Analysis
-
max time kernel
51s -
max time network
152s -
platform
android_x64 -
resource
android-x64-20240611.1-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system -
submitted
18-06-2024 10:48
Static task
static1
Behavioral task
behavioral1
Sample
bb876861f133a5ecd283d674933c796f_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
bb876861f133a5ecd283d674933c796f_JaffaCakes118.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral3
Sample
bb876861f133a5ecd283d674933c796f_JaffaCakes118.apk
Resource
android-x64-arm64-20240611.1-en
Behavioral task
behavioral4
Sample
GH.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral5
Sample
GH.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral6
Sample
GH.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
bb876861f133a5ecd283d674933c796f_JaffaCakes118.apk
-
Size
3.3MB
-
MD5
bb876861f133a5ecd283d674933c796f
-
SHA1
3e83583c20051226b2d28437ad7ef3f57302967b
-
SHA256
8dedafc31a1eb5c9597faa3e3a8ec898f11d12380c4f44b2494cf13211042585
-
SHA512
fe176ce590b9c52543a5cc251353a44da1a5ed361a7a7f41afc0a47e5153b1d56cfee881c73d1762a7a147b72cd153537623146616a4de598825aa3b5f861721
-
SSDEEP
49152:n5lxew23U66O1aju8OmIdT+HlBsN6eOWd4447Q4zgTg0AzA3Gdhz/qw2qdJH81WO:1e5aO4y8gdqHlM6qj40s0x365ndJ8WuV
Malware Config
Signatures
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
mr.midlet.tafang1.gboxdescription ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener mr.midlet.tafang1.gbox -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
mr.midlet.tafang1.gboxdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo mr.midlet.tafang1.gbox -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
mr.midlet.tafang1.gboxdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo mr.midlet.tafang1.gbox -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
mr.midlet.tafang1.gboxdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone mr.midlet.tafang1.gbox -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
mr.midlet.tafang1.gboxdescription ioc process Framework service call android.app.IActivityManager.registerReceiver mr.midlet.tafang1.gbox -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
mr.midlet.tafang1.gboxdescription ioc process Framework API call javax.crypto.Cipher.doFinal mr.midlet.tafang1.gbox -
Checks memory information 2 TTPs 1 IoCs
Processes:
mr.midlet.tafang1.gboxdescription ioc process File opened for read /proc/meminfo mr.midlet.tafang1.gbox
Processes
-
mr.midlet.tafang1.gbox1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:5094
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
24KB
MD5b490e130e9694441f52b1057517e614b
SHA1d098b151ce22b96f03d15df57893fe4cfa7432d0
SHA256e325e8f7405d4d79efe28e7e811108622ba8a0f703a4bdca7b87c124232a0526
SHA5124d6976db77ebbb2084f428af8cd8f58a7db8c676e3a844207c5243085046925ccc104a9f8f609273a160802da120fde36eeb8ee437051e4381efaa4024ddbd2d
-
Filesize
512B
MD56279a6c259efd41ef4c3330031ac27b1
SHA1e1356a178a24c18c89ff73c1019806799eb2c58b
SHA256205ce1633676d8d31754e9546d024193dc2c8ec0cc51f01c33e9bdf45e5de9fb
SHA512329dccd0ef7b20bc58a8a682845e4e5a98c16d9260fda89ec13ef2699c500c557a080a5ab059fdb6fa4fa966f9b10b5d150b688c9cb618ea86acf1d46987b21b
-
Filesize
8KB
MD5ec84653820c5b08775ba80c151778a47
SHA1fa86dd2c4a8e6f421f15d2c1f818be0b6d9b00e5
SHA2561c61bf4deee7fdb73aef3e1e4f7f7321a1add770e827f037043569898f12beb3
SHA51293c9e3ad085ac967d7f9f7be4eecaf383a7e14d79c63cb4524a2201e672bf6dbaf22837ec9eb1c973b8c3a3bfa124c5000573b70ff1c72db5e10e00e526753d9
-
Filesize
8KB
MD52ef28b850e4665c4eb22e32649f235bd
SHA1b9d31b02ee86d49bd03c6a6d572fa894779b8e34
SHA256f03d1ad307b7c8d8f1776fd56a7171e7a22e8cd687e45e3bdc1a56b29b902ed1
SHA51278882d3d4e3e49bbe1dd528187805559804f8528893d815e7b65f18428e414b78203970dc4a49f1c5e389adb2fb62d58ff790e20c61240c3d9b1aecec4c37f4a
-
Filesize
12KB
MD5c162d4087e6fe5c1f0bbf89d862dfbd8
SHA18ba60dbcb825f2cd4e69a5c066d3f7343f2d9f4b
SHA25644c05a399aafc94d07d2ecb0c3d29325b8d5de85014c42418190c9b16788029d
SHA51222728c965eb1f50467ba35b851e73c7658f3bb4e75d1d1e6b1faab8c4a485cd044fe57f378791be6cabf12f882d66bc1dea494f2899370c509b5dfebbb7d9afa