Analysis
-
max time kernel
141s -
max time network
132s -
platform
android_x64 -
resource
android-x64-arm64-20240611.1-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system -
submitted
18-06-2024 08:40
Static task
static1
Behavioral task
behavioral1
Sample
bacd896ded6a227b8c3e7e115b57f2f9_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
bacd896ded6a227b8c3e7e115b57f2f9_JaffaCakes118.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral3
Sample
bacd896ded6a227b8c3e7e115b57f2f9_JaffaCakes118.apk
Resource
android-x64-arm64-20240611.1-en
Behavioral task
behavioral4
Sample
gdtadv2.apk
Resource
android-x86-arm-20240611.1-en
General
-
Target
bacd896ded6a227b8c3e7e115b57f2f9_JaffaCakes118.apk
-
Size
3.5MB
-
MD5
bacd896ded6a227b8c3e7e115b57f2f9
-
SHA1
03c6249af25bc7cbb15b5367f6cb774b1a156b61
-
SHA256
4d38e1e28dcec632015fb65ec355548906e9e73cf88b5e5cf42aa765ca8772ff
-
SHA512
8ccbfec3e6aae7288605e8cd7a18b98abb5ca1749558d20c736cbf5089b686de909e1f180b24d1f6f8a5f541014dc485ef25b20c3e518eff5b00cfc0654cc9c3
-
SSDEEP
49152:qv+k4YkJTeQ35Aoiy3Fd2eKvITUjK6KIOVx2RmpVcmUIT3HpI+SzpYp57p5pSg6b:qv+iu5Wy3LJKvDG6KIO7VoIdSzm/7/jk
Malware Config
Signatures
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
zhe.zhi.daqadescription ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener zhe.zhi.daqa -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
zhe.zhi.daqadescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo zhe.zhi.daqa -
Checks CPU information 2 TTPs 1 IoCs
Processes:
zhe.zhi.daqadescription ioc process File opened for read /proc/cpuinfo zhe.zhi.daqa -
Checks memory information 2 TTPs 1 IoCs
Processes:
zhe.zhi.daqadescription ioc process File opened for read /proc/meminfo zhe.zhi.daqa