Analysis
-
max time kernel
49s -
max time network
158s -
platform
android_x64 -
resource
android-x64-20240514-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system -
submitted
22-05-2024 09:25
Static task
static1
Behavioral task
behavioral1
Sample
66c9c2f489654bba512b837783e302ac_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
66c9c2f489654bba512b837783e302ac_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
66c9c2f489654bba512b837783e302ac_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
66c9c2f489654bba512b837783e302ac_JaffaCakes118.apk
-
Size
351KB
-
MD5
66c9c2f489654bba512b837783e302ac
-
SHA1
48f09df77f0b4dc3f748251bf8eae676fd6845e0
-
SHA256
7851e04754c8797abd29e2e5d2c7f265e0469d33815b0cb70490537631773b5b
-
SHA512
f382245953514247ce88a1b4cfa5d1ef3c96870656a3574f0b6fe2b337628ea277ef4e1923601746a4dea9631ca4ebe960d2448f07fa0a8342b140e7c7d1b3e3
-
SSDEEP
6144:PN8rv7l7HNc31/qcjju1Se/tBSDjPvT55E+08VSnQ/kgXSjJjYjSHhXHaQN2R:PIRHiQcjjut/tBSvPb55tVAQ/l6jY61q
Malware Config
Signatures
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
mark.via.gqdescription ioc process File opened for read /proc/cpuinfo mark.via.gq -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
mark.via.gqdescription ioc process File opened for read /proc/meminfo mark.via.gq -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
mark.via.gqdescription ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener mark.via.gq -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
mark.via.gqdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo mark.via.gq -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
mark.via.gqdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone mark.via.gq -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
mark.via.gqdescription ioc process Framework service call android.app.IActivityManager.registerReceiver mark.via.gq -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
mark.via.gqdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo mark.via.gq -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
Processes
-
mark.via.gq1⤵
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:5098
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/mark.via.gq/databases/viaFilesize
28KB
MD58b22ddafd73d169b9accb6e2b3d6a354
SHA1c34800e45fe81c27f044ae9cbbb3ef5466c361a4
SHA2564376bc40d06dd0f0db476a6ddae1e441308cb84684aba476626ddf535e4845ad
SHA51255492986a32bd68df7f05c60d96ba35ddfe494dcc8854e114d3fdee21e5ff579251bc47235e6e596ef5845b39da2065ea8d82aad476870efe0eac642f795b96e
-
/data/data/mark.via.gq/databases/via-journalFilesize
512B
MD5cefb357f3947566c272573fe75c54de7
SHA181a527d30cabe93c126f51f7c55115a82a56ff20
SHA256fea8066fc58f05902f4b5a314c42293d1712af5d97d39a7ea6fd06f12d4a50aa
SHA5126f3dde1b8900da18389b1c1a13da635c9068ab56e831748f75a6bb2079ff9ce139fee9022103c1373e7b86a37682762be3a082072b8e24649edcd1c02cc32ae9
-
/data/data/mark.via.gq/databases/via-journalFilesize
8KB
MD5aa377d37ab5fed330671c8ebedac822d
SHA1e6c6f00aba49cfab5a21e0a644e48b872e1d25de
SHA25627ce2c859e30835e111afbc05cb4fe62eca8c1c4fd68c4ab0283ec2c34e5aa35
SHA5122ca039a74054ff88c43e422b4ece8aae6595426c3dbb2c9d0c3c5019101209129e21af7960e51eb9865666fbf9b0b8ba895328f7d48aa90adc50be4d63d4cb39
-
/data/data/mark.via.gq/databases/via-journalFilesize
8KB
MD55d48303c828e2d3aca62ec7647192514
SHA18acbb74ba2735e7a904a771e632c0b6c1fe7f5a1
SHA2564d36efc253809a0f1608281e3779b1aae64943b6cb7e35c58180943f7c683d70
SHA5128054ffe41fb8d3c4c423d42d8f2e4ddce12b20a22c196bc4cafbe92c27102b93832a397a656e6dc5db15f60695d99a669314e4d9eb57c93a0f81600357cfc199
-
/data/data/mark.via.gq/files/about.htmlFilesize
1KB
MD5f3ac5c210c5ee1b39ffc192f5ddee887
SHA1fcdfc269f609b9434a83f473ad5eaa44a7faca12
SHA2561623f8e485b5be3591c5e97abd6525e1c3d5d66ebd71906aa2afec38594c9eaf
SHA512e70053d6994f18e86721cdc8edd9107c7893365340872184b4663a885e20295dbbde2af6ba8a6fdbca2f3f54d86032cd360f4b972ede51f13f11f4b7d600521a
-
/data/data/mark.via.gq/files/homepage.htmlFilesize
3KB
MD5d48ccc02f532e4727897bd39d5b40ef2
SHA1b507f56e90860728224f2f327ca8ba28d250911e
SHA256dd585710bc352eaad39344010cd11a10d8754828c419373248210a5fd87568b0
SHA5123f2e28e19284099a7011fcd2477b9bb48cd2f50846bfa1c23a9a28643381b45f3add4f4387b0d890fa706494df9cb400cf41f3d6495b677110a48f3da3a4e002
-
/data/data/mark.via.gq/files/iflytek_cached_mark.via.gqFilesize
69B
MD52c1fb4db1116928dcd4bec86ee25100c
SHA114add22009c3233be2a3a7b9b95f17e6d50ba8f3
SHA256af492e6cf5673311131dd0b79f9f3bcc035c48fc787c5724dba50128df0eb880
SHA512bec6cf9998c8a61c4c20b3456d04c4f6f2a84df2bbc8d6be23fa60b9102374d6377076bbea768a7c4fe8ff0e8f34fad9e8e71b1d188fe959c6400ecb2e0bb1ef