Analysis
-
max time kernel
178s -
max time network
133s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
01-08-2024 17:00
Static task
static1
Behavioral task
behavioral1
Sample
814cc255fb09aa69934a0bd6209e2cc2_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
814cc255fb09aa69934a0bd6209e2cc2_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
814cc255fb09aa69934a0bd6209e2cc2_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
814cc255fb09aa69934a0bd6209e2cc2_JaffaCakes118.apk
-
Size
5.1MB
-
MD5
814cc255fb09aa69934a0bd6209e2cc2
-
SHA1
ca78b55c86c329788806019c1eae1137ee48ee10
-
SHA256
3529ee191fc7d8a351436adb058e1b3d4f1ab460638eb26eda1e0b5e98800dbb
-
SHA512
9dfb359ea71622c0c33490d77c42912238398ce4e0a9ca5070329348b289c1bfd55ae4e165408d20ec6c9fccd4059701b7689c7ca2472212660a2f46be88805e
-
SSDEEP
98304:yQEeqttwbjkiuBgocZ3MH/oZ7nfF1fiJYiQmwgJ/rtVqJabqZa1MdtyVsobh0:YAbgdgocGM1fi/QmvgJa2KMdpZ
Malware Config
Signatures
-
Hydra
Android banker and info stealer.
-
Hydra payload 1 IoCs
resource yara_rule behavioral3/files/fstream-2.dat family_hydra1 -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/fqey.lyrcbotqgnnwolmxceln.lsaga/app_DynamicOptDex/fbSikw.json 4474 fqey.lyrcbotqgnnwolmxceln.lsaga /data/user/0/fqey.lyrcbotqgnnwolmxceln.lsaga/app_DynamicOptDex/fbSikw.json 4474 fqey.lyrcbotqgnnwolmxceln.lsaga -
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId fqey.lyrcbotqgnnwolmxceln.lsaga Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId fqey.lyrcbotqgnnwolmxceln.lsaga -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 27 ip-api.com -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo fqey.lyrcbotqgnnwolmxceln.lsaga -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone fqey.lyrcbotqgnnwolmxceln.lsaga -
Reads information about phone network operator. 1 TTPs
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.1MB
MD5fa96d6100853806e22dbd72cf4539f1d
SHA12e4343ac254eaa7952802e0d5a31f60ed3f68bf0
SHA25616b26a153b64156b279b866747990bfd029e637118805f8f29788c0a1da81b1f
SHA512d25221e9f9ff90fd7da750bd8a94f6dcba62a7fd3245252d42f6af30f14c813ae5926d0eea9829d3d3ccf7a408bcb2ca54b2acda56ba0b921e02c26f794fd4e2
-
Filesize
3.1MB
MD52220a66512924e0ced83a2df6a9d6cc9
SHA1f839a63c6e4526f61be861b32bd3f336e1b5b7d3
SHA256f30aed324101c4b87e153eb066e98722558bd1d2fc4fb80820e4978ff623a19c
SHA5124b5c638ce74be2c38910e2b92852910afd194b12456d5836aed9e1472b25345a82aad0598728eeee7cdcd54e5be697a145e4802e7e900716cf18763672a4a9aa