Analysis
-
max time kernel
25s -
max time network
150s -
platform
android_x64 -
resource
android-x64-20240514-en -
resource tags
-
submitted
20-05-2024 12:48
General
-
Target
5f27dd84cb04b3afdf8c6128d1c70c88_JaffaCakes118.apk
-
Size
6.6MB
-
MD5
5f27dd84cb04b3afdf8c6128d1c70c88
-
SHA1
13c3fc0d0089a3f18e0e4986be57e31797c9f49d
-
SHA256
2912101be6902d0679f88c0d9174cc737bc1c63fa61c16d0cad93ea0b169583a
-
SHA512
cc707ad990a1cc33f048a113a65b82170dd2290e3e8bbeab5db5da53d4384bcd2ff3072a8f01e4a0f09b8afa8b1786c64ca34de7f67d5257fb7fedf59b58f996
-
SSDEEP
196608:bXY4z6xeDhge+PZSKyaR0PESdEVCnMrIi0WOf0KT:bI4z6xeVkmWf+EeM8tf5T
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 4 IoCs
-
Removes its main activity from the application launcher 1 TTPs 1 IoCs
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Acquires the wake lock 1 IoCs
-
Checks if the internet connection is available 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes
-
com.square_enix.android_googleplay.FFT_en2.hack1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.square_enix.android_googleplay.FFT_en2.hack/databases/evernote_jobs.dbFilesize
16KB
MD58fea5210ca4f00afcbd7ed247420bff4
SHA1330dcd970ac196dcacd596c8c3202e11d6da11f6
SHA2561558d884af7c7d780dcea7824db71dacd8343c71ade7305619fa669053a5ae0b
SHA5125453157cc33f095837cc8d813961337bd5b8faca1fef7bceed33577b1244dcfe4dac430709f0a4736db9f3fe92912cba1c394c4c16186cae1c920f9eaa0f01d2
-
/data/data/com.square_enix.android_googleplay.FFT_en2.hack/databases/evernote_jobs.db-journalFilesize
512B
MD51a4580716f23c0853c9396cb64bf7c2b
SHA1bd96b3bea551aa585812273defacabf7133da749
SHA256cee06aa5a3236bf3127f14aa662d1f8433096453ef2eb06a6d07ecd58d0ec3bc
SHA51205918fde13119907cdf739ca6e0f9eaa4e3cf9e6f9f67698ce1009be88cecc4f5767591785c118b92df2f3cb9cb8adf4dca591b7ebf06c914e8890ca52be5b33
-
/data/data/com.square_enix.android_googleplay.FFT_en2.hack/databases/evernote_jobs.db-journalFilesize
8KB
MD54320fcce9e3af47c7cc33ba816429863
SHA1074401badec7c39df330d02e75794a63d6d9e530
SHA256c3e5e8a49e6676f415b414b3aac80be974ac9452b15dd9940e6b0fc54850d515
SHA512fecb549b701fbbb28e10fc4ef34b4115706e6ffd565b8ac435900ba58c9e22f7e8cb70bd57dbb9dd610c0564723dc6c1996d2265257af9af37128b86826e61cb
-
/data/data/com.square_enix.android_googleplay.FFT_en2.hack/databases/evernote_jobs.db-journalFilesize
8KB
MD515aa0be68eebadad90f8f3cfb58f82b9
SHA120ae3201ea4ebcf911cf9d43618a781c8d50ee2e
SHA2566f7444faa98a4225afeaeb26f31167cfa08d5ce9eb0019523d197e811449e239
SHA512713b259b2af1fb7d03d2adf1d41e8ddc7cdb554937d9812f4512e835dabb05406ebe5a3c9c2f328b4f73a5e0d559f56c5d14fea3ec0c2a554695f5b8a727824d
-
/data/data/com.square_enix.android_googleplay.FFT_en2.hack/databases/evernote_jobs.db-journalFilesize
8KB
MD51e02f6b525ce3433d4a07e703d9ac538
SHA196cd091a709699db8092549853a778360d9f8baa
SHA2560ad5ec6280b606e54438f4bbac283354579b98b7a9bd0881cf712c80d52eb496
SHA51253eb0c83604702c08e75b37aaf0df1eab6fb0d4c4da8da20df3298e2b5a1eb94302b91f2fd0d8563d54b476bd6e416db6b6adf4edfd48b76c3d348348f4db387
-
/data/data/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.dbFilesize
16KB
MD57f16473974ee0f8cb15e816fbb009f92
SHA12ae328636bc670cff0b33e1b3dc2cec25a113d66
SHA2564cd7d1d07ed9daa96ff8486c6acf69bdcfe5dc73db3e76ce8b0a0f3c4786c2fd
SHA512590567df2be1bceba236aa8f745a1844cba2741079e02604843bf565cd41b4b961e742b1362fead940b9dfe760bff729936c70f2335d2477bd3a50ac0faa786d
-
/data/data/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.dbFilesize
16KB
MD5a6868190b8fe6dcea2e0e1f511c1d9b8
SHA188d9ef84707992ef7825db8ab631058c31513a9d
SHA256e76db0f5d331212fa1ce6e0444b02a8ccc35dda9a045616ae60e0e0c1e2f30e0
SHA512029996bcbd664f9a0d6b54abe93181821fcdace3fead7ed8c385eba733c048f018714e8dded5f2642632aaf89e53a2a9b8e0b8fd9bb29e0e5c17622c39828d19
-
/data/data/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.dbFilesize
16KB
MD5c77d1aa2d283543be84ac5fe8cd48ab3
