Analysis
-
max time kernel
179s -
max time network
186s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system -
submitted
21-05-2024 15:39
Static task
static1
Behavioral task
behavioral1
Sample
63d1c4eed6af4f5df798744775aea2ab_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
63d1c4eed6af4f5df798744775aea2ab_JaffaCakes118.apk
Resource
android-x64-20240514-en
General
-
Target
63d1c4eed6af4f5df798744775aea2ab_JaffaCakes118.apk
-
Size
636KB
-
MD5
63d1c4eed6af4f5df798744775aea2ab
-
SHA1
668acc398af2a9e7de36d82ba2574ee70c008897
-
SHA256
36050438869a840764b4dde7481bdd75899763ee2e5aef89b29bcabf115e2fe0
-
SHA512
84358f4752c19034d043eb854b20af46a94bf39130dfe7c656b9b824f512e94057b48104440970110978d21a76ac4991896ea4d547b9571e5446e53e5001a76d
-
SSDEEP
12288:Q4LUaxJLbt0E46VYj1b4Zoi/m627grLMxpzseFxIMtU94vvQe6ERylTUu:O6LZ0E46iKZoie62bCMiiydX
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
com.ajdr.epbs.blkvdescription ioc process File opened for read /proc/cpuinfo com.ajdr.epbs.blkv -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.ajdr.epbs.blkvcom.ajdr.epbs.blkv:daemonioc pid process /data/user/0/com.ajdr.epbs.blkv/app_mjf/dz.jar 4486 com.ajdr.epbs.blkv /data/user/0/com.ajdr.epbs.blkv/app_mjf/dz.jar 4597 com.ajdr.epbs.blkv:daemon -
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
Processes:
com.ajdr.epbs.blkvdescription ioc process Framework service call android.accounts.IAccountManager.getAccountsAsUser com.ajdr.epbs.blkv -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.ajdr.epbs.blkvdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.ajdr.epbs.blkv -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.ajdr.epbs.blkvdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.ajdr.epbs.blkv -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.ajdr.epbs.blkvdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ajdr.epbs.blkv -
Reads information about phone network operator. 1 TTPs
Processes
-
com.ajdr.epbs.blkv1⤵
- Removes its main activity from the application launcher
- Checks CPU information
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
PID:4486
-
com.ajdr.epbs.blkv:daemon1⤵
- Loads dropped Dex/Jar
PID:4597
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
1Suppress Application Icon
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
105KB
MD57f1e0fe2e6a0618b6c84d48ea0586b6d
SHA1dea54fa91f9f431b85e8c4048244a1c3c4b16665
SHA2564225d0ce3922e9bfd5828c3507b26226b8f08f3b03d8fcf594dbf36835a9519e
SHA5127a9e77b9ee66c7cc5d406389c8dd4f344b02c8449cfcd581586d16ce895ed0fa77f6fc8c767c32b92e75863d8133422b4ed3057f54999c3fef031146602e5df6
-
Filesize
249KB
MD5789a4162427149dd5e519f917ead0e29
SHA1d2bd738c28ec21c0441c6daaefc206a6a76f8e1c
SHA256830643d652f95c85fa7665c202f93822b08f106cfeae9202a8a7d894292a36c0
SHA512b6a8d5c20792cea1035a7f7684bc03b3f184a0bbba3f5c322b26cc75fd50002e749882d6ac6177a93115ce93b1b3d4721f4449d2007ad700e0633a11579f7e37
-
Filesize
105KB
MD5fc1eb8c18ddc0f8727b5fb5eba8ca870
SHA1af6d64fe2432bece4c523066a57f35be8f175a48
SHA2567f4e38a3ac4fae5a400648d200d8b9897dc28606722dba44c43e5582182e5fe9
SHA51225e5c0eafb925a6b3c6d9f8622b95d07fd8e63be2689859733b10ed65fa7f7e56e5453da64d9bd7bd7c3345f6c1a90a5dd34de9b0788f4ba080689758d5d4e66
-
Filesize
28KB
MD5fdb8a92e5060ce104e8f0faca55a47ce
