Analysis
-
max time kernel
44s -
max time network
165s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
25-08-2024 19:35
Static task
static1
Behavioral task
behavioral1
Sample
c16db227fb29787cd2158fbd7a812248_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
c16db227fb29787cd2158fbd7a812248_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
c16db227fb29787cd2158fbd7a812248_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
c16db227fb29787cd2158fbd7a812248_JaffaCakes118.apk
-
Size
6.1MB
-
MD5
c16db227fb29787cd2158fbd7a812248
-
SHA1
5bff97136838756b6090a2af44fd43a3eff523b1
-
SHA256
b34c00722df5d523e7197690aeb8fb36b38af563793aa22acd14567553f04241
-
SHA512
a988e527e5d8cf18cad465176b7164144441c287b6addabe31ec17d5f498c008eb387344c68a1e474faf9a8f1c326cb4f8ced9b441118b41e96cbd127e88e9c7
-
SSDEEP
196608:fxhozeKrsCDmZSMwAvRYvPvXb11+Igf0Kl:fMjshAMTRkvXSIgf5l
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 5 IoCs
ioc Process /system/bin/su com.Saapart.SW.hack /data/local/su com.Saapart.SW.hack /data/local/bin/su com.Saapart.SW.hack /data/local/xbin/su com.Saapart.SW.hack /sbin/su com.Saapart.SW.hack -
pid Process 4501 com.Saapart.SW.hack -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.Saapart.SW.hack -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.Saapart.SW.hack -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.Saapart.SW.hack -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.Saapart.SW.hack -
Reads information about phone network operator. 1 TTPs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule com.Saapart.SW.hack -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.Saapart.SW.hack -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.Saapart.SW.hack
Processes
-
com.Saapart.SW.hack1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4501
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
40KB
MD52479ff01e32c1445266304f37e9e7b35
SHA163a2b50d03eff98a4b5e684f1f95996b78219e6c
SHA256c276033016c0ae04c4e1a7128d443a01aab24d99c434696ee1b01fef2d3acf15
SHA51214b24f8be6f9a88e31a2d74f3f13cf9e84817bfe445b8b8a873c1678f274714237b3f1a2fc9c5821c300fc72418e3229439107c2a2ff307007409dee6fdf16d3
-
Filesize
512B
MD52f0f52c323a17aae819ee34aaffdb245
SHA1ca4101e00cc676143a5834580975cf2237112e34
SHA256bc0c20f547322fdde8e4cb68bef657a6fbeed5e23f229b9cb230a74613acd82c
SHA512e1632750885654c1426addbe9f24c21a9a1d8184e208dbe16483f9de859c97a4fd2c476744a0cffe6c7da0c9cf26e80f5bfd1a2dbed5fa5bfca58a7f45b8fadc
-
Filesize
8KB
MD506833a2dce390e7a26f9e8e21c89aa4a
SHA124597c2ff1a16a3ef45944b72aaca6128a6cc99d
SHA256a4c19672561e3963fe2b7c9f6282e1bc34c778afc06702cf316f4be4910c1519
SHA5125d12233f2596ba69975db1f2d7c6ef5a79c4343af5acf2238468d17d557ca5c651293bb6e0149484de3225eaa94827181a5ae4362b34e82778aeb8334893f760
-
Filesize
8KB
MD52cd8fc3900686843d4f77ae2d835e4fe
