Analysis

  • max time kernel
    149s
  • max time network
    138s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240221-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
  • submitted
    01-05-2024 06:21

General

  • Target

    0b40572ec3101092523baafd48156f19_JaffaCakes118.apk

  • Size

    42KB

  • MD5

    0b40572ec3101092523baafd48156f19

  • SHA1

    504f95c1819f05c3d2627f432820a90b71623723

  • SHA256

    3d46416a52107a0a5474a4e326c9893b7970f986d98d2481acbdac9cdb7552e6

  • SHA512

    158421b6ebd164050d81a962b441bf20ca3368e19de888ff0c296e0702f2e1b5ceb1c7b4ed2427bc6d601b11e8470f2d0a10e17b84eac212964fc9ba2eddf7c7

  • SSDEEP

    768:cAnRAe1QmbIhnK+985WM4SsyDnDqCZQEQGMyd/hKnOSA+77NAGP3O:cQzKUWSx2EQE5Vd/hOJAGP3O

Malware Config

Signatures

  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
  • Tries to add a device administrator. 2 TTPs 1 IoCs

Processes

  • pob.xyz
    1⤵
    • Checks CPU information
    • Checks memory information
    • Obtains sensitive information copied to the device clipboard
    • Queries the mobile country code (MCC)
    • Tries to add a device administrator.
    PID:4475

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/pob.xyz/databases/sms
    Filesize

    28KB

    MD5

    862c334a6fc3edade14ad9c3e87c6e98

    SHA1

    6df4251e383583e05a5e1453753bb2478a3c8abb

    SHA256

    5fc6e53b7d51c7676b37ffa3b0334e649b83bac92a9177f3cfc85d69570ada09

    SHA512

    7ff529f9b25197fb640bd9128abfaec489b1179485120ace6324758d0fc9eb2e2bbe05bfe32fd693715744367cdb6c0ba8646094e56e35c31c9593392f518d9f

  • /data/user/0/pob.xyz/databases/sms-journal
    Filesize

    512B

    MD5

    ac4fb9162e288416f732b9a60bea8a09

    SHA1

    bce2d643e881f47b9f8536f22bff7e3974dbaa87

    SHA256

    e8e84fb5079d7e828a06ff9b67fc60d98c4099533ec03be5d600d8eb45931269

    SHA512

    221201b483ddeb952641f0a70a1dadf3769a745f17e6ae4e941144cbcfeb65c891009ca8d37b8c079b4039ecf88c99e558c79a77b4898a0153277bcd321b00c2

  • /data/user/0/pob.xyz/databases/sms-journal
    Filesize

    8KB

    MD5

    9aa9f420cce8d86d9086c3b6730e5274

    SHA1

    2901495e528144de6f8eb2f5dc206d376f43cf79

    SHA256

    a0a77e3f67ac9d455dfe7dbae997f8e871836aa90535ab84bf52c7355f7c5740

    SHA512

    b4aaf728e49532cff6625d0897553747d8d62b187a0fb697c891d2bfefcbaf2091324254af5922e75dab3bb256fef06ce5c86b3a5516566b707a979a6ce53de2

  • /data/user/0/pob.xyz/databases/sms-journal
    Filesize

    8KB

    MD5

    5e07664dde6141daf17af712ea70cb9f

    SHA1

    74681b96661f782583a32a6ee5c45828e93e162d

    SHA256

    afd3bbf26c53f2126e9f114aa005b6823c5939b1c73bd747c381481005a888d4

    SHA512

    9e56f95e6408b43974c14563010460b45a2f2a0ffca597eae0c01a8440f54a33d5952dbe685841aac047085c266daa716e7012b58faa181888bd02940cefc392