Analysis

  • max time kernel
    149s
  • max time network
    157s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    04/11/2024, 00:46

General

  • Target

    8e5237a5fb68f92e9b6e0d37c172e4e2_JaffaCakes118.apk

  • Size

    2.8MB

  • MD5

    8e5237a5fb68f92e9b6e0d37c172e4e2

  • SHA1

    bb7eeadac560a80ad0dfdfca61649b01861f323a

  • SHA256

    59abde0b18235002444e4cfddbabcc2fb948f9a2618edec896f8de4f58647cde

  • SHA512

    1998b77026a50cc9737822d91f5716e2af8952b7b785ea213b4cdd5828dac5016410214ed8107ccaacdae17c828c996a15ac62f9398091acbdacda824dda89f7

  • SSDEEP

    49152:YpsBnPFA2bKW9GbYUGDH7dhJlth7NcuRphXF6AKv5igsK3rAbcNQVi3jFf62NZly:YpMtAZmEPGD7xl1cqhXF6AKv33rAQNQR

Malware Config

Signatures

  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about active data network 1 TTPs 2 IoCs
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
  • Reads information about phone network operator. 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
  • Checks memory information 2 TTPs 2 IoCs

Processes

  • com.ezzebd.androidassistant
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks memory information
    PID:5064
  • com.ezzebd.androidassistant:beyondAppMonitor
    1⤵
    • Obtains sensitive information copied to the device clipboard
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks memory information
    PID:5117

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.ezzebd.androidassistant/cache/volley/-839601416-623260666

    Filesize

    20KB

    MD5

    e9a84a9a4292c6370d5519ceb2ee6956

    SHA1

    802e834100dd65896cd338b8adfaf0e571a53a56

    SHA256

    c136974b3a4db61930470fe214125874f7edcfd15c897be3387d05de99372715

    SHA512

    09b2047c544415173904cd3abca829548c88f60c98561feefb523c12487ac77cb3bfee7ccbd1009fca6353cdf6cabaf6405d369ce9af89a89691c4d7027cfb41

  • /data/data/com.ezzebd.androidassistant/databases/beyondAppSDK.db-journal

    Filesize

    2KB

    MD5

    ac135f5abf6a9d0d4ebfeabf7f4239b6

    SHA1

    5c5fd112a72366e621bed468f66db75644786755

    SHA256

    6157e7419ffeedc299d642e91b243b6d4fb18a1a6db7b71545bbf55f94238519

    SHA512

    2d71674f08015c7f630347c19a6984e473534301a9b99bfcc67b7b444120aec8e780952af861dc4d834b6ad218088c9ff80afcb91aa38e0448b68ca81e470726

  • /data/data/com.ezzebd.androidassistant/databases/beyondAppSDK.db-journal

    Filesize

    8KB

    MD5

    236a581fdfb540bd8f08919f1de896b1

    SHA1

    6f8123f3129771f3ea13a979c182609a6e2986e4

    SHA256

    7678cea5cfedac0030d1646f9f3bae8bca6b4253c92303bd847982a9b50a16e9

    SHA512

    d5c31230b0463b0b438c70000c823d392ad51180a49dcc09a56e08ee8b43a997b41c855f58f74a809b1515732709f234e143228777474efa31cb650d2e1453a3

  • /data/data/com.ezzebd.androidassistant/databases/beyondAppSDK.db-journal

    Filesize

    8KB

    MD5

    3617bf0843a5ed1918d55a7133d04350

    SHA1

    f8fa56dd693dd1c6e2e03016d79c321dfde9e753

    SHA256

    b8903988d1e72289e4ef8463e823e9ff636cb16da93eb691c31c83174e626c54

    SHA512

    31fccfd0c3d3495a9de46b0c296095e18213f181bdd5f85d5d31da8e5d92cad606c4fdc4a559e0a1acf075b8ab61033712af5bede2fb049177d702862c29a8e2