Analysis
-
max time kernel
25s -
max time network
155s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
22-05-2024 09:25
Static task
static1
Behavioral task
behavioral1
Sample
66c9c2f489654bba512b837783e302ac_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
66c9c2f489654bba512b837783e302ac_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
66c9c2f489654bba512b837783e302ac_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
66c9c2f489654bba512b837783e302ac_JaffaCakes118.apk
-
Size
351KB
-
MD5
66c9c2f489654bba512b837783e302ac
-
SHA1
48f09df77f0b4dc3f748251bf8eae676fd6845e0
-
SHA256
7851e04754c8797abd29e2e5d2c7f265e0469d33815b0cb70490537631773b5b
-
SHA512
f382245953514247ce88a1b4cfa5d1ef3c96870656a3574f0b6fe2b337628ea277ef4e1923601746a4dea9631ca4ebe960d2448f07fa0a8342b140e7c7d1b3e3
-
SSDEEP
6144:PN8rv7l7HNc31/qcjju1Se/tBSDjPvT55E+08VSnQ/kgXSjJjYjSHhXHaQN2R:PIRHiQcjjut/tBSvPb55tVAQ/l6jY61q
Malware Config
Signatures
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
mark.via.gqdescription ioc process File opened for read /proc/cpuinfo mark.via.gq -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
mark.via.gqdescription ioc process File opened for read /proc/meminfo mark.via.gq -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
mark.via.gqdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo mark.via.gq -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
mark.via.gqdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone mark.via.gq -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
mark.via.gqdescription ioc process Framework service call android.app.IActivityManager.registerReceiver mark.via.gq -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
mark.via.gqdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo mark.via.gq
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/mark.via.gq/databases/viaFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/mark.via.gq/databases/via-journalFilesize
512B
MD553784cae45e0ddab5b7ad1a76c8b4d4f
SHA1adc56d8df95fe2e2ae91c6a1b1ee1fd098de979f
SHA25646f29f6d0c7dfdb1e4f521030bb7ab00271d62192ce5070150e3b17a709de1c2
SHA5120c6b5086e977d3b66ffe80ad506e2ea88e0096ac039472fa132489bdc3ae9986cd0eb209110685075ba71967c129470619678bd861961ca44e2be0a9eadf4e04
-
/data/data/mark.via.gq/databases/via-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/mark.via.gq/databases/via-walFilesize
40KB
MD5305c677f6957549a6a1d6d32c98fe18a
SHA18ccd991e3d868180bd8d6479f2eeffdcf547fd05
SHA25694864fba9f7fd610bf1c01c0a63775d862e519c1cdb66dec72f34f94050b5c6b
SHA5127d803b5cc97599833660173f03efb236747032d019abef813f403cdc6a5cb4690b56d27670a416215874cfed873b82c279b6127a78ea3ed69cfb6ce0d5211e18
-
/data/data/mark.via.gq/files/about.htmlFilesize
1KB
MD5f3ac5c210c5ee1b39ffc192f5ddee887
SHA1fcdfc269f609b9434a83f473ad5eaa44a7faca12
SHA2561623f8e485b5be3591c5e97abd6525e1c3d5d66ebd71906aa2afec38594c9eaf
SHA512e70053d6994f18e86721cdc8edd9107c7893365340872184b4663a885e20295dbbde2af6ba8a6fdbca2f3f54d86032cd360f4b972ede51f13f11f4b7d600521a
-
/data/data/mark.via.gq/files/homepage.htmlFilesize
3KB
MD5d48ccc02f532e4727897bd39d5b40ef2
SHA1b507f56e90860728224f2f327ca8ba28d250911e
SHA256dd585710bc352eaad39344010cd11a10d8754828c419373248210a5fd87568b0
SHA5123f2e28e19284099a7011fcd2477b9bb48cd2f50846bfa1c23a9a28643381b45f3add4f4387b0d890fa706494df9cb400cf41f3d6495b677110a48f3da3a4e002
-
/data/data/mark.via.gq/files/iflytek_cached_mark.via.gqFilesize
69B
MD5278a16a8446bb27c31fef1c6d5777cdb
SHA1a4629eb5675defe1be5584fb2be40debe8880d85
SHA2566f8c9662503ebed740bb246d67f11c5c97de7e1ddeaca9320a5a56fc5b9cbf7f
SHA5129b74c214e24610727eee04ff91bf758f8967cfaf0667f6498cfebb931de40e737a11c041f064e174750ecf3955dbd523803c91eb494a9fc586e819a520005e08