Analysis
-
max time kernel
19s -
max time network
155s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
31/10/2024, 12:46
Static task
static1
Behavioral task
behavioral1
Sample
83127839df0db8cb0328ab2342fedc23_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
83127839df0db8cb0328ab2342fedc23_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
83127839df0db8cb0328ab2342fedc23_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
83127839df0db8cb0328ab2342fedc23_JaffaCakes118.apk
-
Size
743KB
-
MD5
83127839df0db8cb0328ab2342fedc23
-
SHA1
7063dbc567169c1eea21d2e17dd11c43c7635573
-
SHA256
4fb3416478dd8a0229612a171570d8447a8baa51bf155204154e333d1b94a744
-
SHA512
9d092426c8b9955f58a70a717a7e6c4421dd5fd32a3060b55b66e8729e1d8106518b630b7d8c667d3efdb00fa81c71565c9e7f1e3b90fad8351a79dcc1c46789
-
SSDEEP
12288:wDVSSc2eYxfDXoU1G20YQcmSXvKXop6VKhpDDfm1wmg2mbJnIYFxg9YPf55FhW0v:wJSnYxbXofvcpXyXoAV2Kw55bOYM9YPb
Malware Config
Signatures
-
pid Process 4934 dating.app -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener dating.app -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone dating.app -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver dating.app -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo dating.app -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo dating.app
Processes
-
dating.app1⤵
- Removes its main activity from the application launcher
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4934