Analysis
-
max time kernel
149s -
max time network
133s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
02/11/2024, 11:10
Static task
static1
Behavioral task
behavioral1
Sample
8524b63b879cb9712a49088eed5332e2_JaffaCakes118.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
8524b63b879cb9712a49088eed5332e2_JaffaCakes118.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral3
Sample
8524b63b879cb9712a49088eed5332e2_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
8524b63b879cb9712a49088eed5332e2_JaffaCakes118.apk
-
Size
2.8MB
-
MD5
8524b63b879cb9712a49088eed5332e2
-
SHA1
b7a1e92e7f4085d6499891a46fc87f98ce8975ef
-
SHA256
2fa925b7ae8480046f481e31ce82c9e4b3463386a882be2dc189e77bbff025f8
-
SHA512
f2fc46e5c11fc1f4ae080642f0225e85d95eb6eb553cf17108e66fc0154aad0d4104c2cb8dfdc4139c6022f795d49f38f9dc253deb897476b3c12421c0a83d3c
-
SSDEEP
49152:wpsBnPFA2bKW9GbYUGDH7dhJlth7NcuRphXF6AKv5igsK3rAbcNQVi3jFf62NZl2:wpMtAZmEPGD7xl1cqhXF6AKv33rAQNQh
Malware Config
Signatures
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.ezzebd.androidassistant:beyondAppMonitor -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.ezzebd.androidassistant Framework service call android.app.IActivityManager.getRunningAppProcesses com.ezzebd.androidassistant:beyondAppMonitor -
Queries information about active data network 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ezzebd.androidassistant Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ezzebd.androidassistant:beyondAppMonitor -
Reads information about phone network operator. 1 TTPs
-
Checks memory information 2 TTPs 2 IoCs
description ioc Process File opened for read /proc/meminfo com.ezzebd.androidassistant File opened for read /proc/meminfo com.ezzebd.androidassistant:beyondAppMonitor
Processes
-
com.ezzebd.androidassistant1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Checks memory information
PID:4625
-
com.ezzebd.androidassistant:beyondAppMonitor1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about active data network
- Checks memory information
PID:4684
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
20KB
MD5894e53f613d3bbf376b5e5a580dace0f
SHA15beb341d7501ae9151d4455f32b48b67b47a82db
SHA2563fe1a6f6e57b864c66fc687fad13d9c8255999a13fefa2c1c7102d0d2d5c962d
SHA51274e251a74fc8002bc4afe4319d555477d8b2e8114d097208ea1b9448568ce8060d48ea7282ed9aa21c71140ec8fe4286d97db2e488c7cc59e9671a8058b188e1
-
Filesize
2KB
MD5f8e798e00b7b61eb8e55016a5b9f448b
SHA1cdd22f23155e60f4309167d56de9bf5f492a0f0f
SHA256abbcb77fae4ec8fec077d5156a0093826acbd8afe9c474363c2324980e160de1
SHA512bbccdf76e9619415e4232a7fbe28507f0c04b87bf061c779df5eea0d5b67734e51e37d70e03fd5955a5078ca76416ff82f08e7ca6976217cf59a3dec65115f39
-
Filesize
8KB
MD500efc80023c2702a0659aba7257348fa
SHA10759c8bfb4efe22dbbac58309f483fa6524d5627
SHA256ce17dbaf73b89a0abcc8c2fb68e742b4ad6e8873c27e3bb8e16e5ac9620ed01d
SHA51289de9eb7a349efa01744b73572a75c86d7058d10ab6212fba4880a2b5f7337e28181b6e76fbd02b71703c09150acdf2f161a421e11ecb5accc126966bd16aec6
-
Filesize
8KB
MD5ad692d57a03c8d0cb1e36c26d8094f6d
SHA10e9d963426ecf425fdaa814848ff8b866a0cc533
SHA2566f6970222c9b2c126f57afecef8482acf4e309e240668acd8d3e6077f769bd32
SHA512f8c64a0c27b294a005348c08eecfe9c2e9dfdeb38fe83093339aa95c79db389f71627f40aa4250892e0ac32c35933cc0ee257a5649552960b9c6e14258ef8632