SHA1fce14639b14a97876c46da611aeab55c68e647ca
SHA256261c2aa9b017f9bd9a9e0b9eb1eed20e2fc7c85c498aa55589b6415aa95be1b1
SHA512d59622f64561ee1208344f1fd87c48a3e8d9915da21d34b25b327429baddb551bd91e50bf7ff7b5fb947b4c5dd0e552d825cf59fa9fe0042c60820501d98396c
-
/data/data/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.dbFilesize
16KB
MD5b2995206a76b58220338b2439fe566aa
SHA1a7e080284d9a936196af2b89e12e682a08063e3d
SHA2563311b1086dacee2035388231fa81fea915cd6169c2743e605647f68bb132fd7e
SHA5128a2ef8f53866e36dba8eee3a79f7f7fa83c4b82ea1f7cda1c8eef089020dbe19bfa0c8ecf156801c5f52b33de80e9cd2a55bcdbb39023ecd0ac456d9dcc6f673
-
/data/data/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.dbFilesize
16KB
MD52f1eeee3602c828b8e9f81f6fbd20d41
SHA1d240b568bb6929702815b9a5edd05ad635671caa
SHA256458aa953a9e0adbf5b8765ebcf6b51bc5b5a48b7664e85d25c7a8ce9781a2d5c
SHA512a8642cc12cb9af0cd9d3fdc4bb1fe3b246d02af6b36714d80cdd2809def699b0b93eb585187c17f0a8e19801879e2e9edef7963ee416ae9e8cc35fd9cede2859
-
/data/data/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.dbFilesize
16KB
MD5eb52a90bb70b76e946b62f50b6f7fb85
SHA142d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA25648472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c
-
/data/data/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db-journalFilesize
512B
MD537d071b2edbff4e4419762d164271099
SHA1e6c882bf92b431b026e1e47d1dcc32617cd295f4
SHA25683a99dcfaa99df8ec93ad0ca7b21d5b021800070a728b0b5e1570bff3450e703
SHA51298adb297e06de83ce0039eba445353e7279be47a281021908650bfea953834c3a7c670ed2f2433a0b8dc5599c2c011194f11dd49344a8b66247cf079d1b7a327
-
/data/data/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db-journalFilesize
8KB
MD5c626cb105ece6653989537c6f4834332
SHA1dff739c4455451df279cf27875e901cf51d1be39
SHA25614ae51befdb90fa0c6f0463b976a45d9d449143ab8edac5cd2cb3c9cffd9372a
SHA51297dbfd0f752a0d3d09ee7fc9364554e574a3731ce34e4abcb94871eed5328d465977a117f0e0361a99eb4b310a66c0f37057fddd89c463c2caeaad94364cb53f
-
/data/data/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db-journalFilesize
4KB
MD50a44876e61be026f4dbea9bb1cee7d97
SHA141c61c90efbf1382e5a06fcace68d6fa610cefe6
SHA25634c67f6bd1d191b19efcb12a1dc9bd8dfc3ed59c2e078ad4fc59ab69bd02918e
SHA5124adbb432fb8b82cbccb21915b180f1b2691e29ca3f02b7d86cf8dd366303fe04347b53b5a5cf77bf628fffc0078bced484ca5f96e390082db5d239b03a0c253c
-
/data/data/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db-journalFilesize
8KB
MD589d20efa78fbeb548327945b33692385
SHA12b5a289ddc9f61ebe4df894fffb6c73fdc317830
SHA256ac72d921b7427f5887000725e857b38c0061c3b29f97f8daf6ed9614ffcc3a4b
SHA512c94d4769a50c4679da555a02b22c10119f7e3e54364be9cce0869b6b0ed78be8a1bcdb576db51a872c0ab2ff9c20db3039885fb50d51909d10a721ba779515fa
-
/data/data/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db-journalFilesize
8KB
MD5e212fc3eb91d5aaaf151349d55c26ba1
SHA12b563aef370139b0d00653820fbcc979a8a53faa
SHA25666005c6f997fa7363bf068117df608107c8c08f1bc67c24e6499c30dfdc5660f
SHA512a56e89eb0c238d2cd3abdd6cf03b25085ddeffb372313a333cf82892e65f6799e48b64af7a15e78e8d2b3f5754a7de250b80f63cb80daee5e9db150352028d23
-
/data/data/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db-journalFilesize
8KB
MD55409c888812038f5e5a5f1752250d1b8
SHA1e9da3826c6d4ce3cdd52cecca8d390a0894a37d3
SHA25663efe1fab8141db8493b5e218706848bcb33b902a6a04fc78df9caf6d7ff77b7
SHA512aaaedcd334cbfeb5c28fca9d22e5d6219f172a4eae0f9266c63c13102c924cfdb5a3f21ddef594a2e9799b8d47d86977ec0a5b955462dc78581ebba7c4fa855a
-
/data/data/com.square_enix.android_googleplay.FFT_en2.hack/no_backup/com.google.InstanceId.propertiesFilesize
2KB
MD59b3bb43be6e431d525df46da38d843d1
SHA1889b0c049e46ff7d6f1931d1a6bf3005c996f769
SHA2565bfb4b537c878b5303e91b7fae199959fe60136bd9ffb6440b84860bea330458
SHA5126f7ae5fde29d3add842a434efd6375e8136f8ae8c0e6f81a3b5e12933af38f4a1eb35c72651453584b532e546aff3b7c40d12aa489f51256a7069fd859a7990c