Analysis
-
max time kernel
149s -
max time network
138s -
platform
android_x64 -
resource
android-x64-arm64-20240221-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system -
submitted
01-05-2024 06:21
Static task
static1
Behavioral task
behavioral1
Sample
0b40572ec3101092523baafd48156f19_JaffaCakes118.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral2
Sample
0b40572ec3101092523baafd48156f19_JaffaCakes118.apk
Resource
android-x64-20240221-en
Behavioral task
behavioral3
Sample
0b40572ec3101092523baafd48156f19_JaffaCakes118.apk
Resource
android-x64-arm64-20240221-en
General
-
Target
0b40572ec3101092523baafd48156f19_JaffaCakes118.apk
-
Size
42KB
-
MD5
0b40572ec3101092523baafd48156f19
-
SHA1
504f95c1819f05c3d2627f432820a90b71623723
-
SHA256
3d46416a52107a0a5474a4e326c9893b7970f986d98d2481acbdac9cdb7552e6
-
SHA512
158421b6ebd164050d81a962b441bf20ca3368e19de888ff0c296e0702f2e1b5ceb1c7b4ed2427bc6d601b11e8470f2d0a10e17b84eac212964fc9ba2eddf7c7
-
SSDEEP
768:cAnRAe1QmbIhnK+985WM4SsyDnDqCZQEQGMyd/hKnOSA+77NAGP3O:cQzKUWSx2EQE5Vd/hOJAGP3O
Malware Config
Signatures
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
pob.xyzdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone pob.xyz -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Tries to add a device administrator. 2 TTPs 1 IoCs
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/pob.xyz/databases/smsFilesize
28KB
MD5862c334a6fc3edade14ad9c3e87c6e98
SHA16df4251e383583e05a5e1453753bb2478a3c8abb
SHA2565fc6e53b7d51c7676b37ffa3b0334e649b83bac92a9177f3cfc85d69570ada09
SHA5127ff529f9b25197fb640bd9128abfaec489b1179485120ace6324758d0fc9eb2e2bbe05bfe32fd693715744367cdb6c0ba8646094e56e35c31c9593392f518d9f
-
/data/user/0/pob.xyz/databases/sms-journalFilesize
512B
MD5ac4fb9162e288416f732b9a60bea8a09
SHA1bce2d643e881f47b9f8536f22bff7e3974dbaa87
SHA256e8e84fb5079d7e828a06ff9b67fc60d98c4099533ec03be5d600d8eb45931269
SHA512221201b483ddeb952641f0a70a1dadf3769a745f17e6ae4e941144cbcfeb65c891009ca8d37b8c079b4039ecf88c99e558c79a77b4898a0153277bcd321b00c2
-
/data/user/0/pob.xyz/databases/sms-journalFilesize
8KB
MD59aa9f420cce8d86d9086c3b6730e5274
SHA12901495e528144de6f8eb2f5dc206d376f43cf79
SHA256a0a77e3f67ac9d455dfe7dbae997f8e871836aa90535ab84bf52c7355f7c5740
SHA512b4aaf728e49532cff6625d0897553747d8d62b187a0fb697c891d2bfefcbaf2091324254af5922e75dab3bb256fef06ce5c86b3a5516566b707a979a6ce53de2
-
/data/user/0/pob.xyz/databases/sms-journalFilesize
8KB
MD55e07664dde6141daf17af712ea70cb9f
SHA174681b96661f782583a32a6ee5c45828e93e162d
SHA256afd3bbf26c53f2126e9f114aa005b6823c5939b1c73bd747c381481005a888d4
SHA5129e56f95e6408b43974c14563010460b45a2f2a0ffca597eae0c01a8440f54a33d5952dbe685841aac047085c266daa716e7012b58faa181888bd02940cefc392