Overview
overview
7Static
static
64a1417007c...18.apk
android-9-x86
74a1417007c...18.apk
android-10-x64
4a1417007c...18.apk
android-11-x64
7lyhtgh.mn....23.apk
android-9-x86
1lyhtgh.mn....23.apk
android-10-x64
1lyhtgh.mn....23.apk
android-11-x64
1unicom_resource.apk
android-9-x86
1unicom_resource.apk
android-10-x64
1unicom_resource.apk
android-11-x64
1Analysis
-
max time kernel
149s -
max time network
134s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
15/10/2024, 21:25
Static task
static1
Behavioral task
behavioral1
Sample
4a1417007cce3309e04b28f326953288_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
4a1417007cce3309e04b28f326953288_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
4a1417007cce3309e04b28f326953288_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral4
Sample
lyhtgh.mn.ltplugin_v1023.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral5
Sample
lyhtgh.mn.ltplugin_v1023.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral6
Sample
lyhtgh.mn.ltplugin_v1023.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral7
Sample
unicom_resource.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral8
Sample
unicom_resource.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral9
Sample
unicom_resource.apk
Resource
android-x64-arm64-20240910-en
General
-
Target
4a1417007cce3309e04b28f326953288_JaffaCakes118.apk
-
Size
3.8MB
-
MD5
4a1417007cce3309e04b28f326953288
-
SHA1
577dee7298196e38cd0df9234970205b71288304
-
SHA256
592fd5f007d203ca288a16161f53dc7ca7bcf84ef431b45c48e42d7d202c0ba9
-
SHA512
93b577cd84b914cee8bd0a816ee9207ba48bcf98836bbd69fa9376375999f6238ce932fc248618bb0af9614effc7e321a6ffd426ec94bc5f5137dba992726bea
-
SSDEEP
98304:eHEvO202+T2nchP/WNLTYnOFTk+KmJDAxRhEwlGlvNayFdP:UEvOfth/WFB6EPXXP
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.dajlxc.djzdls/app_lyhtgh/plugins/com.lyhtgh.pay.ltplugin.apk 4537 com.dajlxc.djzdls -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.dajlxc.djzdls -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Reads the content of SMS inbox messages. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://sms/inbox com.dajlxc.djzdls -
Reads the content of the SMS messages. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://sms/ com.dajlxc.djzdls -
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.dajlxc.djzdls -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.dajlxc.djzdls -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.dajlxc.djzdls -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.dajlxc.djzdls
Processes
-
com.dajlxc.djzdls1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Reads the content of SMS inbox messages.
- Reads the content of the SMS messages.
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Checks memory information
PID:4537
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Execution Guardrails
1Geofencing
1Virtualization/Sandbox Evasion
1System Checks
1Discovery
Location Tracking
1System Information Discovery
1System Network Configuration Discovery
1System Network Connections Discovery
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
145KB
MD5278e8100ea1ee2c466d55451e87cef73
SHA18347d2b269f74841ca92cef51d450ed953d73aaa
SHA25606d08532287fc6a934aba8d5a361eb83e4d7a1c8cde4f6663ab2746e4fc09a38
SHA5123e7fcf245a07ce8e03a78f75835c30e0b0f270e68987f85b92aa97f7b0894d73702ebdd80372cddea310a52624db1ccf65125399b6bf218dbd717ad053dec088
-
Filesize
345KB
MD521c7c675b3dc4ba37ecf2e58fec9ccf8
SHA116d524195e74f324010e7e5cf5a73e39bf757864
SHA2567502952614e205d4d5605d0af83169fb70efedc52b0feaa1f9003cbfd830ea93
SHA512ad3725129013e75c632b383999b7a936beed98418ed7d92d4dd4a5fb9ac7a1f518b4b6444324d5f366f422fe5099f6a54bc7ce62be4f8077ab4957b144b85482
-
Filesize
413B
MD5e5645f1e85d607eb74168300122f2ecd
SHA1de20fe75e66088b010c118fdbc8732947aa3e301
SHA256e9216f21d9471db6c74d7641010f6b9b7abfed3fa709f2f6d560651a347477e0
SHA51232cfbb86ad6818b7be4e4587eae7f48b1f9f513a470ed186e842eb79c22e3d55970c7dfd3f142fbea22d22ae23dbcf3b2c3db2f5491a22038984ad879923b20a
-
Filesize
85B
MD5bef6c18ae5595292449ca315afcbba1e
SHA17cbf34033990f75a7129ccc0fda7d2ea63705e6e
SHA256338386cbb4c309fc7b091cbf6a38a37f4d09857c2b95f946ab403a6128ca0414
SHA5123561093d930ab0b870eb74f48d04e41dc05fa1a07dac679f09b192657229b3603ce421b5e3f7e6c7f5a2587a5171391aa7db6fa20aec1e110e6749f5ff8b7a65