Analysis
-
max time kernel
179s -
max time network
167s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
22-08-2024 21:38
Static task
static1
Behavioral task
behavioral1
Sample
b93e21c464b22dc3bebc7a962313a4ce_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
b93e21c464b22dc3bebc7a962313a4ce_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
b93e21c464b22dc3bebc7a962313a4ce_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
b93e21c464b22dc3bebc7a962313a4ce_JaffaCakes118.apk
-
Size
608KB
-
MD5
b93e21c464b22dc3bebc7a962313a4ce
-
SHA1
61171dd38495ada0736b1e86c22d811e448f669e
-
SHA256
5bc74f131a4261a944e9677894828a69902a76dbdd71849508a07014c5ed5440
-
SHA512
db55243fc44750f76a436be9dbb4b147ec8cb793aea105f42e1cbdddb03137beebf7f49fcaf815770f57872574dae11014eaa8e54a837125ea2834253900e49b
-
SSDEEP
12288:K2kUcUwUWJNRWiotOW2GtJzHc53o1ynd+mzG33o1ynd+mzGw:hkB7RRWiotOHWlcO16KI16Kw
Malware Config
Signatures
-
pid Process 4981 com.qbedura.mauzrpl -
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.qbedura.mauzrpl/app_files/kcmlvxrybf.jar 4981 com.qbedura.mauzrpl -
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.qbedura.mauzrpl Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText com.qbedura.mauzrpl -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.qbedura.mauzrpl -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.qbedura.mauzrpl -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground com.qbedura.mauzrpl -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.qbedura.mauzrpl -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.qbedura.mauzrpl -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.qbedura.mauzrpl -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.qbedura.mauzrpl -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.qbedura.mauzrpl
Processes
-
com.qbedura.mauzrpl1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4981
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
1Suppress Application Icon
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Discovery
System Information Discovery
2System Network Configuration Discovery
3System Network Connections Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
121KB
MD5d3245658a179de61d29f6aeaed36760e
SHA16ed4c5fed04dfb5e47c1e6710f5302fd467da5e9
SHA256dc13be485166f54270bee1efdfc487c8e6edf101729fd6ec78acd9180dba0625
SHA5128fa9e0a7570f24bd59190e6a5eceeeeefc0292c1d73cb56795e445a6e694403bd14c6255f80fac7115310655b175877d6f52316b8687db9d9c13d59001d7ad6e
-
Filesize
198B
MD5f2720058e4ea3ec762abdb7ef9d6af3e
SHA11cca7d58d559fc5828bb3ba4b4520382c87c4477
SHA256f6347e0dc9c6ac8d749193cd39d5351e7ed35828ffc9987fb33b3e85e8eef221
SHA512680b5433dbc32e7001c436a832c73d52ab46a2fcf3a9dc5856559f2541b07bf491353c54327a1875ebb276daa8d8c9dbeb53e47b99bbb7bd3e3c89d56f7b47ff
-
Filesize
20KB
MD510fb6a7b53feff64ae455669efcea801
SHA1ce12acb361007f22109a555322e79dd5272997bf
SHA256a0619743fcae36457deb02c8b83c88aa56cb5c097ae7ab3f5badfc6aae4abce5
SHA512d883e234b13a23f26b8e0042859be1cf82798bfa67b5691311da12c0b2e4a9d03e32c52ed939be90c839ca5a1667d936105938d43adb4443006d56f23c433090
-
Filesize
512B
MD565858eafad8ac3e43365e7147c84db09
SHA15a30bdf18d7897d6708f142b81dfca860d1f3026
SHA25634f4dbc8dfefb864aa3e346f6c2e5aa059b8221ce1ec46acfea1a8d1ff2c598a
SHA512199225a1d973e3071f79bd2a5c85ddc8dfef608dee51a8dbe4979cb7ff139bb02c3a5f06d74f7cb0d23004863d7c3ab4785c31478ab0f30bacd93642b6467e13
-
Filesize
8KB
MD54b59055788d571f4e6d3835b30a48593
SHA169e428798d0ad8dbfa68232425e10a21a2ded70d
SHA256bfeb480e8353722183ad4603ec5a0b75f57cf25018561e7d192bb850a54de2e4
SHA512fe4b8c5b2cb82b200cec7ee9a64385716b20aae8d521cfb27ddb2e079363de91e49270ed7ee58e94f3d7d42ff39ebe9841acf720e21c26fdeb7c68e1d22c7f05
-
Filesize
8KB
MD5948ad5448096018dffd4034ce8374e77
SHA187f946171e9036371fc70affa76d80b5ee643d88
SHA256fa0f94036d4f02dbed5751d1be4ed50dd5b29b92dddc3f0aa8c487f9a592db65
SHA5122aaaff03a5a21b1f329fc40720112727ad2a53b4d6ee330b88d550174629f65b3f217abf4fda0f124c2ad6d64d023a245f177a0a43c84fe714c98e372c43a37d
-
Filesize
246KB
MD530bb3b067ba15933c23a1c2b5b6426ae
SHA1891c4b1c6767121c64708ec94c015f6ac983b405
SHA2565abac66e945cd59de13823849c6dd5ef51278047ae533c9a4e35152283fdf3e1
SHA512d5866c4916777c504e661452d0fef76cc6e0a2c1fa198ec0e206b33778d5b68835466aad2085edef67208af4fe694d17c3ac008f2b3cd585ffd0d14eab9bac3c