Analysis
-
max time kernel
112s -
max time network
132s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
17/10/2024, 01:05
Static task
static1
Behavioral task
behavioral1
Sample
5006765c0d98565d96dade82dc43e72a_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
5006765c0d98565d96dade82dc43e72a_JaffaCakes118.apk
Resource
android-x64-20240624-en
General
-
Target
5006765c0d98565d96dade82dc43e72a_JaffaCakes118.apk
-
Size
1.3MB
-
MD5
5006765c0d98565d96dade82dc43e72a
-
SHA1
9d4616b151aa4dbd0293025a62f9c43c3f65490f
-
SHA256
0bc5658a8cb733bf27176836a9cf34e267cb79d4aadd489c62984a4a52559212
-
SHA512
511b7032f985a5f6b5a31bd81c3938aef1c247e68469fbab313294a0cb4f062e793b0d9d22aa3ac03cf713220ef7f886cf9f6efa85c013b441cb24243be4f290
-
SSDEEP
24576:wBnNz0PoJrUmt9Zo+ZYjVQXq/13tdHbZKm51Ob83B:UzRUe9J6jVQXq/1XHNKmjbx
Malware Config
Signatures
-
pid Process 4543 com.rbar.bxtq.qosf -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.rbar.bxtq.qosf/app_mjf/dz.jar 4543 com.rbar.bxtq.qosf /data/user/0/com.rbar.bxtq.qosf/app_mjf/dz.jar 4605 com.rbar.bxtq.qosf:daemon -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
description ioc Process Framework service call android.accounts.IAccountManager.getAccountsAsUser com.rbar.bxtq.qosf -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.rbar.bxtq.qosf -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.rbar.bxtq.qosf -
Reads information about phone network operator. 1 TTPs
Processes
-
com.rbar.bxtq.qosf1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
PID:4543
-
com.rbar.bxtq.qosf:daemon1⤵
- Loads dropped Dex/Jar
PID:4605
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
104KB
MD5656eec0445b1ac574b87e1bd3a98d969
SHA1fe3e1ee6bac338416e47e90ed249cb82aeaf6bd4
SHA2560817449409b55007ece8d2d25f6d4b075ebea09c7feabee79636176bb0794792
SHA5129a2737d22a9e647eadf4752513df79fe960cb69ec9563a2d7f504b3e91a95a6081876ab068355b8db49c44ea8627a33ca94c0244c2909668bec2620dc71a27fd
-
Filesize
247KB
MD518cfdb00841ddceacea677d69a13ba5a
SHA1df15b27afa69a8f4e0e74c250e56df55e5701172
SHA256676ca8a391c823e9a3fdd7df70a1fc30f8ebd4680db0daff3e057cc401c9ad83
SHA51283886e59ac0462888e9b82475ebaeca79dcbabc8a2a01a6217c0ca122e41c1d373fb878bf6e5e885b8459f259e834df91f2c8bf30a2a52824e298a65d6dda86a
-
Filesize
104KB
MD530617d6621bcd972fcea53d04f3b2a55
SHA1a0a51f60773e3a1eea2f929c8f1df896b6d71e7e
SHA256157b006e48d74dc023d671b5a7e9e61f96853be434db43efa8754aecba50e12b
SHA512d7735599a3186ba6ca0c6151299fc9353495e4cb4cf1b3a8aebfe6e0901e839f1027013aebb2d168c8fe2ace65fac6bbc89b56b8316e546bda879825febd1ad0
-
Filesize
28KB
MD5fdb8a92e5060ce104e8f0faca55a47ce
SHA1270d7ca30673e18cec1d2b9add71cba96dc426fe
SHA256194b40a3911f23ea75c8f4543a13c1236ae15b02c0228a080615a1012f60e05a
SHA512ad962634ddd027403b5677a9ca979763071ef4a9b6f0127b0c1fd4b3a8bc51f5c4fa71245c301d0dbbf60e18953a94621715ce3ca4addef82b18030e3d718122
-
Filesize
8KB
MD5824a1affc2c8068dc8285840a81afab2
SHA11c80f5c11cac248b10824fdf4f200be7ec64ef05
SHA256efc40238636770877fd6c46b34e062e1cc6da4cfd1c209b61ad7bb3ce8782e86
SHA512649933216cb1d1af332af1925772b54e02b8d2a79e953af8420e587c758c623f4d80f67947de3db4944d9f05605897f1ada4cbf98f4f302a23487628b57e79e5
-
Filesize
512B
MD58def6261e15d73230e24d20e802c97a9
SHA144892b18c651024a438936204f2b72706e0e9548
SHA256bbf6d323e2811678b49a8fd4eea07276786ebac298270ad57e912a7bbc78c02f
SHA5120566e430a027eb0a7e17efcd21c445175aac14cdbcc3570a25c6065d9ebd3cad94763467dfb60330f60256fa2807352f2621415fd6f24d378b7e5d77126ed3d0
-
Filesize
8KB
MD5123bca74fd58395c39bd6775a307b38a
SHA10f27eecd12c47d8cf3e4cb53ff9874d376cfe491
SHA256d6232e8ec2d02aca4802dd4ccae2b4672ff3dcd657932b6014ac51f0a22d41ac
SHA512878c9381f95f33eec7af659a63afe6f262d130e60271f183c8381e39cf446f7387f0c22fe423ee5b9354a400087988592daae0b800156f97b7ddb3e2a4c45b3d
-
Filesize
4KB
MD5110ce13a86aab4697edc502061c58bb1
SHA19466ded81bbf0949171230b8f9a31c205b2cbb62
SHA2566776e7c222376e9277abe01365aca1071a0b155d25e0c7150562118afc959959
SHA512f513d31eb06b22c9ebe1b9adc0183def3c2f77fc104223f37e76a6dba814f064aa441e540ae63a715c16a1df89f6d642d50d5e8558a7d272c07d4f8079b69c33
-
Filesize
8KB
MD54319d0ef0c640e3cc3ec1521d62e93a9
SHA1dfa2421f38d85b78c4e23b24d1efaf5fd9367a80
SHA25617fec161876c378687703d5c8bc629ecd70c567a740b6466d00c1a78b1645448
SHA512fbacdb218196b7967e21e8a34fd88cf2fbd769188755381fb3d0c9e52d345faab072cb0fceccb3edc437452bfd7357472677111e2a39f3bfbe5e744568a7dbd4
-
Filesize
8KB
MD5fd215937a375a244bc08830ab735bc42
SHA15f46d54c122c0d9342711cd69bcdc3776d6b2e7c
SHA2568be09b9c72d976d4f704d17910fc19fb13f47edfe6c86441c374a80ec5bed686
SHA5122064d09b0f7e88d20e6dbd870a78399b0d74f3963f28672efa183dfdae475ab527b90603242be8f64f6103d808c14ffa3ef66e2d3c2b114de3cff239115801ed