Analysis
-
max time kernel
26s -
max time network
143s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system -
submitted
19-05-2024 21:09
Static task
static1
Behavioral task
behavioral1
Sample
5b7ab75d00a8409982f4f56242d9fd05_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
5b7ab75d00a8409982f4f56242d9fd05_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
5b7ab75d00a8409982f4f56242d9fd05_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
5b7ab75d00a8409982f4f56242d9fd05_JaffaCakes118.apk
-
Size
7.6MB
-
MD5
5b7ab75d00a8409982f4f56242d9fd05
-
SHA1
47162abdb72b4ab5c9fddf299a09658304afad4f
-
SHA256
f30dd0c0ddaefdba14052e204e65647d4384fe14cee3ffe133a62609e3785294
-
SHA512
bab8cb300a458e5328ea28ceea7846c802d935e53c2b6f07b12683c9cd122d14ec117cb09040904b4694be4ca0bf37e8c318d0b9c3004006691991c14c1ad25e
-
SSDEEP
98304:YyKMrHRppYVXwO4re/b2ouxTXVQb846leex23ybkTsGAF0i0RW4mC2gpZJBkvQGw:YyJpYVXKTVBx23iJDzwpVk4Gn5zC
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 5 IoCs
Processes:
kr.co.baobabnet.helpmejack2.hackioc process /data/local/su kr.co.baobabnet.helpmejack2.hack /data/local/bin/su kr.co.baobabnet.helpmejack2.hack /data/local/xbin/su kr.co.baobabnet.helpmejack2.hack /sbin/su kr.co.baobabnet.helpmejack2.hack /system/bin/su kr.co.baobabnet.helpmejack2.hack -
Processes:
kr.co.baobabnet.helpmejack2.hackpid process 4594 kr.co.baobabnet.helpmejack2.hack -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
kr.co.baobabnet.helpmejack2.hackdescription ioc process File opened for read /proc/cpuinfo kr.co.baobabnet.helpmejack2.hack -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
kr.co.baobabnet.helpmejack2.hackdescription ioc process File opened for read /proc/meminfo kr.co.baobabnet.helpmejack2.hack -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
kr.co.baobabnet.helpmejack2.hackdescription ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener kr.co.baobabnet.helpmejack2.hack -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
kr.co.baobabnet.helpmejack2.hackdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses kr.co.baobabnet.helpmejack2.hack -
Acquires the wake lock 1 IoCs
Processes:
kr.co.baobabnet.helpmejack2.hackdescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock kr.co.baobabnet.helpmejack2.hack -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
kr.co.baobabnet.helpmejack2.hackdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo kr.co.baobabnet.helpmejack2.hack -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
kr.co.baobabnet.helpmejack2.hackdescription ioc process Framework service call android.app.job.IJobScheduler.schedule kr.co.baobabnet.helpmejack2.hack
Processes
-
kr.co.baobabnet.helpmejack2.hack1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Acquires the wake lock
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
PID:4594
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16KB
MD5335517875ce0d9858bdb1d7418820d31
SHA1d64d01da5c33fc4aa51bf1ce03fd4d347707f47a
SHA256d24a5e82dbf52fa21e440ed2770c605b4cc7617219fc6c9d3f2932b75e719dd4
SHA512e708f63575d2b29503e7d2761a522a721fe4b7ebbdb6883474253db9b311c280b40d03d8f46baa655ea4b8ac926ce602d65b3cea4208b527bae89cfe00204184
-
Filesize
512B
MD5676836cca408106a164c057d0bb628f4
SHA1aa64e9f2b2a037526dddf1a021202c0e1f755602
SHA256aeb8a15f3aa012dd1e39eeaec6e54abbce1bf2de2684a3f8769b856f930f934f
SHA512e9e116e7cc657c20ce179fe8cd1523ba60cbcb969dac37200172ba98f3c78a83bc15d2bec6f51e72650af2365e5238dbfc95f61c0b367e528cc7261fb06fd474
-
Filesize
8KB
MD54d1f2f150c05df0fbc4af93d1d07638d
SHA1d9734d7dccc66bb8f4f4827cf89323b1ade9dcdb
SHA2560a009d70129b553bad97e9b275307bf7e4d0445690d2032c1416b59e2deed59e
SHA5122ffc6954691d405526016ba530a2acec9973b0d786d9c2a8a472c0920ebf3b5bab8e084511c7031ae6c7710b70af5d04a91295a5cd3f5ac782c025df39474d3c
-
Filesize
8KB
MD5a4623ea0078c9b1da54262ea5a0957e2
SHA14c68a09353975773f430c24c9ea4a5bd41d4efa3
SHA256cad581084a9ba1dfe7b8435c954eea3c70b119122bee9c4406b8e7fae869d440
SHA512f6df8e66538cbaf7a1fe23e3b5e2f14534249f6d57c9d25ededf2639ed16974756632ebee313e9253f8c57fd81d53b5d93c23e5fb740336fd0609ef35d96f949
-
Filesize
8KB
MD59783753c3f47fb8077ea66f538f18404
SHA14f9d9b54038c301df0b5e505b98d0b01cef6a8c4
SHA2567b32942870613663491053f686f445781698c100feb84e4aa0577a442b0976bd
SHA512e316b472d9840f2c5f844ac40523ce002fb62895809a4d9a5a97b2fffe7587436ad289ddf55e17c302ddf76cce10ae91bc2112531a88077d24586ff9d47e4573
-
Filesize
16KB
MD56449f7f04d4c5771b7e2798fbb9475b1
SHA12a80e02b55f2b5f44a0c6372e83b5436436c941a
SHA256e73a3bdf5be6bbadf66e64650ac350961fb749561f804aef2e39bac6fe53ee29
SHA512f52834be0dca0c041d64bf737799f23a13ed61143ca5a8e0901d3c93aeaa5fd354d81b7e24ba7671c19924577c62dc75a428ba17c88d7aab28527d8509e02e6e
-
Filesize
16KB
MD5ce1de8672764707fe5d19fa9b61d4cb0
SHA193247042845e6b83a9b41f8ea37ad025fe4f09e8
SHA256a2c30ad996606de3f3f4afeee26b528b79a3d2c20703a68f8b9e6a75c6636091
SHA512fc757149e3c2f0a278496ff2e6b12956ac44fd3e1b3a621dac0da05b44f5018b502483d7f27586931f477a9fc614abb687f3e5a44b4a60dfec8a8a9e6072b90c
-
Filesize
16KB
MD560bbb572108e3e7dd8a8950de3b7417d
SHA13913a7b09246e30a7a8339d6851b3065d95aa697
SHA2562184b17ae5849a510e056bbb0903801d4fb38b1223cda4a0e5dafe236697f6a8
SHA51216415aea785ca3335e60e28913c9d26793c975b6a02245df9cda4af6f3f7944c5c5c1196a8661bda138d5a88d18122d6d0f278779e8528bf44e42d9f140a77ba
-
Filesize
16KB
MD5c0f65804464b7dd9c9e5dbe009182b58
SHA19579db3bc5224ac4d7d1eb4929dd8bee318a05c1
SHA2564c87fbf43bac881499f52a6fa8b555c2db0f38d805058bd560bbba2c0a77f735
