Analysis
-
max time kernel
25s -
max time network
133s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system -
submitted
22-05-2024 09:25
Static task
static1
Behavioral task
behavioral1
Sample
66c9c2f489654bba512b837783e302ac_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
66c9c2f489654bba512b837783e302ac_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
66c9c2f489654bba512b837783e302ac_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
66c9c2f489654bba512b837783e302ac_JaffaCakes118.apk
-
Size
351KB
-
MD5
66c9c2f489654bba512b837783e302ac
-
SHA1
48f09df77f0b4dc3f748251bf8eae676fd6845e0
-
SHA256
7851e04754c8797abd29e2e5d2c7f265e0469d33815b0cb70490537631773b5b
-
SHA512
f382245953514247ce88a1b4cfa5d1ef3c96870656a3574f0b6fe2b337628ea277ef4e1923601746a4dea9631ca4ebe960d2448f07fa0a8342b140e7c7d1b3e3
-
SSDEEP
6144:PN8rv7l7HNc31/qcjju1Se/tBSDjPvT55E+08VSnQ/kgXSjJjYjSHhXHaQN2R:PIRHiQcjjut/tBSvPb55tVAQ/l6jY61q
Malware Config
Signatures
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
mark.via.gqdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo mark.via.gq -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
mark.via.gqdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo mark.via.gq
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/mark.via.gq/databases/viaFilesize
28KB
MD52d35aff1ca01b56baaa9cc5b750c59cd
SHA1164c8b4816b59c93306a1512e13691331c2e82fc
SHA2568305d50d65d94128ca6d64b033c4819d8f9bd39bf62b493513995ce9198f9f8f
SHA5121a3b4d5057c39dce3f9ac041f56926f232fbb87583991ffbe787437512f150eb3f359c5bcc83af3ad344675efb8e83bea2c441b0fc91126cef648933d323e975
-
/data/user/0/mark.via.gq/databases/via-journalFilesize
512B
MD5d216f086ffba61d88f08c546b76d7fa7
SHA114eb689bb89bdb56a322c99d9cf2836035cca5c9
SHA256f34048b6711f3d5ce37a25747358b5b6b19d7e81be14bdb341606e82f9ad70fc
SHA5125f3d3a2c516902873f9d1161b9837f29ac7778e76388facb65fd1dd5d25178b7d3fb3ac2a67647e027ebdfbeedc423ef513adcce6467ea94230ad94923021830
-
/data/user/0/mark.via.gq/databases/via-journalFilesize
8KB
MD5801d3304c69470c23f242fe91760eb9c
SHA15c0353be131e4d9904ec070ebb3b3ca89080cb7e
SHA25615199a470a3b95f44104ac6b32c5612919f1bfa8d59de182f7941a300006666d
SHA512cac31fe6b5b5573e050673e80f7e111be28bf1a756c024aabb06825d5cbbb093c8381010541b322c9933d8d3256494b90f54fb6366c92906f498d2f6e904a143
-
/data/user/0/mark.via.gq/databases/via-journalFilesize
8KB
MD5000d40ad37e49370c684c38ee0cb0c71
SHA1e12118bd5433c76b258d5c797783219b3f734825
SHA256856fba8ea4e8009a1dd5beb383c3a6948eb95b1fe1489e576bbdab2612408c36
SHA512db5733662ff2ec6dd0c2a4593e690fb950fa46c17f02c706675e0830e1c199299ae615142db40a1458fe1480024e1fb6abc9d3f75a3b497c2be00c3e659569b1
-
/data/user/0/mark.via.gq/files/about.htmlFilesize
1KB
MD5f3ac5c210c5ee1b39ffc192f5ddee887
SHA1fcdfc269f609b9434a83f473ad5eaa44a7faca12
SHA2561623f8e485b5be3591c5e97abd6525e1c3d5d66ebd71906aa2afec38594c9eaf
SHA512e70053d6994f18e86721cdc8edd9107c7893365340872184b4663a885e20295dbbde2af6ba8a6fdbca2f3f54d86032cd360f4b972ede51f13f11f4b7d600521a
-
/data/user/0/mark.via.gq/files/homepage.htmlFilesize
3KB
MD5d48ccc02f532e4727897bd39d5b40ef2
SHA1b507f56e90860728224f2f327ca8ba28d250911e
SHA256dd585710bc352eaad39344010cd11a10d8754828c419373248210a5fd87568b0
SHA5123f2e28e19284099a7011fcd2477b9bb48cd2f50846bfa1c23a9a28643381b45f3add4f4387b0d890fa706494df9cb400cf41f3d6495b677110a48f3da3a4e002
-
/data/user/0/mark.via.gq/files/iflytek_cached_mark.via.gqFilesize
69B
MD5aaeddaca6aa5c639deb002b392cfa697
SHA1eab4c739ae2e48d1cf4d918d2358df7bcc7eb3a9
SHA25657b434980b64978462efb2f69460ca0805587429a02a84c5653d5adcb4233744
SHA512929eda737440a9f78d4b3622d3de7cf81bb70ee52809a9f0ada1fa5679893cb718af321a3796a68275493a38bc322a87915565f03ffa85af1c37873e8382cbbb