0a5e9af7c0176025227f0322994c584d9d6ea8ce860652bc0d3fafbcf6da169e

Analysis

max time kernel
125s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 15:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

67d0ac9f6ffbdee556d50c0994bbec8b_JaffaCakes118.apk
Size

2.8MB
MD5

67d0ac9f6ffbdee556d50c0994bbec8b
SHA1

0aeedf3dbd1d3b9bbf0227a784542387d831fcdb
SHA256

0a5e9af7c0176025227f0322994c584d9d6ea8ce860652bc0d3fafbcf6da169e
SHA512

e4abb1989864f6028620987632efb6675230407eb3121acb628be83fc933b76c5665f19681560f3fe3130245c95a10531bc406b4f81b25d5b7795723ecfedb41
SSDEEP

49152:soiJYkYiv0YtEtcMwqvFb/R27Nkc6R7Rau6hbLzt8Q8Lo9azQEnvLnBFVwfFcCSE:s3TYi8oJybJeNoau6d2Q8oGvrBFVwf6o

Score

8^/10

banker discovery evasion impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.mopote.app.market

description ioc process

File opened for read /proc/cpuinfo com.mopote.app.market
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.mopote.app.market

description ioc process

File opened for read /proc/meminfo com.mopote.app.market
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.mopote.app.market

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.mopote.app.market
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.mopote.app.market

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.mopote.app.market
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.mopote.app.market

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.mopote.app.market
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.mopote.app.market

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.mopote.app.market
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

T1422
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.mopote.app.market

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.mopote.app.market

description	ioc	process
File opened for read	/proc/cpuinfo	com.mopote.app.market

description	ioc	process
File opened for read	/proc/meminfo	com.mopote.app.market

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.mopote.app.market

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.mopote.app.market

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.mopote.app.market

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.mopote.app.market

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.mopote.app.market

com.mopote.app.market
1⤵
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4300

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.mopote.app.market/databases/.ua/ua.db
Filesize
32KB

MD5
4ef49b6b867c6c8c8d6398a3384beb53

SHA1
699502b4772a193d556b07c3cebea38ca990ec33

SHA256
0ca17eca96076f2b67b26d8bd006e3d7f56af3ffd7e20085d0f4bc49227af98a

SHA512
7451432efe25576230c2dd46bf6dd6862870e08d4a9fbf3b1bbcf187ed1b38a7fdc1dbc34dd7e2672e292f03dcd571c4cc17d72ef51b4ea2b41957799d035aeb

Download Submit
/data/data/com.mopote.app.market/databases/.ua/ua.db
Filesize
32KB

MD5
d604a3bf1f8d992cc320ea5b1f7609bd

SHA1
247f88df0b55c7d523ea5398637711a0e4a483a4

SHA256
329940b4d46326d58e73c842dd099704061d0ef7338777bf31ad895f29013c17

SHA512
67e28f6713cb5c238a9664df128f01a89a2efb7c8c9330c1e45bc0d40ebab81fa20df5166743d84d81dc0386a89ff0329f022281c098339baa2e851ff0a1e1ab

Download Submit
/data/data/com.mopote.app.market/databases/.ua/ua.db-journal
Filesize
512B

MD5
e2f2fde91d0cceaa08e506fdd4fdfd2f

SHA1
c7ecb2aa496b7086b9e6aacd068904f032061d5f

SHA256
3f2fc62d70863cae2ecc57c593a267630face0f9a547aa3c788c7c2b9c730c05

SHA512
06406174c35c70b956973bc9b5a29c08b569a678d9edaace266034a27cd6f0c15a8ce6e2d4fe481fd8cf9038809c2b9e912466fbad58d86f6fa29a9d9b3adef4

Download Submit
/data/data/com.mopote.app.market/databases/.ua/ua.db-wal
Filesize
56KB

MD5
73c00ed35d5b8a070a2bda89e0ae1ab5

SHA1
89932d84eb1b7a4f433eb5b9f7a0cd01d846133d

SHA256
395efaa0464756fb4d8f0c1a81ad5dd3a70f4d198334c873ce2e28df44543e8d

SHA512
eea54e3c53043888cdef42f1ba1cc0aeb7c75342a3cc7fa3874d2ef63c99c887f30fd55af3669532281f31c6e47b7773d7bc6b87106733c8405d3c036744e3a5

