Analysis
-
max time kernel
123s -
max time network
147s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
17/10/2024, 01:01
Static task
static1
Behavioral task
behavioral1
Sample
5002fb5f1daff7468f480004fb81c4d6_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
5002fb5f1daff7468f480004fb81c4d6_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
5002fb5f1daff7468f480004fb81c4d6_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
5002fb5f1daff7468f480004fb81c4d6_JaffaCakes118.apk
-
Size
1.3MB
-
MD5
5002fb5f1daff7468f480004fb81c4d6
-
SHA1
a783a51d6b5a8e46a1dcf4ada014443754d61f06
-
SHA256
f02f9b3a9abd8913886f6632e9a2342cca30003b3a6e66d9463f728cf77018e3
-
SHA512
abc2d4c05d353c2a30b3b859000e1bca52d66932bba9f14bf1b078a6baf4d33a7315a91c83804f6cb9ce161d9c30010aeeb113b2651cf372762e0bd0b0cb20ba
-
SSDEEP
24576:tzMCZwn/LWnzfUZ7c8WLxIaWCJRYTaymovinFlKgKi1LcleUV9:eCSnzWnz8Kx5WE+aHrFogKiNclee
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.cool.mytaskkiller -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.cool.mytaskkiller -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.cool.mytaskkiller -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.cool.mytaskkiller -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.cool.mytaskkiller -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.cool.mytaskkiller -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.cool.mytaskkiller
Processes
-
com.cool.mytaskkiller1⤵
- Queries information about running processes on the device
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4995
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Execution Guardrails
1Geofencing
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16KB
MD59b189529fa9f46f1f64a0c4832be6e8f
SHA1e8226c2e92047586e7510212afad35c1b6d18be7
SHA256819dc857f87812e465bd3f14cc8238edfaa4ca9831d33751552d518f6ae846a6
SHA512c86fdd0f19cd3a0d05cebb1ddbbcfe5bb3a55730700a91cda75334fd14f3be22117868b86cdbfb7762bb6b68f272afe721c6ad42f662328283f58eaaf1f0f388
-
Filesize
512B
MD56c2c0cfc440a0f984baae78893d60023
SHA1bcf81d63fb764b919babb8bcc896caf89203e1d5
SHA256cd28312adc7151a43d1220207c5ad646a81c41e3437d98ec482dc38a83dcc817
SHA51222a989d12c154cf186c877f40deb8a92bdc951c15192d313d72ad005b433ef5a8a36939571d0a6c9265457d792230f80735a39e2a49d64198c92eb1bb46301c2
-
Filesize
8KB
MD50b37838c61656c29f8fb4ba0f03ead82
SHA188c4fa91817004137baedfaf059d6462234d2fad
SHA256466ffeac88650980024d37620450790b9b4674fccafebc91c6cb11e81f50ec70
SHA512b22ad4c7e9bc592e2554b9f222cf0e4af277f93c75298a362eeb3d403b8d7b8a02ca68f188561b85f1388eb6b094a58508d3c9c646ef5b8696a1a87b2ffd3454
-
Filesize
8KB
MD586a7fbd2ffebe9c3ed1361bac872b659
SHA1ce4a239266c8fa14d58ecf2830f7a1a01653ee84
SHA2567ad613841398087ed54b35063dc3ebcbe15e6303e4add25df10da4fb2b330bc4
SHA512aa6e9242c0721df034a85ea238882a9fc9cad31acf81947a9f97c82bf16aec0239f0f8da9a5231bddba19da6e4585ae7b4cb773fb1519d9dc1471558909a6da3
-
Filesize
820B
MD587e6d328014546e0270d63d9d145e27a
SHA13718a1b4035a37f461e070e40559d981826c30df
SHA2564367c5f61cd96e32bd014b24d23e4d720308150d9c101cb711fd8479f39ccbe1
SHA5124ff2284d97866a4704b3c382034f45e9ed1c29f838982baa85f3bf99e8a918773c17cac409fe870a87440c56ab7b17dbef1b38a20394aed758332b8119b36684
-
Filesize
51B
MD576dc1c37414d15df0805970269c2d01a
SHA1b88985647aa28642bc83104e5b0aa3f30170f27e
SHA25613490eb9a97b802009eeda505b5907a95704eb90adabfcdcf4db73a16673872f
SHA51200914b2d0d56c80794c7dbd1ccc2a8e375c69a457315de177f5ca4c9030597d6cbcc663e9ccdfe5e7457173282da830f56f134c63db21303327391b033b7bf21