Analysis
-
max time kernel
49s -
max time network
153s -
platform
android_x64 -
resource
android-x64-20240514-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system -
submitted
23-05-2024 20:52
Static task
static1
Behavioral task
behavioral1
Sample
6c382b1afcefa0a6fe12926cbd014958_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
6c382b1afcefa0a6fe12926cbd014958_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
6c382b1afcefa0a6fe12926cbd014958_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
6c382b1afcefa0a6fe12926cbd014958_JaffaCakes118.apk
-
Size
1.9MB
-
MD5
6c382b1afcefa0a6fe12926cbd014958
-
SHA1
a289cb96ad2320f2448334b4fa72466046bb95ab
-
SHA256
1a0ec944618778ddafaaa291b364106b8c36ff76a1818b918219d8046ae30e9d
-
SHA512
0e100dd6a19fc266fcd8bdac7532343fb6f9bf576c98f3a15dbc12b4d53c130d7a9f986218359fd8deef204d19dfdcc8693cd768ae34046522ca10842da54ebd
-
SSDEEP
49152:Fu283rlE6u7oYr0FfjzGAwb6c/X1E0QnwQw/wb73ZUA:Fu28ju7oY4FXGdb6ca1nb6G
Malware Config
Signatures
-
Processes:
com.surpax.ledflashlight.panel.hackpid process 5101 com.surpax.ledflashlight.panel.hack -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
com.surpax.ledflashlight.panel.hackdescription ioc process File opened for read /proc/cpuinfo com.surpax.ledflashlight.panel.hack -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
com.surpax.ledflashlight.panel.hackdescription ioc process File opened for read /proc/meminfo com.surpax.ledflashlight.panel.hack -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
com.surpax.ledflashlight.panel.hackdescription ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.surpax.ledflashlight.panel.hack -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.surpax.ledflashlight.panel.hackdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.surpax.ledflashlight.panel.hack -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.surpax.ledflashlight.panel.hackdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.surpax.ledflashlight.panel.hack -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
com.surpax.ledflashlight.panel.hackdescription ioc process Framework service call android.app.job.IJobScheduler.schedule com.surpax.ledflashlight.panel.hack
Processes
-
com.surpax.ledflashlight.panel.hack1⤵
- Removes its main activity from the application launcher
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
PID:5101
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.surpax.ledflashlight.panel.hack/databases/evernote_jobs.dbFilesize
16KB
MD512627a2ec645c4a4bc50dba5903afd59
SHA1504005c938517e61bcf68b65a055c2faba635c2e
SHA256f177ffae9650eb4f407c2d9a510bb5a5abe1ece2fdfe24effc62478a1bfa5903
SHA5127ff69589296e02383a217373399e75d8a82fa17146e4273f4c0eb630f096dd9f394a3324d60858b02f7e5cf177c82c6d966f5cbedb68ae6a98df7cc851b79cfd
-
/data/data/com.surpax.ledflashlight.panel.hack/databases/evernote_jobs.dbFilesize
16KB
MD5066c5b2245c504aca4ea83f54a2864b2
SHA1eb3d6fc07a14091bbc661c0b9b857c4bea5b850c
SHA256e89bcfa837b8eed6a1e195bdac1c1d1db96be388687cc00b7313c6d4db153697
SHA5124a915810967811e33cd8fcd1797cb5f8856214f071bffc7eb6aa03fba20559073db34f2ad2049643da565f8c7a3cd0102dc0c91bb7e8f0c765209e286f5eb1e9
-
/data/data/com.surpax.ledflashlight.panel.hack/databases/evernote_jobs.db-journalFilesize
512B
MD597457beae29bc23b67d2680a32e31ba9
SHA199231f40915560808660b8f4980fb9c3ad7cf658
SHA256478e5861ed9ead3f75a57253f1adcf155a8b3ff1351967b40d0347833872fe7c
SHA5121e6e1ebb9d8b11d64c1af07908257bfe5d335180e1741a209b42cb3c9564ed0798f013c668e8b5760f94d069de27882ad041a3c81a66144b3674b285ccd07f4f
-
/data/data/com.surpax.ledflashlight.panel.hack/databases/evernote_jobs.db-journalFilesize
8KB
MD58ddbc25d97d219fed5e10ef7d33a24f9
SHA16b62361007952cce7f7b46eec332b62f97297c63
SHA2567a5e471f650ffa223e964e11c543a93fef0a3a5b81be1454197d670874927b9b
SHA512cb9e363ac5cf35cef79ea7e0727c0ac732a8b5da8ed927154d15da42c988b763fcd481e676765ccc60dd78280ecc89c23cf7827d42b77f1cac97279f75571f89
-
/data/data/com.surpax.ledflashlight.panel.hack/databases/evernote_jobs.db-journalFilesize
8KB
MD57e99fe1ff560788b499d0185b7216e0d
SHA152f142b615f1b2dcd00a60d4241f9198e272106a
SHA2568410901527f7dc7da72ac732f6152fe531df9771a0fe5b549005a17bedc1ba23
SHA512843c4b732816a139229006be63fcd447928eac2bea43c8d243d329da743224a2b580ef32158dfdeb5d28d5b7904fb3a8e76b587c3a42ba6a25da52f2fda6c5b8
-
/data/data/com.surpax.ledflashlight.panel.hack/databases/evernote_jobs.db-journalFilesize
8KB
MD5ed365d38d2b1b633f049ce5a01b96d6a
SHA1d834337ff49f103263fbde10119128e5421fd16e
SHA2560844c0594ffc30c0273c4854679dc9f6df68d783ac16654cb5feb3f6682d31c2
SHA512e61abcee21cfd84f3142a463b70a56f05a7456d4c5ad57500b486631fd9bbda350457b642d234bc436bc398a6e74cbd341c1a4aec03fa27fc1e84adea64e2751