SHA512d6bc3e8d9ae489572ece96bd4fe646b230ddb264fdb020163e9aa0cb21c44ec487d356f14c9b979be983bafd3595e87ff86fdd0f65f3caa344a4909a429b23a9
-
Filesize
16KB
MD55f51404e3412ee7fdfa7e527ff07aa9d
SHA1f61a7ba9ec383f95a57af86b4d07f9413f9f3d0a
SHA256c3ee01e9c9c6d791917d91c765cfa4656e2b802bb483d9e76e75b655a6547dc3
SHA5128897f82967f2c420e2a9d724cf79697a3c63dcb52eb77c33bb27b9b306d8fff98c2a1c63e3cc9cca8661ab20c49acb7a6642d7d3b0e6c8c4bdddcbf6b78aeb3a
-
Filesize
16KB
MD5d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA107ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA2562d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb
-
Filesize
8KB
MD5e5e5deaf4b12720ad5128eac119216da
SHA17d9fd23d7f1cc2b871856e9d05a593e2fd1be3b8
SHA25618e127cd2c35fffcf01a42cee525296bb0f02291b890a2bb8923ed1beb45234e
SHA512b1345939703ee7957c69e659d4e276d4ffa9b3f2e71981cd8d845ba3ff2294216f6d860e6423979422fb508e89a27501817765587e74f89ee124997dc6ef23a9
-
Filesize
512B
MD51fbea042bf91809af259ab1d653620e9
SHA1072eba39f442d9b22fe6bd5d92fc94bd089c3f91
SHA256184bb01d44918e2a435cda5c22fdb67d523ebb841c69dc1972367e96aff15550
SHA5120d18199ab8eacb1af122080961d4fc89088b892e4126dabfa88e19e91208ffcfc54c3580c2671627f118312b8f5c2fcf8979ecc9614bfe7fd758d0f1e6925205
-
Filesize
8KB
MD59eea73c7de1b35c54510cb49c545f455
SHA1d95ccba8b3fafe1e3741755797d1f5949a712d56
SHA2561791fdddc0d2c596403eb7957daf4b001f1cce1596a9b109931692dee4eac775
SHA512fcba6585ee3dc2ba10f0752464bab6d57b2d29cd784be5a53131fb09e63173d046c59bacb6c5be36f652d7283ed10083b1c2c598ad6b07da89af704eb106483d
-
Filesize
4KB
MD5970b8241f1437f0868de7329f71d5cd0
SHA1c2f386866762fb5852211cef6481347865477ed5
SHA25683b1d4923b7a5bc7fe1ecbd6c92c4584b37de90f7e9b7647b29176b9283edefb
SHA512287c6a4a1bbb8f642bc650f85fc6b8e1e63b239fc86f97c6665e69e18f4b253e23b7fe1cac36bb26de2b6ce5a89b848cc7ccb5aaf7355abf33e7b1256655037e
-
Filesize
8KB
MD5b9091189fcfb5a2c1f152ece64e25bdf
SHA107acb95f039310f32366954ebbf995f43ba4f99d
SHA25642fb71d4acf43e5cb9a49fe09f7d4ed0448a2bfc5c3bff2c29d93b20290a64d9
SHA512e98f1018255faf0c8171ce4d24f45297540205ae3d67db964e48b067f085dd9a76e41ec6a17f092b01a405e7cb577aa2d017c404cf9f6baa99a71fc47339c663
-
Filesize
8KB
MD5832bf1b270216e728a3bfdbcd2015a14
SHA1eb371883f93ff67136360f75edf44a321633d118
SHA25646211633413b51dfedf1278f98334257bebd0f866cff70ce8e0e250762d8594e
SHA5128a85ab00ed25a7c1b942e87aac86e0d848ef95325bdd6e03d2ae712527637af4ef84ec47414d71173e3edb308d089ae515c36551502eeb77d036c54408ec9173
-
Filesize
2KB
MD571c78c32f7a21f8a9db1d49e98ef00c1
SHA17211e73362fda2df26cec8f7fdc9fe803446aab3
SHA25607fd2295f22ad49a80429c2a73fbd2c7314dab27551b0ec30d9facde6e87dd4b
SHA51265527b90070c8c4a11ffd26a100504eb6b58bfce3b4670f89e53007ec152372de0cab1ed1a3636c231934db352526ab80b790fe96a4a7e79e241801e65af17f9