Analysis
-
max time kernel
177s -
max time network
133s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
-
submitted
29-05-2024 21:01
General
-
Target
81e943f671ed37ace694fa916cad0436_JaffaCakes118.apk
-
Size
2.8MB
-
MD5
81e943f671ed37ace694fa916cad0436
-
SHA1
b1a6808d74b3640686e9afca82d821c4503d120f
-
SHA256
29e028d52b0a5b8e7b3d627028828cdf2e0b4ccae1dfaaeb3884cc7babbe17ce
-
SHA512
64e4421361a6171e2a864c28a3e38578fb9dad12aefeb0e0015603e4b03a623b033259e5fecce5f9a045d773c4905914581374fccd356a1fa00418652c376373
-
SSDEEP
49152:mSGVCfKa+EJNNpyCXxGc5ujWFhS8fjvBWdIRfj9XqLJdYDX1RpkyFCH+:mDC53vKCX+qvVWm1j1qL/eXHa2CH+
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Removes its main activity from the application launcher 1 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes
-
com.main.haha1⤵
- Removes its main activity from the application launcher
- Checks memory information
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.main.haha/app_ttmp/t.jarFilesize
172KB
MD539f7c5d4a7962708aa7d98bf2fadfc27
SHA1cb348f750596b2e54705eb7d20b9fb2cc9d8807f
SHA256e303dc3a3e31e4d525840e20486b6a99821e330b75c11e61c0f78d56f5dd9558
SHA51255267b2721b056f9dab24c9f29df40db648cc3bd2eef0f4464da5545e6540f3f18cd8cdd9b7e7c77fe7a4fe37a08eb1bde482edbdd7eb364dd840f7f83740caa
-
/data/user/0/com.main.haha/app_ttmp/t.jarFilesize
172KB
MD5cf9c7fb39d30b43019bfac428a3269ab
SHA1912d7b2f83d9d0eae24d5b4cf1a5033cd2b8a283
SHA2569031644073855d5bc7ad4ac8f211b472c7b52b8a5b743e85b40d1864f95a09af
SHA5122450ac53f0f2ecec5d32ce0fb90ce4ed051d25319965d6758d90e0ede8cc813d445911e7511f140510d3ed19390a1effb9c1758861a95cecde8760abe127590f
-
/data/user/0/com.main.haha/app_ttmp/t.jarFilesize
363KB
MD571f79ba9526f0b6a04ff423212d75238
SHA1ff505b3673f566a812ae925acc84157a1b6f34d7
SHA256ab9672e93263e2459e8381f5216b8d8ce928c7bff5fd74cca8ae6f32977e557f
SHA512b8df08dabb951a4881c0bb7cba6b80b76eeef9776fff51730daa8672f0afb6fa514b9c8bb8981b93db698698a83b77391e16aa612b55cf1150d6c18881aa2253
-
/data/user/0/com.main.haha/databases/com.main.hahabFilesize
64KB
MD5a6f782951b1d293d19e486bc0218ddb9
SHA120a1ce8b452163d12ea51985474d0429427f901b
SHA256818232a90b3058351bbb10129021eb2b8c01ee14da6fc1df84d13dd26fbfe098
SHA512e431ab7a142c57e3fe780c779730a1f8c909433dcf84ff99c015d58c893578a5d52ccb67244c58f7069c057faaca81a27742a1bff41c35001a51f4b77bac17bd
-
/data/user/0/com.main.haha/databases/com.main.hahab-journalFilesize
512B
MD5f4b3df5d09cf1619228692122b865dd7
SHA1bfd53f4826c5914514f1ea8013b990a1bdbdd5bd
SHA256e2da51cfd4633270b623beeccb84066eee59d63805530db4c7ab6742a2f9ec93
SHA5127e9c9dde26f21ca4829eb47df98055787a5baae06cc3c315715c26779ae2189b5d90a4a11700dff5287e5eee1844a498a320898af74ddd0edafaaa61b9222bbf
-
/data/user/0/com.main.haha/databases/com.main.hahab-journalFilesize
8KB
MD55cd2e77fd3a083a1f01d1545809c7ad2
SHA16df879344753ed86fc61a8410670a77515526913
SHA256a74393c1d843120c259f6bca16dbe8ab8b90942a4bab8cdba692521118bd94b3
SHA51261185da53f945ab803aadfaa03e995b46c483bc105d2a77dc8bcd559649f5684b66a97c337ba327e115f9c133d4cf2d816167dfb22f95b7079f6deca9d74d969
-
/data/user/0/com.main.haha/databases/com.main.hahab-journalFilesize
8KB
MD5ddd8641e74b384f906db0474d8a97af1
SHA169d47dfd40448679f73ceb2221579b0629c4df5f
SHA2569035e820d94dd208174138c26ac27b30ddb7495cdb0c80cf9f004aaa4a952166
SHA512d1801025ffe709894cf909becb59732ec4b463c24a7bc5480569c2aa01c7ecf2840681bc7479aa618e2a1c4069f056b78926c4e7c2f928e695bce1004ce16ae3
-
/data/user/0/com.main.haha/databases/com.main.hahab-journalFilesize
12KB
MD5c3cf021c31bfef4d1220a40fe0798cc1
SHA1c5eb3866f76acfa2800dfa2a29e4b47be393b98f
SHA2564b1f48d29e3f273f09ffb89b577e3125b678af04b00b33a143e5e64ef9349a00
SHA512805aa17dcd4b873e23d8c4f73bde38d315eb583e18bacc272cc6346d01ee5716c78e0401bea430bffa5b5c0fdab39952fcfc8c01742f0a106ab5cd1ef9a200c3
-
/data/user/0/com.main.haha/databases/com.main.hahab-journalFilesize
12KB
MD5dea50efdb855f84707673ef12b076f5a
SHA173ac25e9d7cbb906a2bca1c9f6736f02579ac019
SHA256443a07a528e1f76115092e7e613aafa2bad09b79a98eb186d954c29343e470bc
SHA5128d09390a0163a31c0991d0812e4a5ee6c06672f5667f4446c62812cee5f223e47ebe6d16b0c6344259eae85e1742d14b49fe6edc78458fb211c443f8e7739402