1a0ec944618778ddafaaa291b364106b8c36ff76a1818b918219d8046ae30e9d

Analysis

max time kernel
26s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
23-05-2024 20:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6c382b1afcefa0a6fe12926cbd014958_JaffaCakes118.apk
Size

1.9MB
MD5

6c382b1afcefa0a6fe12926cbd014958
SHA1

a289cb96ad2320f2448334b4fa72466046bb95ab
SHA256

1a0ec944618778ddafaaa291b364106b8c36ff76a1818b918219d8046ae30e9d
SHA512

0e100dd6a19fc266fcd8bdac7532343fb6f9bf576c98f3a15dbc12b4d53c130d7a9f986218359fd8deef204d19dfdcc8693cd768ae34046522ca10842da54ebd
SSDEEP

49152:Fu283rlE6u7oYr0FfjzGAwb6c/X1E0QnwQw/wb73ZUA:Fu28ju7oY4FXGdb6ca1nb6G

Score

8^/10

collection credential_access discovery evasion execution impact persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

Suppress Application Icon
T1628.001

Processes:

com.surpax.ledflashlight.panel.hack

pid process

4505 com.surpax.ledflashlight.panel.hack
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.surpax.ledflashlight.panel.hack

description ioc process

File opened for read /proc/cpuinfo com.surpax.ledflashlight.panel.hack
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.surpax.ledflashlight.panel.hack

description ioc process

File opened for read /proc/meminfo com.surpax.ledflashlight.panel.hack
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

Clipboard Data
T1414

Transmitted Data Manipulation
T1641.001

Processes:

com.surpax.ledflashlight.panel.hack

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.surpax.ledflashlight.panel.hack
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

Scheduled Task/Job
T1603

Processes:

com.surpax.ledflashlight.panel.hack

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.surpax.ledflashlight.panel.hack

pid	process
4505	com.surpax.ledflashlight.panel.hack

description	ioc	process
File opened for read	/proc/cpuinfo	com.surpax.ledflashlight.panel.hack

description	ioc	process
File opened for read	/proc/meminfo	com.surpax.ledflashlight.panel.hack

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.surpax.ledflashlight.panel.hack

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.surpax.ledflashlight.panel.hack

com.surpax.ledflashlight.panel.hack
1⤵
- Removes its main activity from the application launcher
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Schedules tasks to execute at a specified time
PID:4505

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.surpax.ledflashlight.panel.hack/databases/evernote_jobs.db
Filesize
16KB

MD5
58c0b6e45328752b20ac6e719ac034f8

SHA1
372b2638afd00bbbc4034657b3df3d2e428fb367

SHA256
9d74f93afa5a179b1ba2f19f154b2880aa8b99c88209802099045a0874d2426a

SHA512
2d347d5824b9ab701e341c89e8327a95fd6bab8e92ee15ce9550da368d773e22bff304072a4854df5ab763750a7401f7aa61a49e3292d62c27fa9f20536eb3ab

Download Submit
/data/user/0/com.surpax.ledflashlight.panel.hack/databases/evernote_jobs.db
Filesize
16KB

MD5
3e7f47818088d2ae5dd0c2d7d44d2b01

SHA1
2062814876daa5c92b9df106b3670bd94885678a

SHA256
5e1cc12e95a37d648f9a7f38ff2da1d23c14e5f96aa0d9654481b9c8b7ae4c1e

SHA512
6cb61d9821bd994341547c58be10f03c1d39196ed7d5af04853b2890f9535d9d5ed6de28adb031d71942a89a68b806148260f1ab4f432630c4a09b813b925b95

Download Submit
/data/user/0/com.surpax.ledflashlight.panel.hack/databases/evernote_jobs.db-journal
Filesize
512B

MD5
64fdea1c7901ed6d1214fca41058c422

SHA1
fca6bad72cb0b5e9aad0e978e5b5e4f8c49cbae1

SHA256
60ab654fe22b01f812729b1a42006845cd567952291cf1f6272303ec1c102e3f

SHA512
7c81d90e29313f0c0ff68042f2832d4120575bf21e9915c790b047247223ddbd8052666dfbc191bf9d3ad16b50fa2743106ac5c31fc6e09c9736c0bc6c07fca2

Download Submit
/data/user/0/com.surpax.ledflashlight.panel.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
b4b1c3fe700fa372961c40616bdce29a

SHA1
ad58bf3c2989df872d46787f16ab29fae77a5054

SHA256
8415dd557f13b5f79c1f2a8e583a562cce20f5cc97034701523d7a8e697059b7

SHA512
241c794aa9dc0d1ac7c6df027fb5426d2d713c34b774aaed2dd776edd75250968cf88b7f3c3a630fbb5230cc45d9093fba9b83d71e207a8ab469128311feeb8a

Download Submit
/data/user/0/com.surpax.ledflashlight.panel.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
ea0e1b88af77ab6f8344972b0c3535d7

SHA1
3d3991eb6d544282ed669898ce8573ce25105bc7

SHA256
ab0a7e3ba738f6d03d786f7b035f09a51af1dbe0b28b1094b0fa6d6bd64f56ab

SHA512
a804d2382d153039bc62a85b63b95387b271dcfac3598bdc69afde6db34173b65bc2d19059dc615d1687cf291280f107756c4e22f09cdcd8cfeaa9157ca34b22

Download Submit
/data/user/0/com.surpax.ledflashlight.panel.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
94c00a576632815bbc84eabbba6a15a2

SHA1
170a2dd27cdbd61956508aaf4a0ff2b0753a669f

SHA256
8ba42904f40e97b6480a7f8f884803e9325f81ac774a9598b1f21e73002230a1

SHA512
aca6d0aa612207cf12da2ddca563fad6626469bca1eaed0428f71549e9bfb3c48e19fc9609ba58739260cea13cf0f1c5eb632c3132b2084c7f7628b7758aaf42

Download Submit