Analysis
-
max time kernel
418s -
max time network
423s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
14-10-2024 23:16
Behavioral task
behavioral1
Sample
8c543bfa2f35df239b307fc3694bf9f1_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
8c543bfa2f35df239b307fc3694bf9f1_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
8c543bfa2f35df239b307fc3694bf9f1_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
8c543bfa2f35df239b307fc3694bf9f1_JaffaCakes118.apk
-
Size
8.0MB
-
MD5
8c543bfa2f35df239b307fc3694bf9f1
-
SHA1
f00112f980c6d8925ca7a31257f20185fff4f5e8
-
SHA256
52dc47b0a8dbfd8517d5f7b58def83d386b10e49e6fd95a32cb79fc0127e0e4b
-
SHA512
a7ef7de2f5efcc2d9bf12af48ced4eb83b52c98f233e9dbcea6bfc1c7c43ffa19343b6bd8ab99d6bce74e320fb747cf8cd7bcaba1daf3ecd7137c67929622ac4
-
SSDEEP
196608:NhHvDIhu0Shvlaew0f9gGcbz3fLVH02dICDI/EIT6aJ:HrIhchNae3fUHjV0c1DI/EhaJ
Malware Config
Signatures
-
888RAT
888RAT is an Android remote administration tool.
-
Android SMSWorm payload 1 IoCs
Processes:
resource yara_rule /storage/emulated/0/.app.apk family_smsworm -
SMSWorm
SMSWorm is an Android malware that can spread itself to a victim's contact list via SMS first seen in May 2021.
-
Processes:
com.example.dat.a8andoserverxpid process 4216 com.example.dat.a8andoserverx -
Acquires the wake lock 1 IoCs
Processes:
com.example.dat.a8andoserverxdescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock com.example.dat.a8andoserverx -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
com.example.dat.a8andoserverxdescription ioc process Framework service call android.app.IActivityManager.setServiceForeground com.example.dat.a8andoserverx -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.example.dat.a8andoserverxdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.example.dat.a8andoserverx -
Requests dangerous framework permissions 2 IoCs
Processes:
description ioc Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6.2MB
MD517d5fad7f7c8b13749d0c6a2946c4262
SHA18c3510246c20a657466de84b74e0632aaddc3b26
SHA2567c4a3d9738d16f699b2ecbb6eacadc87b2053ca09208b007661f35128483f271
SHA5120ffd0e4f88631b33fbd2f622b5733de9d61e5dc98ad90d709be481e6af59540820984c8a192ad3a387fcc831fe6c9062f6d98e0b35646ed75eb40eff0c47bd59