Analysis
-
max time kernel
87s -
max time network
171s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
26-08-2024 03:28
Static task
static1
Behavioral task
behavioral1
Sample
c2315ea0e4fb893b62c2422c7f3e689d_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
c2315ea0e4fb893b62c2422c7f3e689d_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
c2315ea0e4fb893b62c2422c7f3e689d_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
c2315ea0e4fb893b62c2422c7f3e689d_JaffaCakes118.apk
-
Size
2.6MB
-
MD5
c2315ea0e4fb893b62c2422c7f3e689d
-
SHA1
de1c0a58bcd6a308d3c0367ffe6a2353b0796157
-
SHA256
ab59dacca4c6ece8264a478495ddb51dcaa8a262cbd042a0d22d7b112cdf20ba
-
SHA512
ffccc621dd65f8794b97b4023cf52ebe7c46d6709adc138c0009d79434a0642ade3d1a7147b5f8b10b49c2a7cd50beb98ba0f22ecb73be23639e0f0cd13ddf77
-
SSDEEP
49152:ul0IRxYYX308GuRHyP4x5jyfZ2dqLG60/undmDVGTu4HjO:u9R+YnfVJe4HyfYkV0EmDmu4K
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
ioc Process /system/app/Superuser.apk com.potato.oncolormeasure -
Loads dropped Dex/Jar 1 TTPs 4 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.potato.oncolormeasure/files/1724642912831.jar 4494 com.potato.oncolormeasure /data/user/0/com.potato.oncolormeasure/files/1724642912880.jar 4494 com.potato.oncolormeasure /data/user/0/com.potato.oncolormeasure/files/1724642912923.jar 4494 com.potato.oncolormeasure /data/user/0/com.potato.oncolormeasure/cache/1582435991586.jar 4494 com.potato.oncolormeasure -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.potato.oncolormeasure -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.potato.oncolormeasure -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.potato.oncolormeasure -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.potato.oncolormeasure -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.potato.oncolormeasure -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.potato.oncolormeasure
Processes
-
com.potato.oncolormeasure1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4494
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
9KB
MD5e8e0527a01aefdb89afd2c508f131da1
SHA1f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34
-
Filesize
20KB
MD5fde2ee00cbd121cfab5290b078aa3ceb
SHA1e2b77d5320e155e413d040a8c20020962065b2f8
SHA2562897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56
-
Filesize
85B
MD557216efd9bed40e4888a3ec86b8a1a53
SHA14a43aca78e0523d2cc49fd0bd855f51c1ddfbffb
SHA2565278f76d77d7c6583e9998bca58f1216bd1edd85cfe40a1783b8982d595bf39f
SHA512e5d241798c8a570498e1b9b737d78ea9933d6f6e53e8b2076dd69e5742501952aa1d65f20c977cc7992fc455deb64f82c13809be742fae519792dc9153a64614
-
Filesize
33KB
MD5ccb4f76085ed63546e9edfb8fa9a02b5
SHA1d1ab354c18ec59c437b84313ee38b6e213d09d2e
SHA256f586d5fb610a97ae2c7056fa06919a229eeab3e692198b12ee77d039a4c58135
SHA512211c2bb8e8fdc21962dfadb3c0e96b4e59531ae2075bdd67426e825ba9d8c833a7ca7b43a917fb45578b3bcb597c9355556579d9b6599657b421d350b40beb37
-
Filesize
73KB
MD5ee529d0f67b48e8d4e058957cc57e674
SHA1fbdb25eb5dbcd30f09b8443b13cecd4e9428a1a4
SHA256d723a3b51cdd78a4c4b805745c9c239575a2a3ba46d3165d3ff50c04aace7d4b
SHA512caee03c8cd63046949e9307662a486a9130693ab84df03a8ad20e359900a274f5fc348ba6979a3320005fb5b4965fb59b73cf11eeaf5ea95a11b573bb286dd6b
-
Filesize
46KB
MD50a76c8d54209fc641b77440ed9149a8a
SHA163408c84fee49bbab79c51057cbb2feb7770ecf9
SHA25687588e2c5df366d362113fcf91dbb83872e21ac1ace4ffc9285ca7497e238b77
SHA512e3669b66bf0834f29966926b7d30d1c09c91d5a02fbfb2dd72a4dd5a78e4a0efcdb372499052150f890e0066ef663d4d922ee00885d255f149f2652a68d737a9
-
Filesize
103KB
MD524db6f992640d9630ce293f3e70cd12d
SHA16536610ebf8b2ce592ef4a9dcab5aef8ae45065f
SHA256b8e3af2655b3e978b8c29405884f68a6611c8f4eee2423efa53a557b22ca4bdb
SHA5125b442d19f020379c8e3eb4533aa7ef83ae347f0dc8ffb72b1035e9d395feb3fcb299f639e752350489998390426bdd155c2c5583162438b6b7bc8d560c177697
-
Filesize
87KB
MD51cb6f38fcefda66c47320fdfbc19ab5e
SHA1a41e759ea591231cdcf26ee975998c62063ea1d1
SHA25656ec2b53f574c946edfb18eed84ee9b95f4be140085342a054dfe7fbf0f7195d
SHA51240822f267cb264cc867d436821f8e06a64eee16b6f4e329e06f4ab4713780521abe02d9cb990827aad195da741f4d11e1926365f3993a4905e6e158b18b51bc7
-
Filesize
186KB
MD5cac6e5a954a238fd62e3c97ec9cced82
SHA1547e13b6f6ebbe1b9c34c2be232df03c27913049
SHA256f70b594197ce39bcf3c56b5d860d02dc335e11f148da2befa7312727134e9eb6
SHA512596e37ca0ec943486c1b64f29c71e638ce682c4e824c08c76785ae8aff3c891a96a842f5c3b5dd22f97b30cd1a6f869f404161d210dce06378754593b81d28dc
-
Filesize
145B
MD5a0b7eb512daaa40f5af17145d1da2324
SHA1cc46530ef64c947579bbd0fd8c68501c597c2752
SHA256882e126c0470ac7fc86d4cd13b0fd3d6911af67ac93c91e1fcafa631e5f39e1b
SHA51296715d67dfa82e1f4b7aa13bfe2d5b98c1398dfc7398a0de109d6e1abb845838f3c69a3294d42ba8caee5cf18d10dc85212195112f8d34436feb5c8c230243e1
-
Filesize
148B
MD54bed5233866d54d992705e9eb0e5dc17
SHA1384104f1fb9f8b9118668bc114207c6592b1bc0c
SHA256b33052b9da844c57d6bf435368f748d7ccb65e7cd35ac7397834353cfd06c2d4
SHA5121a47522a01a981c4bc29a940abc21c04436283a3cde6f3af4a75eb9d991a75383f7f3119620f04a1d795f2e9319d1a839cc58ebd0ef6538c2fc332a4f2ba6724