cb6a23d5461f5339f5cf52542077ee88280743c09cfe79c47865ee6b9adb616496caaad80b3a587ab24ef554877

Download Submit
/data/data/com.alawar.paranormal.gplay.premium/files/.FlurrySenderIndex.info.AnalyticsData_P4KHJTXJ9JHYTCCG2KPY_153

Filesize
42B

MD5
1c96b9bfecdd20438dfb379c537d0619

SHA1
07ca4c48c9eeeab218d987918ef09fd6a9bfa8b3

SHA256
7f26b070dc2d20d0e5d9f892aeea9d76053e1475919a16cd722dd6f4d21c7a9b

SHA512
e6f414d54c66a1e40612387bd6fe2f454dd84deb1d4e7743916f8ee42d24bf1e62eb7850f91da7e25afb440ce52a405a7423336474d1774be081b8adc8a2a2cd

Download Submit
/data/data/com.alawar.paranormal.gplay.premium/files/.FlurrySenderIndex.info.AnalyticsData_P4KHJTXJ9JHYTCCG2KPY_153

Filesize
42B

MD5
4ad3175e3da331ca3d302dd125625fed

SHA1
61676bf7e947c9e11b33aec2a7a78965acbc7d35

SHA256
61d6c8f1f14c7dae43f70b3362d6913c0f89f6f0eb8d0ebeb9f1ff17309c1290

SHA512
502cb73835d8a0b82df05e8fe4b5651b34f7104586d3ce8859a2b31a300960d00ca3f8c49b07bae48334950e7765fe4bd3bf70aed7ebf12311b41ec8ce10cc46

Download Submit
/data/data/com.alawar.paranormal.gplay.premium/files/.FlurrySenderIndex.info.AnalyticsMain

Filesize
44B

MD5
029fef6b6c29c718602bf929e08f0a09

SHA1
39d35285e33ec857f7d76592c1e5401a1fe68594

SHA256
ba4827914f46a0099967541811b45d28f04335cd75bfbd84caa5774da0818636

SHA512
33a791cc97c2647d31e5a64d4406ac671932dbe8270652acb5a596fa4bc729d8002c19c90d8b7b97773baf886b8555367203a730f3e1d01c0e3ac50360a4d3d4

Download Submit
/data/data/com.alawar.paranormal.gplay.premium/files/.flurryagent.1b8dedb4

Filesize
142B

MD5
f55816ec2a6aedc752a48f44834decf4

SHA1
c6215b189c80bae3764db2e978aaa9e2bc7ea82d

SHA256
5f91dae92d5b1ad1fc9ab25c9c05853f71d94c571fdceb3f8bcdb0abe2e77c74

SHA512
780350ccbf874c3eb6cf3da44b13b766546ab0b7a7797e4af440c26c9c66f6b9efeba0952e8db7f95bb65031d4a07794ea104d9b25bdf477671e7e0d6ae65730

Download Submit
/data/data/com.alawar.paranormal.gplay.premium/files/.flurryagent.1b8dedb4

Filesize
58B

MD5
193bd11b8fcd95ae77a51982dcfd2c14

SHA1
83eda0795ebb849dac752e17301253f5e31fc367

SHA256
67cb174a78ccaf63552ca2a528b8585fc078e32e67643754beadb445281e8a41

SHA512
39b82361a01f77fb1b3a71d599cdfb4f16c78c9fe29a347f06fd4c119757095d6a53245c4979581972b673369cda0b8b4bd6ae5076090f53ebbd0529cb777732

Download Submit
/data/data/com.alawar.paranormal.gplay.premium/files/.flurryagent.1b8dedb4

Filesize
58B

MD5
55ce633f815d524c6606c02ac1450ccd

SHA1
19ad2206e1129457a30b707167d2e9ed4a07eb91

SHA256
93de8356bb4310d76609d5f509e7c79505bd0fb19f8788c0c481a8b8c62eb0af

SHA512
d2031d14a13aa7678e09ce1d546f7320565b0c53a185dd6cd161bac1edf243573914cf8fefe8bfdd2dcab2975534ada99e622258715c1d5ab8e2fc8e6266c301

Download Submit
/data/data/com.alawar.paranormal.gplay.premium/files/.flurrydatasenderblock.2709f1a9-36c9-49b5-88d1-507bf3e5b643

Filesize
357B

MD5
2e28e8cfc2d680942d4a85e8233be8d7

SHA1
3c26705968b1987f066e51d23568e55526a676a9

SHA256
d2e609b2ca8801a7304cfc16a62a1b50762f30b12c23cbea11220f3f7bb258fe

SHA512
015a67b369bf2ac71c95b74cb52e27c6b756653f8452c4602356e0ccf9aa5ecc73320e6617014e405d4f84dfe262e1b400477bba89126e56769a120d3b7cc199

Download Submit
/data/data/com.alawar.paranormal.gplay.premium/files/.flurrydatasenderblock.e40000a5-9cc1-4602-ba94-648492e677ff

Filesize
275B

MD5
79056dbabe1d23eed505ccfc0933c61b

SHA1
db13877fdd30c9bc39c10447140be46db6f09654

SHA256
cc518f7773202c101185491be539372710228cce33e623ac1201f0185d6ca698

SHA512
6fd0d816757d058f1f41a47b156d58fd5b3a2a1c22c8b71091a274bb5683a6e79e1dcf1b178415f027aff98666abb043cf72a9472daab470b1950591845fb318

Download Submit
/data/data/com.alawar.paranormal.gplay.premium/files/AF_INSTALLATION

Filesize
36B

MD5
89a3730ef36621ed88e611aae2ce9628

SHA1
0b1b48cf10a01fded7634513dae0731bfd9db936

SHA256
1ca059fcca32b0f06cf1bb36e16ec6c773a00ce58a40df51ab038d7fdb66714c

SHA512
a5b60bcfb1d218b7c8978b8a657a2742bdcc34a92c2d855d8186de3f3f9031251cfa177e2c521ac9e130928c8aa171b3ce2efe58fe1a5a3b744b3ff69f180f07

Download Submit
/storage/emulated/0/.ngdslog/com.alawar.paranormal.gplay.premium/pushv2_part_one.log

Filesize
1KB

MD5
c2a76edffaab686f0370b5fec2118c9c

SHA1
ff7c37826b1aacf8f43d09344bfc7a52729f1b87

SHA256
afdcada30b6148d16a0c89bf8481917c5d2d884649be40c5ff6c0f2c7e5c2517

SHA512
b9c6d126ef35be91ceb5a301f67c02500e3667f852a7edc4556c40033671ac907db1497ff5c47d312ae883357f7606d9e624973e8af9508bf2714af5c5e77d8c

Download Submit
/storage/emulated/0/Android/data/com.alawar.paranormal.gplay.premium/files/version.txt

Filesize
2B

MD5
9bf31c7ff062936a96d3c8bd1f8f2ff3

SHA1
f1abd670358e036c31296e66b3b66c382ac00812

SHA256
e629fa6598d732768f7c726b4b621285f9c3b85303900aa912017db7617d8bdb

SHA512
9a6398cffc55ade35b39f1e41cf46c7c491744961853ff9571d09abb55a78976f72c34cd7a8787674efa1c226eaa2494dbd0a133169c9e4e2369a7d2d02de31a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads