Analysis
-
max time kernel
179s -
max time network
187s -
platform
android_x64 -
resource
android-x64-arm64-20240603-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240603-enlocale:en-usos:android-11-x64system -
submitted
05-06-2024 17:24
Static task
static1
Behavioral task
behavioral1
Sample
98c1237b361c3ac05f1397b621000180_JaffaCakes118.apk
Resource
android-x86-arm-20240603-en
General
-
Target
98c1237b361c3ac05f1397b621000180_JaffaCakes118.apk
-
Size
22.3MB
-
MD5
98c1237b361c3ac05f1397b621000180
-
SHA1
1887c4093a179228f969dcee5ff35ae4db23365b
-
SHA256
f7c342eb3a3d56bdf4d74bc93f2fdf2eb194909451af51be1ea41f37020f7948
-
SHA512
66873143e406836472d30a24727d8a27167bda78ba7b46e3e3a68fdf551ba235c58d62c80388bc7efbab46d6c4c391729af245cb1d79b42e6468f101e4ad8f72
-
SSDEEP
393216:oQwlhlZfQXnFAEZVv/lbAFlja0ZneafnGVa4hAitGDL06LdQBKrg2eID:o5RxEZx6jW0Zne+KFiLdL6IAo
Malware Config
Signatures
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.gogoroom.formal Framework service call android.app.IActivityManager.getRunningAppProcesses com.gogoroom.formal:pushcore -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.gogoroom.formal:pushcore -
Queries information about active data network 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.gogoroom.formal Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.gogoroom.formal:pushcore -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.gogoroom.formal Framework API call javax.crypto.Cipher.doFinal com.gogoroom.formal:pushcore
Processes
-
com.gogoroom.formal1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Uses Crypto APIs (Might try to encrypt user data)
PID:4549
-
com.gogoroom.formal:pushcore1⤵
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Uses Crypto APIs (Might try to encrypt user data)
PID:4590
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
138B
MD52c96881a45adbf75d73706c596d7927c
SHA1479d034df22c5c45c21d722f7017a5348bff2721
SHA256bd54a280dba7f0a3020c4f3da179bf0fe289c7aa82524ddf5e0a68e58413bbf7
SHA512d7649315742636dc1b23690c8a17dd86034014264d76b0bcd7eb1db213f7d203629056c760e49b247880b6aa3a4f56d8036bb44868510d4b7f17b30e9774e229
-
Filesize
32B
MD5fc4972cde05b2b8286decb2b021a2580
SHA1243773cdb330c6d02f6b6464ff4421e17adb4c97
SHA256ec0969add562b01e526c910bee4c09fddccd04040cd2f3e2dea3085a3aeaf69e
SHA5123707cf22fc0a779a282b7e18cb35ca609c7b93bf410e4ced40158552172e3950d34b124ccd59af169d54addb960101e1f7f676334b29e7a2d4814c4adc1bda38