Analysis
-
max time kernel
50s -
max time network
141s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system -
submitted
22-05-2024 13:33
Static task
static1
Behavioral task
behavioral1
Sample
676de1ccdd5f6903223a8fdef576a160_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
676de1ccdd5f6903223a8fdef576a160_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
676de1ccdd5f6903223a8fdef576a160_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
676de1ccdd5f6903223a8fdef576a160_JaffaCakes118.apk
-
Size
1.6MB
-
MD5
676de1ccdd5f6903223a8fdef576a160
-
SHA1
a15e58ea0fb6a13e68f107b74b56766deef4e4e0
-
SHA256
c3bf4bea9d57ac1d1a1ac6132967f3b4ced8930ca84753a50c982f6aa5d819ed
-
SHA512
da5d4ebe0f6ab42c1e8f9b8008599ea53454608908deae9ba8a7537347c071a8272bc6d9575fbfda2a0d1a0d721ff1627817d621ea52a3762830617c03eff0af
-
SSDEEP
24576:ERx2F5mWlHY02U7mokJlhv79uSXvBQKHJfiIzkPySm02xA5ZpGWSG9vGtt48M:EH2F75Y02Dlhv79uSfympgqSm02We1G
Malware Config
Signatures
-
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
Processes:
xqxxuiz.msdcfphykahx.uanptwppgkrhdescription ioc process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId xqxxuiz.msdcfphykahx.uanptwppgkrh Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText xqxxuiz.msdcfphykahx.uanptwppgkrh -
Processes:
xqxxuiz.msdcfphykahx.uanptwppgkrhpid process 4526 xqxxuiz.msdcfphykahx.uanptwppgkrh -
Loads dropped Dex/Jar 1 TTPs 3 IoCs
Runs executable file dropped to the device during analysis.
Processes:
xqxxuiz.msdcfphykahx.uanptwppgkrhioc pid process /data/user/0/xqxxuiz.msdcfphykahx.uanptwppgkrh/app_DynamicOptDex/zijfksgpbdc 4526 xqxxuiz.msdcfphykahx.uanptwppgkrh [anon:dalvik-classes.dex extracted in memory from /data/user/0/xqxxuiz.msdcfphykahx.uanptwppgkrh/app_DynamicOptDex/zijfksgpbdc] 4526 xqxxuiz.msdcfphykahx.uanptwppgkrh [anon:dalvik-classes.dex extracted in memory from /data/user/0/xqxxuiz.msdcfphykahx.uanptwppgkrh/app_DynamicOptDex/zijfksgpbdc] 4526 xqxxuiz.msdcfphykahx.uanptwppgkrh -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
xqxxuiz.msdcfphykahx.uanptwppgkrhdescription ioc process Framework service call android.app.IActivityManager.setServiceForeground xqxxuiz.msdcfphykahx.uanptwppgkrh -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
xqxxuiz.msdcfphykahx.uanptwppgkrhdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone xqxxuiz.msdcfphykahx.uanptwppgkrh -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Requests enabling of the accessibility settings. 1 IoCs
Processes:
xqxxuiz.msdcfphykahx.uanptwppgkrhdescription ioc process Intent action android.settings.ACCESSIBILITY_SETTINGS xqxxuiz.msdcfphykahx.uanptwppgkrh -
Acquires the wake lock 1 IoCs
Processes:
xqxxuiz.msdcfphykahx.uanptwppgkrhdescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock xqxxuiz.msdcfphykahx.uanptwppgkrh -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
xqxxuiz.msdcfphykahx.uanptwppgkrhdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo xqxxuiz.msdcfphykahx.uanptwppgkrh -
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
Processes:
xqxxuiz.msdcfphykahx.uanptwppgkrhdescription ioc process Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS xqxxuiz.msdcfphykahx.uanptwppgkrh -
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
Processes:
xqxxuiz.msdcfphykahx.uanptwppgkrhdescription ioc process Framework API call android.hardware.SensorManager.registerListener xqxxuiz.msdcfphykahx.uanptwppgkrh
Processes
-
xqxxuiz.msdcfphykahx.uanptwppgkrh1⤵
- Makes use of the framework's Accessibility service
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Makes use of the framework's foreground persistence service
- Queries the mobile country code (MCC)
- Requests enabling of the accessibility settings.
- Acquires the wake lock
- Checks if the internet connection is available
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Listens for changes in the sensor environment (might be used to detect emulation)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/xqxxuiz.msdcfphykahx.uanptwppgkrh/app_DynamicOptDex/oat/zijfksgpbdc.cur.profFilesize
250B
MD5b3ab21d95256ba406d74075127555984
SHA1b64f6a9951b8361f7fd235cfae25228bc972ef8a
SHA256d72e723e110931ec47ee3bad610d7bbbb41fbdbfdf21c5a53f366633da7bb029
SHA5122361bac501098e22261a23b009fa8c43e1193a6dec5858dd71563caf7ec00abaf276f016c18f87c6c410a8f500eb979c316723db5fedb7758f9a158756a9a145
-
/data/user/0/xqxxuiz.msdcfphykahx.uanptwppgkrh/app_DynamicOptDex/zijfksgpbdcFilesize
275KB
MD5abd19690bd4cd05ca98a566a7fe4d557
SHA1ce029ac4c59353df2ce4cd7ca8e4e5a9f4dac16a
SHA2568b7bc1673a915853b7a849e2ee2e68a812564588103a7d6cdede905b4a5b502d
SHA5124be945568e6adcbd395aa3fe011e25443a1904421222d6dcae622efedba38abde45d5fcb794a4a3bddc859124747babfc9359505d4882e85e6c42d72fe33d849
-
/data/user/0/xqxxuiz.msdcfphykahx.uanptwppgkrh/app_DynamicOptDex/zijfksgpbdcFilesize
275KB
MD54780a37e525123b13fa158914394bbcc
SHA1cd004f6d3dff23e776520a81ecbd47f6f03f8761
SHA2563e590545bcfe6bed7085bd65f713c97eb21169098c8bdab38aab7adad1d966a2
SHA5125e1690a9f81fab02489ef3561d966f21a18588ced06b30a1f45836bf0f52a246144559d5f0fb289b7a14ed4dba7b864071d2ac08d0fec72c220e87c85b439f10
-
/data/user/0/xqxxuiz.msdcfphykahx.uanptwppgkrh/app_DynamicOptDex/zijfksgpbdcFilesize
409KB
MD57ddd2875efeedc769bbf25e30bf87e7f
SHA1699b1097d2e14088d24bcd622580d3665a822a49
SHA256ae32636299b27f1e7166b2854778bc1ddb31504d4e089cff03fb8ef79533b43c
SHA5120a6892cb3ef38a911c4c80905d2da454e502d7e442c23ea0217b1fe6ae8ab4329490a1367d70d36630be33702ff2dbdc7f9bbcee805974d3c84dd252ab2f9988