Analysis
-
max time kernel
178s -
max time network
184s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
12-07-2024 12:48
Static task
static1
Behavioral task
behavioral1
Sample
3d70a4294b8692ce14601c93dc7044c4_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
3d70a4294b8692ce14601c93dc7044c4_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
3d70a4294b8692ce14601c93dc7044c4_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
3d70a4294b8692ce14601c93dc7044c4_JaffaCakes118.apk
-
Size
3.0MB
-
MD5
3d70a4294b8692ce14601c93dc7044c4
-
SHA1
50012fc1856e0da0d35676bb1219a6225c9ac376
-
SHA256
f257eb91a0df7cb1248173afbf11fb4aa1fa9656fa82c4fb71fdd8a45d93b6f9
-
SHA512
47d4df70c5174ace3c56820409ed674aff0b5243ab44c7cf5773256d3be9c68937168248e92919dd7d412c5cd2aa2a3191decb990e4e4b33a114ff57d69bbaf1
-
SSDEEP
49152:JOZ0X1JF0JQUS4yVFpvXFKvzHLjyx83yJN0U4X4r+IpQ9FWzZUGl6LikL4+QHTXP:P1JF0Jk4UFBF6lLUTlr9UGRXtLG6
Malware Config
Signatures
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.mahladev6.singers -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
description ioc Process Framework service call android.net.wifi.IWifiManager.getScanResults com.mahladev6.singers -
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.mahladev6.singers -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.mahladev6.singers -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.mahladev6.singers -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.mahladev6.singers -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.mahladev6.singers -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule com.mahladev6.singers -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.mahladev6.singers -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.mahladev6.singers
Processes
-
com.mahladev6.singers1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4932
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Scheduled Task/Job
1Defense Evasion
Execution Guardrails
1Geofencing
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
24KB
MD5382b888808c59c3994252e989820eae4
SHA150975b74affdc587ac3ac7893822c5a44fde1784
SHA2568c20d918974b2894d11583ac76ba003c0f10dae922bdcfd3090125945bab0b77
SHA5123baee962eadfe95590bdf276b117a2ab096c16f21b4a9a64bb07a751bc38814fc6981e50c182e110447d7427c4441fc693811f37083c986dc938e9109fab8987
-
Filesize
8KB
MD58f8aa35c9e4e7ff60ecde043cfd8de34
SHA12ae0fa30eec55d1b33bd9816e110180af20dcdb2
SHA2565380358fd0f81070cf22392c976edf6dd57fbf2c7b5a661f3de76328eff3edee
SHA512444b1160ca8dd33e6a103c8f7d9a7aaad61f8480172dff3476049720f024205a135f0f39f29c83ee7e074b7ad426bc5bf3147e25fa8c24a63a172d6dfdab5258
-
Filesize
8KB
MD5573ad7cd17674e6154d27e812fa57902
SHA1b08ae367bd000394f36ebbe1c800818c5bdc3f31
SHA256de7afe357e2d7150c1b6586ce88ac1b7ea92ceab120cd6398861b1cdb3dc6c70
SHA5121b17fc74c3604c6bdaa1f7ff8f709eb7760a0fcee4c30de2d5498832e392dcfa4d66eac9f95df23b8685ee9307eacae670fa5835f6c6a368a3da2f9745a6adfa
-
Filesize
8KB
MD5c5c8276e5e7fdecb1a29e1f16f6aed85
SHA1cb1214678b93bfbdd277cd6d02134c0ea8265feb
SHA256ee898dbd92b2f412544c057b5098d3d2ea3b61ec25d423f0f9c95ff5054ff48a
SHA5122e1fff9375cc2d3c6da47e533497b196ae14855fd3e39e08fa9fc60e94900f695aafa4311f43530f79e3dfde9fff66d2c7d5a0b1c8f1ac25d86163916e9d7453
-
Filesize
8KB
MD50d66e84a4a7f791696611936b6554027
SHA1a15981ca843d64c7971421b6cc7a7eca2a4afad3
SHA256fc1330359449d580577e5627f2d8e1b024555859fd3c0344eb5824f94afd41c1
SHA512484eb7d1b7eada918d669d806e3ec571481ab9895f77b7a26e3958f426c42ac2fbfe7335d891b34470b17e95c781b629f6b86815b765ab2945581b09d8a1002b
-
Filesize
8KB
MD548f3a6fc064d80dc7da9d010c52cec28
SHA14ee504c490e44abacbb0ec70084df16488a1bf40
SHA25652138af636ab9c422bd221d155201569e8d6c0675d723c8cf642ca9f80e3a38c
SHA512c8b0e0a844084674f37bf90aacb2677369a187bb4adb449900f63c4d33e452774bb8492b7adeb0adc142e739547aa7a89bfcd6a029f359de3a5a7002af8aba46