SHA1270d7ca30673e18cec1d2b9add71cba96dc426fe
SHA256194b40a3911f23ea75c8f4543a13c1236ae15b02c0228a080615a1012f60e05a
SHA512ad962634ddd027403b5677a9ca979763071ef4a9b6f0127b0c1fd4b3a8bc51f5c4fa71245c301d0dbbf60e18953a94621715ce3ca4addef82b18030e3d718122
-
Filesize
8KB
MD58cde7cb4da8c6102fc98e911096a7d49
SHA12ec97981ba66dc0bceb89eab20e9a1c7c7c23a70
SHA256a2911ac5a505ecd0f755194d3fbc9eed5333ee73bd048db8bda5fef3fb1ea0a7
SHA512f2f3a113150684b68f8ca93069cf6cef5e5da6dd9ac10eb90166604ae353bdb7596436cb2f9c80f15c5a16b0e04cf1720e1aab49ee6d576ae1584ed42360e9ff
-
Filesize
8KB
MD56166430df16a421a11f4f89bf11d07fe
SHA1ce42eb457824bfa7ef6fdfa6292816732b69ce59
SHA25609edc1e7c20861548883d685e90b5e931b74fa33f7c6b628f3b0eb072ad6c35e
SHA51241b6632236406bee48e5ed5786503b9c8904749b5ec65ce6538889653df2d84624ec66c56609629b821d6652c686cdd123b319141222becad60c9a3ce18cc847
-
Filesize
8KB
MD5a1fe688f106ebc0939ad06676e27c7a1
SHA1ed15bc4fafe004a78489c93b51ee16a4517bbe7d
SHA256de27c59b65d3f6e0702e20056252a03fe3a96a91bad5cc5f30223195b1ce595d
SHA5120cca63b000d1c2ecdefabdc0a62e41c54db2b4e03dceddfee081492190d5acfa63c6abf3cc68dbefd3499f77cacf233ac46eb62b3a163d9339e2a31fb3fd9a16
-
Filesize
512B
MD589b379d5f2cc361033087d1e2ad84412
SHA17bb40da181a5652610eef3a184da887c8f5d8b13
SHA256e26cc73e13dc5e35a8b3ce60327aca3cd23c6d88e970f6504eec84c25ec96c7a
SHA5121f8a74ce4cf54b8644b5e906511cade8ba1ee3cff0da2420b480a01a21284046e7730385e0f809307b85e3b8807d33466c6f175a788bbf5cc5ec418631785315
-
Filesize
8KB
MD5bc403342642a90eefa1198445610bb97
SHA169453877fbc0ab8a95e8afb843157eb9bf7b9ac0
SHA256e65ded252c8b1012e8657f10639b45e677d20554cef57075e98b7d4313030ee0
SHA5125cd08bf658f5400d3dd84ae7ed04f0a32ee9f51e1cc3e70d69d29b1e4f8fe62800b3150d5412f7da555ca3c861e1e5caf7c9748b09a06c70350cc8aad5323f05
-
Filesize
4KB
MD52f7a7cefbf97d8850578d230b199baf8
SHA160e848cc22d6ef19ac1ed907ee0eefc061021fd4
SHA256e9af16443f9ae6273584d94e4d36dbbd9566afd0e5b081512340aecfcf8edbfe
SHA512d10a1cda2b531328bcf03e73fb3110fbace8ba982bd18082a62be4b7e12751c4abbb361faba15e274a7cb9ccf586a3b06fb68ad833d00b3e3f28210867be2247
-
Filesize
652B
MD5ce11c68a19f9a9a5ca4d24c24c3f6889
SHA1d8589f6efa12eea92bd62885e0376314c6e1e0e5
SHA256960074185ad414841d0233d2a8dd651a6e563c2d89b3e4dc3ee1469172b7f369
SHA5120e5e0b896ff7376cf2b32cce1930554c01e3428fa4f740fdd23e0e6a095c8fd7d1b4070bfa9a97d466b7e84a8fe3d8c1fcf49107cac936802f6bbb901a0713e7
-
Filesize
162B
MD56d6546403fc5449ef45869cf6458d5c7
SHA13bd2e4fc276395914f3a147f6c80fa5273cdc583
SHA256283dd6783117a49e5ba985ee5c0a16313d83921aabc4b01f94625d9408a700c4
SHA51227f9ca91e8310afc1117e284246b8f48b672cc6203ad0e1c5f1e104749a0e6e1978afae48724eca5bd12c12ca67ea8a90abe5121c15d577fa7954789b5adf4ac
-
Filesize
806B
MD528bf0e9062cc77d0dd65cfb271d5f19d
SHA111a8860041c92dc96c3d42109ac71b21d027e6f8
SHA25652e8f89f288d9167cfaf6c3f1a1dd9f7704946e42857535dc9ec9d88463c1525
SHA512d8e1660f93830b918abb931ab0f3c9cc692ad9aa6e06ac7882c016368e6799a1275bae69b0d0594ff7d1cdce81c86a27aab6dad4352425d82af2d91dfe9acbac
-
Filesize
352B
MD5dcb142ef548e0796df79824aded8a975
SHA1370fb04b798bc8a8bffeffc3eff036e209b90094
SHA256cb1fab4bb9086b6a971d8a021c678c21da083c88273cfa447497d99c42a488d3
SHA512b87f4a9d553584318883fee67e0664656bc7145983966772d7772e810578c9a89a9cd3255f97ab2b6fd9a5ce58f75dbf61c7cef1314f0ae4bc89263bc39da770