Analysis
-
max time kernel
44s -
max time network
157s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
25-08-2024 19:35
Static task
static1
Behavioral task
behavioral1
Sample
c16db227fb29787cd2158fbd7a812248_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
c16db227fb29787cd2158fbd7a812248_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
c16db227fb29787cd2158fbd7a812248_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
c16db227fb29787cd2158fbd7a812248_JaffaCakes118.apk
-
Size
6.1MB
-
MD5
c16db227fb29787cd2158fbd7a812248
-
SHA1
5bff97136838756b6090a2af44fd43a3eff523b1
-
SHA256
b34c00722df5d523e7197690aeb8fb36b38af563793aa22acd14567553f04241
-
SHA512
a988e527e5d8cf18cad465176b7164144441c287b6addabe31ec17d5f498c008eb387344c68a1e474faf9a8f1c326cb4f8ced9b441118b41e96cbd127e88e9c7
-
SSDEEP
196608:fxhozeKrsCDmZSMwAvRYvPvXb11+Igf0Kl:fMjshAMTRkvXSIgf5l
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 4 IoCs
ioc Process /sbin/su com.Saapart.SW.hack /data/local/su com.Saapart.SW.hack /data/local/bin/su com.Saapart.SW.hack /data/local/xbin/su com.Saapart.SW.hack -
pid Process 4928 com.Saapart.SW.hack -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.Saapart.SW.hack -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.Saapart.SW.hack -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.Saapart.SW.hack -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.Saapart.SW.hack -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.Saapart.SW.hack -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.Saapart.SW.hack -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule com.Saapart.SW.hack -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.Saapart.SW.hack -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.Saapart.SW.hack
Processes
-
com.Saapart.SW.hack1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4928
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Scheduled Task/Job
1Defense Evasion
Hide Artifacts
1Suppress Application Icon
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
40KB
MD56ea5817dfb71687d648b0e4763152545
SHA1b5a1a2a1fb579520ddeb9861c0eba5f7109d0d74
SHA256be512b097518bdaba39e6106c143a267f56e98d8f980ed6295773c4082149824
SHA512cafff4c86b710428753e528aed212096fef264a36cd6d6ff48af487ce1d5cf90065b4be0ad6460e4e7631040f7a28657f31811be1a5cb417c4b2725c51fb5186
-
Filesize
512B
MD5540c6d8f1a1592be4aa2b502bb6d0e1c
SHA12b744af35a351956c7cbce99a2da7924859f6f5e
SHA2565177fbe730589e8fae60948af48c6fb05a7d2e05b8005b08e2d2a3311a117771
SHA51237ba89fa5e056a2182fa3cd6a697bc57f034df69287b15e66edd9ef90364046fb988fb169ba48ea296ed84d888d315fb970bc563fdb013865a80692f252c9d1b
-
Filesize
8KB
MD5c29adb5288a0833baf13765f86328912
SHA1b4aee8a638a41210c6769a9145751c5af5a061c6
SHA256e1e3c4eb17ce1594cdbe9a1d08cbbce0d8982d9b5760477ffb6792e4a5cfe934
