Analysis
-
max time kernel
148s -
max time network
133s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
23-10-2024 16:30
Static task
static1
Behavioral task
behavioral1
Sample
6fdf34d17f3a3775b82c1dd5fdf01db7_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
6fdf34d17f3a3775b82c1dd5fdf01db7_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
6fdf34d17f3a3775b82c1dd5fdf01db7_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral4
Sample
polyvideo.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral5
Sample
polyvideo.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral6
Sample
polyvideo.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
6fdf34d17f3a3775b82c1dd5fdf01db7_JaffaCakes118.apk
-
Size
2.2MB
-
MD5
6fdf34d17f3a3775b82c1dd5fdf01db7
-
SHA1
38fe5652102703168d23ed58db9f9f9846df6214
-
SHA256
ffddef5f1b6d3e9d2fa6da987fbc78c53adb21b91528b0bd2490b7ef29f0bca7
-
SHA512
790bb21b90a530437c3f758dc82b255cfeaa9c0242f5c7d9d6609e9057ce7ff9f0145933fc979ae01cb956547a20147ba81d3905d26484918bebbe2c49dd70bb
-
SSDEEP
49152:APoTtBnmh+HpT7E7WkTcTJLTna1YiYNK4ziBBnmPJ:APatBmh+HpTYpTuLTMHYNKkeBmPJ
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.main.hahaioc pid process /data/user/0/com.main.haha/app_ttmp/t.jar 4455 com.main.haha -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
com.main.hahadescription ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.main.haha -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.main.hahadescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.main.haha -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.main.hahadescription ioc process Framework API call javax.crypto.Cipher.doFinal com.main.haha -
Checks memory information 2 TTPs 1 IoCs
Processes:
com.main.hahadescription ioc process File opened for read /proc/meminfo com.main.haha
Processes
-
com.main.haha1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4455
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
1Suppress Application Icon
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
187KB
MD58b2fab499ed1ae4e6a65b81db8843644
SHA175e1d393281ff9b62af50bd2ad51a3bb01641517
SHA25617106cb4686d5eeac9246cb1d219b202f2b1f3958eac1551b205c599924a971a
SHA512ba3d57a0df75f9fe069994e755f8057dbd5895cdf157900390a9a7e2bf51f9f77b04a4a24a68186c9afd2af278158b9733d29e966cec82db447acf4db7be432c
-
Filesize
187KB
MD5205fe9ba67b46c4c369adc1e689f05bc
SHA18a6d40ee4e6fd890d6ba79e38a2265cbe3363ef2
SHA25676bf2a99ee9ffbd6d424ce55243e06ead91725832b543778215dd1e2dcaaecd6
SHA5123c5703da2be0c9d401c118e9a6576e8cf18cd05d726f8b5087ee1aebc9f234e1bcfd12bb3453a3b4cdc9de78f6a9be476e4bc32baa9591cad9492afc80619be5
-
Filesize
398KB
MD56433e446614644586fe9259d11acb08a
SHA1a456afdd1fa81c878d0d2b69ec609baa1f29265a
SHA2567b67244da231d8d026aeb4a877dbafa0915b6afc96ee36d1d1f2da49007360f8
SHA5123362ffcc1838d7b3d282473abee63e653b6705901719cf03fba75f9e9f375d64895b7469dbc8928fd519febedf1b1a767515cbc474fdf2055c44ec63a41ff08c
-
Filesize
72KB
MD547a6c3566901810acbffd0c79bb1e71f
SHA10832d476bd80fcf94cebd7d6263f7f1c6e7141d9
SHA25679a8bafc13e3b88a1a73767cd74860bc20b4e5ca4fe3749d59197c83bd9b52b9
SHA5128a359fb114f64bce7321529fc3b57adcb675c5b99a4217acfb278b6d0057f0799bace39ca40bde4af601d65fad22128127cd6182d103a3448d85a658ab478ec5
-
Filesize
512B
MD578fe32b5cde7e3530deebbbb9fbd4302
SHA16e873948c47691db82658a9a38314347126257ea
SHA25664f61c215878f032bb401b9ec996151dbcf47c6a960dacce6c69e5bab3ed3c7d
SHA5123ae9535b35d0ad894f29c37ab8c0c50a8e092e058bf190314e696dff244213d59715c4da100c06e19b62f4db7ae52b6cb1ea0afd476c009fabdf2b81c7453a2a
-
Filesize
8KB
MD5d7d2f500202f0a2ecd704f6749a433fa
SHA1c86ff6735ca688204f456cb0d933c01ac429ba15
SHA2566f0c8200b74ad20dcb238517d266ad8c7e72e57e75c8898ea6638dcf6ce33e90
SHA512823414b9296bf53695e377f9b557610a3da518f1ff8c5d2d9f8787918a88c1a92f6ca01d94d0a943b789e64f6b8528c5d1c5197cf06d43bbb105c69eb2ac7e48
-
Filesize
8KB
MD564868fe3cea921fb79b6e437240901bd
SHA12ac76ba2d585e87aea445d45d46d296bbc225237
SHA25639a8444c3dea767b794bc8b46598c4bde633e9da78659c88730931c3d12a9b22
SHA512f3920b5810dc4d2440d210a1caceca8dbd274ebf990268234d81abf57f84d39a64a8b15d7a778adfa64be8fa20f5437a0cc616b56fa33b6aac010b5c7671d6f4
-
Filesize
12KB
MD5df8e784e5e0bc46599495f6761e5bea8
SHA1bfb880b7a340021bf88394b55253bc773859e81c
SHA256494c32494bd9aabcd35b2a2c10a402f484d7df368823f9b2281097c8d68fd7d6
SHA5122e7823651b3e74480b2bef05906f6d8e09765bef1144119293b43b79e1117deec6e884aecc65fb6f70fe42760acd07a39d7fb95b7eee05ea29cae7d3441d16f1
-
Filesize
12KB
MD50fcdff76b2c3392cb5131917d3d16f3f
SHA199ba7db9a92e6edaa776e062a1970460fc5f483d
SHA256ec9ec124734787ac6c7998dac801bac73ddefe9072f4cbaf546e8200ecadb56e
SHA512f2f94c803577e3c4d2e1561d713ea97d24584feda5a85e79ff13b2d7e813d8d99a213d265d159875ceb62fbe91f2cb4b95681712a700d4e3bd548580d7dc1862