27e9e232c515693f9d97c999b6de1f047caee952ba3390f6d4bae85902d56705

Analysis

max time kernel
26s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
19-05-2024 01:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

57ec1dcfd28d9c98814767636ed81540_JaffaCakes118.apk
Size

2.0MB
MD5

57ec1dcfd28d9c98814767636ed81540
SHA1

9f742d1c784147cec66cd2291ba100b4ad6ee1f2
SHA256

27e9e232c515693f9d97c999b6de1f047caee952ba3390f6d4bae85902d56705
SHA512

76ba55424b13716856c66d9a5d0a08f27803987f70102f7de428596d8ab3b495e0d7481961e49a2317cbcd5cbcf4b627ca38acafb660cb4a7df99a1e2ce23ec9
SSDEEP

24576:y+ERmdINfj73sE0mE7Yu4lqWEtnuMKOsCS46shzEZpgl5rdFo9Pu98LLUMQXen1n:y6IKmBuSVEtnuXVsh4ZUtXZ0QC73Zdz

Score

8^/10

collection credential_access discovery evasion execution impact persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

T1628.001

Processes:

com.lynxar.trapsandtreasures.hack

pid process

4612 com.lynxar.trapsandtreasures.hack
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.lynxar.trapsandtreasures.hack

description ioc process

File opened for read /proc/cpuinfo com.lynxar.trapsandtreasures.hack
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.lynxar.trapsandtreasures.hack

description ioc process

File opened for read /proc/meminfo com.lynxar.trapsandtreasures.hack
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

T1414

T1641.001

Processes:

com.lynxar.trapsandtreasures.hack

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.lynxar.trapsandtreasures.hack
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

T1603

Processes:

com.lynxar.trapsandtreasures.hack

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.lynxar.trapsandtreasures.hack

pid	process
4612	com.lynxar.trapsandtreasures.hack

description	ioc	process
File opened for read	/proc/cpuinfo	com.lynxar.trapsandtreasures.hack

description	ioc	process
File opened for read	/proc/meminfo	com.lynxar.trapsandtreasures.hack

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.lynxar.trapsandtreasures.hack

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.lynxar.trapsandtreasures.hack

com.lynxar.trapsandtreasures.hack
1⤵
- Removes its main activity from the application launcher
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Schedules tasks to execute at a specified time
PID:4612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.lynxar.trapsandtreasures.hack/databases/evernote_jobs.db
Filesize
16KB

MD5
58c0b6e45328752b20ac6e719ac034f8

SHA1
372b2638afd00bbbc4034657b3df3d2e428fb367

SHA256
9d74f93afa5a179b1ba2f19f154b2880aa8b99c88209802099045a0874d2426a

SHA512
2d347d5824b9ab701e341c89e8327a95fd6bab8e92ee15ce9550da368d773e22bff304072a4854df5ab763750a7401f7aa61a49e3292d62c27fa9f20536eb3ab

Download Submit
/data/user/0/com.lynxar.trapsandtreasures.hack/databases/evernote_jobs.db
Filesize
16KB

MD5
8345588f79121367e7af8db37ba6cd86

SHA1
54d5fc6105b5cc179fffafbed21bf7ceeca2ca97

SHA256
470d811007c9be6ee4c192bfb33f802441c7e98d7b49be81d3fd856ed05fa8f6

SHA512
21480245a5cb36a400c9723767cf89acd928b7463ae45159195d488b3fa76b4ea36446fa0145b724d2d3b9ed04f96edfbbd7e2e44cb51f0a88268cf04bedfa96

Download Submit
/data/user/0/com.lynxar.trapsandtreasures.hack/databases/evernote_jobs.db-journal
Filesize
512B

MD5
3cf1919078b31fa74d985c30fec28b2a

SHA1
435ff5ad9ea42eeca5b29d99d1ca84ea13980ed3

SHA256
f4d16d1bef1981a6386c5e9638f3c8d3277802b9a2e8e5d06a4adc9f4dc50ce8

SHA512
628d7f13db4a1f02870790b471c67c45f381d8140b5c77f75cd82bcf79cd5de1e30bfbd23398d704cf39e977df36ca0b79dac41d6a2b66029f6e66486988697b

Download Submit
/data/user/0/com.lynxar.trapsandtreasures.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
7e8e38944395fa734aaa762dddbdc532

SHA1
6c276631a7d9115e2a0e3b27b716b2cf43790e19

SHA256
7fc75605be2858f0aa147fb604c748f04d9d5a6078c09ebd4af1b2408ef45f9e

SHA512
e11133a583e03a90f6b7b40edddfe50c48fccf91bf0c7261000f8c4b1c57709802fd74501f5e244282ae11b2c4a7ee311c9b15783b0a9d1e13d151fe589df4e1

Download Submit
/data/user/0/com.lynxar.trapsandtreasures.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
c87923d81cd4514fc90717511dd1f93b

SHA1
595ea27fe843efbc61f72e2263629bccaaf22363

SHA256
64b7893a6f6993678abccbfa61edfaf3115d36c1879cd51215af07181fdecd63

SHA512
01cbf85562679cf55efe8c266d823a70558c5628a4d56afd89fde06d53a5d36e5c5e7f3cac5a03ea90be3e2e44e312c6c11005d40c70b060e834ac86578f51bd

Download Submit
/data/user/0/com.lynxar.trapsandtreasures.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
d57eb64d050c75a792ddd8eb39d1ba78

SHA1
18ee4c6e0db9108ab6aa5631edf5becd38661bbb

SHA256
cc0017e6d50f0e9243b8efa2224bf726dfc5ab5cb22fed06a047060beee38a4e

SHA512
8080d1ecc4bfc925e2040eb33b7ae70dbe55ac86116865e4dfda08ace37be41d7886eecfd7d1b52f4d92f560223aa0b7e65e23a643655ac4aea9fefd9c2af8be

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads