Analysis
-
max time kernel
147s -
max time network
150s -
platform
android-11_x64 -
resource
android-x64-arm64-20240910-en -
resource tags
arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system -
submitted
01-11-2024 05:32
Static task
static1
Behavioral task
behavioral1
Sample
8421a95ea4edfe3a06cb6c78db58848b_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
8421a95ea4edfe3a06cb6c78db58848b_JaffaCakes118.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral3
Sample
8421a95ea4edfe3a06cb6c78db58848b_JaffaCakes118.apk
Resource
android-x64-arm64-20240910-en
General
-
Target
8421a95ea4edfe3a06cb6c78db58848b_JaffaCakes118.apk
-
Size
3.0MB
-
MD5
8421a95ea4edfe3a06cb6c78db58848b
-
SHA1
7b31ba4b4b2b5971ddbc812689c8ac28f28bd2a8
-
SHA256
77b51738442f4d1b388db76db05388bd358b19f21c1f663e7993f9e32a7d6278
-
SHA512
aaccf4c3343a3c0218b62e8545baeb8f2c3ebc1401001844303bb4f3d75b45538c7a99dc01482ee79990bbfe5bedd9edc27c614931d30f5a244488acbc409bb1
-
SSDEEP
49152:v+afhiOsnVv0VdZNg6ieo3jGkIuFMEh4X64AKdA90Y3xnb5n5UgQCVSHn:vdf9aVv0Vd7rmXIWRj90WFusV0n
Malware Config
Signatures
-
Hydra
Android banker and info stealer.
-
Hydra family
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.whbjegzv.oxvzbmsioc pid process /data/user/0/com.whbjegzv.oxvzbms/code_cache/secondary-dexes/base.apk.classes1.zip 4749 com.whbjegzv.oxvzbms -
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
Processes:
com.whbjegzv.oxvzbmsdescription ioc process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.whbjegzv.oxvzbms Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.whbjegzv.oxvzbms -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 24 ip-api.com -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.whbjegzv.oxvzbmsdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.whbjegzv.oxvzbms -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.whbjegzv.oxvzbmsdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.whbjegzv.oxvzbms -
Reads information about phone network operator. 1 TTPs
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
902KB
MD50513aa66ad0c5dbb6fb8a683718c95a0
SHA13a88fafe95ff98b03ed7135eba6e72ed621e8e8d
SHA256b7ee7aabc058d6662c43d349c3768ea0952547b9b23962e1730aa434687e1f66
SHA512b34ff787b9b5ac8e06e8985be95e1662b9c98f664af50355bb4fbd14a0f643d21ecef240d8e3a8fa169d9832b02acfbc53087953470a1b4a84576e272445f5f5
-
/data/user/0/com.whbjegzv.oxvzbms/code_cache/secondary-dexes/tmp-base.apk.classes8439554764058617498.zip
Filesize378KB
MD5a5ded51395a12d262442d786b2489d3f
SHA1e584d450b9fbee2a6b6febd8986c21290c309a17
SHA256f2a379e750e2a0934b919d32a612e653c03b722d133956f0145dbd2f20cad37e
SHA512827a76b1dda74135824b3774054785e3d8081c52ae91011d5667aa42c7d2c61c863069e7dd19b11873d5887a31aacfed9e153d42c838acf041631d888ba8f755