Analysis
-
max time kernel
179s -
max time network
158s -
platform
android_x64 -
resource
android-x64-20240514-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system -
submitted
24-05-2024 13:42
Static task
static1
Behavioral task
behavioral1
Sample
6eb6ba6d2a6486165d21d3b462d13b39_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
6eb6ba6d2a6486165d21d3b462d13b39_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
6eb6ba6d2a6486165d21d3b462d13b39_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
6eb6ba6d2a6486165d21d3b462d13b39_JaffaCakes118.apk
-
Size
271KB
-
MD5
6eb6ba6d2a6486165d21d3b462d13b39
-
SHA1
8116605f3397e54b01344e1e2f693512fa90e473
-
SHA256
aa6f1fc3bb6d24fa88a1b94be985cd10d03467e484ae10b35a3af7253d3e27cd
-
SHA512
dcd5cefdb666b1e0e1998c812c00e01f47fc67aad8ef01c65fc08150a19afdc5af076c3000b6af4995487a3a301bc2b2d6cb5087d802e263511a967d565e8f35
-
SSDEEP
6144:VgIuwTsBRA3mnpcABMLe0HQ0NEKq/ZaRaw4IzEsS/ZXBc24nS5fNT:VgUTsbHBMLeH0NCYa/IvcR8nKT
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.Bangkok.wgib.jsswzieurohvqxioc pid process /data/user/0/com.Bangkok.wgib.jsswzieurohvqx/app_tfile/fields.jar 5069 com.Bangkok.wgib.jsswzieurohvqx -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
Processes:
com.Bangkok.wgib.jsswzieurohvqxdescription ioc process Framework service call android.accounts.IAccountManager.getAccountsAsUser com.Bangkok.wgib.jsswzieurohvqx -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.Bangkok.wgib.jsswzieurohvqxdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.Bangkok.wgib.jsswzieurohvqx -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.Bangkok.wgib.jsswzieurohvqxdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.Bangkok.wgib.jsswzieurohvqx -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.Bangkok.wgib.jsswzieurohvqxdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.Bangkok.wgib.jsswzieurohvqx -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Schedules tasks to execute at a specified time 1 TTPs 2 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
com.Bangkok.wgib.jsswzieurohvqxcom.Bangkok.wgib.jsswzieurohvqx:guarddescription ioc process Framework service call android.app.job.IJobScheduler.schedule com.Bangkok.wgib.jsswzieurohvqx Framework service call android.app.job.IJobScheduler.schedule com.Bangkok.wgib.jsswzieurohvqx:guard -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.Bangkok.wgib.jsswzieurohvqxdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.Bangkok.wgib.jsswzieurohvqx
Processes
-
com.Bangkok.wgib.jsswzieurohvqx1⤵
- Removes its main activity from the application launcher
- Checks memory information
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries account information for other applications stored on the device
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
-
com.Bangkok.wgib.jsswzieurohvqx:RemoteProcess1⤵
-
com.Bangkok.wgib.jsswzieurohvqx:guard1⤵
- Schedules tasks to execute at a specified time
