Analysis
-
max time kernel
131s -
max time network
138s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
03/11/2024, 11:34
Static task
static1
Behavioral task
behavioral1
Sample
8b4733a23fbf49a0e2e51648df5f1fa1_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
8b4733a23fbf49a0e2e51648df5f1fa1_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
8b4733a23fbf49a0e2e51648df5f1fa1_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
8b4733a23fbf49a0e2e51648df5f1fa1_JaffaCakes118.apk
-
Size
395KB
-
MD5
8b4733a23fbf49a0e2e51648df5f1fa1
-
SHA1
d3d7c089283635871557da23decfff4ea3d93783
-
SHA256
c92777162d08e056f6f26c21334e123e9eed66e7d1093ec45a28ffb427655479
-
SHA512
60ed46ccefde5ad7a65d53fd6d4d4f89642c738cebe9aa5b6de3c9eaddb66369fbfe73721296942712ab089e3f7cda4c65b0833cb0440c8cdf5584ebe6f96ed3
-
SSDEEP
12288:JaK0WTK0Wzlo7bkvEWP+0LJtwtyaqvM16:UKvKNosvF+CF
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.as.ytb.a7/dexCache/classes.dex 4549 com.as.ytb.a7 /data/user/0/com.as.ytb.a7/dexCache/classes.dex 4549 com.as.ytb.a7 -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.as.ytb.a7 -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.as.ytb.a7 -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 41 ipinfo.io -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.as.ytb.a7 -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.as.ytb.a7 -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.as.ytb.a7 -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.as.ytb.a7 -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.as.ytb.a7
Processes
-
com.as.ytb.a71⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4549
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
20KB
MD57372ad55fc3252d4dc0a8f99fb598af0
SHA17a06c99334c9edbba0dc796688c7c302a858c891
SHA25608d6c6aa811c382d2cfb9adebf251af3c5743c93e327dc83426f16cbe963bcfd
SHA5126abab36ae8206ce4268bc636f3e44ed6427ef7a0f06c4ab88b725b3506ec90ae4567bbddf60e16a3254d91afaadacc656f96af72d76bf1d892a0ee904409ef06
-
Filesize
8KB
MD526337696f798f4128c366fea49a05867
SHA16c00850b6e68ee368f26660256f57fb712185451
SHA256e771a5cffe88d481779f148e1f243e9979781c21f9863b4ad7784d420e5252c4
SHA5127e5a197af649e688c6c117e26e0faece97a305c5056b6e0c2873e029f2892fa48adc322357abec59c4ef7d34dcb2852a497f0e7a07da7ed4c7a429cce0652baa
-
Filesize
8KB
MD55ee825980d65404155bd2010a7cb018b
SHA14391836d3e22b3e6b54b1b46439f29398507f765
SHA25696e397b55eeb3e213fe42d03136bc43ed237decc15e360ef37f4fa0f6feac05b
SHA512b24a311a9dce335418f47e31fe890ed066413011d0182701a224da98a1526ef96a24061bafbd1ce36564ac279911f5e9c7c779fc721fc54ef56a751d66adc254
-
Filesize
512B
MD5ebef9a50188c38d960255cd24c73ad9a
SHA15122579226d2bab03c5ba3c03333f889056132b0
SHA25654fd4ec09b4f535aaa418dbd0e371197269a1702595b59b131ff9304b95fb162
SHA512a6258c447b3d24ae469be7b0179903b4b157228d5c05e66765b18198ae525ef038a6733cf212ce6888a43e8915452f34466ce59ea418cc1310b7694927a65351
-
Filesize
24KB
MD5861ac5e942dc0f8748a1da369b3e7802
SHA113f923369b16419d9068cab7891de59229b385f5
SHA256a71e3ad99284b2ccee594b41ccacd3b43d5df19679973875e1194305f8ad56b4