SHA154881bfbf7765a8e5287603c618adc43bcd75ec1
SHA25695db73d5f5d7b914d20e9fb87455a1d50c8515f1498d8fa1968a1800d841335d
SHA5129601052183dc4d8e408142a4ba9801a1b8df4ae34c8a8167fc848168f7c9ed03a0a495103d9fda4baca480dc6102341db5f50635e1cca0b2dfb5ab90d33caa8f
-
Filesize
16KB
MD5c3a6e7ea70af6d04783db6a6069a2e9d
SHA1f6138435d6f9545111e2b2c6c6e9c1d4e4c30c2b
SHA256ca6b6d715f3b331bab5b3571d0033d5afb34d43e40fdac58e4c617a64c806231
SHA5124c5a96dce2dad3136b7f34e94fd59657d3c34b3a0c45a8f8e8fe3302c29d20dd1172a5fdb269014ae27b1d48042aaebe4f8c58f755eb9260bf3252018647b74d
-
Filesize
8KB
MD52f0577c24419155e5ef29d4c40c84825
SHA1fd5a79d16f08a25f31215217ef6edff359e4a885
SHA2569e53a2073396cc59cdd9aee436c0c48edea83470d4a8bd89c9e09305238ae96d
SHA5123baaa1138ea89285ca57f8d43b95c03ea5ee9046bc664e04118b7351ab8da7ee12c475a7cac466e39c5ecb606636a9ce4e39c1c964453e3d97d8cc33c4807bbc
-
Filesize
512B
MD57587542799ac74717b9214fcf4f195c9
SHA12ea48a3ac374892632d87ec6ad96ef2716132af7
SHA256420889a5f46426bc7671ba27cdecf761d5bacba6759ea64761f792a155e3defd
SHA512d32fa156c1d0fc3b3e17d5964f5faeaa247c2ee151ab5a5c963cd7256f7eb231f55230314c5c53e06fe258f22ce2f1a0152364e42274c9f3b88e52d7f3eb800c
-
Filesize
8KB
MD5f7bbbfc2af72009b501e8c3b9c44faf1
SHA1d0830dcc83afefaf0b91f5434a8b795f028ad2c9
SHA25600d515cbd98b622ed78347615b7a105e204a47f259496cdbb3917556bdc912a6
SHA512c20832ab2609fca70f45a0b59e65e2d8491ffa0d19053168601e1133e168a1b6529a994e9b279360b8f9f91d718903b8e5b434178265ae9c8db84a00b768c521
-
Filesize
8KB
MD5b8b0bd16543ad482d51d0d5eb57aed99
SHA1fd5e02b3dda05bfd77d240f07cdea2da06bfdf04
SHA2568892dfb91ead33365c7e57268b230ff30230a5d0268a310e40c4fd222d4cc56a
SHA5122988689f1f17c9dc211e8f4d88a112170d2b70e364a4079a37176b795dd0cdc634ca83b358d0a7cbfc3cc00cd73f655e0499c4fe55dcb8611c5521227eef4eb9
-
Filesize
16KB
MD5542e858bf83b4122706471b22799b67e
SHA1a41faddc1ced47ba6bfe1c223243ea65e035d22b
SHA256b5d44fa54c61b90240e28ebdfc84f5fc67e567b9d8914685445fa5f05ca4d4ca
SHA51245850768168f2c8886ac491278293ba31a3703592dc404eb11cc9981a083174859af47374350f975abb55b428922c8e6791ec7fdf825be2d56b47dab46276e27
-
Filesize
16KB
MD5c5ce84ef5c66c00c0d309a5db9231f9c
SHA1cc740d9e97e94857b3294f5bb3ef723c45cf617a
SHA256845138169296a52dfebf872918e102be90499da063d27719b0ad76896c5eec80
SHA512404bafb954ac276001a06d05a1b26c9db577c6c4dfb234d35f5dee1576cf8448119cbab76f1ad61a73e6dd5b50b656d233ec143557c573c100ed9eeff78f0302
-
Filesize
16KB
MD5f2ce54d783681edb19bd491e3c691e01
SHA1e9a7170e25e59f82dd9189061624f07ef009bc0c
SHA2561c6863b2daa1d2328e369f665d262dd8510be7d2db475890e23e295bf228550e
SHA512c87e43751f51ec894b098d2d5dbc5a090b0f5f9fd54f7adb6137b05335133d2b35c54396d31762d9b484aa2ea450bbf4aecec743755c81e2dc3a2d89f8d3b478
-
Filesize
16KB
MD52d5dbe1d08a6c9cb2644b27fbd3e4ffe
SHA10310584dc4d022c8457e22923f8c39d40432b293
