Analysis
-
max time kernel
148s -
max time network
158s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
02/11/2024, 11:20
Static task
static1
Behavioral task
behavioral1
Sample
852da6a2aeb5d7ca5a10ad49e6907f27_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
852da6a2aeb5d7ca5a10ad49e6907f27_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
852da6a2aeb5d7ca5a10ad49e6907f27_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
852da6a2aeb5d7ca5a10ad49e6907f27_JaffaCakes118.apk
-
Size
3.4MB
-
MD5
852da6a2aeb5d7ca5a10ad49e6907f27
-
SHA1
66d1b47afa8b27cb2b725941ea24db118d748ad8
-
SHA256
33e89aa205599929ebf9ef263cd7fae2c4ae5bb25b1014c85c48698401d73989
-
SHA512
c12570bb20e210f1b6cef906721fd9fc1346e8e35d53ec175abb583f1041f5dd2624400933d228f6edd0c9b85ba78ae19fac9d65a23d4cd5365ef7195988eb9c
-
SSDEEP
98304:vzdeqhTbASzQw8uv+eAiLDDZtTanAYNGC/rX:vx7Qu2u5YNjDX
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
description ioc Process Framework service call android.accounts.IAccountManager.getAccounts vn.apk.store.new.gakoi Framework service call android.accounts.IAccountManager.getAccounts vn.apk.store.new.gakoi:apkStoreService -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses vn.apk.store.new.gakoi Framework service call android.app.IActivityManager.getRunningAppProcesses vn.apk.store.new.gakoi:apkStoreService -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock vn.apk.store.new.gakoi -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo vn.apk.store.new.gakoi -
Queries the mobile country code (MCC) 1 TTPs 2 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone vn.apk.store.new.gakoi Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone vn.apk.store.new.gakoi:apkStoreService -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver vn.apk.store.new.gakoi Framework service call android.app.IActivityManager.registerReceiver vn.apk.store.new.gakoi:apkStoreService
Processes
-
vn.apk.store.new.gakoi1⤵
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4925
-
vn.apk.store.new.gakoi:apkStoreService1⤵
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4964
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16KB
MD54d0850f2877e036c0b8be9a0ca93938a
SHA1b66dde1fa7a2238abca71cbb32b25b4302eed109
SHA256a714c9dfde37d6612fd0f1533fed40fc7fc5ee910214f6faab221718b8fac1fa
SHA512a4d1e27293d74d780838397515b80b5457a2cc461fa6e76db94d684badd3ecdf6b105ba1da35d1730fdfbf81ffb892afb81210b8977970d6355b63e0dcc9d1c1
-
Filesize
28KB
MD526225988f5d54c7166e528baa842ccb0
SHA177454c278eb1fbdbbf78bcbe9fc2fff1fa71a9f7
SHA2561479d1d1b0fd258c490a9ee5494f26cc3e7ef61c2040cb09f9a1c511c64a0b3d
SHA512359af22d24231c8325d5f4293ec3c4b71b38b24b58f9490173c84d618cf38fe0d5095cf626c81682fec882fb631b0d0d262d3ea624c8114fc5a99b35570fe214
-
Filesize
8KB
MD5c7e6007884deb437d3612e46e1504804
SHA16100857664c90d60b1c9e4b52fa735794697f7b6
SHA25618944bf31db8fee0a2ff9316046be24de374b5d4800ed5c5d1f0a282c9192fb7
SHA512c96f4995fa2c501889c39c3a4e0aa505930d91749a631de21077c2243426854bde223e4dc7d4eb434c737cce64ed1bb72b8a2fa631d2a2b22b63a013f67291af
-
Filesize
8KB
MD58cb66a593e199acfc7cd9fef50d8b39f
SHA1ce88f34c69918099f66678e35d34e3405d78f795
SHA256b9fc74e250ee98f05dabd51a595122a33d044aa12d50e6986be63668d6ee9320
SHA512e825640498af4ede11d6564c2bcc50279115bd237167afb16d7accbc57331f79f8e9b3bd9db2c6a49fbd632329213d7194fe94bbd304213a7665ef9426926d57
-
Filesize
4KB
MD5d4bdd8c2a4c60b52fce5531088200a3c
SHA1d6733c843c100a6617ca5fc592c25ac36e39bb2c
SHA25606e41a0600754b300c2e625f4e5cac106218d6aa54950161d62347cfabe0991e
SHA5120db6daa3a8dbd1fabd0630891e5ff6c24e317bf03486198e10d3ef0ae7507962bce444429dc92dd7a83a1fad78be47a9fe1e82ff81df6412d27c9843cb65c486
-
Filesize
8KB
MD54d55964ecbfb9ff5dd5d7bddf258d836
SHA1a13d8550a8bfa6701bc687d9b0d25b3bbac9d341
SHA2566b2b2639a2d8809cc0447fcd6791a296fe51bbb79023399e93e4b3757e66864e
SHA5122ce0b5c462ac4005721ce5fa2709b8b4e0df179bb013e1b21131dd7a7c40c61998c325427e5804b98bc540c4d516523cbac485aaea230c7d8103fff71faa875e
-
Filesize
8KB
MD51cadc1ac086ec7c9617176bb269b4aa0
SHA19f9b575743ae5eb2c300124235b8cb8dead47cfb
SHA256238855ad68d5542495b48669b0bec9c9bb97f860a9f4bf7b7d1c5b485f3e2457
SHA512f64b22632ae9691e082692fd0295793229ba448e473b820eb38c1f20594465009c440b1f8edc3272911a4a8d0d81f3b072fb7a64c513801f62376ec87c6bad5b
-
Filesize
12KB
MD512238b091b0a8b4d6d624741deaecfd4
SHA123e4f14dcd22c46153b07a8f4c3a046b835d2cfa
SHA25637552c5ab01bbf86281355f444adbc28da1ce233985e7cef7a5b050c05d6e76c
SHA51246621866221138d6b503c36fec5e2fb12ac38352c83ffa41ddf511b573d748f364eba2247688082b26d3692a34d172cc8702bcb077cc49ca8dbf548290e1868d
-
Filesize
36B
MD5579b58b5120878c9c1179ed44b1ccca2
SHA15cbc526e93894e45f254447d24e7040c9230e5ad
SHA256bf64786d33194fe00a4d8906ef17d0810989476f3947c0a58a209ac931809fe3
SHA51203dec5f790a84b591ee9a83ec41dc22d015eb92b810b12a7194741ecc2f27a33521b26a4af1d215160095e5b8e80634d2d3ed0b15119aca58acec7eef6f9f2ff