67efb77149954ab56e34840850abe09e0c7f83b00c5220f1c62e45d4e11448db

Analysis

max time kernel
131s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
23-05-2024 09:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6a6e05572bbe41445f2c783b7015b4f6_JaffaCakes118.apk
Size

31.8MB
MD5

6a6e05572bbe41445f2c783b7015b4f6
SHA1

70e4bf36d6be77eb238d7a4d5f925272204380b8
SHA256

67efb77149954ab56e34840850abe09e0c7f83b00c5220f1c62e45d4e11448db
SHA512

3caf780de476fe26bd88a72c926f9c19305145617d3dbf48127aed4d8c77e23b1dcb3df2f8a10be6b1418d98dc5ecc25a39c5553cb40c859b6b0e0af38249472
SSDEEP

786432:PmXL8ONML07fiGf4SPvM21QNqg8yQ4WbEplEJOlc+:eXLKLIVlJg848EpleOlc+

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.pocketscientists.rescueme0mod

description ioc process

File opened for read /proc/cpuinfo com.pocketscientists.rescueme0mod
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.pocketscientists.rescueme0mod

description ioc process

File opened for read /proc/meminfo com.pocketscientists.rescueme0mod
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.pocketscientists.rescueme0mod

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.pocketscientists.rescueme0mod
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

com.pocketscientists.rescueme0mod

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.pocketscientists.rescueme0mod
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.pocketscientists.rescueme0mod

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.pocketscientists.rescueme0mod
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.pocketscientists.rescueme0mod

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.pocketscientists.rescueme0mod
Reads information about phone network operator. 1 TTPs
discovery

T1422

description	ioc	process
File opened for read	/proc/cpuinfo	com.pocketscientists.rescueme0mod

description	ioc	process
File opened for read	/proc/meminfo	com.pocketscientists.rescueme0mod

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.pocketscientists.rescueme0mod

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.pocketscientists.rescueme0mod

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.pocketscientists.rescueme0mod

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.pocketscientists.rescueme0mod

com.pocketscientists.rescueme0mod
1⤵
- Checks CPU information
- Checks memory information
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4240

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.pocketscientists.rescueme0mod/cache/webviewCacheChromium/data_0
Filesize
44KB

MD5
d169d5faafa25527a6ab8ad127e79a17

SHA1
889e4c190d41698aec46b001273ccc7127017ea6

SHA256
59b290c628c58e469aba7e6eeb662e4678aa26138c78da75b5b0c5dc68747634

SHA512
d3ccb9d434f23d95699e7490b9ec05745ed1b9a93ca384a6890130586e24f4e118c817c25281ee2a454e987b783e5315932b0a790584ad9c59c76dcee046ea9f

Download Submit
/data/data/com.pocketscientists.rescueme0mod/cache/webviewCacheChromium/data_1
Filesize
264KB

MD5
48c634b250d2a986d4f2b3bf15f8b907

SHA1
8d70458a0989ab01c999cbc792e0e6ffd90c8363

SHA256
624b233a68edc1c1ba413be4181181c553d91a0bba0cff391b29d81fd3e50ec5

SHA512
884f5e32ce07af5725ed7b4614adc4ae8c223493086c46f75a56bbeca0bb373095daf87d24d0032efc614e1153412a0c4ff6247958960413956fb6c3a148be49

Download Submit
/data/data/com.pocketscientists.rescueme0mod/cache/webviewCacheChromium/data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
/data/data/com.pocketscientists.rescueme0mod/cache/webviewCacheChromium/data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
/data/data/com.pocketscientists.rescueme0mod/cache/webviewCacheChromium/f_000001
Filesize
19KB

MD5
4805cba693e85b16240519ef7071c2ea

SHA1
92e684c824c4e34e850a93aa0dbb924329a9e5f4

SHA256
59f0fd2c3c71e8c09e4e45b72b9590598ccabc191c813b4e61705f3a0e720f4b

SHA512
52c7fb72a81200c4867a39d01931f280c415d085725b2018ac04a59923a1c02b513f3b58fe1751e5164f81e4b98e3c8a81023e6f70e60385ab2d0741b042e953

