Analysis
-
max time kernel
149s -
max time network
132s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
-
submitted
23-10-2024 11:47
General
-
Target
6ebeb85ffe32db161606a7c53722b890_JaffaCakes118.apk
-
Size
3.0MB
-
MD5
6ebeb85ffe32db161606a7c53722b890
-
SHA1
dc93b4458efebbc4a15a330840f0c92359e4de95
-
SHA256
5ce41f4ecbfa8fa2855689ec3cfc1015ccf17f00ad28fa3bd26b4b8c86c56ad9
-
SHA512
6c89168da5662aef9e5753f802e16791668c1820971304b349f5560e829dfec272f13eb3726a4d0c0f339579b4ca006f1d4acc904513c71da69a0a4ecf7c2c69
-
SSDEEP
49152:92UEyQygv2WCra6iKmRxdehYOE82PNSKpekboCtEQeiem9b5oZ9kw6PZzjC:92Qgv2WSa6ir8sSb6oCN5d7Pc
Malware Config
Signatures
-
Hydra
Android banker and info stealer.
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Queries information about active data network 1 TTPs 1 IoCs
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Reads information about phone network operator. 1 TTPs
Processes
-
com.bllgeqgp.qbyoikh1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Queries information about active data network
- Queries the mobile country code (MCC)
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
902KB
MD517b7abdbdb0fec8364a877ac363163ef
SHA17f441912fa0c46de58a1dc8de4689c72704cbead
SHA2567ee911539603a426a9c80a73c176e4bb4cf483a92b89c044e36c67bb83805f29
SHA51284faaae771288b17e93c2aabac17493e0f5229b00e5634b9ae2468b06553a3f44ef071db9996162f469182be93d094b862eb57ce7e4d01be7e8e14ed416ebd2d
-
Filesize
378KB
MD580ccafc1f828a3fe8d9307a30c7a9756
SHA153e9082aa74d71b59f353345d7855239db39c094
SHA25620fa911e7822db256785a610d273d057a15c68244948de63d181f657d4aee335
SHA512dd26b5af1642a871420f924ae53040b440d7cee693b7539feef6b2ddad4f48c5c17b995c5a7b2a053ca4ed4a755b12e865bfe959957fe5285b8c81ba1e3d164e