Analysis

  • max time kernel
    179s
  • max time network
    187s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240603-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240603-enlocale:en-usos:android-11-x64system
  • submitted
    05-06-2024 17:24

General

  • Target

    98c1237b361c3ac05f1397b621000180_JaffaCakes118.apk

  • Size

    22.3MB

  • MD5

    98c1237b361c3ac05f1397b621000180

  • SHA1

    1887c4093a179228f969dcee5ff35ae4db23365b

  • SHA256

    f7c342eb3a3d56bdf4d74bc93f2fdf2eb194909451af51be1ea41f37020f7948

  • SHA512

    66873143e406836472d30a24727d8a27167bda78ba7b46e3e3a68fdf551ba235c58d62c80388bc7efbab46d6c4c391729af245cb1d79b42e6468f101e4ad8f72

  • SSDEEP

    393216:oQwlhlZfQXnFAEZVv/lbAFlja0ZneafnGVa4hAitGDL06LdQBKrg2eID:o5RxEZx6jW0Zne+KFiLdL6IAo

Score
7/10

Malware Config

Signatures

  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Acquires the wake lock 1 IoCs
  • Queries information about active data network 1 TTPs 2 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

Processes

  • com.gogoroom.formal
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4549
  • com.gogoroom.formal:pushcore
    1⤵
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Queries information about active data network
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4590

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.gogoroom.formal/files/jpush_stat_cache.json

    Filesize

    138B

    MD5

    2c96881a45adbf75d73706c596d7927c

    SHA1

    479d034df22c5c45c21d722f7017a5348bff2721

    SHA256

    bd54a280dba7f0a3020c4f3da179bf0fe289c7aa82524ddf5e0a68e58413bbf7

    SHA512

    d7649315742636dc1b23690c8a17dd86034014264d76b0bcd7eb1db213f7d203629056c760e49b247880b6aa3a4f56d8036bb44868510d4b7f17b30e9774e229

  • /storage/emulated/0/data/.push_deviceid

    Filesize

    32B

    MD5

    fc4972cde05b2b8286decb2b021a2580

    SHA1

    243773cdb330c6d02f6b6464ff4421e17adb4c97

    SHA256

    ec0969add562b01e526c910bee4c09fddccd04040cd2f3e2dea3085a3aeaf69e

    SHA512

    3707cf22fc0a779a282b7e18cb35ca609c7b93bf410e4ced40158552172e3950d34b124ccd59af169d54addb960101e1f7f676334b29e7a2d4814c4adc1bda38