General
-
Target
4b6a78e4a1f19d9574305de4efb7fdc0_JaffaCakes118
-
Size
6.8MB
-
Sample
241016-e7ecqaxbmj
-
MD5
4b6a78e4a1f19d9574305de4efb7fdc0
-
SHA1
b1e083ba41fc05b1bf4c7d5405f604a43fa56f01
-
SHA256
f6b7a5bd7150c1515bda3807036c6d4ca7838e1ad58d71624b85c53ff1a3cb3b
-
SHA512
5f3c18dd9c36e5e57aeb575e274f5d720d3312f14e9d375ee1b6eb16a74e526f1306e1b60b26f98113b2a754fdc30f3b516dd4edff584cc5d537db6c07ed7c5a
-
SSDEEP
98304:mOD+KvLXmAxvjAkVrPGFFHU+DV2qt1d/AYs/I09XfbC9XruTcECHD+/OxN566D6I:mODxjFIjHVDJwJC9FZ+/jqaKvr
Static task
static1
Behavioral task
behavioral1
Sample
4b6a78e4a1f19d9574305de4efb7fdc0_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
4b6a78e4a1f19d9574305de4efb7fdc0_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
dump.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral4
Sample
dump.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral5
Sample
dump.apk
Resource
android-x64-arm64-20240624-en
Malware Config
Targets
-
-
Target
4b6a78e4a1f19d9574305de4efb7fdc0_JaffaCakes118
-
Size
6.8MB
-
MD5
4b6a78e4a1f19d9574305de4efb7fdc0
-
SHA1
b1e083ba41fc05b1bf4c7d5405f604a43fa56f01
-
SHA256
f6b7a5bd7150c1515bda3807036c6d4ca7838e1ad58d71624b85c53ff1a3cb3b
-
SHA512
5f3c18dd9c36e5e57aeb575e274f5d720d3312f14e9d375ee1b6eb16a74e526f1306e1b60b26f98113b2a754fdc30f3b516dd4edff584cc5d537db6c07ed7c5a
-
SSDEEP
98304:mOD+KvLXmAxvjAkVrPGFFHU+DV2qt1d/AYs/I09XfbC9XruTcECHD+/OxN566D6I:mODxjFIjHVDJwJC9FZ+/jqaKvr
-
Checks if the Android device is rooted.
-
Checks known Qemu files.
Checks for known Qemu files that exist on Android virtual device images.
-
Queries account information for other applications stored on the device
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries information about running processes on the device
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries information about the current nearby Wi-Fi networks
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about active data network
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the unique device ID (IMEI, MEID, IMSI)
-
Reads information about phone network operator.
-
-
-
Target
dump.jar
-
Size
67KB
-
MD5
1ed63aae654ec48412cc6c368401f747
-
SHA1
9b8369c379d79f4a140787461da3d99945db9251
-
SHA256
a4746ce98e7bf8ae964dbfac4df074234eae99a95f7757666861914f23544415
-
SHA512
e59f80e94f7bdcad55c450eea30fdb6f5b16e8256b697f745236aa5f4a29d173d6c0569adac770fe9f7e47d7fbf48decd196d4927940190ce17b080dc39a06a8
-
SSDEEP
1536:Uux2jGD/j3xsYOCnjGS6VXAuVu1UB2h1/eMo6Xy4qxHkIKiu:Xx2jy31eVXAuVumCpesy4qdtu
Score1/10 -
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Execution Guardrails
1Geofencing
1Foreground Persistence
1Virtualization/Sandbox Evasion
3System Checks
3