Analysis
-
max time kernel
179s -
max time network
135s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system -
submitted
19-05-2024 06:25
Static task
static1
Behavioral task
behavioral1
Sample
58fb8f875f3c9acf0fd0c4ee3c0a002a_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
58fb8f875f3c9acf0fd0c4ee3c0a002a_JaffaCakes118.apk
Resource
android-x64-20240514-en
General
-
Target
58fb8f875f3c9acf0fd0c4ee3c0a002a_JaffaCakes118.apk
-
Size
562KB
-
MD5
58fb8f875f3c9acf0fd0c4ee3c0a002a
-
SHA1
7afd33c865c9c6074fca3ef720fb04c5bb86a3d2
-
SHA256
b8b9868a24898c8cb39d90c6d38233efabff5b0daf67bbbb54d1e3d0751dd4cb
-
SHA512
5406a148eb107934f56c562670c4097a1390547634e7636e978e0ac21a4e5fba2908637aaf954b972e3ab6d8a7b1a3555b3fff2589c0ed4993f247aa83fb9cba
-
SSDEEP
6144:mXnEmVNxM4ReDzUjfk40/tbpZt2ixtxrEIcpnb1tX/LznGPgnYXfx0A1Yy78T0Pj:mXnEEM4cqi1bAixputzzGPgYXvP4lG
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Processes:
com.loliqkzwuw.oldtfpid process 4628 com.loliqkzwuw.oldtf -
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.loliqkzwuw.oldtfioc pid process /data/user/0/com.loliqkzwuw.oldtf/app_dxpvp/humltau.jar 4628 com.loliqkzwuw.oldtf -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.loliqkzwuw.oldtfdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.loliqkzwuw.oldtf -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.loliqkzwuw.oldtfdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.loliqkzwuw.oldtf -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Reads the content of the browser bookmarks. 1 TTPs 1 IoCs
Processes:
com.loliqkzwuw.oldtfdescription ioc process URI accessed for read content://browser/bookmarks com.loliqkzwuw.oldtf -
Acquires the wake lock 1 IoCs
Processes:
com.loliqkzwuw.oldtfdescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock com.loliqkzwuw.oldtf -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.loliqkzwuw.oldtfdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.loliqkzwuw.oldtf
Processes
-
com.loliqkzwuw.oldtf1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries the mobile country code (MCC)
- Reads the content of the browser bookmarks.
- Acquires the wake lock
- Checks if the internet connection is available
PID:4628
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
1Suppress Application Icon
1Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.loliqkzwuw.oldtf/app_dxpvp/humltau.jarFilesize
224KB
MD5c0de4ca82aea8345ef36d4a527a69e73
SHA1b104e731b2de1a1c31c0db4436540f31019a4d79
SHA256521f27d3fb8e95c5e4472077d43404c5f77f35fc273c9576b3b6363a436d0054
SHA5121348a491fc523a5dd8b7e78aa8803a9c75ffe23b0e65aba513c90448ae895eb0475523f252c7f78a80b7070e2c15b5eaf611f672f10cf0309e615b2bbd09ad01
-
/data/user/0/com.loliqkzwuw.oldtf/app_dxpvp/humltau.jarFilesize
558KB
MD5c32eed2295fa9b67b3fedb648718b8e7
SHA1c55ca4d640a1a71c93274f672873238ba84761e7
SHA2569b8407b13048e946d49853d8de2bc529aa3ed1a29f86faf2d227f7e97424ef88
SHA5120bdd5486e7f2daa0e00091c5af7749219260c2de8ef8cc062c565396780f3f3476b70dc4964f97463916db1a088790cd8737166c575fea7c7beec81e0a367582