Analysis
-
max time kernel
176s -
max time network
191s -
platform
android_x64 -
resource
android-x64-20240514-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system -
submitted
17/05/2024, 16:26
Static task
static1
Behavioral task
behavioral1
Sample
5067e9f2c45670c1a206c42f51d8a27b_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
5067e9f2c45670c1a206c42f51d8a27b_JaffaCakes118.apk
Resource
android-x64-20240514-en
General
-
Target
5067e9f2c45670c1a206c42f51d8a27b_JaffaCakes118.apk
-
Size
16.8MB
-
MD5
5067e9f2c45670c1a206c42f51d8a27b
-
SHA1
536d789b03126ed46b9573e776749e9ae9c256f6
-
SHA256
43947ef9505effdd3ca0e0236380feea7e4057cab0935dfb0a5c7284cd51cca9
-
SHA512
9e99a015e9846be3f73aa74d207e3611e4356d65bcc8d5ea30876745035a9769da1ee725583d5c584d94edfcb391f33b754988fd53bbaf48e83143dc2d41dec8
-
SSDEEP
393216:3tu/6liiKqYy3Gj9YSEJSeFjYWpEso+69xkuoUecQHip:k/6LpG3MWZ9yBip
Malware Config
Signatures
-
Requests cell location 2 TTPs 3 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.xkwx.tbb Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.xkwx.tbb:remote Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo com.xkwx.tbb:remote -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.xkwx.tbb Framework service call android.app.IActivityManager.getRunningAppProcesses com.xkwx.tbb:remote -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.xkwx.tbb Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.xkwx.tbb:remote -
Queries information about the current nearby Wi-Fi networks 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
description ioc Process Framework service call android.net.wifi.IWifiManager.getScanResults com.xkwx.tbb Framework service call android.net.wifi.IWifiManager.getScanResults com.xkwx.tbb:remote -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.xkwx.tbb Framework service call android.app.IActivityManager.registerReceiver com.xkwx.tbb:remote -
Checks if the internet connection is available 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.xkwx.tbb Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.xkwx.tbb:remote -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
description ioc Process Framework API call android.hardware.SensorManager.registerListener com.xkwx.tbb:remote -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.xkwx.tbb Framework API call javax.crypto.Cipher.doFinal com.xkwx.tbb:remote
Processes
-
com.xkwx.tbb1⤵
- Requests cell location
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5244
-
com.xkwx.tbb:remote1⤵
- Requests cell location
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:5297
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
48KB
MD5306c02eab557c52a2126e3bb4b8ddc72
SHA132db3d3fe6c852d914193b6ba8e21daef47d8138
SHA256dbb61e97543282aec5d689bd38f88d84d66626665558705de0ee3a4b4a45bc02
SHA5122d645d1cd32877e754e20ad5cf1273262d39733b5456bec60e04fd4435ebd98714803d758e8a09c90f3afd724f45f5c0e50f3efb3b15cd39e0c8c6247e16cd1f
-
Filesize
8KB
MD555be252b7e7c880d035e5690fa6c0f9c
SHA109a5d25050598c42c43a500c2c45c2dc84332ce4
SHA25628e2f3fd6152529040163c1f67741b19663af8992565d7cd32f5ad6b11d7e637
SHA512dffc51e629aeea9b2b04b18347ffb1d1a13013552de052304f82e87e54004eee905ec16b83742c752dd9727ad64809a07ac47d37b11f49eae927f9879b6dc942
-
Filesize
8KB
MD5fda7b6d11c2bf858809013137ba7d49b
SHA114fe448460ec5dca853466e21602e59c24c04390
SHA256c49ed5dda2ed605fdd5989de81731558df49aa76a22eb868c6c6037601b9c9e1
SHA512fba709e33d6677fdd7812209a7f39fa29e44b73e9c1c6e5cdbe4724e4ae1606e63f47ceb64af9fcf1904d076e35cee4096a63405574cbd2f13bfab2037a55149
-
Filesize
4KB
MD535d370d5504e8fd2ccd367f2ca5dcccf
SHA16a6f7ce79f7ef6a0a4f72837bce3f7b54384b601
SHA2568cba532a79d3f1b135d4d774b584c33ac5f676214ccd6fdd9c93ac55673a2cfb
SHA512f82bbbbb7546d07690e864b56f22cb2b0c7c19be2df8c3fd8b727974eb505eef7c20fec8c40f618118ca5323b395bbdb2836f3ec5a740b4d232c13df7dfd0954
-
Filesize
8KB
MD5105c43c8b7f3dcbd36aaec8132430db3
SHA151d72087daf0a4fb6e27a09271c35d92c1879481
SHA2562d1b9b8588d4e9ce256de2ef63b63f0599ce27c3968f367cd535cd4c2e50b7f7
SHA5123c509ec9558503cdb93dd6010df061d5526b4eb140ba8c7f29d4def50e1c855249d74c2840977b6bfcb60aa760b74ba89deea5d314a65e7cc199d4610e710251
