Analysis
-
max time kernel
47s -
max time network
138s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
19-05-2024 21:09
Static task
static1
Behavioral task
behavioral1
Sample
5b7ab75d00a8409982f4f56242d9fd05_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
5b7ab75d00a8409982f4f56242d9fd05_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
5b7ab75d00a8409982f4f56242d9fd05_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
5b7ab75d00a8409982f4f56242d9fd05_JaffaCakes118.apk
-
Size
7.6MB
-
MD5
5b7ab75d00a8409982f4f56242d9fd05
-
SHA1
47162abdb72b4ab5c9fddf299a09658304afad4f
-
SHA256
f30dd0c0ddaefdba14052e204e65647d4384fe14cee3ffe133a62609e3785294
-
SHA512
bab8cb300a458e5328ea28ceea7846c802d935e53c2b6f07b12683c9cd122d14ec117cb09040904b4694be4ca0bf37e8c318d0b9c3004006691991c14c1ad25e
-
SSDEEP
98304:YyKMrHRppYVXwO4re/b2ouxTXVQb846leex23ybkTsGAF0i0RW4mC2gpZJBkvQGw:YyJpYVXKTVBx23iJDzwpVk4Gn5zC
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 4 IoCs
Processes:
kr.co.baobabnet.helpmejack2.hackioc process /data/local/su kr.co.baobabnet.helpmejack2.hack /data/local/bin/su kr.co.baobabnet.helpmejack2.hack /data/local/xbin/su kr.co.baobabnet.helpmejack2.hack /sbin/su kr.co.baobabnet.helpmejack2.hack -
Processes:
kr.co.baobabnet.helpmejack2.hackpid process 4280 kr.co.baobabnet.helpmejack2.hack -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
kr.co.baobabnet.helpmejack2.hackdescription ioc process File opened for read /proc/cpuinfo kr.co.baobabnet.helpmejack2.hack -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
kr.co.baobabnet.helpmejack2.hackdescription ioc process File opened for read /proc/meminfo kr.co.baobabnet.helpmejack2.hack -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
kr.co.baobabnet.helpmejack2.hackdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses kr.co.baobabnet.helpmejack2.hack -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
kr.co.baobabnet.helpmejack2.hackdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone kr.co.baobabnet.helpmejack2.hack -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
kr.co.baobabnet.helpmejack2.hackdescription ioc process Framework service call android.app.IActivityManager.registerReceiver kr.co.baobabnet.helpmejack2.hack -
Acquires the wake lock 1 IoCs
Processes:
kr.co.baobabnet.helpmejack2.hackdescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock kr.co.baobabnet.helpmejack2.hack -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
kr.co.baobabnet.helpmejack2.hackdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo kr.co.baobabnet.helpmejack2.hack -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
kr.co.baobabnet.helpmejack2.hackdescription ioc process Framework service call android.app.job.IJobScheduler.schedule kr.co.baobabnet.helpmejack2.hack
Processes
-
kr.co.baobabnet.helpmejack2.hack1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
PID:4280
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Scheduled Task/Job
1Defense Evasion
Hide Artifacts
1Suppress Application Icon
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5d9d5f99f58d314847750007925192015
SHA103d67c970b25f21777f7e3f47aeedf6c9bf8bdb0
SHA2560dc1837c5348474ff9db89b6bc44fed985fb2fec7593c00d68f29031542f5237
SHA5127806da2c15721f788ac847bf9162d4ad39656afdef42bc759b8dfaa1d785c561501dc338dc30101d3ae6933dbae24d6c78d88fceda9c666c4d769c5c8a5fa753
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
32KB
MD53cfbb16845e83a155b61e1a5a06ac040
SHA15160c70d42597fb9a0e9b5dd59efbd5d7efa95ce
SHA2560203425bdc6cb06ff4ddeb0b3fb2d7c0ccb3f5f1392ef6179921d501b3754ce5
SHA512a40ee9746cb503590fea47eb439524a07b7ec5cb08f99092adc097880e03e40f2538b439ab034d09a1a34e2751f71328838e0a3c8a87af934664338b125bfe23
-
Filesize
16KB
MD50353f2630cd63d12e64182ab3222c923
SHA137396f5de384b2a20950b83743299c8e579d870a
SHA2563f3547d42caf8a615adda1c895183fa39b9f7caa765ebfe7245bebf3838c7280
