Analysis

  • max time kernel
    149s
  • max time network
    159s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    02/11/2024, 11:20

General

  • Target

    852da6a2aeb5d7ca5a10ad49e6907f27_JaffaCakes118.apk

  • Size

    3.4MB

  • MD5

    852da6a2aeb5d7ca5a10ad49e6907f27

  • SHA1

    66d1b47afa8b27cb2b725941ea24db118d748ad8

  • SHA256

    33e89aa205599929ebf9ef263cd7fae2c4ae5bb25b1014c85c48698401d73989

  • SHA512

    c12570bb20e210f1b6cef906721fd9fc1346e8e35d53ec175abb583f1041f5dd2624400933d228f6edd0c9b85ba78ae19fac9d65a23d4cd5365ef7195988eb9c

  • SSDEEP

    98304:vzdeqhTbASzQw8uv+eAiLDDZtTanAYNGC/rX:vx7Qu2u5YNjDX

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Queries account information for other applications stored on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
  • Acquires the wake lock 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries the mobile country code (MCC) 1 TTPs 2 IoCs
  • Reads information about phone network operator. 1 TTPs

Processes

  • vn.apk.store.new.gakoi
    1⤵
    • Queries account information for other applications stored on the device
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    PID:4464
  • vn.apk.store.new.gakoi:apkStoreService
    1⤵
    • Queries account information for other applications stored on the device
    • Queries information about running processes on the device
    • Queries the mobile country code (MCC)
    PID:4504

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/user/0/vn.apk.store.new.gakoi/databases/google_analytics_v4.db

          Filesize

          28KB

          MD5

          6f5beb2e39eb38dcee0904c137c4e468

          SHA1

          fd1dcbcd56eab68a8eeb8f2d9fdbf606ee458d0f

          SHA256

          9adade793fb99add68c584daf3b69bd9bb33c18403c4fa4a634a5b28190c2343

          SHA512

          bd0eb2ad868fca6d60bf96cb858dfe2f4ce7f6fa583f84b80cfbf8db958da50c087aef10fd329272c36bf2c63699c6656f3813148450c0bb1910bd2424d7a630

        • /data/user/0/vn.apk.store.new.gakoi/databases/google_analytics_v4.db-journal

          Filesize

          512B

          MD5

          e2067ac31a45cccbec14b410adf3fa36

          SHA1

          7506c77db96603f3f560cb01b9304703f7af3f1e

          SHA256

          fc2c0d591c9f23c834173e9704c52c3b0924b788551df487f20b70001ffeb7ef

          SHA512

          1d96b52b56756d4e8c00bfecc416db9b0551f5a453de35b2585f624d31d908d2cb52edbd1e26a9465b5c8e34af4ff817f20dcc7abf24fb0958387f4e43a95380

        • /data/user/0/vn.apk.store.new.gakoi/databases/google_analytics_v4.db-journal

          Filesize

          8KB

          MD5

          c5ec33c6b3cd48f2b743642803fcc538

          SHA1

          8a76b3f5f38554f2068a911c1a4a575fbf436b9c

          SHA256

          164d40180020cc4bba4fd2d94d9a8f28afc90205e6b17bea981bbcf08cc00a34

          SHA512

          19c488e6e98cdbdf8e6bbb61b8de7d79e52c77cb2ea42505e1e1a8f6c4de34f43696766bec4a3ecd37fda7947223f54d929738f50f87a823fd5a63044e0d1073

        • /data/user/0/vn.apk.store.new.gakoi/databases/google_analytics_v4.db-journal

          Filesize

          4KB

          MD5

          6a26f6d9b9d660e0d16dd970f6e2e065

          SHA1

          15772f0242c9ac72d2e068e10645ab37188d06b7

          SHA256

          d42504fe59587a2dcf9a1d6dfd18872707f0af59c51b65d21b46364527d1a10e

          SHA512

          a2947023d632215f1a16bd48803227f74cb678e83fddc31cd7f8950fb440981240bb3de5c6555ad4a8c389e2f04d78d039a890517c8bfc48defe1cbe5db16049

        • /data/user/0/vn.apk.store.new.gakoi/databases/google_analytics_v4.db-journal

          Filesize

          8KB

          MD5

          36b5c6859c1baddf0a5bddd57eeb79bf

          SHA1

          fc8636ad66c75727e00c4c88a4db941ac52c5020

          SHA256

          7842efffe51508f81b6a686adf1db9d2b163b1078aba30594c72e196ba6efee1

          SHA512

          7b6207d5d36fa5361b50b1a20baeb37b8dece2eb787d16fbcbc697dc039f43b0651675858c756163967132f4807db8b213ec34b2d1297284c5116a29d42385e7

        • /data/user/0/vn.apk.store.new.gakoi/databases/google_analytics_v4.db-journal

          Filesize

          8KB

          MD5

          12951446bbfac0ed466e1cf92ca00304

          SHA1

          52523463a042be36ff14ac52357075644684ba7f

          SHA256

          223dc1ec1b3585ad053ef64a56aefbdc22d13af24b565d512320afea4ddfa65c

          SHA512

          28b1b9057296886ef930a0a94229291589f9ffd4f5d6110ea2bf9a180e2185feecb22d27253f7f7ad42cfceb4393101f8e681d363f9619ee75c06f20d2c0b1c6

        • /data/user/0/vn.apk.store.new.gakoi/databases/google_analytics_v4.db-journal

          Filesize

          12KB

          MD5

          0fa9ff4a23cbf21a221df1d6451864ee

          SHA1

          05dd5964ae8ec019eeb848fec5544ed3b6d0cb47

          SHA256

          c15c33e596591aa83c7f389492a3fd30d1d3260cf9865fdaad7ede4ea4daed6e

          SHA512

          af5456653e4f7de5f431c2b7d8b0c96cad1166108aee54418f91d1d8502932d1c06da5e3633e8e3ae80a53a31ccd154db5bab63df7306a6a4c4c57e16e136689

        • /data/user/0/vn.apk.store.new.gakoi/files/gaClientId

          Filesize

          36B

          MD5

          280ce242b856e484d936a8ef762d799e

          SHA1

          9ed5408d0ff31fd9ac82c99b8166af77e34ba562

          SHA256

          6a383bdbc9a2cc35e4b7d27f3324f2a04f1ed0ae3b1c7b99240f042a594926f2

          SHA512

          a7ba1a2f7f85fd586c2b016d671a6890c4e544406f989f59e56e88f18211d53ee44962b2ac2d423427b34c6688ceac3500700e371f7f947e92352d51f17e33eb