3a779afbca5e13f2162b417cc3fd9e4841be19951e2ce815d536dac418664f36

Analysis

max time kernel
67s
max time network
156s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
25-11-2024 22:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9e4d7752f53a443a4001ef922b8c74ee_JaffaCakes118.apk
Size

7.8MB
MD5

9e4d7752f53a443a4001ef922b8c74ee
SHA1

9e0c620a3f7d736ed0da9aa27e84e3b9f7bb9059
SHA256

3a779afbca5e13f2162b417cc3fd9e4841be19951e2ce815d536dac418664f36
SHA512

ba385cb2aaac235fe532e8e5cee5ee937953b67b0b98ed42d3d9127560b11829769832ce73e168bab9e3d120fa9f012ce1c66ae9e9b0582f7ffdb53e4d92bba5
SSDEEP

196608:oEvwp6aE03//KSXuVaBvAtbggNPy8O/dD:oEbaE03/y7+vAucPyd/h

Score

8^/10

banker collection discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 4 IoCs

evasion

System Information Discovery

T1426

Processes:

com.mobogeniecom.mobogenie:channel

ioc	process
/system/app/Superuser.apk	com.mobogenie
/system/xbin/su	com.mobogenie
/system/app/Superuser.apk	com.mobogenie:channel
/system/xbin/su	com.mobogenie:channel

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

com.mobogeniecom.mobogenie:channel

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.mobogenie
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.mobogenie:channel

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
discovery

System Network Connections Discovery
T1421

Processes:

com.mobogenie:channel

description ioc process

Framework service call android.net.wifi.IWifiManager.getScanResults com.mobogenie:channel
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
collection discovery evasion

Location Tracking
T1430

Geofencing
T1627.001

Processes:

com.mobogenie:channel

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.mobogenie:channel
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

Processes:

flow ioc

29 alog.umeng.com
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

Foreground Persistence
T1541

Processes:

com.mobogenie:channel

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground com.mobogenie:channel

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.mobogenie:channel

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.mobogenie:channel

flow	ioc
29	alog.umeng.com

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	com.mobogenie:channel

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

com.mobogeniecom.mobogenie:channel

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.mobogenie
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.mobogenie:channel

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

Processes:

com.mobogeniecom.mobogenie:channel

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.mobogenie
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.mobogenie:channel

Checks the presence of a debugger
evasion

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

com.mobogeniecom.mobogenie:channel

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.mobogenie
Framework service call	android.app.IActivityManager.registerReceiver	com.mobogenie:channel

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.mobogenie:channel

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.mobogenie:channel
Checks memory information 2 TTPs 2 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.mobogeniecom.mobogenie:channel

description ioc process

File opened for read /proc/meminfo com.mobogenie
File opened for read /proc/meminfo com.mobogenie:channel

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.mobogenie:channel

description	ioc	process
File opened for read	/proc/meminfo	com.mobogenie
File opened for read	/proc/meminfo	com.mobogenie:channel

com.mobogenie
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4244
- chmod 755 /data/user/0/com.mobogenie/files/watch_server
  2⤵
  PID:4309

com.mobogenie:channel
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4287

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Foreground Persistence

T1541

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Process Discovery

T1424

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.mobogenie/databases/accs.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.mobogenie/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6744FC33007E-0001-1094-C67655566C8FBeginSession.cls_temp

Filesize
512B

MD5
9bfe59e83a188ff80dcd035dcd93c7c4

SHA1
6d135a9c78a91ac0f77793ee72ef5d60aba9ebec

SHA256
3a0223b686f0267d417f003223827ded71f9f15fbb17f6c45a245cef9c6baa7c

SHA512
8cc626489b7c8a9b704edb9b8ffe94b94bba40c41928a0d11175a1d92749d5ee071892e1ca93fa2d6659e7dc615c56d9d89e1735d9c7ecaf934386ecd805e531