Download Submit
/data/data/com.pocketscientists.rescueme0mod/cache/webviewCacheChromium/f_000002
Filesize
46KB

MD5
a4d204bb6d17244dd1fe0bad194e4dcf

SHA1
dac5c04112b6cdc11ef0c254edf90c802748f62f

SHA256
9f7900462aeb6c49b2b9e70472e3af5342113ce5e59bc340d1b473d81e8ff048

SHA512
09ad046bfa771ec979412b5d6214fbabb096db0e35e711dcc8aff90fe348cd4f18b33daae1f341a29d4885d76ac9f3687444a0fe1ee6f1b8d12505f02460a963

Download Submit
/data/data/com.pocketscientists.rescueme0mod/cache/webviewCacheChromium/f_000003
Filesize
386KB

MD5
c0da6a0fc0aee25981c3a6c95a310af9

SHA1
427be673990a4c8db92abbeec98af40b9aff6455

SHA256
3ae75fe378a6b035dabdd085e5ce1f46e47e93bf214864d67234cf5f71fd3f0b

SHA512
66ae6fbf7d620fea772fc75e49df20a7423c2a63c6e711b7065e87c307eb4db75733ad30f4ecc4c20ad2b951680003cf5ba2761c4cee8a2dd0ba7a1b6ae78ac9

Download Submit
/data/data/com.pocketscientists.rescueme0mod/cache/webviewCacheChromium/f_000004
Filesize
20KB

MD5
f4b6f9cdb77b4b990445c93dcf6454d2

SHA1
23e2c495f092ab47baeaaf68050b59314427615c

SHA256
80c6cdca4d93acdeb9c83873dd2bba88b4ccd5c81ae8bf71f674298ebc7ba4e5

SHA512
07be335f42694301ea5ff19e2151188858cb637a63f207c5dfe36076f97b2c5fd91f3531238c4fc073dd9e5c7f6246eac8a62c614b0cceddb2a58ae2f63fcaa6

Download Submit
/data/data/com.pocketscientists.rescueme0mod/cache/webviewCacheChromium/index
Filesize
256KB

MD5
e6c263452d44d0ace58a9246a83a098f

SHA1
b878eb28d55a19d31a261222fbda32db87fc916a

SHA256
0d0f7d74bfa09e98373da25e94211f31b55e3b57d42949d46c28a3cc2d004031

SHA512
b127df1f23e4cb74ee5184dc2ed895127d59fce1127e60ce70adcc5be5a4c53402197087d74864da8d60e056a81e42a6817619c228dfcef6e357aa9f13575986

Download Submit
/data/data/com.pocketscientists.rescueme0mod/databases/webview.db
Filesize
40KB

MD5
7039f69b0339d57b2d17fb1e9750dc46

SHA1
5357266164e0924b7a36cff795f34993c4265534

SHA256
ea3a675fbd2fc67a52492273a566bd8ed52cd034330e9e72875c6c4f1ae302f2

SHA512
51105550d49c18a11ff5e19e2386e000bfbb38276d7f51bf66461aae78d341ad16a134a63ddbcfdc86bb170c7c4d211698164a50b50e33ee3943de1c78e3b906

Download Submit
/data/data/com.pocketscientists.rescueme0mod/databases/webview.db-journal
Filesize
8KB

MD5
a061fb90f04658ceac0d4e3e4fce096c

SHA1
f4116e999aefca8a15f46e033b695541b6db8b48

SHA256
009025e66fb66f98b550824b8c282a954b29c7bf599977a7b43d87cc6c9869f8

SHA512
69163a807a426aede806e4d184a481465c8c758b4a9c1ec1d255a35b81192b35ec9162ecea3dde0d0df11ebdc8b8a64fd6f87a2c2db2c181ac86668c6c55dbf6

Download Submit
/data/data/com.pocketscientists.rescueme0mod/databases/webviewCookiesChromium.db
Filesize
7KB