Download Submit
/data/data/com.mopote.app.market/databases/.ua/ua.db-wal
Filesize
8KB

MD5
3b09dec937fed02e240d65d74663dd7a

SHA1
11cb59358435c19b4d5ed8e41c902807340d5521

SHA256
a71a4a3647eb489b067b7c8d0df3146649987f57690586a43e0585906049b6d9

SHA512
cfbd3c1ec6c9c6ef4634b9da8c4c9d6732015842577797c5708faee5e14b6d96417509d81890b0eecff3a84a56a8b0c78c502fd8f3f3c66002f4d4b69280c0d1

Download Submit
/data/data/com.mopote.app.market/databases/appstore.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.mopote.app.market/databases/appstore.db-journal
Filesize
512B

MD5
b9e41c3f74252cb381630fe50699ee89

SHA1
e1e253789cd0718626f978b1d1b3c72c5493ea49

SHA256
8cadbf1f3928b4c3b1407bf3621669fefe9572ee0b9d8c1adf9054ce8e4e45c2

SHA512
278a21be2fc26011a1c198b880aee6e56a347752bb3a530a647114948baebd479f5968dddbab9e6d228ef585d2af8d6b5edfc145a71452c988c8b97f7f2897b0

Download Submit
/data/data/com.mopote.app.market/databases/appstore.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.mopote.app.market/databases/appstore.db-wal
Filesize
32KB

MD5
f9533200b4aaa7c409e42b088e589865

SHA1
916e34da232e424eacc7d265bce269c05b62858b

SHA256
b7fe490a805b91e707171e6e3de12bb4c9bf0f0d3ba761a8527c713318081a30

SHA512
7951854d56386f4c727ba724af367fe21340f53faadf3d30934f6fca2139b37d33fc2493c48a33a7e98160c472ef6380ab1b566a8d5ef2678d867cd7eaf4661d

Download Submit
/data/data/com.mopote.app.market/databases/cc/cc.db
Filesize
36KB

MD5
ce6135aa1b1fe4f2c2db2a546d2a5558

SHA1
79b59582154017aadab783dc266fcb158c252940

SHA256
7b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c

SHA512
2839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4

Download Submit
/data/data/com.mopote.app.market/databases/cc/cc.db
Filesize
36KB

MD5
5d7ea1a23af19b4340cc8d90f28297d5

SHA1
4cfe95b23a9e98378d69c4290af81b51fbe76aea

SHA256
474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da

SHA512
33071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b

Download Submit
/data/data/com.mopote.app.market/databases/cc/cc.db-journal
Filesize
512B

MD5
783388e3cf10a58e14b67bf8aabb7bd5

SHA1
0fc9d959f0b6754cc19669880da2e4ff73449e21

SHA256
206e11254675c03f498f9da7756d18dc7cca3a19eeddcb00cfef3a5e8a97dcd2

SHA512
c5655c0d17fe07280cac568033cd3c957cd4616fc101891fa8039fc47d5c4b7de04caaa5a31f5911f66fc3962436094aae9d66f71f074706a34c7839bfc61658

Download Submit
/data/data/com.mopote.app.market/databases/cc/cc.db-wal
Filesize
48KB

MD5
bef28862878dd71119ebc5f54a3ec6fb

SHA1
4e9f7977646c1b609399f0b89707a4529791d56a

SHA256
7298d54d92115b501edec2740b371f9ae8a87b2e02102be58bd645a5cc21ccbc

SHA512
a1f15fc365a6042baa42ee02b77ad563bf7db558f30f6f09914f114c12355a332badcf2b1ca7217c23788eccc3cc95f4c6f44297fa6af3d0a4629c4b3d205796

Download Submit
/data/data/com.mopote.app.market/databases/cc/cc.db-wal
Filesize
16KB

