Analysis
-
max time kernel
43s -
max time network
173s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
24-08-2024 14:52
Static task
static1
Behavioral task
behavioral1
Sample
bed4341d229f4628bed4cacdfdc9e61d_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
bed4341d229f4628bed4cacdfdc9e61d_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
bed4341d229f4628bed4cacdfdc9e61d_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
bed4341d229f4628bed4cacdfdc9e61d_JaffaCakes118.apk
-
Size
6.1MB
-
MD5
bed4341d229f4628bed4cacdfdc9e61d
-
SHA1
779336f10a127a9eae657f1a933a9cf163407462
-
SHA256
151d56bfb13988f6be7dbc8b5070544ed0ee3820711d784ac973eb75c8b80da5
-
SHA512
849fef5c96a282185d8176464b96ee34d9c4cfe5c37b8f71540f76290db5050ce37f81e0adda536e7d567d7ce59544bf83e83ca649f849867fff5a46f7848dff
-
SSDEEP
98304:uMdrTLhXpUcxh7EMEjzePP2MD+IdZo4LngHIkZ8XzgoL4mdJxYGyavbnjjoGMLxw:u2hozePunOAokGzgxmTgqbnjjop/f0K8
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 5 IoCs
ioc Process /system/bin/su com.yelp.android.hack /data/local/su com.yelp.android.hack /data/local/bin/su com.yelp.android.hack /data/local/xbin/su com.yelp.android.hack /sbin/su com.yelp.android.hack -
pid Process 4505 com.yelp.android.hack -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.yelp.android.hack -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.yelp.android.hack -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.yelp.android.hack -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.yelp.android.hack -
Reads information about phone network operator. 1 TTPs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule com.yelp.android.hack -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.yelp.android.hack -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.yelp.android.hack
Processes
-
com.yelp.android.hack1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4505
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
40KB
MD52479ff01e32c1445266304f37e9e7b35
SHA163a2b50d03eff98a4b5e684f1f95996b78219e6c
SHA256c276033016c0ae04c4e1a7128d443a01aab24d99c434696ee1b01fef2d3acf15
SHA51214b24f8be6f9a88e31a2d74f3f13cf9e84817bfe445b8b8a873c1678f274714237b3f1a2fc9c5821c300fc72418e3229439107c2a2ff307007409dee6fdf16d3
-
Filesize
512B
MD540e558abe6d08cd1fa095485c99b8bd2
SHA1bd066176f0bbe73694ab44fded50e1bba29efd48
SHA25630534bfdb7e8c8f44f7d3c92cc4937f9b00ce424e576e0d00772de2574cddc63
SHA512f55831cc20b03add5a7412efa7279c1dede00c46f95467ee61ff2bea131c26deccdfa7a996c3937d5c4936203a18ab4bcfbec50e0618243cef84130f39da1155
-
Filesize
8KB
MD5d25ae63b18d858fe4dca74414e337e45
SHA11fa571ba32707e4cd9a9e3e8ab52f87571d5c817
SHA2562c02b28a1db837ca1b6101e93c0931eaa0ca4af6f1ffcf928fc4dbc27e7a04f4
SHA5127b165073a34d985450e038268c04791a8d11f261238d27f53e6a3b4419dfc27df9e0fbdad5e945509513a4bb48c05dc7ce594c1dd4923b6b05b150abea7bc5ea
