Analysis
-
max time kernel
147s -
max time network
156s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
03/11/2024, 11:34
Static task
static1
Behavioral task
behavioral1
Sample
8b4733a23fbf49a0e2e51648df5f1fa1_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
8b4733a23fbf49a0e2e51648df5f1fa1_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
8b4733a23fbf49a0e2e51648df5f1fa1_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
8b4733a23fbf49a0e2e51648df5f1fa1_JaffaCakes118.apk
-
Size
395KB
-
MD5
8b4733a23fbf49a0e2e51648df5f1fa1
-
SHA1
d3d7c089283635871557da23decfff4ea3d93783
-
SHA256
c92777162d08e056f6f26c21334e123e9eed66e7d1093ec45a28ffb427655479
-
SHA512
60ed46ccefde5ad7a65d53fd6d4d4f89642c738cebe9aa5b6de3c9eaddb66369fbfe73721296942712ab089e3f7cda4c65b0833cb0440c8cdf5584ebe6f96ed3
-
SSDEEP
12288:JaK0WTK0Wzlo7bkvEWP+0LJtwtyaqvM16:UKvKNosvF+CF
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.as.ytb.a7/dexCache/classes.dex 4974 com.as.ytb.a7 /data/user/0/com.as.ytb.a7/dexCache/classes.dex 4974 com.as.ytb.a7 -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.as.ytb.a7 -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.as.ytb.a7 -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 40 ipinfo.io -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.as.ytb.a7 -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.as.ytb.a7 -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.as.ytb.a7 -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.as.ytb.a7 -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.as.ytb.a7 -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.as.ytb.a7 -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.as.ytb.a7
Processes
-
com.as.ytb.a71⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4974
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
20KB
MD5042da595c1b281d8665efe7d8023c92d
SHA1c3b3f6a9e1a8e07665bd2adc535d3b6049d535d7
SHA2565e1adddc1a53b9e7458bff0207e3ad5e247d6e54415732fd36070859f748611d
SHA512c0cf142e976f69c5d6a1c7cfb179ab8c01a123b6544c802dfdf9d053ff4153d317bf25c2a6f19244fbd452eafbad285a6e8c86bbc708f49ea7a9d3a346acb6c4
-
Filesize
8KB
MD5d3cd551a00fe6da9ead846c098af3fa4
SHA1581eb6679134627ac607d05e21321c9b39f50251
SHA256d7ca239236ed838426aea69f23210310e99d0d575adccac3a7e63e688ee91974
SHA512e23bd38fedd200dbbf2d865395e23a3e20239e85fd321563111b528ccc37efb5296749861d89cd792890497773fd24137dc12a742a5148dd9d97deacf709fa33
-
Filesize
8KB
MD5cdcc62b884004d54fd5c3d753642355f
SHA14091ff307fc3f2a35c7c43bff39f055e266d8223
SHA2569117782aad617003e2d3c8e05ffc6e77a6429027d44729aa1d4f6d24085270c0
SHA51267bf3fc3695dd1483a5cebbe1eb24998a3ece155b84bfc664971886f1923d5fbccbd04e825d4564ecd4f8648288601e99e2a45412bde4ede56ffeb0c65186e4c
-
Filesize
512B
MD5385e6dfee9cf0cb3979441e1346fba6e
SHA1f8dc00e3c1719dcea65c2fdf8173fb128386e918
SHA256692fa63e06a5ec15785fe3b3f08de410c96785e11f8914fc3362b11d9d2869b7
SHA512a319288642857c20aaad4596282f46f132f28712f472cb138acb7d1c5835f865c032ace9ea5742f88aebb1d6213f3ee21ab29f4c81c3fb6a54f6c38e71c950f4
-
Filesize
24KB
MD5ddb602583fd836b25f26fbbe4188f4bd
SHA1d7cdd3ec9f464313dabaa49da87715667a1d7b32
SHA256536a89450c4de446cffa3c4ab0e72e85742fad3f18984c56da483bb63f1ead7a
