Analysis
-
max time kernel
174s -
max time network
185s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
17/05/2024, 16:26
Static task
static1
Behavioral task
behavioral1
Sample
5067e9f2c45670c1a206c42f51d8a27b_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
5067e9f2c45670c1a206c42f51d8a27b_JaffaCakes118.apk
Resource
android-x64-20240514-en
General
-
Target
5067e9f2c45670c1a206c42f51d8a27b_JaffaCakes118.apk
-
Size
16.8MB
-
MD5
5067e9f2c45670c1a206c42f51d8a27b
-
SHA1
536d789b03126ed46b9573e776749e9ae9c256f6
-
SHA256
43947ef9505effdd3ca0e0236380feea7e4057cab0935dfb0a5c7284cd51cca9
-
SHA512
9e99a015e9846be3f73aa74d207e3611e4356d65bcc8d5ea30876745035a9769da1ee725583d5c584d94edfcb391f33b754988fd53bbaf48e83143dc2d41dec8
-
SSDEEP
393216:3tu/6liiKqYy3Gj9YSEJSeFjYWpEso+69xkuoUecQHip:k/6LpG3MWZ9yBip
Malware Config
Signatures
-
Requests cell location 2 TTPs 3 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.xkwx.tbb:remote Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.xkwx.tbb Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo com.xkwx.tbb:remote -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.xkwx.tbb Framework service call android.app.IActivityManager.getRunningAppProcesses com.xkwx.tbb:remote -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.xkwx.tbb:remote Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.xkwx.tbb -
Queries information about the current nearby Wi-Fi networks 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
description ioc Process Framework service call android.net.wifi.IWifiManager.getScanResults com.xkwx.tbb Framework service call android.net.wifi.IWifiManager.getScanResults com.xkwx.tbb:remote -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.xkwx.tbb Framework service call android.app.IActivityManager.registerReceiver com.xkwx.tbb:remote -
Checks if the internet connection is available 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.xkwx.tbb Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.xkwx.tbb:remote -
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
description ioc Process Framework API call android.hardware.SensorManager.registerListener com.xkwx.tbb:remote -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.xkwx.tbb:remote Framework API call javax.crypto.Cipher.doFinal com.xkwx.tbb
Processes
-
com.xkwx.tbb1⤵
- Requests cell location
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4241
-
com.xkwx.tbb:remote1⤵
- Requests cell location
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4316
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
512B
MD52f44e59b55d52fd742d7d90f5184dbdd
SHA1345e8a072e318d9fadd7e6370dde99d9b4fe2bb0
SHA256ed9172d419d239952284255ba1338d2a310f496aeed89740e70ce53e40c63714
SHA512a09673f68a24f1b483f0ec42a61d129fcf6e677155f1f6b73f050fef61031cfbcb3b5c658bed3873c9ad39b793e643181776b67c50a0544eca72e38a4bf19165
-
Filesize
32KB
MD53fa7e69b316b7ff11dacfa54cdea929b
SHA1d8680edc2e89e50f0a358042c89dbac4280ebfee
SHA2568bfb473a622f2b7a12b5a6865ea1cfa10955a764355b7b83a150342872391148
SHA5121a3e5c0f65ac5f16ee6cbca6323fec460edece95d8840664d1af5781a2a241e1a63858a1c6cae1c1c687764da30d47fe1c05b5927e38812c375685a967deb8b0
-
Filesize
185KB
MD5c91c83c8d70422ea51590cb81bd1c7a3
SHA155900f414979bfc2d4245eaf56e09efcea366e1c
SHA2561904a375a23f5f2f62593ebcabbbe369e5e279a15672183d1f0c443145b5ae89
