Analysis
-
max time kernel
149s -
max time network
152s -
platform
android_x64 -
resource
android-x64-arm64-20240221-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system -
submitted
20-04-2024 03:14
Static task
static1
Behavioral task
behavioral1
Sample
fbce0fa1e53ef16d6ee54dab524dc638_JaffaCakes118.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral2
Sample
fbce0fa1e53ef16d6ee54dab524dc638_JaffaCakes118.apk
Resource
android-x64-20240221-en
Behavioral task
behavioral3
Sample
fbce0fa1e53ef16d6ee54dab524dc638_JaffaCakes118.apk
Resource
android-x64-arm64-20240221-en
Behavioral task
behavioral4
Sample
vk_dex.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral5
Sample
vk_dex.apk
Resource
android-x64-20240221-en
Behavioral task
behavioral6
Sample
vk_dex.apk
Resource
android-x64-arm64-20240221-en
General
-
Target
fbce0fa1e53ef16d6ee54dab524dc638_JaffaCakes118.apk
-
Size
2.3MB
-
MD5
fbce0fa1e53ef16d6ee54dab524dc638
-
SHA1
cc8f2b3fd8cb8bc3f8162f76aada315cf04af25e
-
SHA256
340bfbd674dd9389b4c7148cf5ee004f641d0dc94753e1fe66acc98cd9ae525b
-
SHA512
eb26bce41bddbe68959ed297ee4b75dacc1aa52de6c424088e852a3ea3c3ff10935e47b84abe8be1f0598b096b33c280b552c9afb8ac25820ef009427d90f000
-
SSDEEP
49152:amikfiYdl5iD4PcZjyzW+fxN4msHghLVLuiG2E50Z1dtXvauye3Z9ISZ+4gUNOaY:agi45MqFW+fQmhfLuiG2EyfrXvQe3pyT
Malware Config
Signatures
-
Hydra
Android banker and info stealer.
-
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
Processes:
com.kqwujceu.dphptbodescription ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.kqwujceu.dphptbo Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.kqwujceu.dphptbo -
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.kqwujceu.dphptboioc pid Process /data/user/0/com.kqwujceu.dphptbo/code_cache/secondary-dexes/base.apk.classes1.zip 4596 com.kqwujceu.dphptbo -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.kqwujceu.dphptbodescription ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.kqwujceu.dphptbo -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.kqwujceu.dphptbodescription ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.kqwujceu.dphptbo -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 26 ip-api.com -
Reads information about phone network operator. 1 TTPs
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
902KB
MD59ac4740eeaeb38cc99d94b8634d1aac1
SHA1dd3f338ae9437fcc22ccf38d026f49222c1c9b9e
SHA256ed1275e3b1e3beec7ec5e348f08fdabde8cba1af9fc14d9feab4ae8bb6d4d167
SHA512d4c21fca70b6de9e3545a792dd21ca0c63bc7cc67583a636f0a56e5238f66223f50b964ce5cd1d236f647f64aa36515c20c9197a96ecc98554e3b2d1c6e07387
-
/data/user/0/com.kqwujceu.dphptbo/code_cache/secondary-dexes/tmp-base.apk.classes7694941777870548096.zip
Filesize378KB
MD55eb281ee2d87ef6272c471f66f4630cb
SHA107afaa24448be60a8b2be8984a4483a74c46e721
SHA256e8ff132d9a70da07f72324da1782c0463484842bed60a83d13bca3533b46cb43
SHA5129bf65ca548b4cfb157e2671be62b1ac4524a871938b8496d8afda890a0da8ec2bbc691bfb3689868d0ff2adca338ff133b3c043416253960158a4a29990994d3