Analysis
-
max time kernel
179s -
max time network
188s -
platform
android_x64 -
resource
android-x64-20240611.1-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system -
submitted
18-06-2024 16:52
Static task
static1
Behavioral task
behavioral1
Sample
bcfa2209d11054733635892d7e649a0f_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
bcfa2209d11054733635892d7e649a0f_JaffaCakes118.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral3
Sample
bcfa2209d11054733635892d7e649a0f_JaffaCakes118.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
bcfa2209d11054733635892d7e649a0f_JaffaCakes118.apk
-
Size
3.2MB
-
MD5
bcfa2209d11054733635892d7e649a0f
-
SHA1
ad2e50173185f77c725e474a706d31f07a7121ce
-
SHA256
9f4c15a254c387f031f28ce6e1e78216d032a8eb4a4fef334056d44401577b55
-
SHA512
857d3e90c343b455fa18a3328e4b1eda0b3a46961145c028ccc2fa24850c9b5bb64d29932ddb267e7cfc2aa8e05a90693e5d3fb5d1a0615dc5d832439f0988bc
-
SSDEEP
98304:3xVo4XX7Sknb1Melze7jFvqHOgSbpRGbC1So7XAdM0fRdIR:3vo4XrSknb+yKhqHOvbpRrMo0dB5u
Malware Config
Signatures
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
com.wyp.awpjdescription ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.wyp.awpj -
Acquires the wake lock 1 IoCs
Processes:
com.wyp.awpj:pushservicedescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock com.wyp.awpj:pushservice -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.wyp.awpj:pushservicedescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.wyp.awpj:pushservice -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.wyp.awpjdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.wyp.awpj -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
Processes:
com.wyp.awpjcom.wyp.awpj:pushservicedescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.wyp.awpj Framework service call android.app.IActivityManager.registerReceiver com.wyp.awpj:pushservice -
Checks CPU information 2 TTPs 1 IoCs
Processes:
com.wyp.awpjdescription ioc process File opened for read /proc/cpuinfo com.wyp.awpj -
Checks memory information 2 TTPs 1 IoCs
Processes:
com.wyp.awpjdescription ioc process File opened for read /proc/meminfo com.wyp.awpj
Processes
-
com.wyp.awpj1⤵
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:5012
-
com.wyp.awpj:pushservice1⤵
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5152
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
44KB
MD59cd6e2bf837960d523f90cbe75d99397
SHA1c57f2d55f4be6dfda0be59de92fb7924f1940bd9
SHA256d5b6e58e38155557586adbe7c60317917b057305870bb0df9d43c5426dd81113
SHA512323efc27dc0b4836d398872b231a4e70d8223d8388ed7794795bdf02fe5e85fad1347e8efe0237d8f8c0932509d3969f0a60e3188d21b30c58c6a2791ba2177d
-
Filesize
512B
MD587da77cb77607f4d446af7f7bda798cc
SHA1179fffa3974b36d1079a70be599caa01c67063cb
SHA256b41683d48977ba38b857520070c15b965c4885f6ada50bbdeff2074b7961b082
SHA5125029082da572c79af66750539c5efbbdfbd63961fb3ee0da1115a3677b9d6731252e2c68d440f778d30888195207f15206cbf47ae4cedfb3ab3022d20def7417
-
Filesize
8KB
MD540a4baeab224eee2c40de959f6260989
SHA1806ca5693205d417c8d2639d3adc5a05b9827279
SHA256a32501653f6b30b5af167f944b4444bb32739ce60bc5f01878765980f575a893
SHA512db64d5ef091463f0688a0059523f54b0dc964fceb8ff3b239bff07265da9e08549c0b01476af6a82d4ea8e15713cb2e77692c8c0c69f245eee09b3e7ed1f44ff
-
Filesize
8KB
MD529126be9424fc8d95e9e5964ff79013e
SHA1bfaf62e3e688ac66151c21177bcd72b61d7d7531
SHA256e7ad1cc9881cb7f03cfeef8c604acb6514de238472356d85a5aab1a229b4dbb2
SHA5120b63f20f827d6438f8ff1a9894f36ae38e6cfcd5075951ac55925e0d21838799d5367dc05f2a19bbf2320d41519c00da90b36887c9322a5e12a695084f3dda59
-
Filesize
4KB
MD597093142a0a1f5de93cc2a11189395e5
SHA1fccc8d20d7f3c94e6f766297d17552903aa68b56
SHA256b57be855dc5c50e1bf366fc69381eb3ac1c575b336fd91ba4a8178f47e0ebfdd
SHA512fb3b57e95d6269f0e818c34aaf4225a4821e9d7f4db906366405ade19defef00db4f81b6e89b7c71f32614c4c18c192c66a7ca0dfad81ea3029af72830ed8c26
-
Filesize
8KB
MD5f159fbd1306a63368779135ce676a9f9
SHA141f44370fb0d3034b26cef6f6b20ac0faf7cf757
SHA25688645964275b408e03c04fb6139c05943ce47d5205e86dc4ba8d207fbab678d6
SHA512b082c4631b11898dec8cc3a37e7c5c5388dd032a07543f1172b9677ff785f0f7d03b1bdde65b09c7b12974adc6460d8b4892ca1d0bd7b0bc3bdaa632a28057b8
-
Filesize
8KB
MD5aaca3f2bcac55b0b07c90c641ea59ec1
SHA126e9581d2d48ce602ae58416bf6a3ed339559d5c
SHA2565d8069b9650d230998ad2306944a832ed72de6d032ecdda2b1e6fb072e357ac1
SHA51244d484aef9b85c6fc945947a26c4e2f9abf7678d899b4a3db27daa4a3f1f67cde5b969508e851b9d3a92caa771b82580c7eb40f11018ecd42a0f11c636ad4837
-
Filesize
80B
MD5da7511752d63d51398e04c9697bcb4dc
SHA10935547e85a4d4015fd859da39d616c30f572350
SHA256200fb0989d27bde4c7241d563bf58a3ebc87e419adfc56e4f36c0054e588cf84
SHA5128a2e364740e6d18bd5a912f003294c6c95f3e651156638d55877513f578a8199d9c376a492f764b480fadf2a121e3d466b8e9413ba3109861dd32f67149f8592