Analysis
-
max time kernel
178s -
max time network
157s -
platform
android_x64 -
resource
android-x64-20240603-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240603-enlocale:en-usos:android-10-x64system -
submitted
05-06-2024 19:08
Static task
static1
Behavioral task
behavioral1
Sample
98fdb47121935e5c7b61250dc501c3e3_JaffaCakes118.apk
Resource
android-x86-arm-20240603-en
Behavioral task
behavioral2
Sample
98fdb47121935e5c7b61250dc501c3e3_JaffaCakes118.apk
Resource
android-x64-20240603-en
Behavioral task
behavioral3
Sample
98fdb47121935e5c7b61250dc501c3e3_JaffaCakes118.apk
Resource
android-x64-arm64-20240603-en
General
-
Target
98fdb47121935e5c7b61250dc501c3e3_JaffaCakes118.apk
-
Size
1.4MB
-
MD5
98fdb47121935e5c7b61250dc501c3e3
-
SHA1
d054c042b25723579fd0e54775e86e94e7549d77
-
SHA256
106242de5841d95b49f8cf14ba0804ab234d773b557d4681f2009f6869a79495
-
SHA512
0d30d0df806e067082dee6f3296c6c8bc105cd6ab77c0e44c25b85be8352c5466dc174d55da2d6d0317906279dc595c99ba710a09412ec5c91db4eafcf7ffd73
-
SSDEEP
24576:QEaFmFN9v46flH2UIbxMeh+CY87waIIj9CqkMnFP0JORSAireJK:QEaFmL9AcMJY873IG90ZcS0JK
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.bjin.gamemaster_mainioc pid process /data/user/0/com.bjin.gamemaster_main/app_ttmp/t.jar 5128 com.bjin.gamemaster_main -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.bjin.gamemaster_maindescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.bjin.gamemaster_main -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.bjin.gamemaster_maindescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.bjin.gamemaster_main -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.bjin.gamemaster_maindescription ioc process Framework API call javax.crypto.Cipher.doFinal com.bjin.gamemaster_main -
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.bjin.gamemaster_main1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.bjin.gamemaster_main/app_ttmp/oat/t.jar.cur.profFilesize
602B
MD5748e41c1e6c341ce60afe435961e97bf
SHA17aa366f5ef1626be7d9512a4b3547e3f4667edbe
SHA2567d3127411da5b8947f7184a0cf8f558caad05e984d3f9ce80778ca58c3817470
SHA512dafb42b5b9c626815d96ba6ffb962738906dbf7b6eb27165ee98f31ca12ee32241e73a0333b83fe6ec4444c5f0f103bf520b88db724aa4e0629bf194afe8da93
-
/data/data/com.bjin.gamemaster_main/app_ttmp/t.jarFilesize
276KB
MD59aaea567e0c93e51718ba7eade0e83df
SHA10005116aad1779361b70093db00fed5ac090ae23
SHA256b30a95dff6f65f444472971c8aaf895ffc8e66e0117ce242ec4cb8a8a519a5ec
SHA5122aef1034335d8752f4e25ce6c5823ce03019536cc6e51ee61b5291c77a0f356a2517e0cbe7f2c4cc2d897115dc856449a342cfdc247c9d34d313187d15b2f890
-
/data/data/com.bjin.gamemaster_main/databases/com.bjin.gamemaster_mainbFilesize
72KB
MD5736b6458d14b79988aaf76dc840d3b1f
SHA13814bf7d096a4ffad3ebb437dc51c86b1f08fe0f
SHA256130d08fcfc1cacbb196d3c1e2db1d4bfc850cdf140858ab5de997b9262f26d44
SHA51288f3d6791a20e50d20d919158a4e7597a7bd5d59ba87b01b8996a8d115ee4bac6d2754a6a6387774979455b598e0bace7e541c311abdbab4ff5dd79b579fa9e4
-
/data/data/com.bjin.gamemaster_main/databases/com.bjin.gamemaster_mainb-journalFilesize
512B
MD57ece75652b328423f6fd27eb4566d524
SHA11437d99b3184613bdabd9c024a6bcaa2704691ba
SHA256dec94ab9a0d8476eadf79e755a87491384ecd4de65a4dadafae3360251585432
SHA51275c8b5c2a0c8df453e64379717be49a5c8ac8eecdb02fd48c8322526d125fa96cb28d69212aebc4631beb0f2d371fc9d05b470fa7007d4eeba2d9706546a07d0
-
/data/data/com.bjin.gamemaster_main/databases/com.bjin.gamemaster_mainb-journalFilesize
8KB
MD546373125e3c6237d5d8ec0f8120c3ea6
SHA18a7397099e69eb79981f6fcb3a6ca87bef2fb401
SHA2561fe914478beaeea5e3e26cc03affc430317879ceff42aff8712a6743d105123c
SHA5120154f02d1ffd535e6a4a984684d6d7a20ce3148c9b305396d6d294eee03b60e878e516fbd6550873bbd8e4fc48c13fd41fe4df9eb793909b582ca346f176af01
-
/data/data/com.bjin.gamemaster_main/databases/com.bjin.gamemaster_mainb-journalFilesize
8KB
MD58c6d6bd809b74c53d38a20aabdef8795
SHA1d3714525c33c3ac72fd33e6b293a063be6869c29
SHA25653c591728d59c1863c567b1e896ca8ef3b02c2e6357368413453b159f201167c
SHA512f13ccab3d941d9364bdaf0d46681478d2986bc487f47a68a0535823cbb1ff0346ff814e3f03c70f08290fc633be03c05942773bcfe3cd97cc4283361c6b88053
-
/data/data/com.bjin.gamemaster_main/databases/com.bjin.gamemaster_mainb-journalFilesize
12KB
MD5930712d99bdeda0bc3b19d914b63c74f
SHA1660284d54ded88f419672cf1ff688aaa359efb3c
SHA25663cf6d582df147638e044f91ec3fdab1deef01cdbd95cd1d6ae090f62b95b479
SHA51223a62a75676f2f35ed4e9c617eac2b9496c1f39f2303b8e11cb0c5abae16827c6d6e8cca1005144ae690c4d34b9d8fb579e26d50b5bcf4822850a9bee9c0299c
-
/data/user/0/com.bjin.gamemaster_main/app_ttmp/t.jarFilesize
587KB
MD5f72c3d07507c3e26d317e9117ba757d1
SHA1cdede4739e9dd9fd95243aab5e44c24f93f825c3
SHA2561c65834d9ca018c6496a8b9957589d0e94657911b6635dc21a448d78f9238887
SHA5123420714252e7503abc13c99274d767b0bc08671d769460dc61823ab9470e145fb75c5dfaadc617d3a05cf251ed5ecf38ea7e8c1d7b343bca4d7e8296f1b805d4