Analysis
-
max time kernel
64s -
max time network
155s -
platform
android_x64 -
resource
android-x64-arm64-20240611.1-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system -
submitted
13-06-2024 00:02
Static task
static1
Behavioral task
behavioral1
Sample
a30f0843c579505b6149e69daeda3d58_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
a30f0843c579505b6149e69daeda3d58_JaffaCakes118.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral3
Sample
a30f0843c579505b6149e69daeda3d58_JaffaCakes118.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
a30f0843c579505b6149e69daeda3d58_JaffaCakes118.apk
-
Size
906KB
-
MD5
a30f0843c579505b6149e69daeda3d58
-
SHA1
9a8c6cb3f3a7cdab071caa2869ab9bffe7474f63
-
SHA256
4a9d76ef21a86f91fb239054fdbeb47d77bb21179b3702887ca0604248c25867
-
SHA512
0033d87d539ba5d2b244758b73c3ee1058c40d86dccf2f64ebc31548f61ba4a74f39d572430f3d3df1a7c4bfe8aadf35779311b4501033a7fe001e8e923ff4f5
-
SSDEEP
12288:izgX/bmAT/tK3bvE1caV2W43mmaO3brR6tdQ0p9ttS2bWkB2eT5TMzAx3ZXb9A1n:IAbpeTAO32dRLty2/T5TTL8
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.sim.gerard.bgubhundescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.sim.gerard.bgubhun -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.sim.gerard.bgubhundescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.sim.gerard.bgubhun -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.sim.gerard.bgubhundescription ioc process Framework API call javax.crypto.Cipher.doFinal com.sim.gerard.bgubhun
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.sim.gerard.bgubhun/databases/lcdownloadsFilesize
16KB
MD5e5d63b234c96d67acce042d109ba11b8
SHA17af137445cebaa3f5f6044f91506130659d6e381
SHA256e65a40dcdf919859725a22f038d3ff4e555b66d6685d5a2cba25bbe20bae66cf
SHA512b8bdedf06067fb8d4cbb632cafe52fd29237039702f45e19ae79072edb835f958fb2b79225774c73f46c02752cc52f13a29b8df641005466a83b4178bbcc9288
-
/data/user/0/com.sim.gerard.bgubhun/databases/lcdownloads-journalFilesize
8KB
MD5a04571de39bfc285b3983421f51de5b6
SHA18b05b27eaaf0513c410bef7c6d88d723b12f8b6e
SHA2562f9d8dbe6b905284da53ce9d272ca6ad49f27e008d45c2e665922a2cb98817ee
SHA5120705405f04b1d9be7ac95557f3165406b3c3d56b67eddc7bc2e5a4f98e29a1f9f8fc24646a01026bba6ce5b1ef628fd2c69d4aee725669d28f76d7234eba4a54
-
/data/user/0/com.sim.gerard.bgubhun/databases/lcdownloads-journalFilesize
8KB
MD575eec6366b7516236ff1c5903cbbdbfd
SHA14764ff32a1af59563bc1276b1f36ac322d225029
SHA2566acae95a9759ed90ec9520c91392869e3c58b8fc9e237f6c178bbc95e6745ad3
SHA51227a46782eb82e7a5a130cbcc6577858d5bae0eaa9d5855318f313493ebf1ffd218209d3670d04b874a17d8669dea8eea8de29ad90206462d6e2758e413181a3a
-
/data/user/0/com.sim.gerard.bgubhun/databases/lcdownloads-journalFilesize
512B
MD5aa74131e2b6bb33562ec9b6706b7a639
SHA1b1ef877fab52148107f5e6b8d1937f6118cf15a1
SHA2563c9b10e1412964379c9934bf4a078e974e23343bfd405e04612bcd400df6d229
SHA5120c93b8c3e236f354959baf7dfaccdde26631c4cc0251e3795be67fb73baf0a643ad4e0802dbc566d3c70324d025936e0ddc0dd938bc356d106f6d7bc18f65aea
-
/data/user/0/com.sim.gerard.bgubhun/files/setting.txtFilesize
102B
MD5a779bee516a733abd1254248508445ba
SHA124688805b27b56f7f1671b27acec78c6da13c041
SHA2561b16ffc4ee1e6a2cda838af4943313a3cf0e5816cf40ee7285f7557ebe3fe155
SHA512998af21915a4b06bc4f3203e4662c8f01cf3ae18f49ef835c82ab582b8d76669ce936f972dc42dc1ed39ecf4a185ce74c51bfb9b9d868e78c1ab7ce87266bdd4
-
/storage/emulated/0/download/9j/1.datFilesize
15B
MD504e7b170f363789941d726237fdf3adc
SHA1cba297256f08b1902b3b3a7fe47c755601cd82ca
SHA256d228a88a5437a171c17cdffc00eb855bb618528c080e019c8bd4a0dd06286ab1
SHA5123b7e32b395eabc1eb745e7864595f24192807adbed34d313409ddf4e90b81d5933eee02031467d061f80f47af4d645505dc1b3deebe540cbc461a513cf63be69
-
/storage/emulated/0/download/ads/clst.datFilesize
15B
MD52a50af537b57beeb23965939469a3e68
SHA1b50502a35a20e39b6f0e1454bbfb10db5e779cb3
SHA25689ab9673d48883e6ba3dfa884944f31aacb6c9226e67c60d8099cee30acfe4dd
SHA512cab38fc59984c5744f3c46fff35864412125ee0ff9da550f51380c0db9b94ccaebd91ec4a88892347fa3c5b554e6af97d597ca7c8e3f86285680db216808c0de
-
/storage/emulated/0/ljk/capin/time.datFilesize
15B
MD522e0e8a1b5562644084ed9e03fa2cabf
SHA13c1531c2de985482d26b35978c6521f2215140ad
SHA256a396d1f391a03090156e8e960b9f900f9b83f75337e7156e97ea4de4558f0b3e
SHA512d5e37d6690fe20361a714020f3773892ee193d7d88482653ef8fff9223fcb7f1d1223324ade7b62f14e2b3bf7e35b6a0154258407b416e3ddf5ada71260cba68