Overview
overview
7Static
static
64a1417007c...18.apk
android-9-x86
74a1417007c...18.apk
android-10-x64
4a1417007c...18.apk
android-11-x64
7lyhtgh.mn....23.apk
android-9-x86
1lyhtgh.mn....23.apk
android-10-x64
1lyhtgh.mn....23.apk
android-11-x64
1unicom_resource.apk
android-9-x86
1unicom_resource.apk
android-10-x64
1unicom_resource.apk
android-11-x64
1Analysis
-
max time kernel
6s -
max time network
13s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
15/10/2024, 21:25
Static task
static1
Behavioral task
behavioral1
Sample
4a1417007cce3309e04b28f326953288_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
4a1417007cce3309e04b28f326953288_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
4a1417007cce3309e04b28f326953288_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral4
Sample
lyhtgh.mn.ltplugin_v1023.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral5
Sample
lyhtgh.mn.ltplugin_v1023.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral6
Sample
lyhtgh.mn.ltplugin_v1023.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral7
Sample
unicom_resource.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral8
Sample
unicom_resource.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral9
Sample
unicom_resource.apk
Resource
android-x64-arm64-20240910-en
Errors
General
-
Target
4a1417007cce3309e04b28f326953288_JaffaCakes118.apk
-
Size
3.8MB
-
MD5
4a1417007cce3309e04b28f326953288
-
SHA1
577dee7298196e38cd0df9234970205b71288304
-
SHA256
592fd5f007d203ca288a16161f53dc7ca7bcf84ef431b45c48e42d7d202c0ba9
-
SHA512
93b577cd84b914cee8bd0a816ee9207ba48bcf98836bbd69fa9376375999f6238ce932fc248618bb0af9614effc7e321a6ffd426ec94bc5f5137dba992726bea
-
SSDEEP
98304:eHEvO202+T2nchP/WNLTYnOFTk+KmJDAxRhEwlGlvNayFdP:UEvOfth/WFB6EPXXP
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /storage/emulated/0/Android/data/com.lyhtgh.pay/plugins/com.lyhtgh.pay.ltplugin.apk 4954 com.dajlxc.djzdls -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.dajlxc.djzdls -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Reads the content of SMS inbox messages. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://sms/inbox com.dajlxc.djzdls -
Reads the content of the SMS messages. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://sms/ com.dajlxc.djzdls -
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.dajlxc.djzdls -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.dajlxc.djzdls -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.dajlxc.djzdls -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.dajlxc.djzdls -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.dajlxc.djzdls -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.dajlxc.djzdls
Processes
-
com.dajlxc.djzdls1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Reads the content of SMS inbox messages.
- Reads the content of the SMS messages.
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4954
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Execution Guardrails
1Geofencing
1Virtualization/Sandbox Evasion
1System Checks
1Discovery
Location Tracking
1System Information Discovery
1System Network Configuration Discovery
4System Network Connections Discovery
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
145KB
MD5278e8100ea1ee2c466d55451e87cef73
SHA18347d2b269f74841ca92cef51d450ed953d73aaa
SHA25606d08532287fc6a934aba8d5a361eb83e4d7a1c8cde4f6663ab2746e4fc09a38
SHA5123e7fcf245a07ce8e03a78f75835c30e0b0f270e68987f85b92aa97f7b0894d73702ebdd80372cddea310a52624db1ccf65125399b6bf218dbd717ad053dec088
-
Filesize
345KB
MD521c7c675b3dc4ba37ecf2e58fec9ccf8
SHA116d524195e74f324010e7e5cf5a73e39bf757864
SHA2567502952614e205d4d5605d0af83169fb70efedc52b0feaa1f9003cbfd830ea93
SHA512ad3725129013e75c632b383999b7a936beed98418ed7d92d4dd4a5fb9ac7a1f518b4b6444324d5f366f422fe5099f6a54bc7ce62be4f8077ab4957b144b85482
-
Filesize
85B
MD544369ec4020a3de1cbb93b91b534fa90
SHA1796bc8fcdca9a2eb3b80d334b6490dd14f05c78b
SHA2567803e84ba2109bb973471fc882900c1b54f6945507af7b5bbba9c66531e00fee
SHA512cb2eed985115f349c244494352cd08fe43068423d6b60e1a9292e800a8c630e099cfc6c68ef88c63d11a8d1302c6fed6ee0413f35f8eaab54bf115050c4595d4