Analysis
-
max time kernel
178s -
max time network
190s -
platform
android_x64 -
resource
android-x64-20240514-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system -
submitted
29-05-2024 21:01
Static task
static1
Behavioral task
behavioral1
Sample
81e943f671ed37ace694fa916cad0436_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
81e943f671ed37ace694fa916cad0436_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
81e943f671ed37ace694fa916cad0436_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral4
Sample
Flash-Browser.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral5
Sample
Flash-Browser.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral6
Sample
Flash-Browser.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
81e943f671ed37ace694fa916cad0436_JaffaCakes118.apk
-
Size
2.8MB
-
MD5
81e943f671ed37ace694fa916cad0436
-
SHA1
b1a6808d74b3640686e9afca82d821c4503d120f
-
SHA256
29e028d52b0a5b8e7b3d627028828cdf2e0b4ccae1dfaaeb3884cc7babbe17ce
-
SHA512
64e4421361a6171e2a864c28a3e38578fb9dad12aefeb0e0015603e4b03a623b033259e5fecce5f9a045d773c4905914581374fccd356a1fa00418652c376373
-
SSDEEP
49152:mSGVCfKa+EJNNpyCXxGc5ujWFhS8fjvBWdIRfj9XqLJdYDX1RpkyFCH+:mDC53vKCX+qvVWm1j1qL/eXHa2CH+
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.main.hahaioc pid process /data/user/0/com.main.haha/app_ttmp/t.jar 5147 com.main.haha -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.main.hahadescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.main.haha -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.main.hahadescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.main.haha -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.main.hahadescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.main.haha -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.main.hahadescription ioc process Framework API call javax.crypto.Cipher.doFinal com.main.haha
Processes
-
com.main.haha1⤵
- Removes its main activity from the application launcher
- Checks memory information
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.main.haha/app_ttmp/oat/t.jar.cur.profFilesize
370B
MD58d4f3f7b0c8e549fbb3878281eef9289
SHA1c8f5f462fbb60e73d42f777eae72bc07f3cedb26
SHA2567ddea11a56e9cb5867f2ddea7d5b061bf81a3036654beb838c0253385f3c8c49
SHA512a669a182026b837eed8e12cc5090cdb5ce2d3f96b57bc1b8372bf4714746e97e3d68e27770bb91bc62c69326975898b4adec9c28ec3be64dcf52004cfe3a9390
-
/data/data/com.main.haha/app_ttmp/t.jarFilesize
172KB
MD539f7c5d4a7962708aa7d98bf2fadfc27
SHA1cb348f750596b2e54705eb7d20b9fb2cc9d8807f
SHA256e303dc3a3e31e4d525840e20486b6a99821e330b75c11e61c0f78d56f5dd9558
SHA51255267b2721b056f9dab24c9f29df40db648cc3bd2eef0f4464da5545e6540f3f18cd8cdd9b7e7c77fe7a4fe37a08eb1bde482edbdd7eb364dd840f7f83740caa
-
/data/data/com.main.haha/app_ttmp/t.jarFilesize
172KB
MD5cf9c7fb39d30b43019bfac428a3269ab
SHA1912d7b2f83d9d0eae24d5b4cf1a5033cd2b8a283
SHA2569031644073855d5bc7ad4ac8f211b472c7b52b8a5b743e85b40d1864f95a09af
SHA5122450ac53f0f2ecec5d32ce0fb90ce4ed051d25319965d6758d90e0ede8cc813d445911e7511f140510d3ed19390a1effb9c1758861a95cecde8760abe127590f
-
/data/data/com.main.haha/databases/com.main.hahabFilesize
64KB
MD571586bab4c6a7dca467914d271895b8a
SHA1f083b665810076c6e41d2dadb275c8faaebcbe03
SHA256ef2cc4f547c88246456110a2b082060201c303cc82aa6c689151b311d1690d13
SHA512acb240351cf8bd0722e828a49e0e932adc10a4bb6570657b3a4e83d6e3f14eb44c9d8e566f3e6d442251066fa6d0e82d73fc87eea1c1bc0ff1c53be835358a38
-
/data/data/com.main.haha/databases/com.main.hahab-journalFilesize
512B
MD57dc2e038a18a69bc84fd949a5ed9a0a0
SHA1f0255eb1cc95dc70ec619cfe9dd06ce1e3c31955
SHA2568d5e98c583edb52d037d67a9e2d1fc86a8933bf86fbdfe624797bde1adcc031b
SHA51298e962106a3c39fac12451318c7927a5b8eb380f1e1524e05fca615f439faa275e5b18350f9c4acab317dc3636b617aabf100916be0afb40d57fb29ff71e02a7
-
/data/data/com.main.haha/databases/com.main.hahab-journalFilesize
8KB
MD5f2ad811f9fffa02c08689f6b920168d5
SHA1f4dd705188b14efa41b4da6bc5da0d7b93d21dda
SHA256e318535346d65b4d32986c352cee5225a1268f4516f9d9160c67143c6d868749
SHA512f48efaafe962bc0a5fee1095d0e28948574bdd75b983ec18817eceaaa75c1c7a444d843c36dcfb5eb7b24ceb116f4106180bb71e9ff1ae5f0a3e60b3b83ca408
-
/data/data/com.main.haha/databases/com.main.hahab-journalFilesize
8KB
MD5f4f5ca1a1660077f6a94e88b963c592d
SHA14a9168aef39574367d642a5b852d417e700be8ea
SHA25646bfe078b4d7e2308148190b52fa668be8d274dcc518467b16610240229207a6
SHA5124c22560896f59b1258317d45761e7c06b77774c51aa8c311b577e00639627fa50f27857689692382832f728e73c25c33e70d42f001e8a6efafba7c51199a356e
-
/data/data/com.main.haha/databases/com.main.hahab-journalFilesize
12KB
MD5bd44c69bb98691eb67c152909aea0bbf
SHA18cb36f250f916b7fab356f9c59278bf284b1c0b5
SHA256c6b7002fbc0b5d7be27da0377a4f429831e2be33c0b003ea6591d77935652d71
SHA512e7f6646bac91e1c2d8f1a6d8d1e4af91257c0ef1ae226fff8a35f53544c6fedc571e410df54f49a23bb4b0bbc565664589be7d5f25a9b4708146a6b618659d0b
-
/data/user/0/com.main.haha/app_ttmp/t.jarFilesize
363KB
MD571f79ba9526f0b6a04ff423212d75238
SHA1ff505b3673f566a812ae925acc84157a1b6f34d7
SHA256ab9672e93263e2459e8381f5216b8d8ce928c7bff5fd74cca8ae6f32977e557f
SHA512b8df08dabb951a4881c0bb7cba6b80b76eeef9776fff51730daa8672f0afb6fa514b9c8bb8981b93db698698a83b77391e16aa612b55cf1150d6c18881aa2253