Analysis
-
max time kernel
24s -
max time network
131s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
24-08-2024 14:52
Static task
static1
Behavioral task
behavioral1
Sample
bed4341d229f4628bed4cacdfdc9e61d_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
bed4341d229f4628bed4cacdfdc9e61d_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
bed4341d229f4628bed4cacdfdc9e61d_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
bed4341d229f4628bed4cacdfdc9e61d_JaffaCakes118.apk
-
Size
6.1MB
-
MD5
bed4341d229f4628bed4cacdfdc9e61d
-
SHA1
779336f10a127a9eae657f1a933a9cf163407462
-
SHA256
151d56bfb13988f6be7dbc8b5070544ed0ee3820711d784ac973eb75c8b80da5
-
SHA512
849fef5c96a282185d8176464b96ee34d9c4cfe5c37b8f71540f76290db5050ce37f81e0adda536e7d567d7ce59544bf83e83ca649f849867fff5a46f7848dff
-
SSDEEP
98304:uMdrTLhXpUcxh7EMEjzePP2MD+IdZo4LngHIkZ8XzgoL4mdJxYGyavbnjjoGMLxw:u2hozePunOAokGzgxmTgqbnjjop/f0K8
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 4 IoCs
ioc Process /data/local/su com.yelp.android.hack /data/local/bin/su com.yelp.android.hack /data/local/xbin/su com.yelp.android.hack /sbin/su com.yelp.android.hack -
pid Process 4248 com.yelp.android.hack -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.yelp.android.hack -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.yelp.android.hack -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.yelp.android.hack -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.yelp.android.hack -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.yelp.android.hack -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule com.yelp.android.hack -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.yelp.android.hack -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.yelp.android.hack
Processes
-
com.yelp.android.hack1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4248
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Scheduled Task/Job
1Defense Evasion
Hide Artifacts
1Suppress Application Icon
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
512B
MD5b3433a8a8397cbce6dcc13eb30b4aaa2
SHA15d595d1bccb419456e1daf65a520c56589f693ab
SHA25603e03549c374e34c105223b0eb5adfb67ec65998c6ceb77fa1ca33b388abef2a
SHA512856c4e136f059f6b491be4d1557e5b674459c1db506d93e9cb36223a951a5f59e9a375c3d4dc566f3c0d1a5535fea453c66bdfeadd2200cb6bd899155c821fdd
-
Filesize
52KB
MD5a31f818d2b2f19c4d3e549a2680d941b
SHA1e4429009d3672405889f656ac50568bcde9ed7f3
SHA256ce979c594371fff74cf50b02b5fa13cdb3f87e60659fdb83d1a2c65594fbbf4d
SHA512ba05b0c1ca426b38a41b75b49297a930ef5d21790da9733e4400aac0e29b1a9d86a882730e0b6a215edc85e865d46d1de3047c9637da4a25ceda10d10614152f
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD547f580f9665f488d0408d45335bf3cf7
SHA1aaa6a6ddbb4fca9c541c73941f97d6b2423b3d80
SHA25641718bf3fe01d7ba9bfa05b9b002a6cbe7473c46caa017e5192ce2d9229b9c75
SHA512e35e00a5dfc8d183730c61ea3575ee2c30bb9015c3ea1f921e0efa51189567e5f39dd4986c6603a8c6981c0a50a23dfef6027fe4b6f310bdf90e68ce89cd4018
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
32KB
MD5d001f15894704865914fe679ccd88422
SHA193b9341dae5f55f2640b8acbaa8ec94251b0ea6b
SHA2563f5d58e6c69e25665162a9d9e90d07118f3cbb7c780d9a25e44e50f89c81ee09
SHA512b64f1d548fdb7e8ec4b53b2bc2de729419df2870a8943340f5895e55c48d7ae83e9865c308dff77d2822ac5664a0a2bd907750f6d67d05100bc8391e8be73cdc
-
Filesize
16KB
MD59c1c3a5a8534d69cb2172c80ca3a221a
SHA1172134818b837b3bbec1a0a87653da762aada277
SHA2560f0b696068889fa7da56bfff44e9f7b8b5cdd842550c0ee1e5b2c2a6857aae31
SHA512b11327ba61b86f181f1af4a7d4bd38f8412aa14e2cdfcb92e539d821ef8801985ef7c2c9bc5d4619fc4c92ea6e37019d55004220c78adfde33400cee74e62501
-
Filesize
16KB
MD57f9a225d2507b0d9863e6cf5bdd5bac2
SHA1efb4fc5416d154d56a04b68caf3e094e6f811cd1