-
Filesize
8KB
MD5ef5d98fc3286b272945344861be63bf8
SHA1e81083e1522cd0a38849485e690ff394bd6545f8
SHA256587b47efee12c206589e2c414e0179dc29edb26da97001b5b712011424d31413
SHA512eda0f30a269f4bd67e296c75cbf0499a49d643a89d8fb1c11c927a7a13c75213595e58ae0518d0cc95dc974dabe0068e6d4dc1d62ae6f394f5476a7d2254ab7f
-
Filesize
512B
MD5dbb3390041ecb78fd4add11fbd532c6e
SHA1044975063db99f0f8f3766304132c341246f987e
SHA2564232d9ec1d947f3e4029779f458d1f838711338bda474036f0606ac1bdec18ca
SHA512cad0e87c5f7df6c0e569d937077ac96d76e473b818a946c547015d7f958d4245232032bfb779756c372009c7fc8c53e934a1135d5a8e89e1cedd9bceebe7d695
-
Filesize
20KB
MD5046efc522aa11b3226aadbbf0098fd05
SHA143adc74d64d07924b50b65463dabeb2c3125e9a6
SHA256a576d56c4d8d88e2419ba3b290388c41b48374b0d6a7a12e0e9d5c7688b72dc2
SHA512c4008d06e7f1fedc7e0709c3736620a42cf5daf2d1d8749b6452ae18b820a44317c3f296351caea25edf58fd5bfe5315c70629049efa087c7b9f172f3bac3e7a
-
Filesize
512B
MD5585be6d905a279d71d222d6e01f2f1cc
SHA1d2a2e7b1dc272541d0a8c64c06a4dfb9d9a75b03
SHA2561bf71b4a905d956a2e7d12ed732344f998e5566e4cc837d96e3814d5187240f9
SHA512c17f10575de3a389b32dbb25c489d95881905019f7e074ce478cb9d033147dcc03d265fd4430db38b7c2803a1d5505596ac7aab03c8ae92235086ef8d1d24ae8
-
Filesize
8KB
MD53dd7760267aecec84568e3aec6631f86
SHA150de01088c4daf639940c17bda3fa7bcf551ae05
SHA2561479859f7fe1a8623b3f5bdd61066fc4147248b4a05583885f914d11816f4d75
SHA512884a95df9e7174300e217137c1469cf62dcd030eb72f991346d965a2b2884bc7268a1933fe2d925e4e8c273aea627276e79a5b4ecd7eda5c4aab913db3ae2bb2
-
Filesize
20KB
MD5dd3b95854dfe3e19933079fa273cd153
SHA10cabeeb749070a4b6fd8cd44cd22ee6fd6fd03f1
SHA256793b960d34b425f9ff38c1db5172c47f25c2fe45da8aee24a4fce3ad894fd7ba
SHA5126f7338a2b8755836a22a573c757ad8e3589370bad61faf63de7016aa1482f7c2ff6d09cd772b9927bffddd4f49c7fd4e1cc030201f1637d9f5e4af3702f2da5b
-
Filesize
14B
MD54957f6b3286dcba490689fca422b1dc4
SHA16e946dab1e504d0a98f8d5c7f538da9664b66b81
SHA256d9fa93f783daa9d4ac88b86579061d7cc9111fb0c374ad862e021ca2e7705805
SHA512b88afaa95a77ba65621f342587406836ab40a1b60767cf9b315644b3a60432727796e29e9bae5735cbdfe86287cc3db2495c70c227b5fb3b658b5c9843aa8f51
-
Filesize
4KB
MD51e9a485817348bc13825af05106d5b1d
SHA1aaa8361244e7864799ee39db563064e8c8232154
SHA256c0f1be5b75d5a1623d86f9bb8621bc049472a9308cd39f72a6c3c8c1c24a365a
SHA512cd72745f85ff42ea9e113f709ac433014d871c3d0649ffe1db374f2362cb60fe10edb396da1221ada1bbf9ff39efd841d3b423a0015a1da8fc1ed33cfa7e01fc
-
Filesize
8KB
MD525abb936c24ae3ee46e574e6ee84f6db
SHA13a84473be6bd2b83330479976b6ee83e2715828c
SHA256c1e579d2489155b8d599f0fb02ad0db81f29e4eb51a4c32cb004710636ebafcf
SHA51236e434cb8722516d25b06c2b35222500db40d49badf38839dcdbb372ef500f412f178ed15ccad7aa0e289a0ab406895d8185ab7a9b23d88c1ee7cfaa0f1db0ff
-
Filesize
8KB
MD543edc816f79ed8d5d21a636036abe6c2
SHA1f496122b0e370c4c9b6824dba4e3677a0b17c09b
SHA2563fda6b6e4b852d756f71568c3e881341478ca1cf403deb8cb04f9d0650e5e0d7
SHA5128d505ccd7042b9c29cfd5f5d8e28f246a6c248007ab35cd8fdc46203dbee5b61adc730693431b644f71b032954a32d04fe736f7fb75057e909c424957a1c27bb
-
Filesize
24B
MD5a936690571e9104e1922dda4a0ba5bd1
SHA165f49c57edde2f96be2a1dbdfc3f7351f1e66554
SHA256f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412
SHA5123be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394
-
Filesize
24B
MD51681ffc6e046c7af98c9e6c232a3fe0a
SHA1d3399b7262fb56cb9ed053d68db9291c410839c4
SHA2569d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0
SHA51211bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5
-
Filesize
69B
MD53d3961413615a348b39d1e4788ee0c5d
SHA14da3535c84df1dd732e5d6f51d68de1cbb20bda3
SHA2565eb0a5f7decceedba3a1345d3091621259eddc435a7093f1872eb6452f5a31cc
SHA512cf276b976aa517abb7f373c1efcc014cc91b7b42aac52df1213df9493375e012483d06729af2470ceb471a8b65f2e4e2e7bda3e46005ee06709e8e718518dd7a
-
Filesize
69B
MD57683c3da10490c0e30738897397f98fe
SHA150e204beaa1331fca793fdaa70cb5565573b0300
SHA2566db9dfaaf1a107a9d9e6ec781676198d15caccc0c42ef2969360923c677e8c65
SHA5125ccec4bb0be2b9a998cdb5541f6aabcb9772af7e326dfb2e22bf3ce0721492d167d2b13186fec40355d2f34de5b54d135572159f041636d4db9f61446796e02c