SHA5121b3e0ec99fd42398c55c14c84c181f16df1967a62c26895a411eda4481f11dd1c1d598d566084d3f241f26d561221a45c5ae96c812353141b7157e818ad8eab9
-
Filesize
512B
MD5501ccae3fe70483c424629af70d8d49f
SHA1bc958e12ba3fd4940c9d330b8559a3c57d5b4dcb
SHA256e5547981c75f76ad34643213e2857f51892bb74574562e97c437a417a7857360
SHA512ea06b10cfbff101251fab2336ee2d2ce82000c736a9b506d8d919a2f795e8723818db38bec36344984145420f464e09c4fcd1444ea9b071495f784abdd57266f
-
Filesize
8KB
MD530b245859a534368b6a97697c92971d6
SHA10d3ab202721f702928f4ae03ce5c56e0cc9886de
SHA256b915fc256a89b50cc1700656b119967b0dabb049f8b81f590d70899209c09b6c
SHA512c2532e6033939084d1c80542ef5487a64f64864635727a51c5be4673e6e449746576ea891cc066f7f6f9f9697fae0b51b7acb4accac33d6eb2030771b257b239
-
Filesize
8KB
MD5b3bc4e6538ecaeae88464781a5cf2a89
SHA11f8a134ca218c1e398b7167fc1668997ae788a77
SHA256d93eb5785a9648e0509f7b523e91e7fdea712777792c50f10943c7bae4f1e916
SHA5127f54d1c88315a94a75e706644f59bb0b6f693c5f314b7c62fb9c7f9831f540532c0225782284c246e311b6084d5c95a8aa0e91ec44049db1009f89b37fafdc34
-
Filesize
20KB
MD5e95e76b9377b4bf34a9dc607e9472371
SHA176d88475825f7301dfc441e0345068578ba8921c
SHA256f404112c264832c1a77b3c2d08733812fd5aea0db732bfba90ccd77cd7c3c0be
SHA512c9bbf6d447e85d1d49b44cf71e63160ed278b4c4792f9b2897fce99ce654fe8028d47bbf3b805d6a49aa7714075c706dd6a509f5c9dbd74bc788bc710bac1563
-
Filesize
512B
MD5ad47aa229e85e9ab50a4ae717a03f6cf
SHA1860dc9bd00466ec460e553a0b7abfc85aac8f2d3
SHA256e1333b143504eeaec64b53f3ce3eccc33806c953711b125664f366ab6e7658d9
SHA512a25dda81cfc15d26c648d642701f8b09cdf700e70a05935ea648b3fd16ef2e3384e6786935f96b68a5eb235bf49aec7cc574dd76094d074ab004d9a9f472bc6d
-
Filesize
8KB
MD547a00512cc05bdadcbdd482507603be0
SHA1e9671f39994d2d5d4376b2dfa79ffb68e1eae165
SHA256341d5be6814a0b96f5f09e409e0b51fe55ec87e410f124c37759a0bb7b308b20
SHA51253393b80bf960811072b9dbc0e3fe0f44b874e098aa0bd7157ebd0e03d1aa911535f89b24303ee39918c72c14851d2cf63c21301d48eeedba645460b728bbe33
-
Filesize
8KB
MD5024c2de7da24eb0c702aa492d42efb98
SHA1066fd422c33e5b2392d6cc3f7008125434db53e9
SHA256eac3716201a3a980ab787980fd28e50ab48d1a92b32615b0d03e97fc3206eae5
SHA512c5a1a7f8a2cb585ee39c0b8f57cfb8be35f8ab66fe48775e65591d3679139d6cf7ef081ee427fd3c15e4b7014d289b169cd38d3c35fcadc1fb5d6c960af62ade
-
Filesize
300KB
MD51d55cae517be1f69da2dec1347b21f20
SHA1e75d4cbdf2608bae5ed34dfee93ca7b76e9e5b29
SHA256fdb0ff8e617b44275d17d7198356363c499a10268d4208d6be01c7f9032353e9
SHA512a6615c74345a2d33e261a631a96f7dff55cd3ab47a62990fc7177030fa4d3f28166ac65f3d0e781051af51979ae73e54eca2ad28af625c285890b2829e385e0c
-
Filesize
256B
MD536dee462c0ea21a278041691e272bb50
SHA132e5419759054b113ee6a8a93885693f148c0673
SHA2567de597c28a059bcd6d1ebd980e80747a8c101db43399c5f32b52ad327ef023ab
SHA512bf252ebf6c49f11451ff89ae07aa26cec1b61f3e7c87b21e25a4c23a86f7bb8163772a89cba5e94b5f73c45209b39c43ce44e492e357783d1cb36604516e36fd
-
Filesize
151KB
MD5c5e95f065006412e1fce4950534688ff
SHA13e63d3a91dc6d43b344130f5394d99c78f89e203
SHA256e6b674fe6603d0b1027c0ac173f2d40771958386a3741ce0cdccf2cacc3a7eb6
SHA5126e6f635e6eff50359a18b6a89e80bb258e7f644bded3c537f7a74ee87ba31db24ce296d565b78d33c91a8179230acd97d09a6b6c2a7b98471b89889c83bb92c6