Download Submit
/data/data/com.mobogenie/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6744FC33007E-0001-1094-C67655566C8FSessionApp.cls_temp

Filesize
72KB

MD5
18c87b46acec7f3aa1aedf2b592fa0fe

SHA1
411a244a6c7ae3b721073f576a52d381e1d7c0a1

SHA256
c7154c7cf6047cdca3856a06c634d0655c71ec87319048d1318da4d4a618f2a8

SHA512
ac80830b4fe1d1c95f4e190f1893ebbbd07d727046c2ebf24d938ce070485f5bf03fb7e9b60d98951017aa5681e0847c14d2bb7ab5723eb89b193744f9abd289

Download Submit
/data/data/com.mobogenie/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6744FC33007E-0001-1094-C67655566C8FSessionDevice.cls_temp

Filesize
88B

MD5
feecd0f4b81d4fd652c2b9e54193b443

SHA1
15e69e0a8620e4fb890a76710fd22984a238d379

SHA256
ca15f69641d90dae638dbdae82d656833a2e6bdf5aca66eaaf8a99e90a0bc924

SHA512
627a58a5ecb7afe3e4825fdf3eecb9915a07f540b683ea690bf742f609dafa759738586a316134f97272702c59c574614f85b756e2c718e5b426578947c88043

Download Submit
/data/data/com.mobogenie/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6744FC33007E-0001-1094-C67655566C8FSessionOS.cls_temp

Filesize
32KB

MD5
727f871c4d523cf4699647f657edd58d

SHA1
5839d27970344cee31b4ec13c2940f12e2ff9ccd

SHA256
500b570c388c254cb94ad59480f5ab951cc57d174d4dd340225f92295492579f

SHA512
1ad5cd252e273440fa5d72a58797239204e876afd8d222dbbf731b8daa36c666f5cfb67dacf7ab0ac6fa7b9dd59a1a05032a6d30e94fe3751a601dfc64f850cb

Download Submit
/data/data/com.mobogenie/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6744FC34007A-0001-10BF-C67655566C8FSessionOS.cls_temp

Filesize
14B

MD5
9b3d4522944ce6396563812bfdb92fa9

SHA1
6d2a6133c8f01938a48ccc77ef86ad8ca335c020

SHA256
d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9

SHA512
091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

Download Submit
/data/data/com.mobogenie/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.mobogenie/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/com.mobogenie/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

Filesize
32KB

MD5
e1c3a9376af35510825ffa6b0921d0f1

SHA1
c8ce1535e356cb520ee7c28a3df9b6fa002b574c

SHA256
e2a165da2dcbaedbc72d2610d2256e71aae4d1a5d6cac1cdb743b78d6c658d69

SHA512
2672860029419f770adda552f1f0e2be372f9e9d422bada6462d1b49055d01cd2d768892cfb562708d0ede4938946d0f1c835f829d19165c19b26a6a591cfad1

Download Submit
/data/data/com.mobogenie/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_abcbad4b-e4ca-488e-a36a-bfcb5232b18e_1732574259727.tap

Filesize
512B

MD5
14a21b9944c657cdc2f0d13e3cf7fca7

SHA1
bfb70df81a0dcd961544e3b4407946b5f69c19a0

SHA256
2acfb9b06176b8f7c5f13d300e7f9f75fa014799ac6421c5b7e36e3aecd8a05c

SHA512
abe63c3cb0a1f0408f558a3752e6e92f9cac7b69ca0fd9ac3a448d6a8bcceacfc094f05eaf6c6869651c4f0dcc3ae1eb34e7abeaca0d52a3fe74c73699cb511f

