Analysis
-
max time kernel
125s -
max time network
175s -
platform
android_x64 -
resource
android-x64-20240611.1-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system -
submitted
18-06-2024 06:17
Static task
static1
Behavioral task
behavioral1
Sample
bb13b6f1226606dbc798fa05cd9cd0e6_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
bb13b6f1226606dbc798fa05cd9cd0e6_JaffaCakes118.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral3
Sample
bb13b6f1226606dbc798fa05cd9cd0e6_JaffaCakes118.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
bb13b6f1226606dbc798fa05cd9cd0e6_JaffaCakes118.apk
-
Size
301KB
-
MD5
bb13b6f1226606dbc798fa05cd9cd0e6
-
SHA1
30fe7375494c1fbd29bf2acb78ddac537790317b
-
SHA256
74ccc69b992bea3ce6f2b08538f508738424d5616e2637cf5a8fc4c1a962a757
-
SHA512
b57b1b67c6f96dc3c39cc2fdd2b1d5b6de528a9a0a190aed87f65817ba13a9e588b501569db6520181add8c17e76fef84e14f931065d8f9ba87da4db07917be3
-
SSDEEP
6144:Mj1c4F6rag3wBiTE5pn5bcFK6S66IYExfzqr10mO2HxlNMi:m1zFgahBiT6B5b/6AE1er+P2RlOi
Malware Config
Signatures
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
com.bubbleWrap.webgmdescription ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.bubbleWrap.webgm -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.bubbleWrap.webgmdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.bubbleWrap.webgm -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.bubbleWrap.webgmdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.bubbleWrap.webgm -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.bubbleWrap.webgmdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.bubbleWrap.webgm -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.bubbleWrap.webgmdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.bubbleWrap.webgm -
Checks CPU information 2 TTPs 1 IoCs
Processes:
com.bubbleWrap.webgmdescription ioc process File opened for read /proc/cpuinfo com.bubbleWrap.webgm -
Checks memory information 2 TTPs 1 IoCs
Processes:
com.bubbleWrap.webgmdescription ioc process File opened for read /proc/meminfo com.bubbleWrap.webgm
Processes
-
com.bubbleWrap.webgm1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:5034
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
105B
MD501bf9eeb44c52434d3ae29d52385d42f
SHA1045e9c45370f5c890fc8a75bfaa29e185dff9ef0
SHA256647f7c2cb0cf66a787df604eeb7d264746a7a342db7c0deb78d9576e09e55696
SHA5125eb4be9eecc3733bf7e6332ab5084391272de0b837052972fab1b296e4d532f4b06f80c709bf29185c034993e1fb1beda087248ffb5b35a4e9aab65a476aa1ae