Analysis
-
max time kernel
93s -
max time network
172s -
platform
android_x64 -
resource
android-x64-20240611.1-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system -
submitted
12-06-2024 14:27
Static task
static1
Behavioral task
behavioral1
Sample
a0fe08922e5c9dc631d43cd126621c65_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
a0fe08922e5c9dc631d43cd126621c65_JaffaCakes118.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral3
Sample
a0fe08922e5c9dc631d43cd126621c65_JaffaCakes118.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
a0fe08922e5c9dc631d43cd126621c65_JaffaCakes118.apk
-
Size
12.6MB
-
MD5
a0fe08922e5c9dc631d43cd126621c65
-
SHA1
2c84de7e3e38762b1e6669d3f61adfc1cba9bd26
-
SHA256
093f59e21155961b3103d1b366b1bbc12727bd124c408dd95787323b3ea0792b
-
SHA512
e8ba8625deed098121a605597e1b1b4b2b0f2ce74a1ea53a017a77885c78de448b7b59416c00a1d5508a3cf7e767a00f2d6209a3780799dd3d247a8156d6823c
-
SSDEEP
393216:8fOIqk9YT7PnR97RgPlycEQivGnwetBULr45vOXVqF:xWYT7PYoOptWYBmG
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
de.nr.android.app.locator.premiumioc pid process /product/framework/com.google.android.maps.jar 5106 de.nr.android.app.locator.premium /product/framework/com.google.android.maps.jar 5106 de.nr.android.app.locator.premium -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Queries information about active data network 1 TTPs 1 IoCs
Processes:
de.nr.android.app.locator.premiumdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo de.nr.android.app.locator.premium -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
de.nr.android.app.locator.premiumdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo de.nr.android.app.locator.premium -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
de.nr.android.app.locator.premiumdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone de.nr.android.app.locator.premium -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
de.nr.android.app.locator.premiumdescription ioc process Framework service call android.app.IActivityManager.registerReceiver de.nr.android.app.locator.premium
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/de.nr.android.app.locator.premium/app_fiverocks/events2Filesize
16KB
MD5ac8fcac67e1235eeb90313d9b450af27
SHA10a56b0557d54706d3881d59e39fb36b9188dc0ca
SHA2560c84957ac42a1e19209745a578e6b612146b167850c0d184d226b4989d24d1c9
SHA51226af3955d5d977f58c4c29917c577f51104e39bfd0b5414d44005fbf6ed4f9bf7f5c76e2d76694adcabe183e341a24f430388ff3bd5f87ec529ebaa680169aba
-
/data/data/de.nr.android.app.locator.premium/app_fiverocks/events2-journalFilesize
512B
MD584aabcc3a9b0fc40c00752a30dc02469
SHA16f3dab6c2654a83e54f2ddd0f84310dfaf4e506a
SHA2561452de0b955870708486d33a6402499a6f578c60248113dd7bc191c400438239
SHA5123a14283af36308a8ef9464130a19d784ee867da13d270fa0c31bb40666bd5f237962199064be323e1b7eefc38fbc7c182602a1cda0ded8cb4c62e6eebf626941
-
/data/data/de.nr.android.app.locator.premium/app_fiverocks/events2-journalFilesize
8KB
MD503b71e941c22c1473487e56fc3794989
SHA1b5048ab8961f894b9136c6dbda1f9fc4cacf932d
SHA256476d37c58af9e43296c656b900de790bc4223ab09debda1db66355e63cbdb27e
SHA51224100c11705df57206e048c58eef7aa918e3a25afd45bfb91149202afd957c3347f5d90700ed360a714cf8f5b919d15e588fd0df8a44ae935d626ee3f3834749
-
/data/data/de.nr.android.app.locator.premium/app_fiverocks/events2-journalFilesize
8KB
MD533a8956a8414c9575f754bc59278844c
SHA15f3e9abfde7b669ad726d179d4ee74872b7474b9
SHA25669107f9805703670a536008e7acafb10280cdb77e0475850697cbdad98c719ce
SHA51299dd9197dea32cc9f8ccc7e51cd5f5fb647e2ba1a1e606e6296c6710ff84f3105ea7dc9dfe94c9635ca20e8c47142639e8a6dab0fd46fae15a48a72860efc9e9
-
/data/data/de.nr.android.app.locator.premium/app_fiverocks/events2-journalFilesize
8KB
MD5493940e62340061d91a4111eb2e446a0
SHA136bdcbe25b3aa366f53a9fafea3a57c6ca804d0f
SHA2565e63f06de3c4d60f25eeddbf51f09bd6a6669beec69fc9856eac92778711e859
SHA512b7ec8cd612a3bfe744080b039867ba0888e71c5d2bc1d194903fe8d28f2f2e9861f0f5c1743a9594e8f75a1e055244d4f62398d03109d540c9bd996caa5b6742
-
/product/framework/com.google.android.maps.jarFilesize
315KB
MD54899aca36d1ed747a447dcac0d101a62
SHA132e43edc0bf3e036683ea8639472e6cd31ab9929
SHA25667a651acd867e046fb4463b31ea584c1468f7243a9d1e2efd34059e8ee2f130f
SHA51250b23dd279a9efba566c6a6523c7537723c0cd6dd3e4871f1cbdb8d5bc355caa3ddea99452b1c8e5356802f812b3768066a9848b93d715bb8bdfa455b704285f