Analysis
-
max time kernel
149s -
max time network
156s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
14/10/2024, 16:12
Static task
static1
Behavioral task
behavioral1
Sample
4309a260886eaf856e76155feb8288ad_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
4309a260886eaf856e76155feb8288ad_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
4309a260886eaf856e76155feb8288ad_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
4309a260886eaf856e76155feb8288ad_JaffaCakes118.apk
-
Size
2.8MB
-
MD5
4309a260886eaf856e76155feb8288ad
-
SHA1
fa91e5400a06359b3ff70ffeadb630ead2cfb4c1
-
SHA256
30fd63ecef630c026ef8e8f564487738bd05d424ba1520abcee9e7d7a97c0fde
-
SHA512
214169a3bd3366b9467cf0ca1a607155a2e50a734b93280e1209d1f6002cf4a3059783b88b7e88377b0f1da5c189b82b127c6b9cae3b8d929f0052513d9910e9
-
SSDEEP
49152:f7psBnPFA2bKW9GbYUGDH7dhJlth7NcuRphXF6AKv5igsK3rAbcNQVi3jFf62NZW:f7pMtAZmEPGD7xl1cqhXF6AKv33rAQNY
Malware Config
Signatures
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.ezzebd.androidassistant:beyondAppMonitor -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.ezzebd.androidassistant Framework service call android.app.IActivityManager.getRunningAppProcesses com.ezzebd.androidassistant:beyondAppMonitor -
Queries information about active data network 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ezzebd.androidassistant Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ezzebd.androidassistant:beyondAppMonitor -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.ezzebd.androidassistant:beyondAppMonitor -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.ezzebd.androidassistant Framework service call android.app.IActivityManager.registerReceiver com.ezzebd.androidassistant:beyondAppMonitor -
Checks memory information 2 TTPs 2 IoCs
description ioc Process File opened for read /proc/meminfo com.ezzebd.androidassistant File opened for read /proc/meminfo com.ezzebd.androidassistant:beyondAppMonitor
Processes
-
com.ezzebd.androidassistant1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:5061
-
com.ezzebd.androidassistant:beyondAppMonitor1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:5114
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
20KB
MD5e9a84a9a4292c6370d5519ceb2ee6956
SHA1802e834100dd65896cd338b8adfaf0e571a53a56
SHA256c136974b3a4db61930470fe214125874f7edcfd15c897be3387d05de99372715
SHA51209b2047c544415173904cd3abca829548c88f60c98561feefb523c12487ac77cb3bfee7ccbd1009fca6353cdf6cabaf6405d369ce9af89a89691c4d7027cfb41
-
Filesize
2KB
MD5364ff078df3d5a8ff05090528653e1a2
SHA18cf18818eaa4ad97877e836b023c42c39fcf119b
SHA256d2248ad62799f0fda9069bbfad7f3bf047a88b7357ff07eb3281a7bfa71991b3
SHA51211f66e697988b9992070c6ec50bdcc89a175afa48171279200ccb14af825b97e1c4a36ccc88ba5570af58f7cc70fe59d691a380f3cecae2309e2b62e487cf6f3
-
Filesize
8KB
MD58d90ba4b510027e1959f11c0b3a404d9
SHA1fa32edb5c911f1ae90e6e1fdbacb7758695aec5b
SHA25601234e98b2a615a8ed893bcf79271ed53d3d753f836043dd62f3f05afb4d6ca5
SHA5121d879102c75e0c920571f904321d52ae18592b72eef67fc0e3021ff19e77d1c098b6de4c0e69ac335416d58f567f983a534b99b6f044ba5d81cd4593a5b1d154
-
Filesize
8KB
MD50575def0f7966e6f8fa1f870b795b236
SHA1e62c73bb95a5d0cd14c3730fc69bec721ddf7a7d
SHA256ea1ce05ae0f8c509ca9b68e5feb33d5b5eced7f0dc4a668e049c1bfb71cded55
SHA5127389d37c4bb68828fcb83668376bccedda88cd4e6a970f6d7652d67c144720cc18a386d6292a323521ee48d7ec8b36a6785a01bd954d6cc4c7d46ccd2ba145f4