Analysis
-
max time kernel
124s -
max time network
130s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
17/10/2024, 01:01
Static task
static1
Behavioral task
behavioral1
Sample
5002fb5f1daff7468f480004fb81c4d6_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
5002fb5f1daff7468f480004fb81c4d6_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
5002fb5f1daff7468f480004fb81c4d6_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
5002fb5f1daff7468f480004fb81c4d6_JaffaCakes118.apk
-
Size
1.3MB
-
MD5
5002fb5f1daff7468f480004fb81c4d6
-
SHA1
a783a51d6b5a8e46a1dcf4ada014443754d61f06
-
SHA256
f02f9b3a9abd8913886f6632e9a2342cca30003b3a6e66d9463f728cf77018e3
-
SHA512
abc2d4c05d353c2a30b3b859000e1bca52d66932bba9f14bf1b078a6baf4d33a7315a91c83804f6cb9ce161d9c30010aeeb113b2651cf372762e0bd0b0cb20ba
-
SSDEEP
24576:tzMCZwn/LWnzfUZ7c8WLxIaWCJRYTaymovinFlKgKi1LcleUV9:eCSnzWnz8Kx5WE+aHrFogKiNclee
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.cool.mytaskkiller -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.cool.mytaskkiller -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.cool.mytaskkiller -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.cool.mytaskkiller -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.cool.mytaskkiller -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.cool.mytaskkiller
Processes
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Execution Guardrails
1Geofencing
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16KB
MD58fe2af476c472e00b00179cd96bc0a67
SHA14cfe419c184794d1f680ffdbe5d677be93508fd3
SHA256ea552d058d1a4f131b361e870b53b460c540993b7cc351cebd8b89effaf88402
SHA5120a3f8638559491cda2158a00c29aeba6f216b42c89a5b3273605431aba2b41c26f1f76ea6b267fcfbbb193d892436a6034ab779e0980cd7035686412a0890b5d
-
Filesize
512B
MD5f40af0cb577369d85429678cddcb585d
SHA1a80cfb8d37837f9f11e93f4180b89bac685b23f4
SHA2563f2520a62b462e5cc4de1b27811187247b2ff0e734630058f98fc52b7df4bd89
SHA5123ae4acb1552ed3fc473fb80a315e9f16507af12f4c2fc18c760d1416d4f81a9989d21500ae9c7f09eaf78061962638f8ee81d5d0649fef72819f1ccf1454aa8b
-
Filesize
8KB
MD5efd1ffe5baf3855d17cfc545718b869e
SHA1913a55d2cab6f3d086c3fc17f545cdfde9f52833
SHA256aae042a7bb03d29443b53b14b0847365cda2e027b95ade682da63804ed4a428b
SHA512fc2b062cab00d49343102584468eb6924e51a65a4f9b0ebf7ea87bf3692a103fd47084ce764ed3a940f740746b21f55a7faafaf0d7a77758dfff866ae0019996
-
Filesize
8KB
MD5da154c933fbb6f6a1b42ab242e3ab6f7
SHA1122ae24de17aa3bb32353ff3a1404f1e062ae9b6
SHA256270c6f85e355b9ae014ecf6fef0d904fa8ec494c3e649e158e2348fc741ff348
SHA51216e5d6450bc9440ceacb49cc5be52accd27154d2edebdc36edb008ea0a17fe420d0af7e4b7aef379ef81fdd7433c313166b17f9f279d4af9d1aa377640f9bd37
-
Filesize
51B
MD56a174193997db8112b857e9b489c0841
SHA13937e851ac34f4e003515b3081c08b6c15dfcac9
SHA256077b51513fb4dc58c1216e2dfdb7d0ebc0972c2b05e4578652e42fdb24de1c0a
SHA51284a8410260509205961f8f752035c9e7cfc198817c45022d3b35e7e1518ca459502a60bb721652d5833a560ecfba09ec15b50424a710b520520f22c04c004c2b