General
-
Target
6eb6ba6d2a6486165d21d3b462d13b39_JaffaCakes118
-
Size
271KB
-
Sample
240524-qz6yjsfh91
-
MD5
6eb6ba6d2a6486165d21d3b462d13b39
-
SHA1
8116605f3397e54b01344e1e2f693512fa90e473
-
SHA256
aa6f1fc3bb6d24fa88a1b94be985cd10d03467e484ae10b35a3af7253d3e27cd
-
SHA512
dcd5cefdb666b1e0e1998c812c00e01f47fc67aad8ef01c65fc08150a19afdc5af076c3000b6af4995487a3a301bc2b2d6cb5087d802e263511a967d565e8f35
-
SSDEEP
6144:VgIuwTsBRA3mnpcABMLe0HQ0NEKq/ZaRaw4IzEsS/ZXBc24nS5fNT:VgUTsbHBMLeH0NCYa/IvcR8nKT
Static task
static1
Behavioral task
behavioral1
Sample
6eb6ba6d2a6486165d21d3b462d13b39_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
6eb6ba6d2a6486165d21d3b462d13b39_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
6eb6ba6d2a6486165d21d3b462d13b39_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
Malware Config
Targets
-
-
Target
6eb6ba6d2a6486165d21d3b462d13b39_JaffaCakes118
-
Size
271KB
-
MD5
6eb6ba6d2a6486165d21d3b462d13b39
-
SHA1
8116605f3397e54b01344e1e2f693512fa90e473
-
SHA256
aa6f1fc3bb6d24fa88a1b94be985cd10d03467e484ae10b35a3af7253d3e27cd
-
SHA512
dcd5cefdb666b1e0e1998c812c00e01f47fc67aad8ef01c65fc08150a19afdc5af076c3000b6af4995487a3a301bc2b2d6cb5087d802e263511a967d565e8f35
-
SSDEEP
6144:VgIuwTsBRA3mnpcABMLe0HQ0NEKq/ZaRaw4IzEsS/ZXBc24nS5fNT:VgUTsbHBMLeH0NCYa/IvcR8nKT
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries account information for other applications stored on the device
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries the mobile country code (MCC)
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Checks if the internet connection is available
-
Queries the unique device ID (IMEI, MEID, IMSI)
-
Reads information about phone network operator.
-
Schedules tasks to execute at a specified time
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-