SHA51284af37540e36e56d0a32378de4c96dc1478aac4aaca668f295766d5d0d0fcb17ea216cdc3f97c98ac412cbac7a32575c5d0015ea345890d7bd85186a5cedd8f8
-
Filesize
512B
MD5bee4051f7cc273d1fbe34cfd45e80aa1
SHA1e852b65aaf40d946d048b397c6f96598657026c7
SHA256071c24d3f1e79550f832a7197ebf61b0edafb0b5d9a868675db8b70ebb4fcfd6
SHA512509dd9c4aeabd0864c37fc8bd939f8bc93213c2058c689bad4827b32b9f81e3ea272efa23bfd1a49a136b6614e9351a92fc43c2d4b1652e3961c6b83bb2fc1f0
-
Filesize
8KB
MD552446dca45b001c5cdd4d51c63153a62
SHA1bdfb64159cad3e006dbc2ec2b07b339b43f1c9bb
SHA256f7babcaf388f6f9bc0ee6d0599fc7b5d34fa1cc367ed852be180451f61ce0a00
SHA5121f43f9a5b64a4e9cffd9bdea50ecabcb8a3bc6c679673b1407f23550991cb5a7b9a1fe3fe94f553dcd11d2ec1b6e75116cb51f80b94137bf5f15458a072dbd07
-
Filesize
8KB
MD5ced01da2363f2992dea7eb9eb7763e5c
SHA18a9c70157c59c7119aa2dad44761f82d45fc3041
SHA256c9025138d3798e820acff54ba5a3d0a001d9be077fa085d9df1dd9e69ea6477f
SHA512b56f957408594873b1988daf064ea9685ab3d6a5c4f20d79f6c15466119fc68e0f0ea225056f3477d8da7c2dfae70dc6c32a4898022dde128186280ec1ad53af
-
Filesize
20KB
MD508fc24ae27ee94c6f746b3178d9b6fb0
SHA1ebd2129791479a48d1c9591c850f22ef940dbc7c
SHA2563beada60bdd817274ec656692b9a8564957acfc3b92b5d3afaad873f80adcad2
SHA5123ea6d418be35cb50916c08823d4183f1dbb16bb7c41706379e8d8fe877c10c74004dfdde7ed6393f50c253f7793e215f35a6f7d4104927416efc9190975e7d33
-
Filesize
512B
MD5d4b957c680846bd1b684e111a601afc1
SHA1e34227fea6894c4f1346882b39da72c0cf303035
SHA256f6c4870a9359c84523db11b1ae29c53bddf23aa93e5e6ee68ff960cf5987dd19
SHA512d90e2a08d0e1b6ea80b6e9c0df6d0b54827040a48a80443a25c411be438407e673177504f022a33260033f74ff70dc6a27da4a86da31f53f6ba984577dfd2d5c
-
Filesize
8KB
MD54c0eb0a9b3145cc51f6116e237f67d0e
SHA1df6db421fc5d010401851b9145471608f1fcc88c
SHA25673c0efbe9052baaabce472a1539d1ca69babe8f2e09fdfe472afa1b992a5b084
SHA512c7d92c4f56278f4142f50cdbe84db1c29fe8d08c9254bfd7868cc0796d9f3da91475a503d3dd91dfc82990b470272485783176c2c88ad09f88fea457526c8ede
-
Filesize
8KB
MD59c42c9333488d8d2eb236f8900ffeb74
SHA123f0bdfde977a607d5dee8bc9cd151e2741604a6
SHA2565d79751bc55ac7b30b79a488173b23bbe32c30bde1571afd02ed7748c43bc13b
SHA5129e8dcd5b84e943da694bd49b09d705e918475ab25fe7678991dd9affb461ed8fdf13eac3987a2635fa6872bebd7adf27ad033d9cec8ee8ca42e2f4d5441d4738
-
Filesize
300KB
MD51d55cae517be1f69da2dec1347b21f20
SHA1e75d4cbdf2608bae5ed34dfee93ca7b76e9e5b29
SHA256fdb0ff8e617b44275d17d7198356363c499a10268d4208d6be01c7f9032353e9
SHA512a6615c74345a2d33e261a631a96f7dff55cd3ab47a62990fc7177030fa4d3f28166ac65f3d0e781051af51979ae73e54eca2ad28af625c285890b2829e385e0c
-
Filesize
256B
MD536dee462c0ea21a278041691e272bb50
SHA132e5419759054b113ee6a8a93885693f148c0673
SHA2567de597c28a059bcd6d1ebd980e80747a8c101db43399c5f32b52ad327ef023ab
SHA512bf252ebf6c49f11451ff89ae07aa26cec1b61f3e7c87b21e25a4c23a86f7bb8163772a89cba5e94b5f73c45209b39c43ce44e492e357783d1cb36604516e36fd
-
Filesize
151KB
MD5c5e95f065006412e1fce4950534688ff
SHA13e63d3a91dc6d43b344130f5394d99c78f89e203
SHA256e6b674fe6603d0b1027c0ac173f2d40771958386a3741ce0cdccf2cacc3a7eb6
SHA5126e6f635e6eff50359a18b6a89e80bb258e7f644bded3c537f7a74ee87ba31db24ce296d565b78d33c91a8179230acd97d09a6b6c2a7b98471b89889c83bb92c6