Overview

overview

8

Static

static

1

6c382b1afc...18.apk

android-9-x86

8

6c382b1afc...18.apk

android-10-x64

8

6c382b1afc...18.apk

android-11-x64

8

Analysis

  • max time kernel
    49s
  • max time network
    153s
  • platform
    android_x64
  • resource
    android-x64-20240514-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
  • submitted
    23-05-2024 20:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6c382b1afcefa0a6fe12926cbd014958_JaffaCakes118.apk

  • Size

    1.9MB

  • MD5

    6c382b1afcefa0a6fe12926cbd014958

  • SHA1

    a289cb96ad2320f2448334b4fa72466046bb95ab

  • SHA256

    1a0ec944618778ddafaaa291b364106b8c36ff76a1818b918219d8046ae30e9d

  • SHA512

    0e100dd6a19fc266fcd8bdac7532343fb6f9bf576c98f3a15dbc12b4d53c130d7a9f986218359fd8deef204d19dfdcc8693cd768ae34046522ca10842da54ebd

  • SSDEEP

    49152:Fu283rlE6u7oYr0FfjzGAwb6c/X1E0QnwQw/wb73ZUA:Fu28ju7oY4FXGdb6ca1nb6G

Score
8/10
collectioncredential_accessdiscoveryevasionexecutionimpactpersistencestealthtrojan

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • com.surpax.ledflashlight.panel.hack
    1⤵
    • Removes its main activity from the application launcher
    • Checks CPU information
    • Checks memory information
    • Obtains sensitive information copied to the device clipboard
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    PID:5101

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.surpax.ledflashlight.panel.hack/databases/evernote_jobs.db
    Filesize

    16KB

    MD5

    12627a2ec645c4a4bc50dba5903afd59

    SHA1

    504005c938517e61bcf68b65a055c2faba635c2e

    SHA256

    f177ffae9650eb4f407c2d9a510bb5a5abe1ece2fdfe24effc62478a1bfa5903

    SHA512

    7ff69589296e02383a217373399e75d8a82fa17146e4273f4c0eb630f096dd9f394a3324d60858b02f7e5cf177c82c6d966f5cbedb68ae6a98df7cc851b79cfd

    Download Submit
  • /data/data/com.surpax.ledflashlight.panel.hack/databases/evernote_jobs.db
    Filesize

    16KB

    MD5

    066c5b2245c504aca4ea83f54a2864b2

    SHA1

    eb3d6fc07a14091bbc661c0b9b857c4bea5b850c

    SHA256

    e89bcfa837b8eed6a1e195bdac1c1d1db96be388687cc00b7313c6d4db153697

    SHA512

    4a915810967811e33cd8fcd1797cb5f8856214f071bffc7eb6aa03fba20559073db34f2ad2049643da565f8c7a3cd0102dc0c91bb7e8f0c765209e286f5eb1e9

    Download Submit
  • /data/data/com.surpax.ledflashlight.panel.hack/databases/evernote_jobs.db-journal
    Filesize

    512B

    MD5

    97457beae29bc23b67d2680a32e31ba9

    SHA1

    99231f40915560808660b8f4980fb9c3ad7cf658

    SHA256

    478e5861ed9ead3f75a57253f1adcf155a8b3ff1351967b40d0347833872fe7c

    SHA512

    1e6e1ebb9d8b11d64c1af07908257bfe5d335180e1741a209b42cb3c9564ed0798f013c668e8b5760f94d069de27882ad041a3c81a66144b3674b285ccd07f4f

    Download Submit
  • /data/data/com.surpax.ledflashlight.panel.hack/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    8ddbc25d97d219fed5e10ef7d33a24f9

    SHA1

    6b62361007952cce7f7b46eec332b62f97297c63

    SHA256

    7a5e471f650ffa223e964e11c543a93fef0a3a5b81be1454197d670874927b9b

    SHA512

    cb9e363ac5cf35cef79ea7e0727c0ac732a8b5da8ed927154d15da42c988b763fcd481e676765ccc60dd78280ecc89c23cf7827d42b77f1cac97279f75571f89

    Download Submit
  • /data/data/com.surpax.ledflashlight.panel.hack/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    7e99fe1ff560788b499d0185b7216e0d

    SHA1

    52f142b615f1b2dcd00a60d4241f9198e272106a

    SHA256

    8410901527f7dc7da72ac732f6152fe531df9771a0fe5b549005a17bedc1ba23

    SHA512

    843c4b732816a139229006be63fcd447928eac2bea43c8d243d329da743224a2b580ef32158dfdeb5d28d5b7904fb3a8e76b587c3a42ba6a25da52f2fda6c5b8

    Download Submit
  • /data/data/com.surpax.ledflashlight.panel.hack/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    ed365d38d2b1b633f049ce5a01b96d6a

    SHA1

    d834337ff49f103263fbde10119128e5421fd16e

    SHA256

    0844c0594ffc30c0273c4854679dc9f6df68d783ac16654cb5feb3f6682d31c2

    SHA512

    e61abcee21cfd84f3142a463b70a56f05a7456d4c5ad57500b486631fd9bbda350457b642d234bc436bc398a6e74cbd341c1a4aec03fa27fc1e84adea64e2751

    Download Submit