SHA512c1ad8fe4cfa9f891b6ba84c33edf78be3a4d29a12d24ad0b7fca43ba8d6c7b8b6ed2e78ee016b792c765c9045276e733e75befd283edad54192c3612e5a6afc3
-
Filesize
16KB
MD5a9f447c95713d03b9ccdd4a4b119d037
SHA15cfbef8b81f1728aa10c17ed49f5df3a05b0e625
SHA256a97586e47f8c8124d1b1d3a746aab145395cf0c90f10ac7ee123e2c39f4cc808
SHA5120070f245b959bc818456b100c0b9142dcc49330f1a1a1b69775561bc170a299fe24434e6eee10f4a41d693ba0a65b6232ced5c59642c4950bf06f42e2af88b5d
-
Filesize
16KB
MD51bac27e6072621c23873dd60b426011e
SHA19e47e27ac111d8eee21e830ccc7bc8c2ad0a700b
SHA256ed7ce1c9758fd67d2104f44e19602f62848b112c2f24f6fb13a1b1d64013a4e1
SHA51229f3be4a0adb457990b80a891a67b1e6302d5b99a3ac2f8bd0e58e43b39b2af351bc0bfaed8f7ad7e023251525d7e387b0d677523d9adc2b23cabe542bd8b0a4
-
Filesize
16KB
MD534d4ca4c751c366174dddc546f0792bd
SHA1d8b3e2b71705aad28464d53cd679c07ae59d84de
SHA256e2cd21a1cc8c1063e52299f94868e9d5db97c2eb3114812f5158c56195f9e06a
SHA5128a267da75d10850f6da186b51bd07b25794b29b9dbef302437238ebb4caa8afc02a3961a62aaf4ef02019c13a9bfa969896cecffd1c125f2940b01ce3f01d020
-
Filesize
16KB
MD588b8d2e879a63da1b0e9f5d85fb4f5d5
SHA1359bb735a32fb56672a1253dd6d469f30fb6bf66
SHA25665e717761c5ab6a36b24ab69c23097824966fbc719c2c9b11734d3c8c57fb7c8
SHA5127c73ea9d023151b52652ff9a5588ad3985631781da23b94ff082f19b5fef49756610fbbe7115e829a700a0769a01de7a9fa7771537a3467f45c84e107b2a6d76
-
Filesize
16KB
MD57237409e0640cfab7bdbd429bf821a3b
SHA14c3da934842f8d4835dfe2a9c275a300e5123309
SHA2565c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f
-
Filesize
512B
MD5a4badf7952288806f8200dddd4cce129
SHA16607373145941587537b296fc57a9c422a712849
SHA256b73c7da09c09dfc88a59e2ad6098a9bc14b85ffa36c9f5c72cb1ded5256126b9
SHA512e7e2c35e6d55207a66b9cf1de04a64728c0ae03a7c5e38278cdd87c5051459b8499819f8215db8f47d389ecaa2787ffa95f06508d325411bf52327d8921c8fbd
-
Filesize
36KB
MD5986b7c3895199774b3855063595213f6
SHA1175e7621e33f673fde6fe629f08ba1de3e7d993f
SHA256dabc2c297941e853a0b7bcdb20f7f366cb3a1b426c814609666cdf0b567d1e7b
SHA512dc9a25af801f2c3b877bfeb8ff1e52025f2e39ce102f9e38f3a3c823a76c8023834dd8c9704d24138dcd5468362f22dac703a446f2b63b7a4bc9f9f4a2409cb6
-
Filesize
4KB
MD53921cc330c8a3abfbf2fcbb1c264e146
SHA13ef7c0f4b2c907d5405438c07e10d5a91b336a8b
SHA256d228e6269687d47982e482ee4c79cf7ad685397b8e732b923473d4068b084942
SHA51231d9f867ab44eb1c5c5b276c7cc2cede236cdf2319bb6f713410a6c47a280347e84203639efbb39125bbb32178e7da16344e8f152014e67b842565d0e94673ef
-
Filesize
4KB
MD5ce454abda97c3601689ff381e3193212
SHA1d33b6945c06a917d55ca37e75902ccd53db80d85
SHA256379207d29689ea311effccb21e9302c4f23aa87bffcf3fdbeb55d468a5d4dbad
SHA5125e78fb63e309c6e5d9c6b5ec55a074f718abd944ef034f17f3346417f373d4eac6a2c489ebd49cdaef928a8ad107ec9420ba66ee477afca231ba1f90de32554d
-
Filesize
4KB
MD56d26a08d0e833ea677e1bb4c407c7a23
SHA11cde894ab32547e45a220ce68263c569d383e197
SHA256a004ece6af8a51b60fc4f83db54a8c7842539f0f44f15785076069e56d5595c3
SHA512f7a361845c2cf58ab59c544323f9a4dca5ed34cd4af702e6bd8f7efe53161981717583d346dea4eb08a63056b79c0c57cf432f350c57780a083fffd22df7b4c6
-
Filesize
4KB
MD5d788ce360a13275cebec1a5a67750bb4
SHA14f2a8da8450b638dff502e7596dd960ee7347631
SHA256a0dbb9bef3832a1f86852e2ed481a16590bdbabbc9a76c6195f705a7af0f11c1
SHA512a5f18c965b6738e655bd43def39454b5c93b82077c1091a510dd505a9b898a6f9703ebf1d73fcd5d169c97f89e5d2e840bd620cac869d54faa096cc39e297963
-
Filesize
4KB
MD5cab04e96a1463021074ed6bd37cd24c0
SHA12b855ed1b96c06e546268d52207ea901a30e93e4
SHA25625b5f530d67cd981e7fa3123236acbfddbd82506ffae2efcfaed0721df57f5bc
SHA512b34c925a4a2e1d920ac5834e893bcf51dcbdc2e637bdd55068460670d71fab37d6cd67c05edd50f85203b2e3ab69ed45c2b05dd0026f7d5d651235dda71b6175
-
Filesize
2KB
MD5b10ce1112984d4a44b0c6f4965cd9787
SHA1cd7b28f0a30066a05b8e1dabc11a1a23cf893c05
SHA2560cfec235317ba930240e28feddd12ef9116ff464cf119cca0ee6c855b0554f86
SHA5128efb7b8a8d111c387deeae6192f3b320a1918ad194a251e0be5079d584f9aad5d6e8fc589476b894bff7e766af08b46687477faed26b897444195a0893c8e8db