SHA512348d2b707f9e98d9213469583c020dad0ba8be6504cf4afcfef7ba8a9c279cd593c599d8f809990cb50c3f7261be2005ffb64c4f9bbfc5e5148bb88b67b157f8
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5995ed81aa055abe99df2719b4e57cad5
SHA154a87386f583877225348b2b8a4bb8da40525e9e
SHA25611bbdf68ee94857d3c8d9756e380d0d04392f78e330acba35ba6b66f01f32923
SHA512fe3693e92a8243284f0a4109b33da8adcb35c6992989484889f6c9e4f1336bc7bbc3b9730eff00dc2a108610d57cadb49a45c27562cb30a2c16872e949aa2a62
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
32KB
MD52994cf0458593983b01e4978fe0c3eae
SHA10b478b771a3fd78326405f2fc8cc574eca2ba8af
SHA25680f935f957e9a0bb3dfcd5a7430b2f16ac408a2f67a739a9721857abecd8f083
SHA512a2d901a9d220a6e12b83fe53bedb213c8fd16b382eae432359aa5deaf65e33f2180b5a916eb13a73dbd4b987f202296f32d5430b0e9d6bf7a09e96e3f25c1b66
-
Filesize
14B
MD5fdc757211721769c51b0fdd51dfd40af
SHA13bdbf14f68440d1d3741b1cf241660f0db16cc85
SHA256a95c941cb11d4b8b560d80a559e9890f8e4d9b88a389dbba3af5b3f10d99a224
SHA512117f893ca3a3c0ce98f070424c46027335fb72a1989b158f486d40c564f08fcd42fa43ead9806c18b08c6f29b9c9c846e2820eb81039ed437d8df342078c7a46
-
Filesize
32KB
MD5da7b48d13c1816116b283436582fe9d8
SHA1e46698560e51201cbfccaa8f3409057230247c2f
SHA2568c538bc5dda9eac914479be1cc55e5e43cf3d31d24cd241d388e3a69dd60b6ba
SHA512c8e52dda98ab1b69fe07c1de5236a3688bf3ca29b5e2763d104bdec4e8cba30b8a45221d1afe16efa0e9e9ae92cd053096e4389bcf10629b888fceda8241e559
-
Filesize
512B
MD5819e0f262769763d1918e56a7f170c6c
SHA1c44c0a09cc88c44e1812525c01fac24d236ac486
SHA2566bcff4c2600ba8d152bc26091877050e43e2b279fcdae1825287065f1239c5d5
SHA5126589b10fbc2bc4807e347aae6b62c9bd02d6d1295bef7f55d92a91e92589ba129689ef7c3acfd5c01fbab42a10e9a674617fbfbb8b9e8a2806148669d443f17a
-
Filesize
36KB
MD50e6457808fd3c6414b0138b1976a2fc0
SHA175d8c79569af310c3d2e8ef6759516e5a19dd938
SHA2562286ed539dcc81a8767befe61c9eec74c57369e27b4fe49af183fd3f947bfae3
SHA512e2298299a585e1a4b245c5914a69343409c33f0ce5d83cf1a83f6b4f385488c9a6c02cb7ca717393754762d8ce0a66f831c148bcf6b82a628f5e82fb83290ab9
-
Filesize
20KB
MD5af757be229945be283974841139afbae
SHA17effab66dfda5890e9c65b2538fb073a71502670
SHA2569e63d4d76760ce8968ff4cd4ea3450981d377876b31a1c651b26cf4ab7282100
SHA512e164c3f219121ec48481653693fff175db6ccdb5e9d66b63d4ddbb21d42069579837375ebf1c0525e697a7183bcb9a0b46a86707467269cbe5a55c7b7266bee2
-
Filesize
24B
MD5a936690571e9104e1922dda4a0ba5bd1
SHA165f49c57edde2f96be2a1dbdfc3f7351f1e66554
SHA256f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412
SHA5123be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394
-
Filesize
24B
MD51681ffc6e046c7af98c9e6c232a3fe0a
SHA1d3399b7262fb56cb9ed053d68db9291c410839c4
SHA2569d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0
SHA51211bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5
-
Filesize
69B
MD56281fa83e9facae1be37bf819422586f
SHA1e2dacd05241f96ff3ca979b60b6701ad225292fc
SHA256b6f673b7a71d25bd270eed8ac94a3b5ee426ecaaf6ef6ad2a8494b91962df51a
SHA512c5e88a1abf4ad10d217a916357b8b0d12fc537f277ff19d371c84e906eaed727b5dd7a06efef08a5eccbb9fc8a87a326aba3df5149c9d19d662e2de50425c138
-
Filesize
69B
MD51ae74b7d402e5c8420e655af3f3e98c8
SHA1f6d712296b566b94e22146a38fa462eb2e5e1551
SHA2565757284eab1a42c7e159269ffd0b39a110ddfc49bad287e41e08d6b4ed4a0150
SHA5123ce98b1a2d35fbc38540486ae6b1044fea401a20286b9bd5c73ecf6992ff885dc4508a10629f690460b8d0022ea40ac271bacf244b820879ca7fc1fa99d11601