SHA512c7758862a5393ee6520d3c09b6137ac4038f129ba3cbc9bae4a1c1cfe72d9c75398938fd53476ddeb58ec8beb925138aa740f9a2ae8c0498fac28f3436133952
-
Filesize
8KB
MD5ddfa60fa172dead3586b062ee2df3411
SHA1df8bcf6ff6e97d5c3314a7f9af88f28d6b2033e4
SHA2562bc3b191cae96ef09183420af3119b6e911af5110f7ccaa92a61034286f73c30
SHA5126d2eaf10e544f6e2f5b0b0c3365ce1dba80b3c597ee437a9a5954cd861f503754dc4ffb8fbaefa212d2527377f218af6a3567af9ec6848f21f216c09467960a6
-
Filesize
16KB
MD5e378dbcd1cbf89a3ebb6df6bcf9b95bd
SHA1c853e067ade4a2e943fd1e8e2004a0fa437fa0d0
SHA256f60225183e99fd382b8cfbd63d8ca4ca3b1b8e9508c2a8e9f36d1905296e8f19
SHA512b927ed65391baff49163b1a05c5c1a3e7b9b6caf88ce0e67eef862771eebbc49d73340698ec649abc88d8abd0b0155258e12266a8752cb2a4477cea4db934322
-
Filesize
8KB
MD544ab72b718ff91d11b3529bc3f7fa4d3
SHA1ee14edc1919e8f4d29648fe9b9657390b6ab2fa6
SHA256e9197dcb634278be78ca0a8166eb65a925d30dea8157617ffaaf02f8dd00a63b
SHA5126ae1d406ab988618c4de37e78cc9f49ce7c4a6a6bb661ca00335587d31b409668f29ff028cc7f46006e10c15191777bbaae8c0e0e69789f6c7b55773ca158f33
-
Filesize
512B
MD554938136a339a381d46932a88461cdb6
SHA1ee3e7efdb4ce2841501eeb42f33092eb36b50bd5
SHA2563957dfd74a6ff663052f8fcd83b36fe846d0820f0f3e065319323d1f58dc2ed1
SHA512dd121907b49659205d8fe1eeb6539c17ba3a40fe3e14bb694ca0d48f904c2496e6ab74d2d7a2dce9f969fdd52d41f088cab0e67e542375811289cf489e7e9e36
-
Filesize
8KB
MD5d9ef6602d3b46540c7b38e34339e984d
SHA1cf1d6b6b4e5e6a42dcfe61355cf44120c2e91e35
SHA2568d9727c10e31aa53c6052ba7689f92ed42dd1447ebcd7d1671f289a918930554
SHA512c7d240df1584ddd61eab955d62d51c701d2e8eb6d368f9b3ce14075fa6e442faddf62f81d1a7aeb7f9a9270f283a0f70b6179a910c5f761c7e7902f619a89891
-
Filesize
8KB
MD57b0c1945fa4584076ef3ea33e461f469
SHA1090a3afb3c8c335c82d53c0212a2e3b7df5f388c
SHA256e65cb7486a3ec6b150d6b2f394d1ee1eb78494a06659b2cdc35a1642c92fa18d
SHA512ffe9b2ed4f89799630b62dad3b377e6cf2d4030007afd7ae10435434fc42a3449ad7ec804737a0cf7e73d0a944591b0343ae5f322d5f83a326f4f859e1931d18
-
Filesize
16KB
MD5f32208d2b4a1e826d841ef1420c657bd
SHA1d5738fe26c762cb40c6b004e1c3488b1529068a0
SHA256cbf56c2ec53b03fbe36d1cf15fe303048630be335649e632a825d49af420e283
SHA51281781c894fc6bd71d4514cca73fb74070e311dbef24b8ac0af382d9ed21b627a5129663c458ac76133d318c71fa7dbf2ea81bd100ff92c23f0b86cee4b3e279d
-
Filesize
16KB
MD58598c3d7ae7266259c756f7ca14770ce
SHA114ab89b7059c51e4b21962f1cd2776bebe173be4
SHA2567ab159116cfd1e8706c7d03334a4fd5e7887229e4fd33ebdc94414e09e67111b
SHA5128ae1a170eae03ffb00704123ffb6d6ae9fdf6ba987f02cd6b5fc2c0f233a2c44260445f0535faef4fa9f72a62847664660c427e59a07a598a7d5e64e0165730f
-
Filesize
16KB
MD5c7fd99c8e92953aa1885419ef4cf4fdd
SHA131ff310e651fba8521a322e91e2c150efe5c93b2
SHA2563cb32ad5e0671534a70cfd02a517360010994605cad0a2e167b94ff5b0ca0602
SHA512bbffa59be7b992923508214bc19be7e12e0354042127620f82118c9c90314574e4fcf1ae30aafbb3582778af206ddbf10f784dadd120901202cfdc7f85b10585
-
Filesize
16KB
MD5832f57af6e9751bb6c1fc10267534d24
