Analysis
-
max time kernel
26s -
max time network
141s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
25-08-2024 04:52
Static task
static1
Behavioral task
behavioral1
Sample
bffbb349be6aef333d3855e6f5efc46e_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
bffbb349be6aef333d3855e6f5efc46e_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
bffbb349be6aef333d3855e6f5efc46e_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
bffbb349be6aef333d3855e6f5efc46e_JaffaCakes118.apk
-
Size
368KB
-
MD5
bffbb349be6aef333d3855e6f5efc46e
-
SHA1
38e233193d933c3494a849e419e0d6fef14c3716
-
SHA256
cd6ffabd092e5839d15be53aaf8d749c01beaae5cf3044aac1fab6f80c8106cd
-
SHA512
28101d7e0eec2d6fd2dd7030e0a72c0b00de0aa6915b7df8bff82a7a5b49cecc9ca189bd40c1b772d4d2943ef0daecfa8891f4fd028c33466bd14aba954b6004
-
SSDEEP
6144:PAIpkpwKSqAMpL+37w8kUeV2zaCSqTMKGF5EnjeDBAnWdLrkIUl94f3p/YeRPEaG:PAIpkChqNL+3Etb1WTBGFjqnW3Ul923C
Malware Config
Signatures
-
pid Process 4254 anubis.bot.myapplication -
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId anubis.bot.myapplication Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText anubis.bot.myapplication -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock anubis.bot.myapplication -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground anubis.bot.myapplication -
Performs UI accessibility actions on behalf of the user 1 TTPs 2 IoCs
Application may abuse the accessibility service to prevent their removal.
ioc Process android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction anubis.bot.myapplication android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction anubis.bot.myapplication -
Requests accessing notifications (often used to intercept notifications before users become aware). 1 TTPs 1 IoCs
description ioc Process Intent action android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS anubis.bot.myapplication -
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
description ioc Process Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS anubis.bot.myapplication -
Requests enabling of the accessibility settings. 1 IoCs
description ioc Process Intent action android.settings.ACCESSIBILITY_SETTINGS anubis.bot.myapplication -
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
description ioc Process Framework API call android.hardware.SensorManager.registerListener anubis.bot.myapplication -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver anubis.bot.myapplication
Processes
-
anubis.bot.myapplication1⤵
- Removes its main activity from the application launcher
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Performs UI accessibility actions on behalf of the user
- Requests accessing notifications (often used to intercept notifications before users become aware).
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Requests enabling of the accessibility settings.
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4254
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Foreground Persistence
1Hide Artifacts
3Suppress Application Icon
1User Evasion
2Impair Defenses
1Prevent Application Removal
1Input Injection
1Credential Access
Access Notifications
1Input Capture
2GUI Input Capture
1Keylogging
1