Analysis
-
max time kernel
154s -
max time network
137s -
platform
android_x64 -
resource
android-x64-20240221-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system -
submitted
01-04-2024 08:14
Static task
static1
Behavioral task
behavioral1
Sample
6cbd363526dfc8f906ab75d5565e5921_JaffaCakes118.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral2
Sample
6cbd363526dfc8f906ab75d5565e5921_JaffaCakes118.apk
Resource
android-x64-20240221-en
Behavioral task
behavioral3
Sample
6cbd363526dfc8f906ab75d5565e5921_JaffaCakes118.apk
Resource
android-x64-arm64-20240221-en
General
-
Target
6cbd363526dfc8f906ab75d5565e5921_JaffaCakes118.apk
-
Size
5.8MB
-
MD5
6cbd363526dfc8f906ab75d5565e5921
-
SHA1
a430ceba75aa61a5132c28cfc0d1b8d15dd5cb1b
-
SHA256
a02fdcfe2bb128d9a1614a3dfa94863f2e0cc565ede1548aa0f1ad348a979e0f
-
SHA512
5e87d1fa60a4f5b342b140b6031fc2b525947d3d2d6b66ad47bc8f519cab59bf53258399d1fb2cec82825b29d7a3ef4ee0b6bfd1e5262bf76df56ff298720f55
-
SSDEEP
98304:qBbaBg8iJRiPzLMCzhPv3CvJOZXZbzW4f8ejiHRa5l93f/gfTI7ND05+rgFScyvE:qBmi3ivvv3kMZPJf87HRaR3HV7p05Ugr
Malware Config
Signatures
-
Hydra
Android banker and info stealer.
-
Hydra payload 1 IoCs
resource yara_rule behavioral2/files/fstream-2.dat family_hydra1 -
Makes use of the framework's Accessibility service 2 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId bubble.walk.marine Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId bubble.walk.marine -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/bubble.walk.marine/app_DynamicOptDex/bWlO.json 5088 bubble.walk.marine /data/user/0/bubble.walk.marine/app_DynamicOptDex/bWlO.json 5088 bubble.walk.marine -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 8 ip-api.com -
Reads information about phone network operator. 1 TTPs
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.1MB
MD597f226017d08c6a2e365eab37f7ad312
SHA1b8c80ed45326afb0ad9ae81db203dad85d6cf933
SHA2562f076bb9f469279acd21a1d1a650c2c1f2a61cb5ad06c953318abdece32a9b98
SHA512a4289e13d836694e6eccad4eeb360d2faaf39f4ce24d2ec93262fb874191a0ff993b25e20582fea0217dfd0ee3c75a4a0ca21f78ecc60b6c5d42378d8e18526e
-
Filesize
3.1MB
MD598f5f1152b5d65aa7e580088b7115fe6
SHA1a4c2e9ab6edee80fa52695a73c37838c9159888c
SHA256d6e7e2d896f7b2d1d6e4dc11be73814f95b1a63bce84968ce67232b0816ae52f
SHA512a05921747c951dec8ec76ea704356fd344dfa38d58dc38005e3b9b1d9508eac1e44770bc45fe724be5ef303118514b127ee442ca655bf465179293d9fffa81f2
-
Filesize
1KB
MD5582f2f53829becc154753eb51dfbbaf1
SHA19576979ab23e48367ed9ffab90c6e788be41bb5f
SHA256cb03aa3296622c36c9bfbb20141c393c848a6bb1e4861021c4127c7ae68130be
SHA512cf79ede312262c85b8b11a05774f5808ed65f3a9b3423c1d0d7777a117ff45ea9805395c8c88c4882b0042d2c940866a6f95b161e5c2795fbd75a3325769518f