850a4d202c53c604b3f525f2197c9aafab067924528920a9235df9546114b91e

General

Target

aaf36256a481be164522d7d06baa6d12_JaffaCakes118.apk
Size

2.6MB
MD5

aaf36256a481be164522d7d06baa6d12
SHA1

de9340f632db661eb79573985dffe4c825fe4ee4
SHA256

850a4d202c53c604b3f525f2197c9aafab067924528920a9235df9546114b91e
SHA512

2631efb91af6200cf341bd7f0b2ff5388a1f9ecdee3b0ad78ace6a161567d5d9cb7661934b0351a41c9fd316cbe9a54abe699e746134900f3651a7a063a20adf
SSDEEP

49152:t+hLbCobOVt7r5/W7GHWto+k7i9B5YEGu5+cP47E5WmIzhZ2oaBCTe:sbvbOv5/WiHMk7iz5YEz+cQ45WmI9ZJo

Score

7^/10

banker discovery persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.mopote.traffic.surface

Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

flow	ioc
5	alog.umeng.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.mopote.traffic.surface

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.mopote.traffic.surface

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.mopote.traffic.surface

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.mopote.traffic.surface

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.mopote.traffic.surface

com.mopote.traffic.surface
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:5027

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1

T1624

Broadcast Receivers

1

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

2

T1633

System Checks

2

T1633.001

Credential Access

Discovery

Process Discovery

1

T1424

Software Discovery

1

T1418

Security Software Discovery

1

T1418.001

System Information Discovery

2

T1426

System Network Configuration Discovery

1

T1422

System Network Connections Discovery

2

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.mopote.traffic.surface/databases/statistics_surface

Filesize
28KB

MD5
28b01552a283a13aee94f278afc13be8

SHA1
1d4c52fc89b9285950d16b32823e65db0d6c18d1

SHA256
42f47ebf2e078e5a075d0c84e0501aa15ef5f62d44ec05d0311668bfae52eb1c

SHA512
15098724585f859dc344a353ee8fe92cac0c280414c691318a434d00cfc82195831a338edf21e318b15e2d256fefb073e0e32044eea8448ad9570f39785c139f

Download Submit
/data/data/com.mopote.traffic.surface/databases/statistics_surface-journal

Filesize
512B

MD5
4d6042b740a34dcbbabb1bb6cdafc0f1

SHA1
531e54fd77642cf4d8ef901ee7f41a106c83c43d

SHA256
7a6f499dd894b6430064769333f6ba5b7c5520a14c6b665e3f37a9fe595c40a2

SHA512
14cdb1f840165ac45afc76a6fe5363bf70a25c8a1f67655fb66b51fb8886505cdb9b018122cc3cf4639d0d10db475be3ec2730ae52821211a68580b45d613c07

Download Submit
/data/data/com.mopote.traffic.surface/databases/statistics_surface-journal

Filesize
8KB

MD5
8056550d5d2970fba78067dbb97c6629

SHA1
b931a09eb05a4a539980261164c0639fbe3b581d

SHA256
11bd46943eb769aaff34ab94436ba3f9cc4df3d3ebe197f26bbbd82d5a9a4a73

SHA512
082905d9889a204ac8d2d0f62b2127ef6bea2b1eb97754d7e67f8861e4de426b349f9311b3da59501e92bb288fa02093cf6833f9fd86f81dc482a6d73f21aedb

Download Submit
/data/data/com.mopote.traffic.surface/databases/statistics_surface-journal

Filesize
8KB

MD5
4956177ba3c44ef5b316cf7acb3766b5

SHA1
4c0c4ad7b1fc9e7d5e25c979184f36b3d8bd6aca

SHA256
bc0ca3248875e2749c47520ea2327b7badaeb0fe79c56768fd4e806ccc357af6

SHA512
285b941f518a9c79d3d8f0e63f37c20c80bd82982acf5af4ebdb676f7b518b7ecb797ed18934f66a7a630db38c516cf0db989fe947403f5641b0deefdd4f8b97

Download Submit
/data/data/com.mopote.traffic.surface/databases/statistics_surface-journal

Filesize
12KB

MD5
66ae4dd1ca473d371907621819fe3ecf

SHA1
a41a253f6fb29144c6c266596ccd2a340f87b21c

SHA256
03fae56e1db1bdbac1f27c1e589a37aa3d216e581bf15224acb3c9093110c4f8

SHA512
b25ce1af65dc6bb85a1c8e4f8010ae8bb744d94294ca53ac678623c67390e92e1bc71825da2f0046a2a41542df44ebe6254ec97d1e64bcc3a881e17b3f739a1d

Download Submit
/data/data/com.mopote.traffic.surface/databases/statistics_surface-journal

Filesize
12KB

MD5
de543203968000f77ba56a62f8575fc5

SHA1
b3b299c785c9cf63cacc13734d599104edc6a582

SHA256
492e85b5243ad45856c71d1dd5076c936f7a00ac5d00800dc3c2690076eb3908

SHA512
f91d4d2f93caa58ae01482d4afb6534fac3edaf7edf2c2d1b34124df82d4ea29e671377be6e95a3c38b8ac3a91cc263b96c5bec48df7c98e50e0752055571886

Download Submit
/data/data/com.mopote.traffic.surface/files/umeng_it.cache

Filesize
148B

MD5
22d5b9556a486b3660aa998c842e4d5c

SHA1
2a8c7e0378d149a97af2315d8901308b8f99c4ea

SHA256
c486e8b22d66e0727d2be5b7995e6d4209e47d0636ebd923b7407d47f3b01493

SHA512
19f2cbe99128958dc7fa1ea139871addf6a5035780920d671732daadd24c8527186136270db963aef1e4f54a0df8b8cbd585662d434ec30ab0fa9a96f3b302f2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads