Analysis

  • max time kernel
    68s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    17/10/2024, 14:53

General

  • Target

    526be06edea4e2e860adfe833b09dd51_JaffaCakes118.apk

  • Size

    1.6MB

  • MD5

    526be06edea4e2e860adfe833b09dd51

  • SHA1

    e1d1bcf52b8b2e9487afbd4663a392e27dab1071

  • SHA256

    e36b4c5aaff9be0e99fedeae418a75c0cb0fa685c83aafe0fb3a1ea545c344c9

  • SHA512

    2392e30f5d170eba33e1b9f686eadf55c90538667d802159428d5cc89cac44aba283fb8a88e7fd11b212008f5650795f84872d6bbf2640304728c56561f9afbd

  • SSDEEP

    24576:fG5v6LWhxef9XymZMj30CYdj/YdMYjgFAxLQXu6bLIQK40bf4IrPD+LYsGwkcCn1:+5v6IMXy3e1/YdMex4uMK40MIzpiCn1

Malware Config

Signatures

Processes

  • wpz.wrov.otgsak
    1⤵
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    PID:4213

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/wpz.wrov.otgsak/databases/xUtils_http_cookie.db

          Filesize

          4KB

          MD5

          f2b4b0190b9f384ca885f0c8c9b14700

          SHA1

          934ff2646757b5b6e7f20f6a0aa76c7f995d9361

          SHA256

          0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

          SHA512

          ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

        • /data/data/wpz.wrov.otgsak/databases/xUtils_http_cookie.db-journal

          Filesize

          512B

          MD5

          fd1271e80f2be33c36e5b24afba97a02

          SHA1

          8c02820161c3457e8b6c83bc35a0ef597797daf2

          SHA256

          b641509e29233764c86884e70319f17f553af564dbba674de4772ed97a6529cb

          SHA512

          b1739f7e2ee2086528b98cfd41db7635cbf3789a1d38276705a59843284a6088336a81ada64b2d1afcbee45c0167592a8a91164c37eeb5eb10edda9d04d2c02f

        • /data/data/wpz.wrov.otgsak/databases/xUtils_http_cookie.db-shm

          Filesize

          32KB

          MD5

          bb7df04e1b0a2570657527a7e108ae23

          SHA1

          5188431849b4613152fd7bdba6a3ff0a4fd6424b

          SHA256

          c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

          SHA512

          768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

        • /data/data/wpz.wrov.otgsak/databases/xUtils_http_cookie.db-wal

          Filesize

          20KB

          MD5

          05935ec418fd7c8ecacffb09ce80fed4

          SHA1

          9299e5c584eed55e5e94e4796ede9f32524fee34

          SHA256

          63f79cc00dd4fb6a0872a8218de102db9c157dd8e219dc5ebcb08a4de8952e29

          SHA512

          edc7c3d627d75e0700a8e126f5e35263576d8b37113a086382743d34efc1d3706fe63babcab63c2fb616d211b08666eefef4a887bfdae3cc011b9d863f80b984

        • /data/data/wpz.wrov.otgsak/files/.um/um_cache_1729176893164.env

          Filesize

          704B

          MD5

          7e503d2fb933e6b9589418edf014b7fe

          SHA1

          945fcb0ccf0e3b5ee2bcadbb2375b56c9852ecc6

          SHA256

          ce266afe0ecab2ea48ec2462f8ff71fbcd05e408f53447238ee0e234e42f6814

          SHA512

          c6b077b7203900523e776cb2818690e52f75483cf3047b9b7d0668b6a47fdfa6197f4e4ce86a9cee98408476a9b43663950a9ee4f2973502354a15dd929b6aeb

        • /data/data/wpz.wrov.otgsak/files/.umeng/exchangeIdentity.json

          Filesize

          162B

          MD5

          fd94e98ce20d1c92a67a7fc65be407d4

          SHA1

          087553f36e5c4a245b28553079a022e0db6eb8c0

          SHA256

          aa65a86acac215abeb489e3ae927fa11e424a635110fa182415feac581577353

          SHA512

          468d53c9862e11e7a398fd531c69cf9bccab0e4577ad1e29baa17f4ca3f7af6b609ed4dab5cddc08687a81d81db8570b8553ef0e3e04e03080e4c0c72a14cb2d

        • /data/data/wpz.wrov.otgsak/files/umeng_it.cache

          Filesize

          415B

          MD5

          0d1a29d4a5c01fc184ef2173116dcb26

          SHA1

          8053ca274f9c1bbf05d5dfd1b1eab0321cbba34d

          SHA256

          3e9203322916001205b77cf39b38e7676668fee438da32bf347a68729475ada0

          SHA512

          42c0248768fff88a6d981f9edfb00f6ae4fd5db93f89f1f8e145bf151462ca99abd8a495245895e5a99a70b3ce78bc47f09955df890abdb0bdb31c4b4deba86a