Analysis
-
max time kernel
148s -
max time network
132s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
14/10/2024, 16:12
Static task
static1
Behavioral task
behavioral1
Sample
4309a260886eaf856e76155feb8288ad_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
4309a260886eaf856e76155feb8288ad_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
4309a260886eaf856e76155feb8288ad_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
4309a260886eaf856e76155feb8288ad_JaffaCakes118.apk
-
Size
2.8MB
-
MD5
4309a260886eaf856e76155feb8288ad
-
SHA1
fa91e5400a06359b3ff70ffeadb630ead2cfb4c1
-
SHA256
30fd63ecef630c026ef8e8f564487738bd05d424ba1520abcee9e7d7a97c0fde
-
SHA512
214169a3bd3366b9467cf0ca1a607155a2e50a734b93280e1209d1f6002cf4a3059783b88b7e88377b0f1da5c189b82b127c6b9cae3b8d929f0052513d9910e9
-
SSDEEP
49152:f7psBnPFA2bKW9GbYUGDH7dhJlth7NcuRphXF6AKv5igsK3rAbcNQVi3jFf62NZW:f7pMtAZmEPGD7xl1cqhXF6AKv33rAQNY
Malware Config
Signatures
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.ezzebd.androidassistant:beyondAppMonitor -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.ezzebd.androidassistant Framework service call android.app.IActivityManager.getRunningAppProcesses com.ezzebd.androidassistant:beyondAppMonitor -
Queries information about active data network 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ezzebd.androidassistant Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ezzebd.androidassistant:beyondAppMonitor -
Reads information about phone network operator. 1 TTPs
-
Checks memory information 2 TTPs 2 IoCs
description ioc Process File opened for read /proc/meminfo com.ezzebd.androidassistant File opened for read /proc/meminfo com.ezzebd.androidassistant:beyondAppMonitor
Processes
-
com.ezzebd.androidassistant1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Checks memory information
PID:4618
-
com.ezzebd.androidassistant:beyondAppMonitor1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about active data network
- Checks memory information
PID:4676
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
20KB
MD5894e53f613d3bbf376b5e5a580dace0f
SHA15beb341d7501ae9151d4455f32b48b67b47a82db
SHA2563fe1a6f6e57b864c66fc687fad13d9c8255999a13fefa2c1c7102d0d2d5c962d
SHA51274e251a74fc8002bc4afe4319d555477d8b2e8114d097208ea1b9448568ce8060d48ea7282ed9aa21c71140ec8fe4286d97db2e488c7cc59e9671a8058b188e1
-
Filesize
2KB
MD5bb76c2f9b5a2b59d4bf98332c1453f11
SHA1048736927d2204d2f896f7c07333ad344d0e4b90
SHA256e7acca8bb6f8cd50511362d1f6c8cfe617a56f2ee6d509321ad96914bd3850ba
SHA512316e8af7f458c4ae950a5d1aeb4d54b1f09ca4f1226b80221b1efd130da5aaaec293a468542bbb86b26fd132daa5f27508d02f6dc41ba4f011b9afa01fe39536
-
Filesize
8KB
MD5ea41066768da1cdcbe82be939f100673
SHA175a8a54afa7bec174364da510bb234d0ccbc8ec7
SHA25679f6eed2e7c022e6a058400f04d330594d22238e79fec1e334155a1c4486d4ee
SHA512bde59565859077b47cc05b83d5ea793afc41c3d7e6d10641cb747f8c12345fbd5c63c416e190926970c71332f7934fa2c452d40a25c43087e118a0b30025b573
-
Filesize
8KB
MD54793a562fdb7fc6dc5cf385b2518fdab
SHA19d4f0bddac1e145a8b0bf1e44cd98b578130dd2a
SHA25653a3390aea079c8d815f9181c10020fa75ad6464099641ba0f19ef0df3cb5f29
SHA51266143a13972dccdea357da5edaf80e66bae6bf19d835cb1a64e3e410425bb82864013b291c9873689d1fca2e275d5c87196f0706b6a5c578f83d1fb22eb7fe42