Analysis
-
max time kernel
180s -
max time network
144s -
platform
android_x64 -
resource
android-x64-20240514-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system -
submitted
19-05-2024 19:26
Static task
static1
Behavioral task
behavioral1
Sample
5b0ea09640c86c25dd2aee85515b8aa7_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
5b0ea09640c86c25dd2aee85515b8aa7_JaffaCakes118.apk
Resource
android-x64-20240514-en
General
-
Target
5b0ea09640c86c25dd2aee85515b8aa7_JaffaCakes118.apk
-
Size
560KB
-
MD5
5b0ea09640c86c25dd2aee85515b8aa7
-
SHA1
600fe876b6d78b6e7efc3e462abe0a4a5192dc3e
-
SHA256
fd988b737500c564d143095972b20f6a0acd5a4f16a0e10fec8c4bb776469601
-
SHA512
0af86f717fbf5d96149615dcac7051f85d3ba7f35f3b4c0acf89bc828be5bf691e9d72a0d58890e093d76cf2631a4c64703a368f17d70107230c065006477b87
-
SSDEEP
12288:W2PRSBpD41leMx4PsvRO33ncpQdtq+taBgYXjEAx:MD4neMSHMQdGBgYXjEY
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Processes:
com.paranbijuv.aijuypid process 5103 com.paranbijuv.aijuy -
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.paranbijuv.aijuyioc pid process /data/user/0/com.paranbijuv.aijuy/app_sgdgmcumf/kartisx.jar 5103 com.paranbijuv.aijuy -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.paranbijuv.aijuydescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.paranbijuv.aijuy -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.paranbijuv.aijuydescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.paranbijuv.aijuy -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Reads the content of the browser bookmarks. 1 TTPs 1 IoCs
Processes:
com.paranbijuv.aijuydescription ioc process URI accessed for read content://browser/bookmarks com.paranbijuv.aijuy -
Acquires the wake lock 1 IoCs
Processes:
com.paranbijuv.aijuydescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock com.paranbijuv.aijuy -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.paranbijuv.aijuydescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.paranbijuv.aijuy -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
Processes
-
com.paranbijuv.aijuy1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries the mobile country code (MCC)
- Reads the content of the browser bookmarks.
- Acquires the wake lock
- Checks if the internet connection is available
PID:5103
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
1Suppress Application Icon
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
224KB
MD5ed67bcfa567bb2d94c16eba935e17306
SHA161598d620767220f63d645453ebd12dd49e050a0
SHA256d54f92c248831084d5b77eb1161f53410c2d3df814680af915918bdfdef0b25a
SHA5128580021000d0925d86aa609aba40dc91bec176516c7f20daa890c3e9828d33bbaa45902526bdf70ffdf8e933bcefe0f3c374bc22d77821fcbab0ec425ded9a7a
-
Filesize
478B
MD5c542db9e47cde6dd747350d3bfecb470
SHA11d4fdb2edefd388e090d93ff867a2df122d8157d
SHA256a687311e084a33e37fb048655f33501dbe5cd6a1e2539507e0405fd99d591440
SHA51281cac3816b8107e712aaf03d8a0277040326ecdd21de096d0e675570b942bb6b0d5224b1b9b8d63d332b8bf54550bd5c143735edc7068b33883a282ce08cb6f2
-
Filesize
558KB
MD50a2f026036505aeecd65339d26dc3d2f
SHA17a0576a8b2138d0e42bf73ca3e4f071b40524c1c
SHA2563b3437b4b6ebb65dda61331f48da83674fbd144b49fbd883578e9896497cde1b
SHA512417b842a671a9d4e4496ddadb8f97a281c0b64fb4803b674ba39012897ab45c41921b9e0cac4d17bba1b7435053a6a540103f04b9d52b3fcc0614b0b9e5f4ea4