Analysis

  • max time kernel
    13s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20240506-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
  • submitted
    09-05-2024 04:30

General

  • Target

    284dc0746fc8cb0660abc81237d8752c_JaffaCakes118.apk

  • Size

    54KB

  • MD5

    284dc0746fc8cb0660abc81237d8752c

  • SHA1

    581e780a7cec8e8db504800f03a0434cd615c1d4

  • SHA256

    6607bdb1506c49fac08cf410d318a2f95359f48d2a98ebb286cacccbc6c34d29

  • SHA512

    8b380e973a5e238f18ef3471160e80d4ecd0d6a0b39a0b5d29906e47a2731c1fe315e0d83e6622030a79135a17807a162da548837e7fad15758ef2391af93525

  • SSDEEP

    1536:R1Z+mqHyUkQTOgNFsJCzW7kqh6yrnpkcgUJ:RCmqSUkZrCiAg6yVxgC

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
  • Queries account information for other applications stored on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
  • Tries to add a device administrator. 2 TTPs 1 IoCs
  • Acquires the wake lock 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs
  • Reads information about phone network operator. 1 TTPs

Processes

  • com.thai.horny
    1⤵
    • Removes its main activity from the application launcher
    • Queries account information for other applications stored on the device
    • Tries to add a device administrator.
    • Acquires the wake lock
    • Checks if the internet connection is available
    PID:4168

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads