Analysis
-
max time kernel
149s -
max time network
157s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
04/11/2024, 00:46
Static task
static1
Behavioral task
behavioral1
Sample
8e5237a5fb68f92e9b6e0d37c172e4e2_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
8e5237a5fb68f92e9b6e0d37c172e4e2_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
8e5237a5fb68f92e9b6e0d37c172e4e2_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
8e5237a5fb68f92e9b6e0d37c172e4e2_JaffaCakes118.apk
-
Size
2.8MB
-
MD5
8e5237a5fb68f92e9b6e0d37c172e4e2
-
SHA1
bb7eeadac560a80ad0dfdfca61649b01861f323a
-
SHA256
59abde0b18235002444e4cfddbabcc2fb948f9a2618edec896f8de4f58647cde
-
SHA512
1998b77026a50cc9737822d91f5716e2af8952b7b785ea213b4cdd5828dac5016410214ed8107ccaacdae17c828c996a15ac62f9398091acbdacda824dda89f7
-
SSDEEP
49152:YpsBnPFA2bKW9GbYUGDH7dhJlth7NcuRphXF6AKv5igsK3rAbcNQVi3jFf62NZly:YpMtAZmEPGD7xl1cqhXF6AKv33rAQNQR
Malware Config
Signatures
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.ezzebd.androidassistant:beyondAppMonitor -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.ezzebd.androidassistant:beyondAppMonitor Framework service call android.app.IActivityManager.getRunningAppProcesses com.ezzebd.androidassistant -
Queries information about active data network 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ezzebd.androidassistant Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ezzebd.androidassistant:beyondAppMonitor -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.ezzebd.androidassistant:beyondAppMonitor -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.ezzebd.androidassistant:beyondAppMonitor Framework service call android.app.IActivityManager.registerReceiver com.ezzebd.androidassistant -
Checks memory information 2 TTPs 2 IoCs
description ioc Process File opened for read /proc/meminfo com.ezzebd.androidassistant File opened for read /proc/meminfo com.ezzebd.androidassistant:beyondAppMonitor
Processes
-
com.ezzebd.androidassistant1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:5064
-
com.ezzebd.androidassistant:beyondAppMonitor1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:5117
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
20KB
MD5e9a84a9a4292c6370d5519ceb2ee6956
SHA1802e834100dd65896cd338b8adfaf0e571a53a56
SHA256c136974b3a4db61930470fe214125874f7edcfd15c897be3387d05de99372715
SHA51209b2047c544415173904cd3abca829548c88f60c98561feefb523c12487ac77cb3bfee7ccbd1009fca6353cdf6cabaf6405d369ce9af89a89691c4d7027cfb41
-
Filesize
2KB
MD5ac135f5abf6a9d0d4ebfeabf7f4239b6
SHA15c5fd112a72366e621bed468f66db75644786755
SHA2566157e7419ffeedc299d642e91b243b6d4fb18a1a6db7b71545bbf55f94238519
SHA5122d71674f08015c7f630347c19a6984e473534301a9b99bfcc67b7b444120aec8e780952af861dc4d834b6ad218088c9ff80afcb91aa38e0448b68ca81e470726
-
Filesize
8KB
MD5236a581fdfb540bd8f08919f1de896b1
SHA16f8123f3129771f3ea13a979c182609a6e2986e4
SHA2567678cea5cfedac0030d1646f9f3bae8bca6b4253c92303bd847982a9b50a16e9
SHA512d5c31230b0463b0b438c70000c823d392ad51180a49dcc09a56e08ee8b43a997b41c855f58f74a809b1515732709f234e143228777474efa31cb650d2e1453a3
-
Filesize
8KB
MD53617bf0843a5ed1918d55a7133d04350
SHA1f8fa56dd693dd1c6e2e03016d79c321dfde9e753
SHA256b8903988d1e72289e4ef8463e823e9ff636cb16da93eb691c31c83174e626c54
SHA51231fccfd0c3d3495a9de46b0c296095e18213f181bdd5f85d5d31da8e5d92cad606c4fdc4a559e0a1acf075b8ab61033712af5bede2fb049177d702862c29a8e2