Analysis
-
max time kernel
179s -
max time network
189s -
platform
android_x86 -
resource
android-x86-arm-20240603-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240603-enlocale:en-usos:android-9-x86system -
submitted
05-06-2024 17:24
Static task
static1
Behavioral task
behavioral1
Sample
98c1237b361c3ac05f1397b621000180_JaffaCakes118.apk
Resource
android-x86-arm-20240603-en
General
-
Target
98c1237b361c3ac05f1397b621000180_JaffaCakes118.apk
-
Size
22.3MB
-
MD5
98c1237b361c3ac05f1397b621000180
-
SHA1
1887c4093a179228f969dcee5ff35ae4db23365b
-
SHA256
f7c342eb3a3d56bdf4d74bc93f2fdf2eb194909451af51be1ea41f37020f7948
-
SHA512
66873143e406836472d30a24727d8a27167bda78ba7b46e3e3a68fdf551ba235c58d62c80388bc7efbab46d6c4c391729af245cb1d79b42e6468f101e4ad8f72
-
SSDEEP
393216:oQwlhlZfQXnFAEZVv/lbAFlja0ZneafnGVa4hAitGDL06LdQBKrg2eID:o5RxEZx6jW0Zne+KFiLdL6IAo
Malware Config
Signatures
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.gogoroom.formal Framework service call android.app.IActivityManager.getRunningAppProcesses com.gogoroom.formal:pushcore -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.gogoroom.formal:pushcore -
Queries information about active data network 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.gogoroom.formal Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.gogoroom.formal:pushcore -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.gogoroom.formal:pushcore Framework service call android.app.IActivityManager.registerReceiver com.gogoroom.formal -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.gogoroom.formal Framework API call javax.crypto.Cipher.doFinal com.gogoroom.formal:pushcore
Processes
-
com.gogoroom.formal1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4245
-
com.gogoroom.formal:pushcore1⤵
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4279
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
138B
MD52c96881a45adbf75d73706c596d7927c
SHA1479d034df22c5c45c21d722f7017a5348bff2721
SHA256bd54a280dba7f0a3020c4f3da179bf0fe289c7aa82524ddf5e0a68e58413bbf7
SHA512d7649315742636dc1b23690c8a17dd86034014264d76b0bcd7eb1db213f7d203629056c760e49b247880b6aa3a4f56d8036bb44868510d4b7f17b30e9774e229
-
Filesize
32B
MD564b5b767e7f37c4ae2fd17650746ffb8
SHA14e97e17211779b383ce319143e957d6dd9589770
SHA2565cf1ef17ca19ccc02b4f3c7a685aa735c608e3897d451a610adddd6ede694043
SHA512cb100f0ac7890653f2d07bf53fabb98ecc90031519a270e858e68a0a7a222ba8077a506fde06d62dba9236afda4ae48d99e56a7bb4ec9ee2c9d9b95ef5e0edca