Analysis
-
max time kernel
165s -
max time network
132s -
platform
android_x64 -
resource
android-x64-arm64-20240611.1-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system -
submitted
18-06-2024 12:35
Static task
static1
Behavioral task
behavioral1
Sample
bbf5a3042283fb27de1067e4519548de_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
bbf5a3042283fb27de1067e4519548de_JaffaCakes118.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral3
Sample
bbf5a3042283fb27de1067e4519548de_JaffaCakes118.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
bbf5a3042283fb27de1067e4519548de_JaffaCakes118.apk
-
Size
151KB
-
MD5
bbf5a3042283fb27de1067e4519548de
-
SHA1
53e19c611fc2f0f22acbc5539d80e812bf34d5ef
-
SHA256
b569285906d15b1929ab18d9fd6dd903893167f9b4992f4f14cb227cccb16f5f
-
SHA512
18fee642ce59e389fff799398f106f9d94d12766573fde502da8ee3b6a6910df8fb1f240d1b22e065139a1b1f41498e65ca084fe868dbf33c21bd06a8ac004b2
-
SSDEEP
3072:ycn2JtlOon0KPZg9l79Dtm3jQdb/mjS84AY9n:IXn1q3pxOjS8W9n
Malware Config
Signatures
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
com.tlightsky.photomakerdescription ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.tlightsky.photomaker -
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
Processes:
com.tlightsky.photomakerdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.tlightsky.photomaker -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.tlightsky.photomakerdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.tlightsky.photomaker -
Checks memory information 2 TTPs 1 IoCs
Processes:
com.tlightsky.photomakerdescription ioc process File opened for read /proc/meminfo com.tlightsky.photomaker
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
20KB
MD5ed710a8968441282a5939621c2771927
SHA1b6ac28b3e32ea66790c52d6934608b5e71f3d5b8
SHA2566e7b95a553c2528d6c564296a9e481a6d913074c35011a19f2da8e4807c53bb2
SHA512547d7c530ad345edf6b880b7685d2ddf3770e595fe3a40041677cb0c296b15ec6d9e8ebf3f2db51624be41766a0af6764512f1c352d5fde22bdea81d7c08e364
-
Filesize
512B
MD527622748eb25d9001644304692af2657
SHA193485857d5bf61c92d6b4aac772845c0ebc443c9
SHA256738133f54d16d7c4bf8687586447d8a3c5d0ce1de07d3773b1937834ef5079b8
SHA51232b53ee87fdb8af51ac40444ea05c292a80cea997d1ace31f9eb14fd320e11f04ffebe46545620552f1b618d590206f258665081fa16f8eb3f926bc0ba13d81a
-
Filesize
8KB
MD5394fd077a7d86b3c37e3222c20ac2ecf
SHA10a3aceeb767a98a3002ec959384100d6a2812246
SHA2563f1fb6f743f4eed05751abb37fa3b6fed564acd8bd814cb023b189f811c7181c
SHA512b12ddcadab169de211bc9db06c4e91618b7670d7c763558c50084885adcf6dedd7c2f64d037720a99da9ec083b196fe88572da64c23041c524181910ae05b545
-
Filesize
8KB
MD5e0b9ef8624f2faf2ec9ca43218005a5c
SHA192257bcde9e871c6528e2edf259de12d6084a6b5
SHA2560ce98507b94dc850316a4b76d94ca2ee517f2753d8b541be3abad0cabf321586
SHA5124fa1fa4fcebddb9ade920eae2d1bb46e633c645899004a22538aad4e5eb773c42fbacdc7f932a7aa7b87cbff08d4ebdd8261dd2f87f45b04d5b1bddf38feb9ec