Analysis
-
max time kernel
18s -
max time network
148s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
24-08-2024 08:24
Static task
static1
Behavioral task
behavioral1
Sample
be3780d79c9774ac539fc21491cfa14e_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
be3780d79c9774ac539fc21491cfa14e_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
be3780d79c9774ac539fc21491cfa14e_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
be3780d79c9774ac539fc21491cfa14e_JaffaCakes118.apk
-
Size
763KB
-
MD5
be3780d79c9774ac539fc21491cfa14e
-
SHA1
ee6056b2c63405e00ccf5022ad8e22f323d7133f
-
SHA256
e1ef06cf082a26043305c730f719ce56205ab522181398b26330d7bdff0308af
-
SHA512
f69c084626454b7cf433f03a619e011a337516af8f5c03811264fe0ca4f864a92a252e58664c3ddc1ac5cc64f050399ac1cc878284ffa772257bbc6a3fb72e24
-
SSDEEP
12288:b7ecpxMJdYb3xFARpLh0OA9EjXQ3nRVqZhDW/8ab5mXXc4:XtpxMJ4xFARlhLA9EjgX7eg8emXXc4
Malware Config
Signatures
-
pid Process 5056 com.eset.ems2.gp 5056 com.eset.ems2.gp -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.eset.ems2.gp -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.eset.ems2.gp -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.eset.ems2.gp -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.eset.ems2.gp -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.eset.ems2.gp
Processes
-
com.eset.ems2.gp1⤵
- Removes its main activity from the application launcher
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:5056
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
9B
MD5a6a05b9c35fb42b2a2bdb4a8f037c351
SHA106187a5ee4a9644ec17d4e70f8ad45e154e8579c
SHA256a5af7b5516b3b9f68986c0ef3e04e9b67d13219cda57b612842eb0a45a5b2ceb
SHA512da823ee584eb5f423d0aadaa250840311483b45a77f03d9a2b8e74e7485d6591f50aae609f49703c2ac7d683809be42beffac35b8783130b59911d43c1392b05