-
Filesize
8KB
MD512e01bf9ff5a93865b9b7b79fcda005b
SHA1a8204a97f7583987b9f5f7230b89e65540e37309
SHA25681e577d22624a92cb950ca4c171e6bf4bad39032ed9d09cbb282f3bd4e57a86a
SHA512a1fccad334548cf6fbb31957882d3374490a300f7e617cf7c4b8f23751d3d99d668f38051bb1fa68a3360b4a373e4a61fe339a812ae1fcbdb8a24af7799a7989
-
Filesize
16KB
MD5bfb15118b598ba58f454c7784398d19d
SHA13775b538f88d40e369f3dd77d819027ee5e6697a
SHA25639322e07861a225e989fa6439a785fef6eacd9631fc716232e7c346b0dee6187
SHA5126a5eeb6981db88d4bf236541cbb90830a173cd37da75e944d9d3835da807b50e116b9b8385e942020557a7be707daa57c43c81a042094409e1fb7db932a8a0c1
-
Filesize
8KB
MD5b87ccb74ddcbd4b578c7322e052638c9
SHA14dfac46cb917ea35958035cf6b3cfa3cb7224622
SHA2567fd03a30e71249852b9d9a56a8351b657d6a73dca03620b32cfa14d06897f71f
SHA512b3f67fa725c807acb056f019163556947d202a184261a539c4a8f9a131ce068e8ba7afa35d96f0a004cd73627b89a7d98e86b9b8569d8fb7b8f9ace4e90858b4
-
Filesize
512B
MD5a805b9a0a382c50cfbf77a6ce44ad0ea
SHA1b1a7a14d6852b1464a0fe8e9d8c024d9f3d272af
SHA2565ddaf6b62a6c3ba5814218077d3f9de685c91aa2a2f7cfd76b9b6cc895bc1794
SHA5128dd5ad7c408872b314873c05bec189cc7a0975eb3e473e14d3a0734b35c8448656e7be462617d1f84587c78cb40f83b1c5ff16a25d3e71eb1051b65a8e5f670c
-
Filesize
8KB
MD552169a02e1f8d2232855602af4bb1895
SHA1591ef510297e4faa6245d662f35d7edcce5b4fc8
SHA256d1d6da9b8c88a88c09b9a63caccc298a8f625cb1dae524bd219879dec3b650bb
SHA5124ecf8cc1b231b4f727e2589c5e6b59dc59c3b72171c4ba22728c0dc916f3f8bd46829689f75aeafcd3e8fcf707c7b7bd94ecdaf894f159061b4a747f893fc4a2
-
Filesize
8KB
MD5d75c86f19e83a93577fd9c82e8654b04
SHA1c7e96e427f0e04b5f7a2c9c38c135b6e89764522
SHA25663eb4c662cfaa66ad7e2e7ecaadd17816498bfbbe3f5a9ea28dd02ebdad37072
SHA512ccb37715a6d76e697ffdd1d008b3b5171293ae67346332e706d859f23864534ec2638d2330a06b55bc9e7acec966940cd156c490ab937d6e6257300f42970cc9
-
Filesize
16KB
MD580a314c9aad33b6b19c153073cb76f65
SHA175935bbea84101aed68d344a066d1864ff16899e
SHA25642fc821f13c6654f0b11fffc428dae8c00adba5ca7c37cf6b6e99f16d9216073
SHA512758a83b7062e027527800becebdecb0df45335fa7a2135049b475bf6cb0bd07a0306c92bd7a504f80c07e2cceb5dfb0756cb838534a790c6c8736f2b2e81d97e
-
Filesize
16KB
MD50568c208db7640dfbdbbbc94fc805f2d
SHA1ecfe871877baca0244df09e3dcc0d84ab12061df
SHA256b87ec6b8c63014741170b5a0b581c1de456f20facaa8ff2e001cadba7552ee88
SHA512e0c7363c21f092b08f254f80872cd84e6ae8a987dd2221d9b138d469b194efcca0cf22ea446c4b2d79a3d44da46854a0e6bc13f284b9559fad00ad4f35c73058
-
Filesize
16KB
MD56f5547479d867d5c7560a1ff2d22a9cb
SHA141198bf4c1caae146bd3a5ca29c6bf525ce275c1
SHA25611ea82b8ddd99fdd75a4eb783e0cfdd872b41b54cb7c26e2f68ddf9126a9005d
SHA512e8feeeeb591d35b686a43a665fe57af606b99ac81913e6d33f42a8371134c1e12f18fd44c197baa21349cdb5841178a514b957a56e73a3f7a764cba99c3957d7
-
Filesize
16KB
MD500939caa263d6b1cc0d810d1f0a3a503
SHA189f7b62747be32a487c06f0fb9ad4fd9dc0587b8
