Analysis

  • max time kernel
    18s
  • max time network
    159s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    14-06-2024 09:13

General

  • Target

    a8e7bb0e9c03538f3d663fe293b14f54_JaffaCakes118.apk

  • Size

    11.8MB

  • MD5

    a8e7bb0e9c03538f3d663fe293b14f54

  • SHA1

    83555457bd332e62d700c311f27d54db972ea8e2

  • SHA256

    61f8980fa6625dbc3838461e8f5e16ea736c28ae8a21deea53461a99abcbb6d5

  • SHA512

    78c07768aa8559f5f7c3e1bff895ceb2217f964200538aaefbb2577d6a8d9831ad143972702b305c02ce6a284e3515af7fd2dc207685263b6e2e4725d9192337

  • SSDEEP

    196608:pVy+f6kO97oqEsiGVAjspJ4+Oy4dzUEsH3Kjxzbyrtug0bFiGcf3tt4Ug9AFBudI:ey6kO1bEsiG3z454ajtbyrZ00Tf3P4U1

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 2 IoCs
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • tv.pps.mobile
    1⤵
    • Checks if the Android device is rooted.
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:4269

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/.pps/parnter.data
    Filesize

    3B

    MD5

    98aa876e2d8a8296926f8c9782d44f40

    SHA1

    b9e96da8ff663427a473c4897b4999ba3b79b622

    SHA256

    f3a81c0561ceaeb20c81f2ac5368a7a0dcaeaef3d50adbd612b21550fa0db497

    SHA512

    0f1799ffef7d90c9f84f2a7a1b442df0b025c71872ce982c86a1be5f4a8d2192b45d966a9086150905ab6edf149baabbd793ee1483ae9b1f5c68a0d144334d5a

  • /storage/emulated/0/.pps/uuid.data
    Filesize

    32B

    MD5

    61c90f4a35b254a11225d499a9e70cfd

    SHA1

    a215eb0bd645e8a85019d1de2eb37285bed25b15

    SHA256

    250db5e501fa9e84764206fdcab8ac1792df0c62f1675733e89d5eea5978653d

    SHA512

    ced4986a7ddf3d22dec07f56b8c30da52ff9635ea7b9b54f4b0ae293054a849f13a045d0a935fbbd0764f9fea7f2a72a1720f5613308825b40026e20ab4896f2