Analysis

  • max time kernel
    4s
  • max time network
    136s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    03/11/2024, 21:34

General

  • Target

    8d9c78499d2277796005b0cf6f392f42_JaffaCakes118.apk

  • Size

    187KB

  • MD5

    8d9c78499d2277796005b0cf6f392f42

  • SHA1

    1de975eaf9631971eefbe02c82350c4966ce9d0b

  • SHA256

    2e38f52d536045ae46c828eb2f54e9289237de71d5243952afde4959b4ea5984

  • SHA512

    ff5c20ded73026c5624e4acc96cc79681c6a339ca2928f9e584715370b33709d25c3679d293dce4a8e3ace020df103453359f6270b032624d114f43def360ad5

  • SSDEEP

    3072:ugxda8wyyw+qWmK440T1Seax7zyxxhfMcmzVWOPdfOpbj6Z406OAR9C7tu8seXqO:VxdYyN+N440Qeax/y7h0cmzVTdfOpXs7

Score
7/10

Malware Config

Signatures

  • Checks Android system properties for emulator presence. 1 TTPs 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Processes

  • com.lexa.fakegps
    1⤵
    • Checks Android system properties for emulator presence.
    • Loads dropped Dex/Jar
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:5055

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.lexa.fakegps/databases/fakegps

    Filesize

    24KB

    MD5

    9dd5bc50602399245f7972392ff9dbbc

    SHA1

    88367f0cbb41d94e7392eaba714c5344546eb73b

    SHA256

    1f1359727df307418255a6137c0eabe92ce58f132e9dee067bc59b9ebcbda430

    SHA512

    0e6a5beecbd8ddf0a32ef4b7cc843877ee7ea8c942101c89dfc70f13b08579d9dbc3f35d0d3715c34d57e9ff86552a3e7057ac66f4a2e3239664b01adeb50c0f

  • /data/data/com.lexa.fakegps/databases/fakegps-journal

    Filesize

    512B

    MD5

    ab340ec6586395aff156fe3c3927af7e

    SHA1

    e37cc6405d4b0ffb05ef0ff6784af262bd7662ac

    SHA256

    a3673a68eb785140a6d38c585c8550a28c0a6cd155a5769a5bbb795cb687156d

    SHA512

    31e719c74360ad555ec37cc3e092d4cbbc461aab0183af0db9c6bf009dce6b9195fe9e2d31590c9180f7a64711060388220a94197ec2dd52f8957054dbcb0fba

  • /data/data/com.lexa.fakegps/databases/fakegps-journal

    Filesize

    8KB

    MD5

    a129320be15c38a4e43e5938097cf0d0

    SHA1

    9b482fd330327b2418468130cb1715f924f9f435

    SHA256

    3b0b7dd11d4190b5bb3ea4ed4340607fb0af8f1224e91ff47fcac9503e9fb761

    SHA512

    2f4d51f5da3837f1ec255d9fa154b3849ae8692cb8d8746e166f9645905a9034b1ffaaaa5ad4decfa4d4da7a1aca5520bad6fdf83e79f46542420c5b8b48ff12

  • /data/data/com.lexa.fakegps/databases/fakegps-journal

    Filesize

    8KB

    MD5

    3e8baaf520a0b0d783ea04de5c20a6a7

    SHA1

    5c6e29f267d5be5ac1eb444c8e6a993319e5a938

    SHA256

    26433615bb85becc546dd1c71daae909f2756c095e83df18cee0f5ffd34baaf2

    SHA512

    80984aa9f1925921bbaddb5bfc0980e6516ced93a27ce9489298c3b27b844ee761906ad91fb96323fe46339185aa602c62694d63fcbac5bf99faac01f56fb577

  • /data/data/com.lexa.fakegps/files/DATA_Preferences

    Filesize

    1KB

    MD5

    cf40a1de3f93b4a025409b5efa5aa210

    SHA1

    c66bf56ddabc2021b84d3ae2755d0ab05ff0c99e

    SHA256

    2da42fb1d7bd8524e83d5a1e332bad697c8769ba430770a19bec630eb8ffcaa8

    SHA512

    a4f042e43d4db61c4ed35d966210b12d9b0afabcff358f4d07691c948c0e308068a5a9a7ee52a7329d78c9d9bbf7e06133d79334e53c9bde3c011c954fabf144

  • /data/data/com.lexa.fakegps/files/DATA_Preferences

    Filesize

    1KB

    MD5

    3c574c39b458e988ad2a0007eb25bd1d

    SHA1

    6c3cc2dacf3ed2a153a931c57c071485a013928b

    SHA256

    26569e10b8ed3853c67cdf34ea3d51b904c077b8f1cc2e0da08c1a7e181d797c

    SHA512

    c7ae6b43b5c7042cab272668513e2c4c96757f4f10e8c87d84ba8a248de5133be466bdf43eed6a57f933446b8a58d495655605dd8d22e306e495c06b5c4a1c71

  • /product/framework/com.google.android.maps.jar

    Filesize

    315KB

    MD5

    4899aca36d1ed747a447dcac0d101a62

    SHA1

    32e43edc0bf3e036683ea8639472e6cd31ab9929

    SHA256

    67a651acd867e046fb4463b31ea584c1468f7243a9d1e2efd34059e8ee2f130f

    SHA512

    50b23dd279a9efba566c6a6523c7537723c0cd6dd3e4871f1cbdb8d5bc355caa3ddea99452b1c8e5356802f812b3768066a9848b93d715bb8bdfa455b704285f