Analysis
-
max time kernel
17s -
max time network
132s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system -
submitted
21-05-2024 06:38
Static task
static1
Behavioral task
behavioral1
Sample
625cb702476486e20e7d86d3616cc79c_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
625cb702476486e20e7d86d3616cc79c_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
625cb702476486e20e7d86d3616cc79c_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
625cb702476486e20e7d86d3616cc79c_JaffaCakes118.apk
-
Size
728KB
-
MD5
625cb702476486e20e7d86d3616cc79c
-
SHA1
46c3e3a4d41ec933169c257b67a77a013f9249b9
-
SHA256
d322d9e216c5479453051cc3d96927efc827c8e0ca6de62a6963c2dee4760e30
-
SHA512
5555c3ce8b4fb2478e3e622cc4b8f091ace4fc8cb14137cfb36056220af652671057f4a3821f29f2a9a63e33c6dde96168bbe6c87053ae7e093649a88a8c48a6
-
SSDEEP
12288:4IxKDEZXz+P96X3a86Df4nUErWZHYbnPYGoPG+4ta6Zv:4IxKU6P96X3pUPHYbnP/Y4v
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
com.pro.fla.offdescription ioc process File opened for read /proc/meminfo com.pro.fla.off -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.pro.fla.offioc pid process /data/user/0/com.pro.fla.off/app_ttmp/t.jar 4676 com.pro.fla.off [anon:dalvik-classes.dex extracted in memory from /data/user/0/com.pro.fla.off/app_ttmp/t.jar] 4676 com.pro.fla.off -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
com.pro.fla.offdescription ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.pro.fla.off -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.pro.fla.offdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.pro.fla.off -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.pro.fla.offdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.pro.fla.off
Processes
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
1Suppress Application Icon
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
271KB
MD5f06ab1caa33597d6410dc5edad0bf259
SHA15407d16f2d2704565ab532a2f54520fa3c2ec755
SHA256095b2e7e0a7e3226fb6a43c90d5d0b7db59408e28991f3f7b970d2baef79a9cb
SHA512e9dd43fea9e081281fc721ff4ceeb7959085cdbd4b8300227a2c2f4300f19ad7ecae4bea552cd95473ab59e347811d3ee1ac1a063a9c90e37839af2ecbbe4138
-
Filesize
575KB
MD56a6cdb4b514dcc313ebbbf4677eef772
SHA181b1d963a7c7a385193a28cb0001ac0faaa57b87
SHA2561e706adcc6521f04efabff9d8a2fa193ab6540b88894859320c1f34fdec57310
SHA5121777ff00aca9205380eb5de58fd40a0133ad44d73286435f7d19c40c3e3bff56349697fd417dec8365ba071e8ebdf1d4e153454076d870efb73fe5bad1054b2b
-
Filesize
72KB
MD522b3f2110ff9444d4ee7d512b637a1cb
SHA17a39d4544751c9da2853a3301783e0b3b3da2e39
SHA25648e08255dce4bf78261d12668d58e1573a80ca0033d8c174bbba864512b2dd55
SHA512634211d903575fd3bf3cc945eb5e3d931e4c540246ea8e4b5e03f57ea0410cf82f45004af6bb82bd9327256963f07fc9d8e9fa7959afee3e9c5c0b33c657c6c1
-
Filesize
512B
MD505f809e6fa3c46a4015977edd95f74a3
SHA1854e41520113a6bee80eead868cfb456463d00bb
SHA256cbb35af39b54771608e55e52f85d89c54080e29e851504da3728c869228af26c
SHA512294af5cf0785cc7a37aeba67ff370b41f719a1632b48460f40b206f10dfa0e7d5a6870244f5a0b52380118c9e48240a59261d0c9224dba0ae809dcc3bf84297d
-
Filesize
8KB
MD5786839764d8989688a5425f5b0ba6830
SHA12e37d6c44ee0ae58fc15b8b3b901220f4630c5b1
SHA2567f2ffa744d7114e7d0fafeb3db71afa36e7670886c589641133abdeb15fd63f0
SHA512d10cfd7930dd1eee201e7841e0a67987cdbb7d30044825033e3cf1331042e910e9536b5ebafea2f45bd0f8401e3a43177de0fcda52fa8fcdc6d372127126a0c3
-
Filesize
8KB
MD53f75bcba081e988b845843fed547a4bc
SHA1d5ccf915154f1a0f9f112c1f87106776cb2ef420
SHA2568347a224d755e490b8e9318004cc13078c06e9872f7877ab9ff1c27832c20ecf
SHA51232f8833d4c0b9bd4fb40e7332d10262dd419fc3efe25dc1b9e7f9f7854a5a506892f4f12d0bc80721644c4c68e26b1e9df3228afab9496f8adeec822842b9581
-
Filesize
12KB
MD50dccc1d3970204296ab6bd952f8fe04c
SHA102841cfa62b0398ac8dd38b8b44699afc5af665c
SHA256651bfcf69eb26e11ea0fe24ddb4fa2b73a8ccef2f44106b8a47556f2978b0e11
SHA5122728f267d2be1e766ad97a4ac9f2073a0da49cfb237e7a4585384186421d9998398fddd1bf42feacf7049be3c754899c2b6d4eab4266cd8d07718a4e798d13fa