Analysis
-
max time kernel
122s -
max time network
131s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
17/10/2024, 01:01
Static task
static1
Behavioral task
behavioral1
Sample
5002fb5f1daff7468f480004fb81c4d6_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
5002fb5f1daff7468f480004fb81c4d6_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
5002fb5f1daff7468f480004fb81c4d6_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
5002fb5f1daff7468f480004fb81c4d6_JaffaCakes118.apk
-
Size
1.3MB
-
MD5
5002fb5f1daff7468f480004fb81c4d6
-
SHA1
a783a51d6b5a8e46a1dcf4ada014443754d61f06
-
SHA256
f02f9b3a9abd8913886f6632e9a2342cca30003b3a6e66d9463f728cf77018e3
-
SHA512
abc2d4c05d353c2a30b3b859000e1bca52d66932bba9f14bf1b078a6baf4d33a7315a91c83804f6cb9ce161d9c30010aeeb113b2651cf372762e0bd0b0cb20ba
-
SSDEEP
24576:tzMCZwn/LWnzfUZ7c8WLxIaWCJRYTaymovinFlKgKi1LcleUV9:eCSnzWnz8Kx5WE+aHrFogKiNclee
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.cool.mytaskkiller -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.cool.mytaskkiller -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.cool.mytaskkiller -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.cool.mytaskkiller -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.cool.mytaskkiller -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.cool.mytaskkiller -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.cool.mytaskkiller
Processes
-
com.cool.mytaskkiller1⤵
- Queries information about running processes on the device
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4237
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Execution Guardrails
1Geofencing
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16KB
MD51a537819a85008672765786587ca9c8f
SHA163f450d5148eae7e22ee28050c40c210a903f277
SHA2563a97a8408d0b03051c54c7f677f0b23778982cd534c0ed9bbd8cd4775281a92b
SHA5124839fed776fe039304249842e917d0bccc157009ba6ea5dbe66cb65f428074785cdd42740d5cde9d2615ee5acf7ba2206b2ef863609ba1cfb061901995d273d1
-
Filesize
512B
MD502e57d963b233f60b55a515d4a1778b4
SHA1811f603247040ea132cf2983bf0e0066ba7aa8d2
SHA25610d9959684baa746dfe3635e48b7eb3d01756d7679494a55cd1a54dc1fae1f6e
SHA512fef4a8b3ef806db3517e406a1c12a4764d533abdaa696fd670f1d1178681a7aba23f37ef299845c5169ffc9cf9bbe603c62b1759a406435798d4f56103c25a0d
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
28KB
MD5571fc5d8667b2b32094f6389aff96140
SHA16963c7b09e5b78a9c4fb11592faa9d0af0e6d6bf
SHA256891584a36ed09d99d2a0529fa839a1ac7721271d20dd7d1089229da9681d8495
SHA512c171767d1ffb706d2f051076b143fc7dc7944c78ae4261f9cf5414f250e22b2a36b1a68aec1be9e71aa6458277b06dabb97085059f329f6535ed4f5526f3d511
-
Filesize
906B
MD519236718671c7f0c44534511dc8c9651
SHA1e720e1b4512c2d08edad7aab5f120baed0459dc1
SHA256afc7c9707b03c0dff64f0f2d16e29ea8a8d742ff3771caabb411274685120e22
SHA512e9bd51472c181519703bf1da508b6a21e893284ab9d1fa20761f5a12890d45161c1fa3bdf4a21a579e0930406686cdfd5560a522f3e68b022e8beacbf3e1d8ce
-
Filesize
58B
MD52b53b6b030d7bdb5da6ea0d501b6a165
SHA1fa4e9e8d724d91963a3fa3def11790559cac11c1
SHA256d8209526853a232417c586b6c130ed3ec53af8a2928b95d032ddcee37b4698fc
SHA512dceddb69f3c907593c47edd56cea3b5cd68e560f020244e6abf9e63c58263d38b36e8736617758f2c5c7292bffd815af44fee3805217aa9065cd143e0599b128
-
Filesize
51B
MD5b1f15b56516db9bf85d834fe77ea7045
SHA1d12a4d0cabb6af6c53cb8396878858e85344cc78
SHA256cd868a55640f5db2e62e426e4800aa77eee9bf478e232f59910b590a10144ce3
SHA5122207d88ac37988ef0b6f365df1af0ef3d040b9689a5fa860d7b27d7a3f971636f00b2f0af67e9c7ace6c4104aca9387bbcc422792344e8e4db1f89f34e03d438