SHA2564aedd1fbd495ec4ba7cb8d84e7afff451bbb7b80d89f5aa19aca006158fc4732
SHA512dd5a95fd555f8f56fabf6a90a7e5f42b6987829f74274926d4e407c2bb0fb4bcc264d49ea17b3776cc3af1fce62b089506acc529dda56fee4a267db9d95cc1a8
-
Filesize
16KB
MD5762951cce090432a52e3c5a0305fc965
SHA1e3fcb13018f6e88001d2ff4650b78be3e9002e1e
SHA256fa90b67c6250db0b0302264d19d3c9aa2bc1d5ecb96879ca55110640159512eb
SHA512936512313d89f1c4a0c550e4c83cb271693491c5851b5b6bad05ad8f0b01ec8f927e66c142763145b0356d9f722e77f6f1693ad87cf8840e8aaf51e9a5e19941
-
Filesize
16KB
MD518d67241bf3e38d6bc45f2b410bc0dc5
SHA11ecae1ba412400e1e00d39fa20d118b0197f9087
SHA2560271b7c8748c677f3fcbb5e6aacfca408a6cf90f8ecefadeab79ce1b3bd85fa2
SHA512b76daaab92d38bdbc6e0e26e54b44c3d337ba3f7c05d50dd639a7516a6e70e2f5dbe3f8828307d83208e0c7e6a030acfca09f514681cf24e804d8a50cfaac1ed
-
Filesize
16KB
MD544693692da738db6eb133cf0e4cde91b
SHA1e6bda56494c325d8d37ad89552263ae85d9b0550
SHA2568fe0ac9db76d4a2dcd3b3d54c0efedcd223e25aabf716506493d50e243a7a2d4
SHA512b34ddfe1ae343b1b12f7029ae476a0ba8e1b4043ccb520afb412b3f71335ef679bf29723c9a5c00af7e922e9982d5b3af54b2ed779da8cb601f378e5b9d26be5
-
Filesize
16KB
MD57237409e0640cfab7bdbd429bf821a3b
SHA14c3da934842f8d4835dfe2a9c275a300e5123309
SHA2565c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f
-
Filesize
512B
MD57386ea175c5d8e50a1dcf074d73c2db3
SHA1edb28f7af3192c86dcbffc00559d84ff3e6563e1
SHA2561ae3370eda86dbddbef1140c78ed7b535c90593c3457618ba07c723e6fc2b18a
SHA512090a73bf6f10a0b74aa82bb26dc159c4ccefcf546275f0a1561b9270284e7937cf1371ac251e513ad493eba1c1a27141e13fe2b831576044164b02f568574d4b
-
Filesize
36KB
MD5b7777daec6737c8590a1bd0de7efafbd
SHA19f19160550e9eff6f57c92646b536c14646e99c1
SHA256ac47d93aacb83bcfc2b0e51140636b5dd42890b188eb6a60b4e0c2f1fb315857
SHA512aa3a6f6690ef6fb3698b304c52397a209588023efb8f27aee34871d5762e1d5598dd392a1819a00e866e1af342c8ecd9e86699023958f524eb5506913ec44b80
-
Filesize
4KB
MD571386b2de0eb4918dd6ce650e86809eb
SHA1ad2cae26d899bc1d8c214714714b8b690e4792a6
SHA2561eff0cfbdc3490d4a2e2674a3eae56d6f78888b360e8e5f3b672e927db97b09b
SHA512491a44bc412996535bffcb7ba4e9b37d776c4c7bd82d757f18e0a89b3760e6867e70faf8840eb67af70a582e726a36b5f416157307fa97551dc24c7e625330e5
-
Filesize
4KB
MD53fb2c077ab3e10ab8bd345a6fdfe1753
SHA1da23d1762b9825de094e8aefff1d1bab5b919de1
SHA256cba439c97fb96c6d495b9896a1a2bdf2a150b9685543f62cd894ae4ad40c71bb
SHA512ea1164848550b247bb0901094debb7783ce884b353ec6d5465dec4a259100cad282fedaffc10d4e9b881b09acc4ff079f88f9f8abe626e5d27641847370f3dd8
-
Filesize
4KB
MD5d3a43bf60ab7d249bcdb7483189cf49a
SHA1d618d363c03e67ef99592515d7f1fe17f9c709f0
SHA25629c98ffc8fa19355d5be2f574c15ee1c7d77e11667cf7e558fe4c43083d14394
SHA512dedcb3c22d5808ebeaafe2caceb33c25253c829d4bd09bc8833283c014a5e0ec28a298d53e60accfea980fb1d1b3dbf7a164eedd6eb7561b80b6b9a8245bc5db
-
Filesize
4KB
MD57219faaa1a7e7de8023bd07fd7a63528
SHA1b6064ee65da83b490a7fbd47ce13c65c0e42f81f
SHA256c9ee289bb8a8be0825de6b1f32718182e6c2799eeda84fd96da65ade3025dba9
SHA512559c4ee1bed156313da749c31d6322e6b6e93fe2f610d3d1cabf4daea0738d38d9f2d604a12cd4f2e6bdec1142cc752aedffd04e05d06002b2e27e0d8441e898
-
Filesize
4KB
MD54a3e9f0354b69513f1e695d53fc33b06
SHA1fadbb930c7d86f2967e97072fd0595e3ec6d37f0
SHA256c94aa3b20880d825d5497288816b878569852d5e0e868e978688ebb17cc3e81f
SHA512914ed6cbd7a3ca35bff39c6c690e4c77c9e6160b19b659c7c94ec6874fd8493645f8846e0cef47af85e3e0ee05eb591e3877c783ad9ed7c815ee462502eb24fd
-
Filesize
2KB
MD5beced55f61d46de62e9680bda32bcef5
SHA1812dc9cb20c0fa6060ee93a454bee6dea816bf84
SHA256733ece710d22a6dc32ee4e9b4497f31964ecba6c2432ecbfc865a98b6f96ab6a
SHA512e622566d7d89ad27af5df855efd1c5bb2b63f0cb5552b89133435d6df95ae699b10fd15cd6f722bba0e33bbecae32c78984eb5abc476911c82b99bf623fdaf0b