SHA2564a7b3d34e8ac3d4b85c3b98015fbc5e2980b12e6a27faaf517e4fa3f548e2372
SHA51259e944cdfd33cdf332fb06c8bd3b9b6211c7cebc0af3cd130ee85a8869562ab712abb484c068914c7a4e0430fd4e2b7f891453c3bf810e0c2c534ea95ed0cd79
-
Filesize
16KB
MD5818548be1885386cc995f564f36a8e8e
SHA1008b0c602ed55b1122dadfb3a20db517d55c10b3
SHA256b4765a86f69c122307448d0c6e81cebd52ffbc59b0d19da42971e2857f773e6d
SHA51247840561a1eded73600b656576a7a9195bd1beddb79b08090b9e6bd9ab610de6cfb0a334310bfefe0b33ef157d420aaa17c6315fa2e689398da3328c4460a02f
-
Filesize
16KB
MD5d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA107ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA2562d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb
-
Filesize
8KB
MD5bfdaea1703c08a330424a2362d10bef2
SHA1b9cf78bc06b345d0fff3a2bc8aa493e8a572c794
SHA256bb1683139891f25e7ad8a761b4262d682628b1637c25bb71c913ea97a71e6277
SHA5126968ca4713370120617df2dbaa0ddfa871947fcf14453911f873d1a5b3377bec53da9a129244f3dfb87861a9ab5a7e7fdb4f52e16172d2166c41f92ff37993a7
-
Filesize
4KB
MD509acb9d93ff79444090355f284e91883
SHA16d439a50de5c5834421f2828fe2eecc67ce8eb03
SHA25694100082b3eb0c50f4831645a0d7530279b6403572a1f362d0ab897681fda4ca
SHA5125676c438bf64f0951fe7043519ba95809d4cbc7c05ba6605255b8c7b4502277f789e1fcca427c189221cc1851d414819047d03ca4cac9e3012a680bb146f650a
-
Filesize
8KB
MD5c3c983999b499a464eb408698011851a
SHA1327dcd2e67ffea6a03e365747f1dbd89731e2f4a
SHA25674ccfe0e1538918541f5044f1f9c13674c4685e97439956da092ad8d65b65e21
SHA51243b8d6e1c3d2f559b9a369c616bf1344b37ae56e5e904bf36850ce129643c998d1f39d9e7dc45e225a1995aabf7102b115d8c4390c745b749fd7fe03743c74d6
-
Filesize
8KB
MD57ab46e808b8b0876d2762e4962ed1b92
SHA152b8518e9ca9eb71a859d98546bddacc6400beb7
SHA256485d6da2a9082a2b6aea905b256f5e03d979900671e7daa07d97f74379bf4426
SHA51219c6dcff915cfafa33c68e594f02759e3d180b4647c664e83bb6354fc482272bb933aa3b2a7fe61e6b899be09ec965be5f3fd4d14de3dceace20c683a69701f2
-
Filesize
8KB
MD559bbb8d92ec0934b495be4359240f398
SHA1f9862ff38626cd67862dea7f3b85b7d30291cdd8
SHA256cb9fdac38a10e8f8431cb3ef3544a3415b84f68b8d59148239970b498e62cf5d
SHA512a23e57d0b96e3d5e7bf6c8e208d594bb9bfd4e9641ca5c546541afcc334e049c81d78e79fe012d921de79552810ff8f00a97634bcdb9c656d5b14b44397ffd03
-
Filesize
512B
MD5d8fb6f5c13a769c2857d5441076bde38
SHA1c7ff65d6bdcef9aa8b4f444c6055153ea21f3be0
SHA2566ab36c4c726b3bdf8c336ff8743fafa716d4c104bea952fdd01709f8573b7bef
SHA5128794991367215479799442761566367f9e7c28a5ac108cff9b00a1edb58cb7fadff7d7d0f97721521858eacb1f8330f10ef1e5c4ed8260ed822333161f3b22bf
-
Filesize
2KB
MD5aab2be9c5a4db50aa743a517465b8ea6
SHA12bf738b5497892e45c46f0ba18ed5e43670ca04b
SHA256dc785b8187c68788fa306242a460395c3aacfd92922518bb75ed782d1c5b79c9
SHA5123714238ae6afc6fb90cb54f8e247cb19e125870bde763560aaeb882344ce2c67354e8a92ef48eafbaa13e198affffd3d7bc9780d6481a4108ceaa46339678c18