6416c53a10a95cb37ecee748836c7e933b861b4a0e51c48711b9f420ae7a324c

Analysis

max time kernel
9s
max time network
137s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
10-10-2024 13:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

302e4a471bef588aecd4b30e259072cd_JaffaCakes118.apk
Size

190KB
MD5

302e4a471bef588aecd4b30e259072cd
SHA1

80f6207bf8d91d80c303718902ae444ba5499399
SHA256

6416c53a10a95cb37ecee748836c7e933b861b4a0e51c48711b9f420ae7a324c
SHA512

6ac563788e4fcc69683d8a28ffa62d9e63da7656628eb05841d6fcee6a4b7042391b4c02baf5eb4065cb9e18dfacdcd950b52b9d21f2869ec32d22b779ccb498
SSDEEP

3072:6ZtbOdV8GSR9T+KqPC5+kAMEJG8G/GF17IctXT+H/xCmMeUZzUwzMToTevfsaH:ebOdCRYKVfF86G1ttXafcRzUwgTie0S

Score

7^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 4 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/apex/com.android.runtime/javalib/core-oj.jar	5060	ekdrjuhjaih.qyofplge
/apex/com.android.runtime/javalib/core-oj.jar	5060	ekdrjuhjaih.qyofplge
/apex/com.android.runtime/javalib/core-oj.jar	5060	ekdrjuhjaih.qyofplge
/apex/com.android.runtime/javalib/core-oj.jar	5060	ekdrjuhjaih.qyofplge

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	ekdrjuhjaih.qyofplge

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	ekdrjuhjaih.qyofplge

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	ekdrjuhjaih.qyofplge

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	ekdrjuhjaih.qyofplge

ekdrjuhjaih.qyofplge
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:5060

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/apex/com.android.runtime/javalib/core-oj.jar

Filesize
4.7MB

MD5
7e343cbc45b618d05182d74bd61826b2

SHA1
02ee96263b3b967e570e8ddb1fa36cb21032b71b

SHA256
324b5af2ec2d78bb57b1552f429af51ac8d65f7fa277217ae8d4371ab14178d1

SHA512
48cbd8a5b246cf9d6ec16558ab12af131439837094c63a64046de384da933593459fb1aec126393bbe3b2b8ca19437f38b68364c9f158023a7b1a35e6901c705

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads