Analysis
-
max time kernel
179s -
max time network
131s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
24-05-2024 08:08
Static task
static1
Behavioral task
behavioral1
Sample
6dd69eeb6cdcc9229d1ac79e4926b0d6_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
6dd69eeb6cdcc9229d1ac79e4926b0d6_JaffaCakes118.apk
Resource
android-x64-20240514-en
General
-
Target
6dd69eeb6cdcc9229d1ac79e4926b0d6_JaffaCakes118.apk
-
Size
213KB
-
MD5
6dd69eeb6cdcc9229d1ac79e4926b0d6
-
SHA1
dc9932040c4413aed837ba6311c8442eeb7f8715
-
SHA256
2f7b1171f34fe432f6b53124b09637e1240a05156cc073f526defd0fab923c56
-
SHA512
5c585ef375c76e941e110b67664c1dc548f6606d86e8abe00bec3cb50ced6b9c6bc9068560c17c1d8b13849b87c65887ed13694c827d20b0572a289b0e8e5d77
-
SSDEEP
6144:fIb/0szi6yig4a8dHtVIFXhYoBKSTrfI/+NE3Muiw:wz0K99xa8dHb0XioBlTrf0F3MTw
Malware Config
Signatures
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
com.cold.toothbrushdescription ioc process Framework service call android.app.IActivityManager.setServiceForeground com.cold.toothbrush -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.cold.toothbrushdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.cold.toothbrush -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.cold.toothbrushdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.cold.toothbrush
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.cold.toothbrush/files/54bbfbdf-90ae-4093-b1f8-87d0a9ffb147.datFilesize
404B
MD50020db2898e8dd8c6b717e0cb269d118
SHA1d7875acf99823bad2602ddfe017fb8fe446270fb
SHA2562107b923fa4e55944085faa8511e635a13d77d208e42005ce25b3ce851575e2f
SHA512e4c2b72974ceb56e96c6c21d866e00e115175348c1c27ef8dfab4d9ce9c120e4f7d66d0cd5989c5aa67a29a9d16692399c89bac7a1f760845db4e0b706b45704