MD5
92989d7f8b8fbe366132808e0421ba27

SHA1
9362f1788da4726b0999d3e77e556e6e789427f8

SHA256
8b1637bb9aa97df9703f2d5c8584209228a1f137b39643065ef6e2d0ccfc5ad0

SHA512
07e02c6fe032df206be395fb649073132e4f1897ad21d83a5ed1742740af8f7ce3ee5bcbd6697813814128787a82d1aab7e5b1c80aa24d6e90bdcd2758c75035

Download Submit
/data/data/com.mopote.app.market/databases/com.mopote.app.market.db-journal
Filesize
512B

MD5
d7366f2c52af531d4a74bb2f36c6ab3a

SHA1
b83c9b463bc7603103575026b72d74bc6dd15f14

SHA256
c6e1df82f883735d1fda98bd5941cbe44c98e93f685e97c4f4642041bb0b1b21

SHA512
7420fad8e05cc0cd7a4a2b7f63d419253713eeb2e2e3295d82b730e43e791c4daf068ca40c9ea6ce68d307f6120b06a796e76b87cedfb3c463d17d96b80e47cc

Download Submit
/data/data/com.mopote.app.market/databases/com.mopote.app.market.db-wal
Filesize
36KB

MD5
d28fdb0b5ebc5ba1ad25b2645055ef05

SHA1
9ec6b7a1023149eec0edb3903ab7efc9f211756f

SHA256
3224131d899703860df062106c73fc53ca47cd9f7e9b0fa9ebce0e3af6a0e4e6

SHA512
046df5cd89d0e2e8111a6b24ef3d22073fb51179adfda357e60de24f79fad41d190963e59a05df295c783de3cff87794eaf09b69f4228ef2b6771f261d8d48ee

Download Submit
/data/data/com.mopote.app.market/files/.um/um_cache_1716393662541.env
Filesize
1KB

MD5
0fe9d76686c542bff8c44bc1e3f4073c

SHA1
5ebf2d2b8fcdb61580ac8a052f19ab6f07abfc09

SHA256
0d7a10ba72101ac4e03935806f4b0c86f6184526d24eab5389c794f303f45d09

SHA512
e8082ec961bbbfb86bb19a066da52fd500bca1f71beb4ef5d5b866fe94d884628ccbf11ee7ac5f3b5323b250793dd989a995b3e02b612700db04e8f694e48fb8

Download Submit
/data/data/com.mopote.app.market/files/.umeng/exchangeIdentity.json
Filesize
162B

MD5
cb8b47d6b4c2c9472555d95a08b5bbff

SHA1
71bd619341722b31f96dcfb9f026e3c363c64d61

SHA256
3f56bf4b24659d871db406760d90fe39fd46b65a034d37047ada513a5c8382fc

SHA512
aa46214b4e50b6c84fee740018eb2d20046d01d18e6405a1db081d1d941a86d54b41c86b86b59ce22428e914b533064e714ac96561988bc6da5314aac06ce582

Download Submit
/data/data/com.mopote.app.market/files/exid.dat
Filesize
62B

MD5
8c04cee02ecb204fc8de0f2936fe314c

SHA1
0fd52514dda24b717ee5fbb9852073766a3ef445

SHA256
4fa8ff07fc4d4a21297965d472281a0a7ead24e4e5914a9904350a05aac2d13e

SHA512
a661e1ed32838fe5405d0d4c6a7a644dbe0c6347e10d5e5d2790e5fff240c5cccad6253bfcf9c94f124b640276ec95ca5084d09e4cba0e4a230b889960e7737b

Download Submit
/data/data/com.mopote.app.market/files/umeng_it.cache
Filesize
415B

MD5
4f4ef21e82da8b20f405c5c2efad4ed7

SHA1
3bd4558dce93f1494d264b3c8d664e8c9f9e5b71

SHA256
0d6c98608821504ba80737bc48b94d8b29f1ec197ba9a4455ed4b85c653766ed

SHA512
b2f3c2abfc38b295efe6d1677512a9ffe26a3044e8361c0661f512df0912e4a7737ee7c9502742264e5c8ab11b851880a54e568655c3927524e61489d47ef182

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads