Analysis
-
max time kernel
8s -
max time network
156s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
23-10-2024 13:22
Static task
static1
Behavioral task
behavioral1
Sample
6f23a41f5e69cc67da24e829a3b798a4_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
6f23a41f5e69cc67da24e829a3b798a4_JaffaCakes118.apk
Resource
android-x64-20240624-en
General
-
Target
6f23a41f5e69cc67da24e829a3b798a4_JaffaCakes118.apk
-
Size
1.5MB
-
MD5
6f23a41f5e69cc67da24e829a3b798a4
-
SHA1
8a3d2c9a6abbe6d7a8f495310fdda05cfe6f3f4d
-
SHA256
8265b2e8bcfe0422faedcfcbca4b93b98a62ce4b63b0c048d34f64a8e0046974
-
SHA512
fa526660f6f41a8b021868a973812f63dcc0b208e916812fedf54174a715c0a7fc69b79c1f01a9e66f3765908c3ce7f5b64a02ac76d55d0335eb2fd105f86476
-
SSDEEP
24576:RDrDqhGPmOFJkDUHc+gxvnJm9VPNsJdE0Jl1jMzp2PGHTBbbg+ZaifIdzi4tBjCQ:RDr+GPmOFJcU8JxPJwVG00Jl1jMzp2e6
Malware Config
Signatures
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Queries information about active data network 1 TTPs 1 IoCs
Processes:
info.rhmipkj.ihijtk.sptvsdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo info.rhmipkj.ihijtk.sptvs -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
info.rhmipkj.ihijtk.sptvsdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone info.rhmipkj.ihijtk.sptvs -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
info.rhmipkj.ihijtk.sptvsdescription ioc process Framework service call android.app.IActivityManager.registerReceiver info.rhmipkj.ihijtk.sptvs -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
info.rhmipkj.ihijtk.sptvsdescription ioc process Framework API call javax.crypto.Cipher.doFinal info.rhmipkj.ihijtk.sptvs