Analysis
-
max time kernel
149s -
max time network
130s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
19-10-2024 23:11
Static task
static1
Behavioral task
behavioral1
Sample
5f2a21c5569b01486fb791784aff7005_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
5f2a21c5569b01486fb791784aff7005_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
5f2a21c5569b01486fb791784aff7005_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
5f2a21c5569b01486fb791784aff7005_JaffaCakes118.apk
-
Size
3.1MB
-
MD5
5f2a21c5569b01486fb791784aff7005
-
SHA1
5c674b4543573ddc6008e9d013fbf5001fd3b923
-
SHA256
9afaa372d732d9a920e8dc68ccc243a248f839f52dac33da41f69f2ba0941906
-
SHA512
155a1b34bc78cd55fe4bb10dc8b5bafa65e23e6be4ee01a6139fc5bfb4b4ae9008fe2960b2ad4c5c9faa4ae4a8805c1e07edd790d745d5ede5ca766729ee653a
-
SSDEEP
98304:ozQtjfDm3PO06zgBr3XlEY2P/nfyF3wBlAVI:oMhm/6z6T1EYWfyy
Malware Config
Signatures
-
Hydra
Android banker and info stealer.
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.lxqbcgkl.uzkzdvx/code_cache/secondary-dexes/base.apk.classes1.zip 4288 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.lxqbcgkl.uzkzdvx/code_cache/secondary-dexes/base.apk.classes1.zip --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.lxqbcgkl.uzkzdvx/code_cache/secondary-dexes/oat/x86/base.apk.classes1.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/com.lxqbcgkl.uzkzdvx/code_cache/secondary-dexes/base.apk.classes1.zip 4260 com.lxqbcgkl.uzkzdvx -
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.lxqbcgkl.uzkzdvx Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.lxqbcgkl.uzkzdvx -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 8 ip-api.com -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.lxqbcgkl.uzkzdvx -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.lxqbcgkl.uzkzdvx -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.lxqbcgkl.uzkzdvx
Processes
-
com.lxqbcgkl.uzkzdvx1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4260 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.lxqbcgkl.uzkzdvx/code_cache/secondary-dexes/base.apk.classes1.zip --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.lxqbcgkl.uzkzdvx/code_cache/secondary-dexes/oat/x86/base.apk.classes1.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4288
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.lxqbcgkl.uzkzdvx/code_cache/secondary-dexes/tmp-base.apk.classes8740677427164440178.zip
Filesize378KB
MD55c3f18fabc8a15521d28e2593cc9398a
SHA1b645b9a66a492bc8ffab125c3b16ff0d8e3f27ee
SHA25608278db78ac09ffbfe5d0c13f09055d32ce449fcf1e4a8de11c45586fbebb73b
SHA512d521589acdc996ac546fe9065eeada58af775659712d9937a832025bad7582751817b7121b6a774625ffcba4c0a3cd9903fb67d3cdf88e9abefec34f39efcef7
-
Filesize
902KB
MD57195b1299806d409d6dd8e0218f5f0ae
SHA1773ecdbf524f3f1d25b9150907318f79702c2db9
SHA256669fb2a207c8c7cc76b19faa3516fccb689bd2f6fb730234aeef8b4fcdadde29
SHA512294d0beb255bb0ee83ce00f6839b8f7a285c0c797661a9bf5fbd96dd4c4da69fff3f46cd712dcdcdf89b60d75c09c95ab44118b8fe72c1b17d9a2baba219b577
-
Filesize
902KB
MD570dea65e5b97b54ee38d507bc3832747
SHA18b5db2666a7c5317989c441e0819c988c76ad0ae
SHA2566e8d99f6dfbb9b7eff88dea1a3ecbb1a71c0a15e80f345516f1f9071b9be1def
SHA512cfa330cd7f8945fe78a477787e058d2cf50313e5af8a60aec735c2314e27c6c1cb275f0d5fb9c3fbe11d1aa8b2b25ed42c69ba5a3e3a17813436511750bccbb4