Analysis
-
max time kernel
112s -
max time network
148s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
17/10/2024, 01:05
Static task
static1
Behavioral task
behavioral1
Sample
5006765c0d98565d96dade82dc43e72a_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
5006765c0d98565d96dade82dc43e72a_JaffaCakes118.apk
Resource
android-x64-20240624-en
General
-
Target
5006765c0d98565d96dade82dc43e72a_JaffaCakes118.apk
-
Size
1.3MB
-
MD5
5006765c0d98565d96dade82dc43e72a
-
SHA1
9d4616b151aa4dbd0293025a62f9c43c3f65490f
-
SHA256
0bc5658a8cb733bf27176836a9cf34e267cb79d4aadd489c62984a4a52559212
-
SHA512
511b7032f985a5f6b5a31bd81c3938aef1c247e68469fbab313294a0cb4f062e793b0d9d22aa3ac03cf713220ef7f886cf9f6efa85c013b441cb24243be4f290
-
SSDEEP
24576:wBnNz0PoJrUmt9Zo+ZYjVQXq/13tdHbZKm51Ob83B:UzRUe9J6jVQXq/1XHNKmjbx
Malware Config
Signatures
-
pid Process 4962 com.rbar.bxtq.qosf -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.rbar.bxtq.qosf/app_mjf/dz.jar 4962 com.rbar.bxtq.qosf /data/user/0/com.rbar.bxtq.qosf/app_mjf/dz.jar 5017 com.rbar.bxtq.qosf:daemon -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
description ioc Process Framework service call android.accounts.IAccountManager.getAccountsAsUser com.rbar.bxtq.qosf -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.rbar.bxtq.qosf -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.rbar.bxtq.qosf -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
Processes
-
com.rbar.bxtq.qosf1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
PID:4962
-
com.rbar.bxtq.qosf:daemon1⤵
- Loads dropped Dex/Jar
PID:5017
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
104KB
MD5656eec0445b1ac574b87e1bd3a98d969
SHA1fe3e1ee6bac338416e47e90ed249cb82aeaf6bd4
SHA2560817449409b55007ece8d2d25f6d4b075ebea09c7feabee79636176bb0794792
SHA5129a2737d22a9e647eadf4752513df79fe960cb69ec9563a2d7f504b3e91a95a6081876ab068355b8db49c44ea8627a33ca94c0244c2909668bec2620dc71a27fd
-
Filesize
104KB
MD530617d6621bcd972fcea53d04f3b2a55
SHA1a0a51f60773e3a1eea2f929c8f1df896b6d71e7e
SHA256157b006e48d74dc023d671b5a7e9e61f96853be434db43efa8754aecba50e12b
SHA512d7735599a3186ba6ca0c6151299fc9353495e4cb4cf1b3a8aebfe6e0901e839f1027013aebb2d168c8fe2ace65fac6bbc89b56b8316e546bda879825febd1ad0
-
Filesize
28KB
MD5dae68dcffc3d522a79f98ebbc3b6d457
SHA16df5dce9a50f12044a2d20b8d1742ae47b82ee03
SHA25656cf91ca198812e0ef9ba4af0e96c08a32e24c917bcf2250bdebdfd7fd6f5286
SHA51223b76f988399e9c9e4f5a7e8d19ecb765abdb115b0beee35f8ca9d221bbc5ee79f0152fac4261cc91eb9e7f874b5c6e9bff2dbb1812d31412d506cf83c16adcd
-
Filesize
8KB
MD5838098d625ac2a14e25ecd5c7841e976
SHA1d57db213c7f3e6a1687a8364bfc9631dea1ce3cc
SHA2564f5933145b734e53918e0ee0d6e6b7aa3aba41dfcd5771342742de579aac5ca2
SHA512ab34e449bcb041c1da31d27abeb434f41d2d521dd2a0d9e591fc29fb81ceacf3e0ba9f594ffc8b9879ac53ebd421aa70df765a2c53d7115c3d2708ad49416647
-
Filesize
512B
MD5e8ee4e487a1245781059a5286af2c208
SHA19ff57f568a71b08f4a7a4f9e1b5e6825317db33e
SHA25646d8d46bf66c0edd4dd71b2377a67e86fb1a9cdf232964f88427810dc98b106b
SHA51239388451ad24297dea0c769f495d16faf65a5d348511f9e4d40897d2ae426d27fd8066f0094dffea48f6787ac66bfed064423c59a0118b729839af88b239b068
-
Filesize
8KB
MD5549a16dcbd8faf85d6eaacb24be34630
SHA1aaa1d0003911d553fce3cf4819a4542756badc19
SHA256a4959e30f432b96602019394c840029178ab70a983c64bec88df07c96df62f10
SHA512f4822cd56558e0f28af85adbc2a186a8cfd75e5228878255ed39838d88660ec8d92f16cf2249dd88eb83ccadcd915e00acb1c4835183d17c433f54907c5078db
-
Filesize
4KB
MD5f5e0107df894b3b8c86756d9964777ce
SHA1d610e86768437e2c511af9849343d124d3f52523
SHA256316d3210135f2c10df9a67682984277f5bbd8db5086df12b30ac5ba4a73c9d24
SHA512c6f5a0bb18ed8336799d5b136ba925bf42a94670ff25c7f371e70bb7f488246f8027c12cceae7bcd87f6214b1f1a5881a7a4e4de5a82aec0b2bb3360bdce0243
-
Filesize
8KB
MD5393d213dbe39bf82a35056e55d0678c9
SHA12e8e1bea8d356d703ca052c1b2fd5f6295323533
SHA25632c531a7b2b8e6c4cfbd506f7335c6a8968a97908532fc7e2b066ee69ef7d3ad
SHA51289769d8dcd974fc8b172429dcb37a32297238df2156c3bd9e2cd8e1ed5eb76d0a8c33f9046dd72d15a8487649137eaad2f1528b568d01f879bcb478abc734daf
-
Filesize
8KB
MD514bc9e3f2fa71700a859c93425ffda63
SHA1c0f440c2aed93ff24ab81c3cb782e945b4ad010a
SHA2562fe325587dc37a1cf27fa1e30183020d5133777dc32d3facb568f366080f80f8
SHA5129d4f40719d5f8e1275fac3f8512be37a8d1750a5c27d5f87dce2bb5d799f3c0a8e59c26624b8b7f4500eceeb4d3f568d199fde7f9910e9230b6c47530995b6a0
-
Filesize
247KB
MD518cfdb00841ddceacea677d69a13ba5a
SHA1df15b27afa69a8f4e0e74c250e56df55e5701172
SHA256676ca8a391c823e9a3fdd7df70a1fc30f8ebd4680db0daff3e057cc401c9ad83
SHA51283886e59ac0462888e9b82475ebaeca79dcbabc8a2a01a6217c0ca122e41c1d373fb878bf6e5e885b8459f259e834df91f2c8bf30a2a52824e298a65d6dda86a