Overview

overview

8

Static

static

1

57ec1dcfd2...18.apk

android-9-x86

8

57ec1dcfd2...18.apk

android-10-x64

8

57ec1dcfd2...18.apk

android-11-x64

8

Analysis

  • max time kernel
    49s
  • max time network
    139s
  • platform
    android_x64
  • resource
    android-x64-20240514-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
  • submitted
    19-05-2024 01:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    57ec1dcfd28d9c98814767636ed81540_JaffaCakes118.apk

  • Size

    2.0MB

  • MD5

    57ec1dcfd28d9c98814767636ed81540

  • SHA1

    9f742d1c784147cec66cd2291ba100b4ad6ee1f2

  • SHA256

    27e9e232c515693f9d97c999b6de1f047caee952ba3390f6d4bae85902d56705

  • SHA512

    76ba55424b13716856c66d9a5d0a08f27803987f70102f7de428596d8ab3b495e0d7481961e49a2317cbcd5cbcf4b627ca38acafb660cb4a7df99a1e2ce23ec9

  • SSDEEP

    24576:y+ERmdINfj73sE0mE7Yu4lqWEtnuMKOsCS46shzEZpgl5rdFo9Pu98LLUMQXen1n:y6IKmBuSVEtnuXVsh4ZUtXZ0QC73Zdz

Score
8/10
collectioncredential_accessdiscoveryevasionexecutionimpactpersistencestealthtrojan

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • com.lynxar.trapsandtreasures.hack
    1⤵
    • Removes its main activity from the application launcher
    • Checks CPU information
    • Checks memory information
    • Obtains sensitive information copied to the device clipboard
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    PID:5110

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.lynxar.trapsandtreasures.hack/databases/evernote_jobs.db
    Filesize

    16KB

    MD5

    12627a2ec645c4a4bc50dba5903afd59

    SHA1

    504005c938517e61bcf68b65a055c2faba635c2e

    SHA256

    f177ffae9650eb4f407c2d9a510bb5a5abe1ece2fdfe24effc62478a1bfa5903

    SHA512

    7ff69589296e02383a217373399e75d8a82fa17146e4273f4c0eb630f096dd9f394a3324d60858b02f7e5cf177c82c6d966f5cbedb68ae6a98df7cc851b79cfd

    Download Submit
  • /data/data/com.lynxar.trapsandtreasures.hack/databases/evernote_jobs.db
    Filesize

    16KB

    MD5

    9f4ca6f6b1bb22174965521faf5df527

    SHA1

    a22929196cacdb9be81d13df959ddb13299aa2bc

    SHA256

    4c81f214289619428352a5268c5255b766d8fd6c214ac6916f1586a843af3e24

    SHA512

    6afd8924af01380c61419cdb2aaf92783b5abd31390c9b2d5eaaebe0007400f5d267cd6a7ac6512de6206767e0954909117ab9faf098cc4a1fe104d5a7ca0acc

    Download Submit
  • /data/data/com.lynxar.trapsandtreasures.hack/databases/evernote_jobs.db-journal
    Filesize

    512B

    MD5

    e9d5e6a2f0b6115e10c71da1279307d3

    SHA1

    3207aa1651c52038d9051c7592686005e16b7cc0

    SHA256

    07e17a5fecf7529fcb0bd14a5262878f41d806465281a157f56d10344a58a620

    SHA512

    803c0e428597b4d40315620d4aed22fb85cd1678ad9041e9e06c1b7bedec3b32feecb257fee9e3434d671a453705bb08a8625aa4e7e38eb31c748dc55eee250a

    Download Submit
  • /data/data/com.lynxar.trapsandtreasures.hack/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    de294c137618c75b26a4a235d0c7c437

    SHA1

    0f53bd7d6bfc58f0677176342d54c81b1afd0c2d

    SHA256

    332274ff5eb544aa140db089fc2644208028dfce70afa9ff35879ef2c86da053

    SHA512

    f5c59eceba727d12b370f4aa43d5988472e1da02235d78bc4a3ffe3d42d1f190c0f3f0e979dfe3c2c1b689d637ec7e5d8d6b72dec3ffd4882c76f40aa932a09f

    Download Submit
  • /data/data/com.lynxar.trapsandtreasures.hack/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    9e36bc6923f78093e5b2326085a2a675

    SHA1

    490174cac07ba3b2f092a8acc32ef9de025343c5

    SHA256

    64b123b6ef6146890559ce60bc4e741f18e3424a3792fe1abbc42c8f7f2d321b

    SHA512

    6a6294b33793811ec9c756f07fdf4f78fddb602663e00155386a836f70e417b3a6c13910608c88999647fcc0cbced60414f3cd0d330255dbaf594060a2ed9df1

    Download Submit
  • /data/data/com.lynxar.trapsandtreasures.hack/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    2e979b5afb6c15f7cde26f00050dd7db

    SHA1

    1c94584dea17f75bd5ce35cece1fd74da4a634a5

    SHA256

    84c9736f9642453a095fec42557488f54ed8e050804fc598b6db252d7b6151fd

    SHA512

    ebe55d332c6c261e4a2d7a16aaab455b46863701cbbdcf3b3ca400002c54808a97fcb739cd44aa494dfcfa3c46eb7550ab06df3a086729fde369cbf654317e56

    Download Submit