7851e04754c8797abd29e2e5d2c7f265e0469d33815b0cb70490537631773b5b

General

Target

66c9c2f489654bba512b837783e302ac_JaffaCakes118.apk
Size

351KB
MD5

66c9c2f489654bba512b837783e302ac
SHA1

48f09df77f0b4dc3f748251bf8eae676fd6845e0
SHA256

7851e04754c8797abd29e2e5d2c7f265e0469d33815b0cb70490537631773b5b
SHA512

f382245953514247ce88a1b4cfa5d1ef3c96870656a3574f0b6fe2b337628ea277ef4e1923601746a4dea9631ca4ebe960d2448f07fa0a8342b140e7c7d1b3e3
SSDEEP

6144:PN8rv7l7HNc31/qcjju1Se/tBSDjPvT55E+08VSnQ/kgXSjJjYjSHhXHaQN2R:PIRHiQcjjut/tBSvPb55tVAQ/l6jY61q

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

mark.via.gq

description ioc process

File opened for read /proc/cpuinfo mark.via.gq
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

mark.via.gq

description ioc process

File opened for read /proc/meminfo mark.via.gq
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

mark.via.gq

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo mark.via.gq
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

mark.via.gq

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone mark.via.gq
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

mark.via.gq

description ioc process

Framework service call android.app.IActivityManager.registerReceiver mark.via.gq
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

mark.via.gq

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo mark.via.gq

description	ioc	process
File opened for read	/proc/cpuinfo	mark.via.gq

description	ioc	process
File opened for read	/proc/meminfo	mark.via.gq

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	mark.via.gq

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	mark.via.gq

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	mark.via.gq

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	mark.via.gq

mark.via.gq
1⤵
- Checks CPU information
- Checks memory information
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4333

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1

T1624

Broadcast Receivers

1

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

2

T1633

System Checks

2

T1633.001

Credential Access

Discovery

System Information Discovery

2

T1426

System Network Configuration Discovery

1

T1422

System Network Connections Discovery

2

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/mark.via.gq/databases/via
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/mark.via.gq/databases/via-journal
Filesize
512B

MD5
53784cae45e0ddab5b7ad1a76c8b4d4f

SHA1
adc56d8df95fe2e2ae91c6a1b1ee1fd098de979f

SHA256
46f29f6d0c7dfdb1e4f521030bb7ab00271d62192ce5070150e3b17a709de1c2

SHA512
0c6b5086e977d3b66ffe80ad506e2ea88e0096ac039472fa132489bdc3ae9986cd0eb209110685075ba71967c129470619678bd861961ca44e2be0a9eadf4e04

Download Submit
/data/data/mark.via.gq/databases/via-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/mark.via.gq/databases/via-wal
Filesize
40KB

MD5
305c677f6957549a6a1d6d32c98fe18a

SHA1
8ccd991e3d868180bd8d6479f2eeffdcf547fd05

SHA256
94864fba9f7fd610bf1c01c0a63775d862e519c1cdb66dec72f34f94050b5c6b

SHA512
7d803b5cc97599833660173f03efb236747032d019abef813f403cdc6a5cb4690b56d27670a416215874cfed873b82c279b6127a78ea3ed69cfb6ce0d5211e18

Download Submit
/data/data/mark.via.gq/files/about.html
Filesize
1KB

MD5
f3ac5c210c5ee1b39ffc192f5ddee887

SHA1
fcdfc269f609b9434a83f473ad5eaa44a7faca12

SHA256
1623f8e485b5be3591c5e97abd6525e1c3d5d66ebd71906aa2afec38594c9eaf

SHA512
e70053d6994f18e86721cdc8edd9107c7893365340872184b4663a885e20295dbbde2af6ba8a6fdbca2f3f54d86032cd360f4b972ede51f13f11f4b7d600521a

Download Submit
/data/data/mark.via.gq/files/homepage.html
Filesize
3KB

MD5
d48ccc02f532e4727897bd39d5b40ef2

SHA1
b507f56e90860728224f2f327ca8ba28d250911e

SHA256
dd585710bc352eaad39344010cd11a10d8754828c419373248210a5fd87568b0

SHA512
3f2e28e19284099a7011fcd2477b9bb48cd2f50846bfa1c23a9a28643381b45f3add4f4387b0d890fa706494df9cb400cf41f3d6495b677110a48f3da3a4e002

Download Submit
/data/data/mark.via.gq/files/iflytek_cached_mark.via.gq
Filesize
69B

MD5
278a16a8446bb27c31fef1c6d5777cdb

SHA1
a4629eb5675defe1be5584fb2be40debe8880d85

SHA256
6f8c9662503ebed740bb246d67f11c5c97de7e1ddeaca9320a5a56fc5b9cbf7f

SHA512
9b74c214e24610727eee04ff91bf758f8967cfaf0667f6498cfebb931de40e737a11c041f064e174750ecf3955dbd523803c91eb494a9fc586e819a520005e08

Download Submit

Analysis

Sharing