Analysis
-
max time kernel
9s -
max time network
132s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system -
submitted
22-05-2024 11:05
Static task
static1
Behavioral task
behavioral1
Sample
670b7698a2152cc5a8a147496f204a7a_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
General
-
Target
670b7698a2152cc5a8a147496f204a7a_JaffaCakes118.apk
-
Size
6.7MB
-
MD5
670b7698a2152cc5a8a147496f204a7a
-
SHA1
e6546290b7525703f6eca0a7da7f24b0408deba0
-
SHA256
e21dab5f7d50298b27605fc99048e58514b81f8ebcea037c1ad9c387c4be6908
-
SHA512
448fdc861c30e662db6c40d02e400413a42a072a5bcd8085f71cffa9edebf301a938d71a25e8629842a2072bf356e87d88e393b771d4f88eb5452f3c4a9f14b6
-
SSDEEP
196608:ZjvR2BsUHQVGC77HUAg3LH8HRR6wDRPTr14fVZL:Zjp4oF77HWoHXpu
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
Processes:
my.geulga.textchioc pid process /data/user/0/my.geulga.textch/files/pmy.geulga.textch.jar 4626 my.geulga.textch -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
my.geulga.textchdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo my.geulga.textch -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
my.geulga.textchdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo my.geulga.textch -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
my.geulga.textchdescription ioc process Framework API call javax.crypto.Cipher.doFinal my.geulga.textch
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/my.geulga.textch/files/gaClientIdFilesize
36B
MD538c0bfdf5778283e67220532711a9445
SHA1995c4a567571991165fea92e578a45bbbc550fed
SHA256456e54a179e84764d4259f01da5d12cf63ee59ddfea6db6bdd6b5f135acecf7f
SHA512e5f2b27558e7c4f0af5aa57af5c28fc37e7280317c26fd60b69873a145a5e7f2962980458e030d41becc0579a5df9569c60367891a2c4df1f185f6488620bd8c
-
/data/user/0/my.geulga.textch/files/pmy.geulga.textch.jarFilesize
204KB
MD552f68b0c7257fe691edd634c1a497d35
SHA11096cfd29a7018e4407fe8380085a5377959b55b
SHA256981f08023b9e5aa31eb5e3838ef292cff913c5604bf0de3d1887ff8264232041
SHA51201f6ae87ef0dcd5b74bda81514d0fc80ac26b4d5a26a65fdb876be76dc322c77f1354da9433f8775c05faee7e8633c29dcd6b1fff15ca02740330b64cbfff7bb
-
/data/user/0/my.geulga.textch/files/pmy.geulga.textch.jarFilesize
474KB
MD5be9ed268e617410d3564cda544bda591
SHA1ccd5ab6f758b78937e358b62bd4a89aa8a2b2084
SHA256dcaaa64a5b3e1a77981f9c25e8c3b18c862d485c0830df25fe35b6f590dcf7ed
SHA5125e971dcaf1740942f44e5f0d948670eab3b4e70aaecc5dcac539b0bc1136ab1510116981f0b58a5d990a843c0b1765f5adde90c6e608fc22026212c6884e3051