Analysis
-
max time kernel
47s -
max time network
140s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
19-05-2024 01:37
Static task
static1
Behavioral task
behavioral1
Sample
57ec1dcfd28d9c98814767636ed81540_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
57ec1dcfd28d9c98814767636ed81540_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
57ec1dcfd28d9c98814767636ed81540_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
57ec1dcfd28d9c98814767636ed81540_JaffaCakes118.apk
-
Size
2.0MB
-
MD5
57ec1dcfd28d9c98814767636ed81540
-
SHA1
9f742d1c784147cec66cd2291ba100b4ad6ee1f2
-
SHA256
27e9e232c515693f9d97c999b6de1f047caee952ba3390f6d4bae85902d56705
-
SHA512
76ba55424b13716856c66d9a5d0a08f27803987f70102f7de428596d8ab3b495e0d7481961e49a2317cbcd5cbcf4b627ca38acafb660cb4a7df99a1e2ce23ec9
-
SSDEEP
24576:y+ERmdINfj73sE0mE7Yu4lqWEtnuMKOsCS46shzEZpgl5rdFo9Pu98LLUMQXen1n:y6IKmBuSVEtnuXVsh4ZUtXZ0QC73Zdz
Malware Config
Signatures
-
Processes:
com.lynxar.trapsandtreasures.hackpid process 4253 com.lynxar.trapsandtreasures.hack -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.lynxar.trapsandtreasures.hackdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.lynxar.trapsandtreasures.hack -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.lynxar.trapsandtreasures.hackdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.lynxar.trapsandtreasures.hack -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
com.lynxar.trapsandtreasures.hackdescription ioc process Framework service call android.app.job.IJobScheduler.schedule com.lynxar.trapsandtreasures.hack
Processes
-
com.lynxar.trapsandtreasures.hack1⤵
- Removes its main activity from the application launcher
- Checks CPU information
- Checks memory information
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.lynxar.trapsandtreasures.hack/databases/evernote_jobs.dbFilesize
16KB
MD55d85664f8e614fcaef42be2e6f649027
SHA109c6288922102f6114a823f4992415fd3373d61e
SHA25655f8907e91226ef43a05583c7b4623b4e26994b62d20c8603975ccc1fa3b9409
SHA5123d6006a3e82d00fe9bc443e940acc5df12ec84114fcbcf8fbc8099c085cb1229b21a217b7445129b50558bfef5100894686d7359eb80b7ef087b65c7be3bc6e9
-
/data/data/com.lynxar.trapsandtreasures.hack/databases/evernote_jobs.dbFilesize
16KB
MD5ba0f432716d6ebfd74be74ce1684e067
SHA1f408ef0e175369072ce3309792726342ca4b8ba4
SHA256a5fdc40f8f67c222efb5399064f12e36927517e604cb13f3f7d831a22a27be4b
SHA512af501326679aec9e478299d9bed9b0ac16e7f37fcbf5ba0143bc47c982d24534a4445812e05e722bc9f35c99169f86daad1cf8d9c90a0dfd4baa97289e98c636
-
/data/data/com.lynxar.trapsandtreasures.hack/databases/evernote_jobs.db-journalFilesize
512B
MD5ab09674da45477646ccb6c79ca10eec1
SHA13716337cfc49d353bad845c0064845346ac2bc0e
SHA256b06598a99fb3cc47199f6e898b5f40d814c4f3b4f6c42ffbba3d0ac718e046ad
SHA512e78d4e62ca82b52719b5d69433d1d0af9c2daed1b238e4f37319b7db53b5c30be9ae40c1895c07e043201658403284f92f2567ac1875596a935da43444981bd5
-
/data/data/com.lynxar.trapsandtreasures.hack/databases/evernote_jobs.db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.lynxar.trapsandtreasures.hack/databases/evernote_jobs.db-walFilesize
28KB
MD585e47b06a073ee8a7c210af256ab0c94
SHA14165549d90b5f464c8d6515e9477e70f21b2b6b9
SHA2564a3c09bfca512149654032d3f5c96f360a7a577a1d1af986814e531b2a2beb6f
SHA512df50fb46096de592eff5434ff45189a21b3638a90cd731336629d735dac89f6a950acb8d73f7130fe55ba1b26ce372b0c115b9995eb9d5c72420636220488338
-
/data/data/com.lynxar.trapsandtreasures.hack/databases/evernote_jobs.db-walFilesize
4KB
MD5e1ebbfcbabd0ccd3a3ded020baf0059a
SHA1957664b293ca4dce1375fd64924704f39ed3eb65
SHA256299f10ff748289c716348995ef24e149fd220dbc1c79a3f6e747eac2082e2d0a
SHA5122edddc362abfa4e3a9c7d36b2cec2abfc840753f9586d14f4b9e4d00a30de99ba4d8ebf96b44a06fb2b5dbd5139ed4ac25bcff93ebdec3329de3f864127f6abe