Analysis
-
max time kernel
165s -
max time network
150s -
platform
android_x64 -
resource
android-x64-20240611.1-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system -
submitted
18-06-2024 12:35
Static task
static1
Behavioral task
behavioral1
Sample
bbf5a3042283fb27de1067e4519548de_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
bbf5a3042283fb27de1067e4519548de_JaffaCakes118.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral3
Sample
bbf5a3042283fb27de1067e4519548de_JaffaCakes118.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
bbf5a3042283fb27de1067e4519548de_JaffaCakes118.apk
-
Size
151KB
-
MD5
bbf5a3042283fb27de1067e4519548de
-
SHA1
53e19c611fc2f0f22acbc5539d80e812bf34d5ef
-
SHA256
b569285906d15b1929ab18d9fd6dd903893167f9b4992f4f14cb227cccb16f5f
-
SHA512
18fee642ce59e389fff799398f106f9d94d12766573fde502da8ee3b6a6910df8fb1f240d1b22e065139a1b1f41498e65ca084fe868dbf33c21bd06a8ac004b2
-
SSDEEP
3072:ycn2JtlOon0KPZg9l79Dtm3jQdb/mjS84AY9n:IXn1q3pxOjS8W9n
Malware Config
Signatures
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
com.tlightsky.photomakerdescription ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.tlightsky.photomaker -
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
Processes:
com.tlightsky.photomakerdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.tlightsky.photomaker -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.tlightsky.photomakerdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.tlightsky.photomaker -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.tlightsky.photomakerdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.tlightsky.photomaker -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.tlightsky.photomakerdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.tlightsky.photomaker -
Checks memory information 2 TTPs 1 IoCs
Processes:
com.tlightsky.photomakerdescription ioc process File opened for read /proc/meminfo com.tlightsky.photomaker
Processes
-
com.tlightsky.photomaker1⤵
- Obtains sensitive information copied to the device clipboard
- Requests cell location
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:5013
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
20KB
MD562a3561989ede658cd16cc1f14199c1d
SHA16320791cdfd16b26450bf711bd6776d80a396912
SHA2569ae0206411304ee027e0cfe3b4e6732ced5b423f99c33340dafb68d2b5b215f6
SHA512c4ef43e702e053ee39153149d1fb11311c57c6ad5393ea905df942df8bcd3625e2224563eb4c35bfc45e140aa09135c5123f48d220fe622d9dcf2a4cdaf5dfe4
-
Filesize
512B
MD5265b366b62f88f1875849541563572cb
SHA1cb6215fbef1a7e23475785550fa4e2f655117cdb
SHA2567379c610085f4a9659c1806e815f12d01c59caeb70be3c7d462fac721b1bd1dd
SHA5124dedfc48e7f9a77a9d5fb692d53730ee0cd363a356e56f0a4536d5f17e7ccf7cc9724c83a439b48c5252446840e5f9eb051bc922560136c7968072840d2f0920
-
Filesize
8KB
MD5db08452aefcd51efd568e22f2a572924
SHA18a336d3c3bb3fa3318d374550477967918aaa0d7
SHA2564af2d017238111bb617bb8a2dd681d10db9a5a060438972ecdab1bf700ca9cd2
SHA5124a726728bed52b01ee31b377001b7dc58203478e9bf890a798fd21a7402515c9d3bf4892bde0cc17188c038f8ce8ae6ddcdfac8afb6342d7ab40da26f0cd4857
-
Filesize
8KB
MD5267668045226e28c034fb57088c387e8
SHA189cf9a8ffc2b736c79a0f71cfcf9cf0372407702
SHA2568ac55cd897682b3b1dc5669276557b84d32ef2b8c34c76a94c6dff5dbeec399e
SHA512dc44a7311d3cd7f41d883d72b95fc8ce63ee9ebd0cdc926e6fac999c781380cfd0a4b1e44bdba169671cb6cc817fe4603ed45cc4ddefc0863fc50fc927e94755