Analysis
-
max time kernel
64s -
max time network
151s -
platform
android_x64 -
resource
android-x64-20240611.1-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system -
submitted
13-06-2024 00:02
Static task
static1
Behavioral task
behavioral1
Sample
a30f0843c579505b6149e69daeda3d58_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
a30f0843c579505b6149e69daeda3d58_JaffaCakes118.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral3
Sample
a30f0843c579505b6149e69daeda3d58_JaffaCakes118.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
a30f0843c579505b6149e69daeda3d58_JaffaCakes118.apk
-
Size
906KB
-
MD5
a30f0843c579505b6149e69daeda3d58
-
SHA1
9a8c6cb3f3a7cdab071caa2869ab9bffe7474f63
-
SHA256
4a9d76ef21a86f91fb239054fdbeb47d77bb21179b3702887ca0604248c25867
-
SHA512
0033d87d539ba5d2b244758b73c3ee1058c40d86dccf2f64ebc31548f61ba4a74f39d572430f3d3df1a7c4bfe8aadf35779311b4501033a7fe001e8e923ff4f5
-
SSDEEP
12288:izgX/bmAT/tK3bvE1caV2W43mmaO3brR6tdQ0p9ttS2bWkB2eT5TMzAx3ZXb9A1n:IAbpeTAO32dRLty2/T5TTL8
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.sim.gerard.bgubhundescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.sim.gerard.bgubhun -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.sim.gerard.bgubhundescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.sim.gerard.bgubhun -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.sim.gerard.bgubhundescription ioc process Framework API call javax.crypto.Cipher.doFinal com.sim.gerard.bgubhun
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.sim.gerard.bgubhun/databases/lcdownloadsFilesize
16KB
MD50a2ba49032b8868e7e307195a92a3463
SHA105f3d6d75a6d19068e0c7a609aeabe5d639eb945
SHA256ef820a304ba1e7633f04e956b628bd2ae19c940ed9385c19a7ba00aecd29fd1a
SHA51208fa17e17d7c3c88ff4d093e008ffbd3e2b2ddb8ca0041476b3baee7a31c06a2896632c842a2298684f0dbb8a15b950836669d7d749757fbd5d3718d79ca30e4
-
/data/data/com.sim.gerard.bgubhun/databases/lcdownloads-journalFilesize
8KB
MD5a78c58049a8bbddf02327ee122d7a156
SHA179d0a4d43e3ad16b18a83b8691dad4d70c14b5f4
SHA256817eff7b6325e2ba29194062a79af00c2f49d3259285e28b6d848d0a5b077b3a
SHA512067612b752ba2eba439170dab71a9ae9ce079396012e2e8424620b22d60e808b30c0e9a8cae07ea85ceecf022ba32de0af410368dcdd87d076ba7803d0b2d57f
-
/data/data/com.sim.gerard.bgubhun/databases/lcdownloads-journalFilesize
8KB
MD56922ab10be3e9c903fcdbcead6bf2ca7
SHA195da0441ff72bbe064c4b04feebc0d88fc5f00ba
SHA2565a0bb56b8cc4fba546b4c4631e170fe7c3fe885dc5b4cbde1fd67ccc389b8aa5
SHA5127767061cb0f85e595c5da1bcc94f6820eae2f4362ba6157ad213f9852961fe139c33337afe0b49159f0831de58a79289a7b1090df5ff6304864e9df0be6faf42
-
/data/data/com.sim.gerard.bgubhun/databases/lcdownloads-journalFilesize
512B
MD5bfb44578e4df1b482fe260ddd1a049c9
SHA1ee2e9c4f7116a92dbe563f2c7499baf0506497f3
SHA256e57e181ca1598c59470be7c7094a6e06d29a8facde5d216134546ec355647afc
SHA5123de0c5fd4f8ea9f4e04050958d0bb2753d356ac761b92cf5fc6d0c54c409f790d141be2cea7aa1ae4bf1a6692cfa42dd774c846ae594ce91156283acec1bf73b
-
/data/data/com.sim.gerard.bgubhun/files/setting.txtFilesize
102B
MD5d904514dcf72e0aae8a6183b3220977e
SHA1ce62e1dbb8b20292aa7580d1f3499c3f2c1c5c2d
SHA2564dbbd8c6247aa1c3f6f1e781123c0ba46cfcd07dc4a90c720bfaaba94a7927d0
SHA51230bbe3f927176eb0569841b1835362882f3417e4d1ca2338ef012e327dc883cd540e2cc133bc1ab4995c65a54bfe9cd091bc833ff930743d16f613825d87b241
-
/storage/emulated/0/Download/9j/1.datFilesize
15B
MD56a5db17ef8a43dcf81b848c15a8bbc21
SHA1e6ee102b54ed36ae8f9a61d4b585b87e05ee7f59
SHA256e4b2cccde8a5db70fdcbfcb7eaf74771aa2200081d7e5c671b92afd41e999118
SHA5127723f274e5ccb84d4dc8f92bbf58f052b2135bb89a688cb6a7824510cb1d122fc218cd32ec1c5d5454d6a66c9a9407183ffb2b1c0eb00722b57b8d517392147e
-
/storage/emulated/0/Download/ads/clst.datFilesize
15B
MD5daca150bd0e691724c3e00d163515bc9
SHA109d96deae86123b51f21b429229d25f5e1d4838c
SHA256b374af53726b9c72266ed0112cb278f7bf274737d909157c1e1c450b475a4b74
SHA512e0d5a8d207d47e297eafc97a811cd08262cb3cbef3c9c171789df15944bdf8b7126106d56ce1cebd64912e21c48bc7a7ef755647e9bec4b06b62731270e71df8
-
/storage/emulated/0/ljk/capin/time.datFilesize
15B
MD5ba1359d94d8bd78cf6b732027bffca47
SHA16bfa656280ca69c6254360ec613df3b2554685cc
SHA25677cc99206d9f35ac283554cff8f6337e97e5b91f126ee394f73a49003e39b54d
SHA5125ec3b231172c00f6d6d6196232f9e9f6615a1f79e8d4781c7d6a4b0877b5f0b643e850947fd65c9acb2cda39fa8c9b5113000243f9b43358892151efb2994869