Analysis
-
max time kernel
148s -
max time network
154s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
03/11/2024, 21:11
Static task
static1
Behavioral task
behavioral1
Sample
8d8690ae003b6a0246da7ccd19bc27be_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
8d8690ae003b6a0246da7ccd19bc27be_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
8d8690ae003b6a0246da7ccd19bc27be_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
8d8690ae003b6a0246da7ccd19bc27be_JaffaCakes118.apk
-
Size
616KB
-
MD5
8d8690ae003b6a0246da7ccd19bc27be
-
SHA1
a57f05e71adca743a747c24c2750b43a78b34016
-
SHA256
ecb81af73fb4ed31194847f301d0174581884355bd679719150df9c62c59f1bb
-
SHA512
f49165797b8b8f312f2e097589cfff22f9d0661c1b1cc31c9406af19f6c8186bb8cb7f2ad8402f69ffea7ee8e27ba6e2be95528a9b54ef316d9626f84322c032
-
SSDEEP
12288:SoU+OlP+NuDdolDR7EApMxJR/eyIVW/aF0DFTIKn1MQWnA+Rhffmdart:SoU+OEQil971pMTR/XIVWxFTJ+RE0
Malware Config
Signatures
-
pid Process 4960 bright.view.land -
Loads dropped Dex/Jar 1 TTPs 3 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/bright.view.land/app_ttmp/t.jar 4960 bright.view.land /data/data/bright.view.land/100classes.dex 4960 bright.view.land /data/data/bright.view.land/100classes.dex 4960 bright.view.land -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener bright.view.land -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone bright.view.land -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver bright.view.land -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal bright.view.land -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo bright.view.land
Processes
-
bright.view.land1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4960
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
1Suppress Application Icon
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
97KB
MD5abdef17ba4f14424b320d595b75dd5d0
SHA1d9d857ff7d8d27b46ef15c36f1ddc446de6a65e5
SHA256b1e8ba53201c08f510930bf2dd7bf9a1c5ce7c83220c31ab4249c37123551a55
SHA512e048a6510d619bffb814cb1c6725b540fba2c9bb01e117c227e04b92d56c8f4711f82b6a63eb43796c4bea941ab2284f8eb7d48e394ed79e375dfe59188b7e25
-
Filesize
567B
MD5496eac8af00154612f4526831a659ec5
SHA17cc13bb098c60db3a480b34c78335cf7ecd7538a
SHA2564c30892323b3d86c80d2dd53b0b07fcf58be88c922d6cb2b3125c8be7315b9df
SHA5128ac4dd2f125c5c706906ba0eb71e1ff980c0dc599add5bed619870c7d96b615087ae2f17cf4d4e36c97d822bdd721bca5378a1ab3c0d1096b4a0ca7bc6e382b0
-
Filesize
220KB
MD5e3447d5435bc33cb03183a57f3474f1e
SHA113b41650892f79bff94f3edf8689c3218ba962d0
SHA2568eabaa1e5b64a753f5aeeee5e02ce584ab8e65c5edfc5e3bdf38f25462024dc9
SHA512e4e7906b57056c413942ea3f5fa91cf3bc5f508a2e9c8273524c0cf84d7189f26b770f0130f57218ecba8982ac337f46a6d11d10dd8f8dc4f5f0c0fa02447ab6
-
Filesize
72KB
MD52558176b0aa970d391fad5d0f43aeced
SHA16bae2bfa2c69b0dcccaf0acbddba634715ddd588
SHA256743750b4eeb700be70ce50b8b993f41dc9bc3ffcc6b28a76af2a84b3cbd40a68
SHA5129cdbea9ac7257b322f291f0ab345bae27ad569cb648dcd962bc5e857e5eaac2dfa5faecfe1c8252e8d87af63550610e52a6788dc77254f0f6e35619a21ccd249
-
Filesize
512B
MD53dd74c27a2393a581183f4a243708e39
SHA1796dbfe6c9c3330f06752ebcd101fd32c1b87a88
SHA25694c619c6b919bee4c1d636490783768212f0f1b65891c32a2d7c49e6d42b0510
SHA512724a012c838bc3994129969b97dd4740395fd806f0eb106073fcba92b4768d663eefca96ffc5a59ce3522581e68e50251eb7966e5c22103bcd4fb39069e82cf4
-
Filesize
8KB
MD5438ec7f36be671a2160ffed91fb62b89
SHA127c2e819aba3a999f13bfec11f674f77f63674ad
SHA256ac9f5b05d72b0c6cd888c004c276e789d78f4865781ecf7213219182a05b9c3e
SHA512ff7188d655bcd2e5bf9577389cc48ea8170f6792337b1abe0f499875f7a8d48c19a825cd45c1f4701572c1f72dfae7aee47bf5a555eaaa5e314357b4aab71fa8
-
Filesize
8KB
MD58283e81dc0c9ddc699e77013a626a888
SHA1ede3c019bf04deb66f598d1b04e22c58eb07c9c4
SHA25603dbaeaf18403ffb8c98c6bdb9644309f746c387a739fd9a5a87d4ed376842bc
SHA512e445815db934395d26c8f8a443f08827763a275c6d565d74616ab42a532d9720809fb36e96b7a2491e6d5364e380814e0f92f5a2de89f6c19d451a99c3298b13
-
Filesize
12KB
MD513d62126fe511fdec76c2e051dcae6bf
SHA15e504c04a702670ca821eaa24b227b9e5d12c20e
SHA256e678681dde4ca60dd4e5806e5a26c99a88125375eb549a1cc1d3c18d634481d0
SHA512c88049bf839a6482eb5fc0e77f9c9292ff7d80f3c09fb79c4f40229bb2c6c006b16346cf8c6f41631460034226dcc69b559dc2c5468620b017b732ccc2c5b515
-
Filesize
469KB
MD54e1e6aa783bb8974b1436f0100156de6
SHA18d2d20dbf86960783c889dd9834e281bac850642
SHA25658665fea32655b49869f9f7e6812f36906cd75dbe4af3f1d497e9bdeaf33fc53
SHA5120a45ddb1269a3cd8a789ce3b9edef67e69c2968480938aac76e9e975c4cce049a42ebbcf0cf4058eef117e1041a1e7a8f15d504c5a9ca95b1b3d014ca91aadbf