Analysis
-
max time kernel
103s -
max time network
132s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system -
submitted
24-05-2024 08:22
Static task
static1
Behavioral task
behavioral1
Sample
6ddf697f91f1641eb996a569bedbf2bb_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
6ddf697f91f1641eb996a569bedbf2bb_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
6ddf697f91f1641eb996a569bedbf2bb_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
6ddf697f91f1641eb996a569bedbf2bb_JaffaCakes118.apk
-
Size
6.5MB
-
MD5
6ddf697f91f1641eb996a569bedbf2bb
-
SHA1
e954b0e852304fa2d000f919537c03cf8226eed6
-
SHA256
1f3f7cd20803b59b5aa5894f9f90940f24cafe8fb7b5ffe77cfff09e1b3e2e7e
-
SHA512
3ff60e10d908d91d9107e5f7337a5104a04b25b36e10ff7291057ce247a5a205e4d35ba341d9b9606d7f7c0800091c7fd2006094396cbd131518e18c686899b8
-
SSDEEP
196608:Woz9N4MOAa2AcNZD0hic3GjTcEeNM9VbRIM:pfhUmH5gMTRL
Malware Config
Signatures
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 2 IoCs
Checks memory information which indicate if the system is an emulator.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 2 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
com.gameneeti.game.terrorattackcom.gameneeti.game.terrorattack:vservdescription ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.gameneeti.game.terrorattack Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.gameneeti.game.terrorattack:vserv -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Checks if the internet connection is available 1 TTPs 2 IoCs
Processes:
com.gameneeti.game.terrorattackcom.gameneeti.game.terrorattack:vservdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.gameneeti.game.terrorattack Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.gameneeti.game.terrorattack:vserv -
Reads information about phone network operator. 1 TTPs
Processes
-
com.gameneeti.game.terrorattack1⤵
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Checks if the internet connection is available
-
com.gameneeti.game.terrorattack:vserv1⤵
- Requests cell location
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Checks if the internet connection is available