Analysis
-
max time kernel
49s -
max time network
139s -
platform
android_x64 -
resource
android-x64-20240514-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system -
submitted
19-05-2024 01:37
Static task
static1
Behavioral task
behavioral1
Sample
57ec1dcfd28d9c98814767636ed81540_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
57ec1dcfd28d9c98814767636ed81540_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
57ec1dcfd28d9c98814767636ed81540_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
57ec1dcfd28d9c98814767636ed81540_JaffaCakes118.apk
-
Size
2.0MB
-
MD5
57ec1dcfd28d9c98814767636ed81540
-
SHA1
9f742d1c784147cec66cd2291ba100b4ad6ee1f2
-
SHA256
27e9e232c515693f9d97c999b6de1f047caee952ba3390f6d4bae85902d56705
-
SHA512
76ba55424b13716856c66d9a5d0a08f27803987f70102f7de428596d8ab3b495e0d7481961e49a2317cbcd5cbcf4b627ca38acafb660cb4a7df99a1e2ce23ec9
-
SSDEEP
24576:y+ERmdINfj73sE0mE7Yu4lqWEtnuMKOsCS46shzEZpgl5rdFo9Pu98LLUMQXen1n:y6IKmBuSVEtnuXVsh4ZUtXZ0QC73Zdz
Malware Config
Signatures
-
Processes:
com.lynxar.trapsandtreasures.hackpid process 5110 com.lynxar.trapsandtreasures.hack -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.lynxar.trapsandtreasures.hackdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.lynxar.trapsandtreasures.hack -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.lynxar.trapsandtreasures.hackdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.lynxar.trapsandtreasures.hack -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
com.lynxar.trapsandtreasures.hackdescription ioc process Framework service call android.app.job.IJobScheduler.schedule com.lynxar.trapsandtreasures.hack
Processes
-
com.lynxar.trapsandtreasures.hack1⤵
- Removes its main activity from the application launcher
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.lynxar.trapsandtreasures.hack/databases/evernote_jobs.dbFilesize
16KB
MD512627a2ec645c4a4bc50dba5903afd59
SHA1504005c938517e61bcf68b65a055c2faba635c2e
SHA256f177ffae9650eb4f407c2d9a510bb5a5abe1ece2fdfe24effc62478a1bfa5903
SHA5127ff69589296e02383a217373399e75d8a82fa17146e4273f4c0eb630f096dd9f394a3324d60858b02f7e5cf177c82c6d966f5cbedb68ae6a98df7cc851b79cfd
-
/data/data/com.lynxar.trapsandtreasures.hack/databases/evernote_jobs.dbFilesize
16KB
MD59f4ca6f6b1bb22174965521faf5df527
SHA1a22929196cacdb9be81d13df959ddb13299aa2bc
SHA2564c81f214289619428352a5268c5255b766d8fd6c214ac6916f1586a843af3e24
SHA5126afd8924af01380c61419cdb2aaf92783b5abd31390c9b2d5eaaebe0007400f5d267cd6a7ac6512de6206767e0954909117ab9faf098cc4a1fe104d5a7ca0acc
-
/data/data/com.lynxar.trapsandtreasures.hack/databases/evernote_jobs.db-journalFilesize
512B
MD5e9d5e6a2f0b6115e10c71da1279307d3
SHA13207aa1651c52038d9051c7592686005e16b7cc0
SHA25607e17a5fecf7529fcb0bd14a5262878f41d806465281a157f56d10344a58a620
SHA512803c0e428597b4d40315620d4aed22fb85cd1678ad9041e9e06c1b7bedec3b32feecb257fee9e3434d671a453705bb08a8625aa4e7e38eb31c748dc55eee250a
-
/data/data/com.lynxar.trapsandtreasures.hack/databases/evernote_jobs.db-journalFilesize
8KB
MD5de294c137618c75b26a4a235d0c7c437
SHA10f53bd7d6bfc58f0677176342d54c81b1afd0c2d
SHA256332274ff5eb544aa140db089fc2644208028dfce70afa9ff35879ef2c86da053
SHA512f5c59eceba727d12b370f4aa43d5988472e1da02235d78bc4a3ffe3d42d1f190c0f3f0e979dfe3c2c1b689d637ec7e5d8d6b72dec3ffd4882c76f40aa932a09f
-
/data/data/com.lynxar.trapsandtreasures.hack/databases/evernote_jobs.db-journalFilesize
8KB
MD59e36bc6923f78093e5b2326085a2a675
SHA1490174cac07ba3b2f092a8acc32ef9de025343c5
SHA25664b123b6ef6146890559ce60bc4e741f18e3424a3792fe1abbc42c8f7f2d321b
SHA5126a6294b33793811ec9c756f07fdf4f78fddb602663e00155386a836f70e417b3a6c13910608c88999647fcc0cbced60414f3cd0d330255dbaf594060a2ed9df1
-
/data/data/com.lynxar.trapsandtreasures.hack/databases/evernote_jobs.db-journalFilesize
8KB
MD52e979b5afb6c15f7cde26f00050dd7db
SHA11c94584dea17f75bd5ce35cece1fd74da4a634a5
SHA25684c9736f9642453a095fec42557488f54ed8e050804fc598b6db252d7b6151fd
SHA512ebe55d332c6c261e4a2d7a16aaab455b46863701cbbdcf3b3ca400002c54808a97fcb739cd44aa494dfcfa3c46eb7550ab06df3a086729fde369cbf654317e56