SHA1b008520f557db592d1559fb4232a12b44675b50f
SHA25696d6d00a608162601a3d265720ce92e43791e2bcf4eba04104488d2238bc0582
SHA5120ff39f3eafaf8ee9b2a1376c56bb47221b28ec9a9d2da0d7f7c8df2ef81de036233bb69524041e0ea79bdf0f73ae54eaef604d5fa60cdde0d2108c2bf73e5b0d
-
Filesize
16KB
MD52f1eeee3602c828b8e9f81f6fbd20d41
SHA1d240b568bb6929702815b9a5edd05ad635671caa
SHA256458aa953a9e0adbf5b8765ebcf6b51bc5b5a48b7664e85d25c7a8ce9781a2d5c
SHA512a8642cc12cb9af0cd9d3fdc4bb1fe3b246d02af6b36714d80cdd2809def699b0b93eb585187c17f0a8e19801879e2e9edef7963ee416ae9e8cc35fd9cede2859
-
Filesize
16KB
MD5eb52a90bb70b76e946b62f50b6f7fb85
SHA142d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA25648472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c
-
Filesize
8KB
MD5e9fb6f24226be0c91ace3ffe280ff20f
SHA1c08d3c90593479fb7f4b8e9505cf97d0b4c4ff8f
SHA256144fe4b4b70bb5be401bb1c8f6c6ef2d138771a9235fecaac7c5bc17bef3c263
SHA5120717e454c118fc4313f959c153a173214b06ce4ab2d0242a5e72013a35d499e91b49d182c63812ae9b770ebf3e8fb7da8ceab83885f7b1194b09771544ac302f
-
Filesize
4KB
MD56b3e3e51777afc70c922e783c920a6ef
SHA1347a5a499bccc4478dac46d6eb36df75052d536b
SHA25627b5e1e41046348cf3463d7eeb38624ff8256985a9db6d1d3f0b522371b0e9e0
SHA512572f6bbb8cd5af1a9ae87618932de0fe78b3f082166b780758e189b7373335f16d660b3b232ce9c04ce27a5447ccd6b4058347bed7333a57f4e369f80cf51303
-
Filesize
8KB
MD5f2e112448d419e5855e792ce58dc7163
SHA1b08cbc7162619aa10337e125112a69371c4da1f6
SHA256b9070cd9745753e1a98c6ca3d366e7b3a33f93d10316a1f78e76ef50781b916c
SHA5120f046d6676c3b2929a6bd58494715b74c79e86e83385bdfec72b4679c5fda3eb31f9515832e49340d2e022ead7edf5889827aeb47468c08982c71784f95040ae
-
Filesize
8KB
MD57e06d78e0688e8cd1a603be76284757f
SHA1dac000a06254fff8ef8df6a7cca1643d819cf915
SHA256481b4d777081de3a76c79412516e1edb20a4ee71b29a288651255599f1136689
SHA5123c6bec28e9eb9b1ffd888a1041d5063abb7083345efa34744cc488881ef944bcdf83d576fa58103b8922e6838a4e7d08f71bafa6f86dfcc958925078bafcab74
-
Filesize
8KB
MD5948be512a3d697857a6427fc81121984
SHA1bdead4558805995bfcde9196f3bfaed914393454
SHA2561f20c42a40035ae4098c836da381513df6e6e89d5f73dbcd69fbed7ac7b65b53
SHA512cefe0e27188ba71d6c5e3941cf51bbc4487d35f03df73ce5c09e5c1bec20f0ee37b00ce0cba813cb22191d2c0a888bf27abc91aa833334f4ffc0c553fc6f326b
-
Filesize
512B
MD5aa794122e0e141fde6c51afe2c4a0954
SHA180cc474b6dced3ea06d97ef9e22b8ad3907dd72d
SHA2560e7f29f925c79b45b03bf6882fef76991d007f3161009c730eb1503485a70046
SHA5123c1a307bcb1b80d5bb2d7f3c1f54b34f316386d23123f191a69b8b0b9865104b52adf839c9b30dc91948379de90a9a08b26c4ca3ee4e44f428785e966d39464d
-
Filesize
2KB
MD5dab60f688135463be4d3d9f7dd235a19
SHA165cfc01b405dfca03d23625ff7975d29aa0c1a86
SHA256741f911b2f92f81d3b8edd87d8e565cd36ff98214717d487f1c8cedcc51a7981
SHA512496b0521b2e5de049aa841f84f8fc4a6fac312bd019726ede0bb3f6f5e2383db66ca8892d5163cc885ec24611879f4385546cc20f28213419707ae8194d87868