SHA2560f957939ad1ead55da2695e268d9d590f2cbbe4b44d7b32443f879d0aa1580ee
SHA51235a065947d5f4b3ccd7ef0a628c59dd069c10b7d1e11f7f611ea6a404e60f722b6df837809d2bd459bd9f4673204f4f4fb85ec856f9d2e6a3ad0b3c2a5adc97b
-
Filesize
16KB
MD5818548be1885386cc995f564f36a8e8e
SHA1008b0c602ed55b1122dadfb3a20db517d55c10b3
SHA256b4765a86f69c122307448d0c6e81cebd52ffbc59b0d19da42971e2857f773e6d
SHA51247840561a1eded73600b656576a7a9195bd1beddb79b08090b9e6bd9ab610de6cfb0a334310bfefe0b33ef157d420aaa17c6315fa2e689398da3328c4460a02f
-
Filesize
16KB
MD5d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA107ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA2562d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb
-
Filesize
8KB
MD59fb604673236334cabe5aaf7d1e0352f
SHA1455da2d0d1e4a45f0840ebcdff933c492f7cf747
SHA256d4a8d98f40df69b72e4ca063d046bab4b5463d78e3e9b5275145faf1b14c9d30
SHA51272390b2ed79a701fa51baf1d93329c42b98bd4f4f82e82c014c85d284e16955163e3f4ace45627ba607b3f378bebaa591b3157d82369df32ad1182d5749c030f
-
Filesize
4KB
MD53db15c9415de921085de546990f749f0
SHA18be3b0ae5719e1b631a9b36072607aa23ca57acf
SHA25657b12fd67f68d92338d1d2668a0cdb0e96cfce6ee937a3600d34aee876695353
SHA5127d465ceda32d5e2a02ed76e000efd02aebc8026ff4ba8967ad38055a3b8b3be18b9e681ff2ed0b715363c931046a0c4cd0d5cba0beaccfc958e58d4433b0723b
-
Filesize
8KB
MD59d694da1118805b9835842bb86691be0
SHA1871bfb49cd62621776ec9ae31f6d521442f472db
SHA256cd1cec0200239e4ae2f0694d843e48b9a76575545367d0606d03ff9273b1aeb8
SHA512ff582037a3b180372cb7716a6bb9466512c558b4ab51ec6926bd601c0147ff1b0af4188c61fc7c49e4020b64978d94cadb38bf43455dc33152e39957d63372d2
-
Filesize
8KB
MD5191d9a47a5c8e5732af897e2ff6185fd
SHA10cc257f26282c286ce068e934981c06b01dda333
SHA256f1027b3ac161c7456e245fdd442c211ef9277e98809bd2ef9986818b8c556993
SHA5120275591c2755078b48d9c9ba0b52cbcbe0fb2457650312fe35c98dce083cb5f1d05cb9d304d265e4582ffb86f530d9969911faf37f47d349f4a112e2d1c56688
-
Filesize
8KB
MD5684b4a7ae67cdb79f0388cd9a81e7ad0
SHA15145f6c741e85f8e334adb599a8c3fe2865eb3ad
SHA256f38026bb7634943d581b5f493bf53ccde59846a9794b00a3396c6777cef017a3
SHA512f24184f719b8f8dda188248deab43cbb0c9324b2876299dadbccf167a9d16d2da9d94b851a2582c1cf1d7aaf55e1d231e19fb01c7e48cf89abc1ec3a96c3292c
-
Filesize
512B
MD5f3b05554abe9f049f200757dc03e4b4b
SHA10fde1e2686540ef7a1f5c6b22bf82d7a949c0d6d
SHA256c0b906d1508ada0e996c7bcc107d1de67960d3e68d466a5777cf3a5fdb499e73
SHA512bc1eb3629c6829e0dec2d9b310542c4cc483d004e1817dfb891a9d2edbdcf6f27407f1fbe485633943746837da6aa5966dd1089ba3b8346f2e806650aa5f5e23
-
Filesize
2KB
MD5b86a2abf1399b9ff5d495cbf7d07fa72
SHA1c1ef501df91bebf6bec99b6f9cd8246819b433a8
SHA256de4fd56b42d445d9195a779bc5dd6667814afc1d97bd95f235a95b2a33740244
SHA512cb2877cda4365757cd05d5c91d7ff8e54fb13ae792762d60b9ba62872806e96e75a1d23a45f975f4bdb8d77b5931594700de2f1d680238c1294b903ec71edfa6