MD5
abad71d7e43760bd44526bb034fb9151

SHA1
08614fb61ca778d88f5dd3540a09ee210ee3ed89

SHA256
9f8398b2c007be3122677f7ffff1d33056a9eba59e7e555cfa09d143c6734826

SHA512
e1df22e0d0a947620a3438f78d1327366f56060c301c79ff78d4d85e06f240b4094f14bd34c3cf22ba02382cf0c4caf0ffa72c5d6fe5a68525f3b94bdb39c6ca

Download Submit
/data/data/com.pocketscientists.rescueme0mod/files/.flurryagent.78f6ba5b
Filesize
490B

MD5
ec28ea8f495b3f4f849c0af09a3a440c

SHA1
f8ce4e196a38a6ab63b71eaf0d3954abcbfc4f25

SHA256
9f6eedf584fa24ee31c606aa12d43ce3d05acf17a104b11a7d00cca7b5924e4b

SHA512
f50ad285f4dd46840236a5ef7b4080e4ec35252c2dbb06d965c47e1ec1b92f38d8bd4ecb144279c6f968f1decab0977efb9a62862df5f29f3418df6895c7ced7

Download Submit
/data/data/com.pocketscientists.rescueme0mod/files/.flurryagent.78f6ba5b
Filesize
58B

MD5
aade03f715420958b1d10cb36729a0bc

SHA1
8dc31bc895a70103c3144d8cc153fbae01792fac

SHA256
f244d4ffc7bf28fb7d081e0953e4ef5f27a94e4b24cfcc26ebfa001183a9ac0b

SHA512
0e3ef48aa63f05527604c203190574051025e170318b5f3420094a1c0fff05c87b5513387a0f516dfd8c6080e9cb2f80ea76eeb8150bfdfe868b073d18e9f78c

Download Submit
/data/data/com.pocketscientists.rescueme0mod/files/profiles.json
Filesize
60B

MD5
64ee7b77aca33e7d3809152dba53f892

SHA1
b34acdf2d140cbed958267eb7285fdb0ab18beb5

SHA256
5e4482a736f9409d870c1856d85b75f1cb468cf42d265929cf9b18bddafc95e3

SHA512
70e7602316cb69b694f7a35ea9d141e200c38b87c38155fd697a359228cf1785649408c408b3986ae428af620fdb568427206d2f0b80a8683487f161c2402a37

Download Submit
/data/data/com.pocketscientists.rescueme0mod/files/properties.txt
Filesize
2KB

MD5
50c3feeb580c80d5c17de75d9a196603

SHA1
9a55818bccabc14bbcd1870ad52288462726856d

SHA256
73de621dc5351d2ded41c4e14cbebe5ead67904d6fe50d4b73cce5fcd5d27096

SHA512
a69433ebcb98c8c847cc4523794bafaa36ce4388c3a2128850ef542cb65dca207b2f2aead86cc4f1abbb898a47f852fdcf434c45a8b68aaea3249e4559be5ea1

Download Submit
/data/data/com.pocketscientists.rescueme0mod/files/properties.txt
Filesize
2KB

MD5
cf18796f5e83360a08f2b0c566d75ae9

SHA1
cffea99fba97e29223143493d7768a9957a8a290

SHA256
991bf1a04d2fc63b5ea905cb2f699d615e146259f78239b16e4da672f29788db

SHA512
d04df1ef299e8e9b57b5d00513515c6e890b4c0b9daaa1516491f383f893ff965dfa220802421780520bd1fc2b8bbc13d3acba6e66c1e7e1127b9e17b2851016

Download Submit
/data/data/com.pocketscientists.rescueme0mod/files/properties.txt
Filesize
2KB

MD5
8bab4794ce5e6a98af8618e13e8c3ae7

SHA1
83a285309d99b55ea9c050926dcb425eb7540afd

SHA256
b8295e6598832febc15e69ad7e108d70b8dd4e11f3fb04eca65fc4c0d9a83590

SHA512
92c8ba74d680963b0ca602cccab1256527d5756c15c16d8af2c7b15a96c78082c855f3e99d8a4c0d3cde14a51a65333cdb866f26353de986d4916f52dff3a8d1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads