Analysis
-
max time kernel
148s -
max time network
157s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
31/10/2024, 23:52
Static task
static1
Behavioral task
behavioral1
Sample
83c33fbc5d2012192d564ea625343d39_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
83c33fbc5d2012192d564ea625343d39_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
83c33fbc5d2012192d564ea625343d39_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
83c33fbc5d2012192d564ea625343d39_JaffaCakes118.apk
-
Size
2.8MB
-
MD5
83c33fbc5d2012192d564ea625343d39
-
SHA1
4841dd90a93e0b48993a4da648b4fe0e63be811b
-
SHA256
19748a3a997ab4fc5c73769be9570fc008db9d0f24863e7e220bab3c6839a71d
-
SHA512
c3100e4baa9998dadd271c2b82b6016941e37ae5e3b650ed637f66e655f8c70bbcee76513a016a1ad7b43fe118ad0626cee8c951e41fd6e2070b00e6b48fc894
-
SSDEEP
49152:FbIpsBnPFA2bKW9GbYUGDH7dhJlth7NcuRphXF6AKv5igsK3rAbcNQVi3jFf62NJ:FEpMtAZmEPGD7xl1cqhXF6AKv33rAQNl
Malware Config
Signatures
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.ezzebd.androidassistant:beyondAppMonitor -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.ezzebd.androidassistant Framework service call android.app.IActivityManager.getRunningAppProcesses com.ezzebd.androidassistant:beyondAppMonitor -
Queries information about active data network 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ezzebd.androidassistant Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ezzebd.androidassistant:beyondAppMonitor -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.ezzebd.androidassistant:beyondAppMonitor -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.ezzebd.androidassistant:beyondAppMonitor Framework service call android.app.IActivityManager.registerReceiver com.ezzebd.androidassistant -
Checks memory information 2 TTPs 2 IoCs
description ioc Process File opened for read /proc/meminfo com.ezzebd.androidassistant File opened for read /proc/meminfo com.ezzebd.androidassistant:beyondAppMonitor
Processes
-
com.ezzebd.androidassistant1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4936
-
com.ezzebd.androidassistant:beyondAppMonitor1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4989
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
20KB
MD5e964d4200f1c6c2cfb5f382804782688
SHA1966406039a152efd608dff34edc6ba50ccd89182
SHA2560eb7011fadf7ca0615880a5003e8540fe8d78702d632c31bf04aab9a1ec55a81
SHA5128068b23a8924463cc4f7c24c3a32abf88989cee8541c50fd83e2b1b037ca70735afe9102b980132c5d9d803bfdb145daa0ac68011d9fd077386353d4971f6148
-
Filesize
2KB
MD50cb97b6e4645cd71b650012c3e6d27fa
SHA19e518af9606b808dbe3525bec182cc5a4c246509
SHA256de72e8505f91a9d34cf8de111bd0c6a697ce654e01d7250e185e8df8a29ac078
SHA512311b6e05c4e289a18833f20fc1d6bc6b18b3647d63c4282036b59a9106c294c7966a64d2900a05f6068b5f44ce2eab30d61f6329f8200db471c2255c58e67d44
-
Filesize
8KB
MD5b1859964c7d1c43212e4983da66221af
SHA1568b56e9f23fa71dccb969af1b2a66202052e647
SHA2566662ed5f6973bdb3f4296d918e6ac76b26ad4f93e46cc43d26d5b44ba918f0ac
SHA51229c772cdeb7f9a8a1ff86a272a23b1d9366de1eec6016b397ccbe8937fb4ac1eea649d6bfbc278b0c495aefb69144a0812d2655723f2dbdead53a7fc2c63f4b6
-
Filesize
8KB
MD52fd25ebdae7c8128d88f6c327e7871f3
SHA1be0addcbe4217e319ef665909b884bbcb70b3866
SHA2568ea5006e2ee92386ed1eccb0b0debbd53bfb1e026e9c5e1197262bbfecb29575
SHA51251bbda90bd753004952f4d25edaa2f61581091010883a4cfa0cf0e1d4e0017e105c08e2e12aa783e6685b80ade8419ad66328067be68548da64eab9f48e28fa4