Analysis
-
max time kernel
178s -
max time network
186s -
platform
android_x64 -
resource
android-x64-20240514-en -
resource tags
-
submitted
23/05/2024, 08:22
General
-
Target
6a53afad9b130b9e638b87cb73511eff_JaffaCakes118.apk
-
Size
1.1MB
-
MD5
6a53afad9b130b9e638b87cb73511eff
-
SHA1
d28372524527075c2a7d164070a0667c81d674cc
-
SHA256
25b5c2b5082c457b24bf0f5d864c1bfe66288b13bcf80f1a83a7120d4925d6ac
-
SHA512
89777f853938e60147faa6a3681a936dd5a728bdb6899e29ffe8cba77586f19c5cd1fc8ad3286e55e8d076a2c0ddcb4fc5313b03a4c873e333823f13c3604792
-
SSDEEP
24576:nvhPfuRAYqtQqXHi87RQrm9WAqav2zVxrLpCGEBH9Blrhvp+eVRtvqa:nFuRAYqtQqXz7uaU8KxHp9EBH5rhvkeL
Malware Config
Signatures
-
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Removes its main activity from the application launcher 1 TTPs 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Checks if the internet connection is available 1 TTPs 1 IoCs
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Reads information about phone network operator. 1 TTPs
Processes
-
com.pwftbnbf.jymrapzl1⤵
- Makes use of the framework's Accessibility service
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
810B
MD5f9876b6cbc77822831eb1c76f3c9da84
SHA19f5590a46778784fe76723388ef9c724b4ab0a42
SHA256b101078f878be5d35641c50651cf887d15af026474c680e98abaaea52038fb7d
SHA51268d8d7421d19e93430fe9b80022e161627cea39773a640a6074c6b48df7caa80b949dc88d12e6b1e1831e83a2e017c679f26236a2d29b7e2c383c423bf0a8c94
-
Filesize
249KB
MD5a251a6f587e5325dbf8d0fecab2fad79
SHA16b07a19ffe6098f35939142e2043886ee33e45cf
SHA2566b25d7527aa055903da664c57da1eb7ea151f181512e1058f347998d91b3b2dc
SHA512db4c73fc8aa2dd936817a6262914d4337cd90bf5b4bc95fccb0bd94fc3141ea0d28495c0524144c02aa2b6ceaf17c58ad29ef2277a35b1b9b9ff8b97fc9f6cb1
-
Filesize
562KB
MD58da2f672a25d714a64157f2c8c417fe5
SHA1e1fd7b06a25cc81a07721f249129a7b8922c28b0
SHA2568b438cf3c2b2a503a0b1d004d73bcdec5828c4e0073d8c53495158e3bdd4dcf6
SHA512a37f82f5e4ca0ad79fc6a6baaf7fdaa25828c830b87a63bb4359a6757de80ef2fa2631b94f0d8747f71c812f53057b1e76aec46b1997e998dd465d1cebed371c