Analysis
-
max time kernel
149s -
max time network
133s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
03/11/2024, 21:48
Static task
static1
Behavioral task
behavioral1
Sample
8da7f7aa9f8e2ba8c4bac43f861c48ff_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
8da7f7aa9f8e2ba8c4bac43f861c48ff_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
8da7f7aa9f8e2ba8c4bac43f861c48ff_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
8da7f7aa9f8e2ba8c4bac43f861c48ff_JaffaCakes118.apk
-
Size
2.8MB
-
MD5
8da7f7aa9f8e2ba8c4bac43f861c48ff
-
SHA1
caa399c5313e38255373f23c8e6fc1e3a22a5ff9
-
SHA256
554043abb0171f46ec614fc121091033a6e428c532518cf5e9ca140af3a1fa92
-
SHA512
81af05a5219aaf37353849dd46c22b4e16f1466989d2500337f991e226ba3a4676cba6c837e9c5c7932521ee8739670282b2cee1cae208e17969bb67bd2e803e
-
SSDEEP
49152:c4psBnPFA2bKW9GbYUGDH7dhJlth7NcuRphXF6AKv5igsK3rAbcNQVi3jFf62NZ/:c4pMtAZmEPGD7xl1cqhXF6AKv33rAQNl
Malware Config
Signatures
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.ezzebd.androidassistant:beyondAppMonitor -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.ezzebd.androidassistant Framework service call android.app.IActivityManager.getRunningAppProcesses com.ezzebd.androidassistant:beyondAppMonitor -
Queries information about active data network 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ezzebd.androidassistant Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ezzebd.androidassistant:beyondAppMonitor -
Checks memory information 2 TTPs 2 IoCs
description ioc Process File opened for read /proc/meminfo com.ezzebd.androidassistant File opened for read /proc/meminfo com.ezzebd.androidassistant:beyondAppMonitor
Processes
-
com.ezzebd.androidassistant1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Checks memory information
PID:4492
-
com.ezzebd.androidassistant:beyondAppMonitor1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about active data network
- Checks memory information
PID:4543
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
20KB
MD5894e53f613d3bbf376b5e5a580dace0f
SHA15beb341d7501ae9151d4455f32b48b67b47a82db
SHA2563fe1a6f6e57b864c66fc687fad13d9c8255999a13fefa2c1c7102d0d2d5c962d
SHA51274e251a74fc8002bc4afe4319d555477d8b2e8114d097208ea1b9448568ce8060d48ea7282ed9aa21c71140ec8fe4286d97db2e488c7cc59e9671a8058b188e1
-
Filesize
2KB
MD562f231b6b692f248c8b454e4cd5cc758
SHA10099ee61b0d010a2dcb00f308714aedaa63d2c9b
SHA25623519fa42ec7b81e7b435d2103f9d76251bd3593298470e5064d97f759eb3d0c
SHA5122796cb6ea00c5dd4beda5ab4ca6ad3ebbbdb375f3c908a5b1e1abab180ab7f5e9eefafdf446f6c705465749ec22e1d42e415c00bca87497939011062f507d5ad
-
Filesize
8KB
MD5928901a6a78a8930bf9372debebafb74
SHA1c1b7b4c5895b6cff0ec13d618e06fc8bb2d576d1
SHA2560ce63e9be58d3dfcb7495bc4aeac55f6b9cd112e8cfddc5a2009f06b5bb9a4d0
SHA51219c7b68272e7e2d01835268b346ef8f537e71045cbf2ae391311fa278391125c2629db5d1fe2f8fb21f6dd751183b632e2c3d133ba834e9ae0e1085812301091
-
Filesize
8KB
MD5ba8d560b7dfa34e33ba00e6d17d7cede
SHA1a931af9221335f5fcd7308800cabd9eb4b2d611a
SHA2567b02d970408b343169e316d1dec01c248cb81d5f2bcfdaa955befcf319c28107
SHA5124f723aaec2d1618df115e2da3b000a28890502dadf285b1a14b725fb073c4ba86d829c4d6a31b0a196569f4d10b5b51dc01131dc924e897752349048ea33c616