Download Submit
/data/data/com.mobogenie/files/agoo.pid

Filesize
4B

MD5
ccb421d5f36c5a412816d494b15ca9f6

SHA1
ad1c54321d07c9bc1d43a67549c5c21313fb91f1

SHA256
9622b0acb1ca5edc038756090dae77be83af8557450a8066be9c2e358b7f8985

SHA512
d51ac492171127993d5e86b7a9055cd12c9a97fc598976d4c317e78f34cc671ed7d079386cf7f0608623be345c88dd2d83c42c3b7471a9c6fcaef28c36fce32f

Download Submit
/data/data/com.mobogenie/files/rk.jar

Filesize
9KB

MD5
40024153715cca0353af8871416121e4

SHA1
ae71de0e9fd633884e03e299379f13c6ccdfcc3c

SHA256
0569101dd8a0340f499cba2cf848d9c0ab5feef749dd6fbaf583104a5076c65f

SHA512
11a1f208505927e66207538f0337136c2757ef818fe30274ff650493163ed18cee0d26314b2d76f113438ffa3b3e5daa3b0900dbc60070529c1edf9ea9ae21da

Download Submit
/data/data/com.mobogenie/files/watch_server

Filesize
9KB

MD5
035d4420caf6425a418b51f9b3636472

SHA1
76c312cf740459722c6fbef29a66baac54dee080

SHA256
8d1defbcbfbe30632891561d374abe1d73e0e196eb822d7b9bcc56acd67d97f3

SHA512
4a05434b2bd3a5dbf8c05a3d6f223e7d0aacaa6ad9f5c846f09d37e95dd6b99d2016aeb4ada7495c5aa26f84352a1d2aadbafc2da3ba103107b0c8866e92f032

Download Submit
/storage/emulated/0/.DataStorage/ContextData.xml

Filesize
111B

MD5
73dad1e8aa0eff3e1148028e20604fce

SHA1
83800da678bd2a1422dc8a5ea2f6f4d145718d5f

SHA256
652c3b4417c47d4e2ebbff8b5b7705907fb92982361dc7a9f8c0cab4f48adc58

SHA512
3cce38ee23c4ad3f0793e2e06ebc8c905d89c5cb4ed64141ffc7e10a1e32c59eab4f68e9ba3ccc9fc71daaaed840ee3b3e80a4a052bbabd3e84ddeeb7587494f

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
111B

MD5
bfdeb93b0fa752b9ab69b32de4ceb7ad

SHA1
11bd1e26705f64b823d8fbdd6a95e8877b809cec

SHA256
316323e7a04e615008a7e71c2a6cf75ba6ad68b529f4b1e60aebdf66c104d210

SHA512
ce58d9f5186db4ff12019ee43c4741c384a48bb794280e082744d445420593bfaa7e6729c88803e49791151c5d310d7cdcaec63186c000cc4072661d02bae0ce

Download Submit
/storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml

Filesize
381B

MD5
5b33a050c06313a662d7e5090dd4ab14

SHA1
ba49c3c6e14cfc0766697ffef562b28b5a4ff7f2

SHA256
ad658d920d5ba7a1783b6dcb6877e0c95ef4d6c4fe6df89b182aa0b170f92645

SHA512
4a398cfe4348bcd16571efcf9d0704d33acfbc1aa3d78952e4a6515d7093f6e49c3e25987dcf6e22e206acf796ba62fda5f23ba1fae0e0ef590dce86d64b0260

Download Submit
/storage/emulated/0/Android/data/com.mobogenie/cache/mobogenie/imagecache/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/storage/emulated/0/mobogenie/file/mobogenie.uuid

Filesize
131B

MD5
b36fc2acecc53fa862257081a4f8da18

SHA1
010397d0f824394aa1b32ba542c2ffd14a513231

SHA256
35d05c88e6465d2aca7743ba554819ef11183c8e3c7981ee7c34f337d513686a

SHA512
23be6d4979c956e18bc72055a9d020fe157456b119b8be04d868c07ba0fa3710c40b9551451c8efed087aeb1ae5bde4a9db16dc8a9015d996e9ad465f5ce38a7

Download Submit