Analysis
-
max time kernel
179s -
max time network
132s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system -
submitted
27-05-2024 11:01
Static task
static1
Behavioral task
behavioral1
Sample
78eee2da614018ea49d13f2519929dc9_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
78eee2da614018ea49d13f2519929dc9_JaffaCakes118.apk
Resource
android-x64-20240514-en
General
-
Target
78eee2da614018ea49d13f2519929dc9_JaffaCakes118.apk
-
Size
213KB
-
MD5
78eee2da614018ea49d13f2519929dc9
-
SHA1
6462dd870228757be803e7071c875f33fd7da3be
-
SHA256
8a40e7641e37d8ed06275cef535b5349b0d007bb84bfafcd562248206845263c
-
SHA512
7e23151d58007d7dc0e67d2383a2fad8750ad402b40adbd8301a6a11f62f6203261cd2909363e114bea8b41410210b4dcba5f0b2442dbd9d2e698d093e7f861a
-
SSDEEP
6144:fIb/0szi6yig4a8dHtVIFXhYoBKSTrfI/+NE3MS:wz0K99xa8dHb0XioBlTrf0F3MS
Malware Config
Signatures
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
com.cold.toothbrushdescription ioc process Framework service call android.app.IActivityManager.setServiceForeground com.cold.toothbrush -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.cold.toothbrushdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.cold.toothbrush -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.cold.toothbrushdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.cold.toothbrush
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.cold.toothbrush/files/aa8fd1cf-a6b2-4c5d-9885-da4f1f19e7cb.datFilesize
404B
MD5881dc80385c16a5b3496886e5e5794c0
SHA17f9635272758c3d9152a17f0139154e9f151048a
SHA25631e8b544f0599089ab47261a1c5fbd3c3f538b42d0dad3952f388b617f4ad2e8
SHA512777d5aea67aea97d06a578528677fbf3785dc68275dc5753961faee9a48c0014a6823a7d32ef3a1b4174bea9367ee40b123ad48529398c4dbced1c4f19f73689