Analysis
-
max time kernel
150s -
max time network
156s -
platform
android_x86 -
resource
android-x86-arm-20240221-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system -
submitted
27-04-2024 00:51
Static task
static1
Behavioral task
behavioral1
Sample
020a9064d3819a0293940a4f0b36dd2a_JaffaCakes118.apk
Resource
android-x86-arm-20240221-en
General
-
Target
020a9064d3819a0293940a4f0b36dd2a_JaffaCakes118.apk
-
Size
3.3MB
-
MD5
020a9064d3819a0293940a4f0b36dd2a
-
SHA1
95c9088bb149dd381f2783ac52026d0211ea256c
-
SHA256
064e31868539641c9b89e144f6de53737a15c5375425ab13e6637e6057b23332
-
SHA512
0d984478873b1256607905397351030f6ea47d45f73392c6545c447ab3953d5d5ef7243bf751a73654c3ab7c25f897195f557439ea352040044172d4d54d57b8
-
SSDEEP
98304:MtQu6bUIRPtE3RY7ZI8IMbLImVaeEAZOE:YPQEBY7ZI8z8mVDpZ/
Malware Config
Signatures
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
Processes:
dehzrmmuephxt.jlspwknqzylvykcaioc pid process /data/user/0/dehzrmmuephxt.jlspwknqzylvykca/files/5a411ce47ea10.apk 4187 dehzrmmuephxt.jlspwknqzylvykca -
Tries to add a device administrator. 2 TTPs 1 IoCs
-
Acquires the wake lock 1 IoCs
Processes:
dehzrmmuephxt.jlspwknqzylvykcadescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock dehzrmmuephxt.jlspwknqzylvykca -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
dehzrmmuephxt.jlspwknqzylvykcadescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo dehzrmmuephxt.jlspwknqzylvykca -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
dehzrmmuephxt.jlspwknqzylvykcadescription ioc process Framework API call javax.crypto.Cipher.doFinal dehzrmmuephxt.jlspwknqzylvykca
Processes
-
dehzrmmuephxt.jlspwknqzylvykca1⤵
- Makes use of the framework's Accessibility service
- Loads dropped Dex/Jar
- Tries to add a device administrator.
- Acquires the wake lock
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
-
ls /sbin/su2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/dehzrmmuephxt.jlspwknqzylvykca/databases/mainFilesize
20KB
MD553d7713c95fddd2d8976c69259594a1d
SHA1088864004b031cc283e0202bb5664d499ceeb896
SHA25615d5e809605f735119ced83840be00ddf28a8eb36c0372538874dca32c84e599
SHA512b66b8d5c49c9fab49ff57071f533a82248e52532da8538b56927ba286cd0d138bcf2b8d45480319d113d70035acc070e8c8545103fb2fc061f338715d960ee80
-
/data/data/dehzrmmuephxt.jlspwknqzylvykca/databases/mainFilesize
24KB
MD5dafdb8d45d05821439f16ccb1907909d
SHA136dec7dd5c8a7e80d9cc24c30585b4ff11e8d0b0
SHA2566c523a4d63e99f5e17461540bf0e2944b91d85ec0170b7f9d911b29f2819251c
SHA512f2b4d3cd69aa5d797a430254920b1a5c2244cf84e35edbe70dfa8eba349cc2c37e36ff6420cbe6f6ce380fec1ad149785703efc7d1a356be1d05b298a32723b8
-
/data/data/dehzrmmuephxt.jlspwknqzylvykca/databases/main-journalFilesize
512B
MD5e0560a2121128f22dd3e5e12508350eb
SHA1dab00bd8db4d9f32f7a30c2b5273cdc70c4e4dcc
SHA256b921fabf0a14143e3bbc5eb819ca1ab6f8ca52036fb57ab324e27fe91f5fb433
SHA512589f99bc3830e94ed4fc93af7c30e91aee45896645b38ea8c996cb898b1d9623db72a201f47e0d555d17e9038a10bb245c222e7e9ceef32937a21d1b3ab8269d
-
/data/data/dehzrmmuephxt.jlspwknqzylvykca/databases/main-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/dehzrmmuephxt.jlspwknqzylvykca/databases/main-walFilesize
32B
MD5a0067c5a351eb9f60a139b429c86e148
SHA1a6f2881d3bfa3243d7ad54aa82603740875c705e
SHA25639c9966f10723bc430a7f4a689580b7be744fbf91a8d3146ca99a83700bfdcde
SHA512474644a62d64e24fce17e7d2fc67980a4bcf14e322d2fcc6a21182b3c9f200bed5c5f49245d7860c1b8134a86c9f5ee1d8175deac846ef78f1b2e800e9cdba22
-
/data/data/dehzrmmuephxt.jlspwknqzylvykca/databases/main-walFilesize
8KB
MD54c0c5e8c05f184f9c46c3fd8762c1b89
SHA11628e6d5410e8fb7e32d690525dc10d0775f513c
SHA256ba0bad0be561ea61f34b24feaec67808a6ecf2d8eaaea789573eecf00e31fb7d
SHA512a115bcd778b86fbfd5d3be034207cef74bd274852483db006a306bea5a1855cc161ecaac759636164090bf818467769378fffeaac5ff88cb8820c4c2eb130fc2
-
/data/data/dehzrmmuephxt.jlspwknqzylvykca/databases/main-walFilesize
44KB
MD510a3a7b4602208c16209bacc1ac7fc81
SHA19c928d68c89cf04085e816249fc9ab725d314910
SHA256e3a4aad789356ed828a2969b315b18157215e2ea29d3a3a81b1bc03309727a84
SHA512ba8780575fb7aee14a8f61c3711aaafc663d413d75428fa2e18c798c89a29dc33d50d95c64cfb4d91726efa5c8e4528f97466c76d2c46618dfb5045e6acc9585
-
/data/data/dehzrmmuephxt.jlspwknqzylvykca/files/5a411ce47ea10.apkFilesize
48KB
MD5156441057e307e0dbca6186b3a31c608
SHA155146784fb0e2c92746194569d7922aca40e860d
SHA2564842519dd8325f030fae94aec3da4a764d60610ea72e736212ce8c78b8221fb3
SHA512a0f787d30e6d5c99a0990a94d8b68b330d5038519a3ef56eb44de60daa4ae8c3ce8ab5b0892da607835b31c766a5434261a279bf650b87ad6ea22c7fc4ececbd
-
/data/data/dehzrmmuephxt.jlspwknqzylvykca/files/oat/5a411ce47ea10.apk.cur.profFilesize
379B
MD5fdc1b25ca9b77024d4f31f36d08f8247
SHA11aaa3aa2d55d936b9018353c1ee50fa7cb9152c4
SHA25622058ea61d1829a2c14194a58e4a6f6344a4e9eeed37d700c87e8b1ac703b8e6
SHA512189758c86b1dcce792174b88989f629fd2d37fdbaafb0dfa6285025ded713da25b518cb7f9ea5492ac0aa2857e783b7281aff0f5b5350ffb4d6c192aef4b7112
-
/data/user/0/dehzrmmuephxt.jlspwknqzylvykca/files/5a411ce47ea10.apkFilesize
113KB
MD59778e03c60275524d3649ce5c92b6618
SHA1cd7242a2d6ac8e923061612a2d300012e65ec4c4
SHA256b8d887b0ba0e951714eaa73b9b033dd4aab86ceef3dd698d07ccb676cf3aae1f
SHA512c5bd221b820465eff85ff573c30a7137b5654016e90a7806aaa386797f6bb5ca8562bc8057f0f10d7a801a1effc5707c868c3547696fba6c62312271e576fe49