Analysis
-
max time kernel
26s -
max time network
132s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system -
submitted
23-05-2024 20:52
Static task
static1
Behavioral task
behavioral1
Sample
6c382b1afcefa0a6fe12926cbd014958_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
6c382b1afcefa0a6fe12926cbd014958_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
6c382b1afcefa0a6fe12926cbd014958_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
6c382b1afcefa0a6fe12926cbd014958_JaffaCakes118.apk
-
Size
1.9MB
-
MD5
6c382b1afcefa0a6fe12926cbd014958
-
SHA1
a289cb96ad2320f2448334b4fa72466046bb95ab
-
SHA256
1a0ec944618778ddafaaa291b364106b8c36ff76a1818b918219d8046ae30e9d
-
SHA512
0e100dd6a19fc266fcd8bdac7532343fb6f9bf576c98f3a15dbc12b4d53c130d7a9f986218359fd8deef204d19dfdcc8693cd768ae34046522ca10842da54ebd
-
SSDEEP
49152:Fu283rlE6u7oYr0FfjzGAwb6c/X1E0QnwQw/wb73ZUA:Fu28ju7oY4FXGdb6ca1nb6G
Malware Config
Signatures
-
Processes:
com.surpax.ledflashlight.panel.hackpid process 4505 com.surpax.ledflashlight.panel.hack -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
com.surpax.ledflashlight.panel.hackdescription ioc process File opened for read /proc/cpuinfo com.surpax.ledflashlight.panel.hack -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
com.surpax.ledflashlight.panel.hackdescription ioc process File opened for read /proc/meminfo com.surpax.ledflashlight.panel.hack -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
com.surpax.ledflashlight.panel.hackdescription ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.surpax.ledflashlight.panel.hack -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
com.surpax.ledflashlight.panel.hackdescription ioc process Framework service call android.app.job.IJobScheduler.schedule com.surpax.ledflashlight.panel.hack
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.surpax.ledflashlight.panel.hack/databases/evernote_jobs.dbFilesize
16KB
MD558c0b6e45328752b20ac6e719ac034f8
SHA1372b2638afd00bbbc4034657b3df3d2e428fb367
SHA2569d74f93afa5a179b1ba2f19f154b2880aa8b99c88209802099045a0874d2426a
SHA5122d347d5824b9ab701e341c89e8327a95fd6bab8e92ee15ce9550da368d773e22bff304072a4854df5ab763750a7401f7aa61a49e3292d62c27fa9f20536eb3ab
-
/data/user/0/com.surpax.ledflashlight.panel.hack/databases/evernote_jobs.dbFilesize
16KB
MD53e7f47818088d2ae5dd0c2d7d44d2b01
SHA12062814876daa5c92b9df106b3670bd94885678a
SHA2565e1cc12e95a37d648f9a7f38ff2da1d23c14e5f96aa0d9654481b9c8b7ae4c1e
SHA5126cb61d9821bd994341547c58be10f03c1d39196ed7d5af04853b2890f9535d9d5ed6de28adb031d71942a89a68b806148260f1ab4f432630c4a09b813b925b95
-
/data/user/0/com.surpax.ledflashlight.panel.hack/databases/evernote_jobs.db-journalFilesize
512B
MD564fdea1c7901ed6d1214fca41058c422
SHA1fca6bad72cb0b5e9aad0e978e5b5e4f8c49cbae1
SHA25660ab654fe22b01f812729b1a42006845cd567952291cf1f6272303ec1c102e3f
SHA5127c81d90e29313f0c0ff68042f2832d4120575bf21e9915c790b047247223ddbd8052666dfbc191bf9d3ad16b50fa2743106ac5c31fc6e09c9736c0bc6c07fca2
-
/data/user/0/com.surpax.ledflashlight.panel.hack/databases/evernote_jobs.db-journalFilesize
8KB
MD5b4b1c3fe700fa372961c40616bdce29a
SHA1ad58bf3c2989df872d46787f16ab29fae77a5054
SHA2568415dd557f13b5f79c1f2a8e583a562cce20f5cc97034701523d7a8e697059b7
SHA512241c794aa9dc0d1ac7c6df027fb5426d2d713c34b774aaed2dd776edd75250968cf88b7f3c3a630fbb5230cc45d9093fba9b83d71e207a8ab469128311feeb8a
-
/data/user/0/com.surpax.ledflashlight.panel.hack/databases/evernote_jobs.db-journalFilesize
8KB
MD5ea0e1b88af77ab6f8344972b0c3535d7
SHA13d3991eb6d544282ed669898ce8573ce25105bc7
SHA256ab0a7e3ba738f6d03d786f7b035f09a51af1dbe0b28b1094b0fa6d6bd64f56ab
SHA512a804d2382d153039bc62a85b63b95387b271dcfac3598bdc69afde6db34173b65bc2d19059dc615d1687cf291280f107756c4e22f09cdcd8cfeaa9157ca34b22
-
/data/user/0/com.surpax.ledflashlight.panel.hack/databases/evernote_jobs.db-journalFilesize
8KB
MD594c00a576632815bbc84eabbba6a15a2
SHA1170a2dd27cdbd61956508aaf4a0ff2b0753a669f
SHA2568ba42904f40e97b6480a7f8f884803e9325f81ac774a9598b1f21e73002230a1
SHA512aca6d0aa612207cf12da2ddca563fad6626469bca1eaed0428f71549e9bfb3c48e19fc9609ba58739260cea13cf0f1c5eb632c3132b2084c7f7628b7758aaf42