Analysis
-
max time kernel
179s -
max time network
171s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
22-08-2024 21:38
Static task
static1
Behavioral task
behavioral1
Sample
b93e21c464b22dc3bebc7a962313a4ce_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
b93e21c464b22dc3bebc7a962313a4ce_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
b93e21c464b22dc3bebc7a962313a4ce_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
b93e21c464b22dc3bebc7a962313a4ce_JaffaCakes118.apk
-
Size
608KB
-
MD5
b93e21c464b22dc3bebc7a962313a4ce
-
SHA1
61171dd38495ada0736b1e86c22d811e448f669e
-
SHA256
5bc74f131a4261a944e9677894828a69902a76dbdd71849508a07014c5ed5440
-
SHA512
db55243fc44750f76a436be9dbb4b147ec8cb793aea105f42e1cbdddb03137beebf7f49fcaf815770f57872574dae11014eaa8e54a837125ea2834253900e49b
-
SSDEEP
12288:K2kUcUwUWJNRWiotOW2GtJzHc53o1ynd+mzG33o1ynd+mzGw:hkB7RRWiotOHWlcO16KI16Kw
Malware Config
Signatures
-
pid Process 4468 com.qbedura.mauzrpl -
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.qbedura.mauzrpl/app_files/kcmlvxrybf.jar 4468 com.qbedura.mauzrpl -
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.qbedura.mauzrpl Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText com.qbedura.mauzrpl -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.qbedura.mauzrpl -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.qbedura.mauzrpl -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground com.qbedura.mauzrpl -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.qbedura.mauzrpl -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.qbedura.mauzrpl -
Reads information about phone network operator. 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.qbedura.mauzrpl -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.qbedura.mauzrpl
Processes
-
com.qbedura.mauzrpl1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Queries the mobile country code (MCC)
- Checks CPU information
- Checks memory information
PID:4468
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
1Suppress Application Icon
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Discovery
System Information Discovery
2System Network Configuration Discovery
3System Network Connections Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
121KB
MD5d3245658a179de61d29f6aeaed36760e
SHA16ed4c5fed04dfb5e47c1e6710f5302fd467da5e9
SHA256dc13be485166f54270bee1efdfc487c8e6edf101729fd6ec78acd9180dba0625
SHA5128fa9e0a7570f24bd59190e6a5eceeeeefc0292c1d73cb56795e445a6e694403bd14c6255f80fac7115310655b175877d6f52316b8687db9d9c13d59001d7ad6e
-
Filesize
246KB
MD530bb3b067ba15933c23a1c2b5b6426ae
SHA1891c4b1c6767121c64708ec94c015f6ac983b405
SHA2565abac66e945cd59de13823849c6dd5ef51278047ae533c9a4e35152283fdf3e1
SHA512d5866c4916777c504e661452d0fef76cc6e0a2c1fa198ec0e206b33778d5b68835466aad2085edef67208af4fe694d17c3ac008f2b3cd585ffd0d14eab9bac3c
-
Filesize
188B
MD55c39b8bf0661c2542fa3d28fce8b11f0
SHA1d20f88011ac64c58ec1b8ccca27e2a8d751a7c16
SHA25669bfa300640a12289e4a8287411d052465b69681d82bb5c0124e9bc2e7536b4a
SHA5120fe727b35803e37b360223d666c1237a856d89a706e0fb02475c32d80cf6f55ee98059f3cd9b7b7e6fd28d6c7bf177089efd191d37cdc119f7b83907d45df323
-
Filesize
20KB
MD5e0f57e96a9b115242c14c6f8261a6ed7
SHA1ec8faa66511ba1518b3c938c54c9850670638245
SHA25696a0471ddf867a05f8b151b93c5699f6fe89ba56e75c25eef5d4fab48eb74031
SHA5129ba3869916292ea558270833efbb430971e331ec39180978ed662f7ce38e8118fc502d3c55b936fc18f8b6660b248c684c56fdd3bf56be6b434641260a3bc882
-
Filesize
512B
MD5051058e18936e3c908e548b65258e311
SHA1b74623e5caa85638f7b0ddb99e86c79cf3d5a55b
SHA256c174108ba79cbf416aa64b67eb671fd7857897c82620569322faaf32f43e0bab
SHA5127f9a42a9736f73f7a55b3a837a0f1a9585c7902ea59683461eeda04f7134374b1b868e851a424f699f0ba2ad01048d58e4b8ae4a88635447b24b36516fe6608d
-
Filesize
8KB
MD50d2ba9e75a0e161dd52183cd8ee1e77b
SHA196dcfd89388ce7940b93c9ea15cffdfd36bed7af
SHA2565508352a0b89a85c9bfea9ea57bb8070d9802c831bdff6ca1eb7356dcd369a2f
SHA51277f694a078554ec629e69b8be9f413d912704d2d87443e4cc274ca948280ebdd57c64d400f64c7c3b10ca035f5a799a41d32ccfc3a8ddf29dcf1feeea0e6b477
-
Filesize
8KB
MD55c2148ad7246734f3d160c45abdb619f
SHA120c5275c25de924abcb06e0d5a20ace16329e110
SHA256feb25acfafd4294e20eee6ca274e430d6013b167dd72c926ada089f39e187dd4
SHA512931c6294f33dc3e9e097b4c4a93c2d8965f6b18a93e7b21c68eddfab928177d7e78713e8b3ee14fcf887776a6c87338ed5a36cece1ec3ed40177538c044ac519