Analysis
-
max time kernel
144s -
max time network
156s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
03/11/2024, 04:24
Static task
static1
Behavioral task
behavioral1
Sample
899ff972f1f3da4c2dcbe836e512c144_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
899ff972f1f3da4c2dcbe836e512c144_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
899ff972f1f3da4c2dcbe836e512c144_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
899ff972f1f3da4c2dcbe836e512c144_JaffaCakes118.apk
-
Size
155KB
-
MD5
899ff972f1f3da4c2dcbe836e512c144
-
SHA1
b28d7d7bffa9a632147f484961f3cb7ede857a85
-
SHA256
969b46608c9a1c25b321603444a1fd1896954fd2d6dbef192c23e6e9a0c651ad
-
SHA512
64dab045cff4c12597ca755673ddab8b77a0525acb0751fc2e44fac2c357907323e3e82da253f2dcb734581bfb1ac2c15a7e398dce561a36d6d7ea3833391033
-
SSDEEP
3072:8U/HiXJ/OKxHMX4yllqRrSoT71K5B9xL0vla9oHg4bUW:RiXES44yllqResSB9mvk9ovbr
Malware Config
Signatures
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener qb.com.vn.vntax -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo qb.com.vn.vntax -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone qb.com.vn.vntax -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads device software version 1 TTPs 1 IoCs
Uses Android APIs to read software version number for the device (IMEI/SV for GSM devices).
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getDeviceSoftwareVersionForSlot qb.com.vn.vntax -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver qb.com.vn.vntax -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo qb.com.vn.vntax -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo qb.com.vn.vntax
Processes
-
qb.com.vn.vntax1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about active data network
- Queries the mobile country code (MCC)
- Reads device software version
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:5059
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16KB
MD595ddd18355f87bcf5a506618793e4a76
SHA1ae92eca2c4bc2887d810cb9fb8f921f4266c917a
SHA25605bf168244f2476e40f69f18698dbe58beac4b1c3adb89af02f5f8254ba833ba
SHA5125d8b5fefd96f33427deac8cde661e215ec2736b89cfd7149900bb80802169fd9922b86dc35e31a763b0647e9b6febdf315bd74cc82ac8f5931b0a0691ffe13ea