Analysis
-
max time kernel
114s -
max time network
148s -
platform
android_x64 -
resource
android-x64-20240611.1-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system -
submitted
18-06-2024 08:40
Static task
static1
Behavioral task
behavioral1
Sample
bacd896ded6a227b8c3e7e115b57f2f9_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
bacd896ded6a227b8c3e7e115b57f2f9_JaffaCakes118.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral3
Sample
bacd896ded6a227b8c3e7e115b57f2f9_JaffaCakes118.apk
Resource
android-x64-arm64-20240611.1-en
Behavioral task
behavioral4
Sample
gdtadv2.apk
Resource
android-x86-arm-20240611.1-en
General
-
Target
bacd896ded6a227b8c3e7e115b57f2f9_JaffaCakes118.apk
-
Size
3.5MB
-
MD5
bacd896ded6a227b8c3e7e115b57f2f9
-
SHA1
03c6249af25bc7cbb15b5367f6cb774b1a156b61
-
SHA256
4d38e1e28dcec632015fb65ec355548906e9e73cf88b5e5cf42aa765ca8772ff
-
SHA512
8ccbfec3e6aae7288605e8cd7a18b98abb5ca1749558d20c736cbf5089b686de909e1f180b24d1f6f8a5f541014dc485ef25b20c3e518eff5b00cfc0654cc9c3
-
SSDEEP
49152:qv+k4YkJTeQ35Aoiy3Fd2eKvITUjK6KIOVx2RmpVcmUIT3HpI+SzpYp57p5pSg6b:qv+iu5Wy3LJKvDG6KIO7VoIdSzm/7/jk
Malware Config
Signatures
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
zhe.zhi.daqadescription ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener zhe.zhi.daqa -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
zhe.zhi.daqadescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo zhe.zhi.daqa -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
zhe.zhi.daqadescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone zhe.zhi.daqa -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
zhe.zhi.daqadescription ioc process Framework service call android.app.IActivityManager.registerReceiver zhe.zhi.daqa -
Checks CPU information 2 TTPs 1 IoCs
Processes:
zhe.zhi.daqadescription ioc process File opened for read /proc/cpuinfo zhe.zhi.daqa -
Checks memory information 2 TTPs 1 IoCs
Processes:
zhe.zhi.daqadescription ioc process File opened for read /proc/meminfo zhe.zhi.daqa
Processes
-
zhe.zhi.daqa1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:5027