-
Filesize
512B
MD51f60bb36f4a2664d23ddc2b1c0874adb
SHA16ac634947c5de34db74cf9ba305cc2e45c0365ef
SHA256d40c678670aa2efabb401f43b4dfd02f8ed33aef7bf2ac7277d9e2cdd3908bb4
SHA512fd215416b895ac5e4c04d7a8f16bcdc6be6f6557cc4d4f5da29e35f9683a20ca504da25ad39acaef6f49e6827b182801c03fbfa8ecf640bfbbd7b7a640c117b0
-
Filesize
16KB
MD503271bbeab7122b501d6c9ebc84a951e
SHA16eaa6f9311fd6cf3bbbcc607cb13c0edb2e1fd39
SHA256192c6c54a45a16a9da016004b80d32d079b38ea095ff30c5d6a84e9789758ab6
SHA512289c295eff42e32ccfc1beccc7c2b6dc5cc08fb0ffafac5b6b058d356bc18aa80da0f9716821e24c1af87f4d3fa397a48f1f130bc39bf1e25d4d15b2bf69d026
-
Filesize
8KB
MD58f7132d2a5fd04fa57eff5c6d533f849
SHA1610b315bc8aef65d35023b257a27b5fef63c6244
SHA2562c2bde3133afea65b3ed15a93d080e438405ad097877065d54baa844e4fffd59
SHA512b4f6dff0b0bd14be5c9f81ae7dc538984b2027f51d1f7379eb0bc4ad1f33b27707b208a9171a3c66b386f96d1b8f1bb510d2772986d8283a9390a3aa9bed63ac
-
Filesize
8KB
MD5444dc1a37106c5884cf49c2479e996e7
SHA19a6344177b608e65491bacbe7ff79d6e2d9cceae
SHA256d8c81f710de6d4de55142876f2704262e8bfbfac9750b56ca3c892d200e9213e
SHA512137442d77c8a759948d76c047652c807fbeae47e65409c50aca6e7268cd55ecbc4f5998e9702d7ccff6bcbad162df1a03f968a6893ffdc89f4af703760062915
-
Filesize
512B
MD5735c7b42513118f973635dfa5534495e
SHA1bcd799a77e097fdb67c19f915b9a5fafa3f66d6e
SHA256252ff95259b5aabc91395b18cb50df654d9a05f1fbd91f9b2af90399eae2b5c6
SHA512909e8a0f0b4ceea67bef24408cc2198d4cadf73807f5e0c9cd7641a2442dfabd3a2f081591bf876c17630ac7b2a0c92df933edba4f8963c9ace8dbc8a48112a2
-
Filesize
8KB
MD5d48a6b4f9c288c5864ca60497786116d
SHA1c35d15c37f9262cda955aac86956fd8b1efd0059
SHA25653a301a3ef661061657745e8dbcd29836a2ffdc921c579be83b10308ce7d375d
SHA512033aa95f9dd8c06c0a34be292c85a7605d3a91e94436966b9d1c83037bcca481fd86049fca203919f601add24ee58b61ef040afd8a102ed12e353a1f74fef470
-
Filesize
8KB
MD55c94d4283d205aec4fbff7cef77fbd79
SHA145f1efac7fe38ba01dad3fb5fef52fe7f8eaf84d
SHA256fdf5081a100da64773bbcde4f205e3dac4dda41a1a2bc6a1b1962c6acbb17411
SHA512dedffc579413abf4008bc49e69b55fc02615ce8b571a91473c3a4da59ecd0383c600cdf4139ce9277c91ba2bb95d9cda809ec0dacc4728cae6b800de263a4ad4
-
Filesize
8KB
MD551dc15f4ae4fe44efb713e323599e095
SHA19222983e823940c85fb155a2ed9784615b113e05
SHA25625063169c155a347cf5dbbea86e36e0689a181c16f44ba37bd138590088f8548
SHA512b0106ffd14a6ba4768abfdd70934466e994258d5aadbd275e2eb50d0679dfed7577952a010e6be54f7fb292161b143392d260eb5c20fc73267ac766dbadba03a
-
Filesize
4B
MD50e0a4eb280283d343698dcbf9213bdb2
SHA1226a180eff9ea1bc088706418c181c344c275dcf
SHA256ac2264c2b181687108b48c7bfb689f5d490f461f9e40ab8a3d5c6b65cf586cd8
SHA51247de0dc967948608ea4ab42feb51d6f0fd7d553419d8ed82056384cf7c2f12d17e8a2fc1c63f9f37b9c9e8af3d5b15b03dae8e85a16d70b57eccdd06d2a85ac7
-
Filesize
58B
MD50d210bfb2a0e1f1b4c082a6a0f79de07
SHA1bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1
-
Filesize
3KB
MD5380a168073ef305097cecda6c5928c16
SHA1ef57b02b6e40293322e5889a18229097e8bdec61
SHA25697986c674004853313bb65e2be45b71a290094d864ecc927754f813b1c6f2d25
SHA51237ac805292007606325a8ff6fec6358035e04061114e3033af34a5e162a1cb2211c8bc8f025584fdec1a2d96d09d031339d0ae42dde6d1d2084dd05262ad2097
-
Filesize
7KB
MD57f66cc3c8854792136ca732e478f4a0c
SHA1ddef4931fcc9483225a75d7d092fcce4d70f9664
SHA2566357a4f3d1fadf0803b72dd23753c2b5654a2c702f3981a36cb8e3209636f037
SHA51218295092753b449c0c2d522589975315dd857fab001941f307ed983968fc1609bdfcf0ad86d52f9af2366d05d88a9183e9c4942f5469f5de8ce34b6124600fcd
-
Filesize
36B
MD51349b88b7d2037f2df96c326388d245e
SHA14010eef41c5b7b926490cafdfbf89fb167deda47
SHA2569214101f137f8e898551c84b1b7923d6fc7661a66838ebdfb27051707567dc5b
SHA5128a7ff7eb1179fa5acabc7ef1c76dbc352752c4fbe3cf9d398d2a9852b368fd3ad1dd368efe43d9036841f7167c7d6aa18c7e5dddf24df5542aa3f0c4cd6d7cb1