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.Bangkok.wgib.jsswzieurohvqx/app_tfile/fields.jarFilesize
146KB
MD5d68d0de648acf867fc7a328f3ba9ec61
SHA18616de93f234e6c9fd541a64a1835e3cc9d90267
SHA256019feaf1e8612507b326deac0f012c2d86faaf978e5949a15c4616205ecc1259
SHA512d5cbbaa91470a32c3e5bbd1a39ab49f04fa2526fe05c7e437591aebac80948d0fa063d6beb1a0da4de21ca89de0852c9ff95eb81fb703b88bbd49dce08d3eb6f
-
/data/data/com.Bangkok.wgib.jsswzieurohvqx/app_tfile/oat/fields.jar.cur.profFilesize
414B
MD56d7147b93efab5a3ee62666844a94dd4
SHA1ec78eae10ba3dbebe3ea4a0d9dcce729b66956b3
SHA2564ac8745fe0a17efe878ea25811d9417bed6bcaf45d442875c08db844ab082d2a
SHA512e8fef2fdd5daec6ebb0c98613c7ad82f56fa99c0bd820eaf66d29f395ed259036cd4371aad6d6f6d411afb79c24a1d5838ad488440484ee181f1457e2385be25
-
/data/data/com.Bangkok.wgib.jsswzieurohvqx/databases/tbcom.Bangkok.wgib.jsswzieurohvqxFilesize
36KB
MD5ae8aa93151da27ce1348c21d6ea98a45
SHA1d187ce29f387717ea0c7d2919a77945a6f04a954
SHA256b5023c1c2354845e52c945166be1111d7565a000e57ea18d8ce2943c73580e81
SHA5127bc212292c6dd5192e2d714d1e06c3109f133bf0f5bddb4dd4113a4b9ab3a8db3ba7e1cab4a7da44724361b8d7d53cdde3d50506cf7264fb00d7b4521014c85a
-
/data/data/com.Bangkok.wgib.jsswzieurohvqx/databases/tbcom.Bangkok.wgib.jsswzieurohvqx-journalFilesize
512B
MD5b704302414aa2438865ed8e1a2de683a
SHA160cc4391a9fb14f8dcdb22afa93fb382e691e768
SHA256ed60d52752f57029f1a703e4adb38d6a5fc708c9f6f877f67b03aacbfef673e4
SHA5123d443f1cbfba78f6241bb9af5611571ae64be4ff6cbe00ce90d2777cea54f743cdc6efb3962f722e5de1467c90b65d41d1aa4a7602e3a02fbe7b38c01e71b095
-
/data/data/com.Bangkok.wgib.jsswzieurohvqx/databases/tbcom.Bangkok.wgib.jsswzieurohvqx-journalFilesize
8KB
MD51dfa0717990a19588c6adcc0a5d79571
SHA1e9ef8bf9090c56753c35cf01311b06141fa17b75
SHA2565fe42b402231da6e90a6c556754335a637199315a16983ff11283130d94fbc95
SHA51238926422c47a513d0a2355d1eb8c972ed1a9e5492659a8fcef823e310918139e458ae542ba615d6992ab993215cf5e531bc70f6edea8ec85f4a8333c6728b8b7
-
/data/data/com.Bangkok.wgib.jsswzieurohvqx/databases/tbcom.Bangkok.wgib.jsswzieurohvqx-journalFilesize
8KB
MD576b632761e300652ebfb7d7f26c54b13
SHA1baf4c07d0ca4e8631c70c816c98fa22e54cb53bd
SHA25613702445795ca13580a1310123410e99bce232e6e558b9efcca2405ab386774b
SHA51286b6f54cfa629f460a3cb89a2dc143983fbdc7d2f39f25713fe3b467690b2f8397c9d8869934b82790958d56f9fbcde7ca25111c63e6b301f209192c5b2fee6a
-
/data/user/0/com.Bangkok.wgib.jsswzieurohvqx/app_tfile/fields.jarFilesize
298KB
MD5f2b4315e6df8b8407f7edd5dcbf43376
SHA1f125042d426cdb025092830007801d6a04217f3a
SHA256a0828b2ced584eb0097166421a856d8839822d9610432141977a804cb2f25b3c
SHA5125d7464e8970a44fa87ecd45be3a196f975cc0b8a5f29e5e37ffd766994287b1855404d57297b12bb9fbbb5463aa23f3511638548e2b1685526be9f383e137066
-
/storage/emulated/0/Download/sdsidFilesize
4B
MD5b8c37e33defde51cf91e1e03e51657da
SHA1dd01903921ea24941c26a48f2cec24e0bb0e8cc7
SHA256fe675fe7aaee830b6fed09b64e034f84dcbdaeb429d9cccd4ebb90e15af8dd71
SHA512e3d0e2ef3cab0dab2c12f297e3bc618f6b976aced29b3a301828c6f9f1e1aabbe6dab06e1f899c9c2ae2ca86caa330115218817f4ce36d333733cb2b4c7afde7