Analysis
-
max time kernel
13s -
max time network
143s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
03/11/2024, 04:44
Static task
static1
Behavioral task
behavioral1
Sample
89b08378b0a8e05a11b0cd65a210b937_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
89b08378b0a8e05a11b0cd65a210b937_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
89b08378b0a8e05a11b0cd65a210b937_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
89b08378b0a8e05a11b0cd65a210b937_JaffaCakes118.apk
-
Size
220KB
-
MD5
89b08378b0a8e05a11b0cd65a210b937
-
SHA1
21add592198b51bb1b73ced7fd8d41e52d4f0ac2
-
SHA256
b4b8622c105d4a4c9e20f07791553b0e0e848d41284a8a8a3ead9c02ec112117
-
SHA512
50cf7f10bff803989389427ed371d917e8a145cc1240174e9384774f25d1bb0fe2b3db5a2f5bc4020fbdf1cfcf3475cbb310be826762c38676c87bdbe3ecebec
-
SSDEEP
3072:Y7YBNPRWbHLiNlC5OkEXPq5Yg90bQXRgbeoges2LgIjAQvdeWVm23VetkywACJB6:Y7Y/OODC5OLcI22LgIjAQvxvToNWh6
Malware Config
Signatures
-
Reads the contacts stored on the device. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://com.android.contacts/contacts com.mgyun.shua.protector -
Reads the content of the call log. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://call_log/calls com.mgyun.shua.protector -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground com.mgyun.shua.protector -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.mgyun.shua.protector
Processes
-
com.mgyun.shua.protector1⤵
- Reads the contacts stored on the device.
- Reads the content of the call log.
- Makes use of the framework's foreground persistence service
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4250 -
/system/bin/sh2⤵PID:4276
-
chmod 777 /data/user/0/com.mgyun.shua.protector/files/share3⤵PID:4297
-
-
cat /data/user/0/com.mgyun.shua.protector/files/flag_file13⤵PID:4315
-
-
cat /data/user/0/com.mgyun.shua.protector/files/flag_file13⤵PID:4333
-
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2B
MD5182be0c5cdcd5072bb1864cdee4d3d6e
SHA1b6692ea5df920cad691c20319a6fffd7a4a766b8
SHA256c6f3ac57944a531490cd39902d0f777715fd005efac9a30622d5f5205e7f6894
SHA5123163a8d6a4540ecf1794ece0245f291154d30e1080359d2e994ef79c1a469aa0cd808769d9c7ee30ca342c6803d2ebcec3eb71a928d6db187dfb1fc2cf640395