Analysis

  • max time kernel
    149s
  • max time network
    134s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    31/10/2024, 23:52

General

  • Target

    83c33fbc5d2012192d564ea625343d39_JaffaCakes118.apk

  • Size

    2.8MB

  • MD5

    83c33fbc5d2012192d564ea625343d39

  • SHA1

    4841dd90a93e0b48993a4da648b4fe0e63be811b

  • SHA256

    19748a3a997ab4fc5c73769be9570fc008db9d0f24863e7e220bab3c6839a71d

  • SHA512

    c3100e4baa9998dadd271c2b82b6016941e37ae5e3b650ed637f66e655f8c70bbcee76513a016a1ad7b43fe118ad0626cee8c951e41fd6e2070b00e6b48fc894

  • SSDEEP

    49152:FbIpsBnPFA2bKW9GbYUGDH7dhJlth7NcuRphXF6AKv5igsK3rAbcNQVi3jFf62NJ:FEpMtAZmEPGD7xl1cqhXF6AKv33rAQNl

Malware Config

Signatures

  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about active data network 1 TTPs 2 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Checks memory information 2 TTPs 2 IoCs

Processes

  • com.ezzebd.androidassistant
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Checks memory information
    PID:4456
  • com.ezzebd.androidassistant:beyondAppMonitor
    1⤵
    • Obtains sensitive information copied to the device clipboard
    • Queries information about running processes on the device
    • Queries information about active data network
    • Checks memory information
    PID:4512

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/user/0/com.ezzebd.androidassistant/databases/beyondAppSDK.db

          Filesize

          20KB

          MD5

          f531c165fe7320c357c7f2ee1c580526

          SHA1

          7166f2dc42b213df8ad63861894c845ff8ef1b8d

          SHA256

          229049d0f9266836f2384889c6db53d97246cf7abda75a8223effbbd171a8427

          SHA512

          be978df21e180595ba83511464fbbdf8e631818e53b084403261bc670741f369c60283188bf93e691d0e844782a5a1cc2624b0725a7546d252fac3e49853509d

        • /data/user/0/com.ezzebd.androidassistant/databases/beyondAppSDK.db-journal

          Filesize

          2KB

          MD5

          53e4ccbe113043e666c13881f6f909cd

          SHA1

          18541bafb636b8421d23da3f041b4ebcc7367458

          SHA256

          d424028e5e388e99a0025a137d2a9ceec51a96cdd1a0cedf9f107de5265eca15

          SHA512

          ceed3b3850c03d0c934e6ad86ccc90418118a2fbaa1788f82e194575f0d5e1b4298d37d32c000300d8a349eea65f5a478da84d35b592f6e6967adcbfc994ba66

        • /data/user/0/com.ezzebd.androidassistant/databases/beyondAppSDK.db-journal

          Filesize

          8KB

          MD5

          bb06da5e09fbdd6f828fc6730dca0511

          SHA1

          1394d229962c492f5e6a3dd32b4806b2721dffa7

          SHA256

          8e7cfe55c798f3a9bbf9a2e2bb982108ca1f0e9f7c42e8e6b4e24fab8f9356d7

          SHA512

          8c320bde1c61c55905e2495bc58f92fcbed5632204b111d1a526b4eaeded733b69fa3daa8e4305086df8353135fe03253a9629616eb01ee557470ecd0d58d8cf

        • /data/user/0/com.ezzebd.androidassistant/databases/beyondAppSDK.db-journal

          Filesize

          8KB

          MD5

          30cf1afce01e4672da297168d72bb827

          SHA1

          89ae2919abcd36b5804f4a292683194600c48915

          SHA256

          08a9a942d4fc7a4da56f31b72594bb991868287a4f2ed580c9dac6eee6c3214e

          SHA512

          4e57394a0efc2b45efc352e05d5eea281caede9b44765bc21f286e9ca61377737ffb606cf437b3aef27c897f0a672b9c2276946f47f960e3431370012033ba64