2912101be6902d0679f88c0d9174cc737bc1c63fa61c16d0cad93ea0b169583a

Analysis

max time kernel
107s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
20-05-2024 12:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5f27dd84cb04b3afdf8c6128d1c70c88_JaffaCakes118.apk
Size

6.6MB
MD5

5f27dd84cb04b3afdf8c6128d1c70c88
SHA1

13c3fc0d0089a3f18e0e4986be57e31797c9f49d
SHA256

2912101be6902d0679f88c0d9174cc737bc1c63fa61c16d0cad93ea0b169583a
SHA512

cc707ad990a1cc33f048a113a65b82170dd2290e3e8bbeab5db5da53d4384bcd2ff3072a8f01e4a0f09b8afa8b1786c64ca34de7f67d5257fb7fedf59b58f996
SSDEEP

196608:bXY4z6xeDhge+PZSKyaR0PESdEVCnMrIi0WOf0KT:bI4z6xeVkmWf+EeM8tf5T

Score

8^/10

collection credential_access discovery evasion execution impact persistence stealth trojan

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 5 IoCs

evasion

T1426

Processes:

com.square_enix.android_googleplay.FFT_en2.hack

ioc	process
/data/local/su	com.square_enix.android_googleplay.FFT_en2.hack
/data/local/bin/su	com.square_enix.android_googleplay.FFT_en2.hack
/data/local/xbin/su	com.square_enix.android_googleplay.FFT_en2.hack
/sbin/su	com.square_enix.android_googleplay.FFT_en2.hack
/system/bin/su	com.square_enix.android_googleplay.FFT_en2.hack

Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

T1628.001

Processes:

com.square_enix.android_googleplay.FFT_en2.hack

pid process

4502 com.square_enix.android_googleplay.FFT_en2.hack
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.square_enix.android_googleplay.FFT_en2.hack

description ioc process

File opened for read /proc/cpuinfo com.square_enix.android_googleplay.FFT_en2.hack
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.square_enix.android_googleplay.FFT_en2.hack

description ioc process

File opened for read /proc/meminfo com.square_enix.android_googleplay.FFT_en2.hack
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

T1414

T1641.001

Processes:

com.square_enix.android_googleplay.FFT_en2.hack

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.square_enix.android_googleplay.FFT_en2.hack
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.square_enix.android_googleplay.FFT_en2.hack

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.square_enix.android_googleplay.FFT_en2.hack
Acquires the wake lock 1 IoCs

Processes:

com.square_enix.android_googleplay.FFT_en2.hack

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.square_enix.android_googleplay.FFT_en2.hack
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.square_enix.android_googleplay.FFT_en2.hack

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.square_enix.android_googleplay.FFT_en2.hack
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

T1603

Processes:

com.square_enix.android_googleplay.FFT_en2.hack

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.square_enix.android_googleplay.FFT_en2.hack

pid	process
4502	com.square_enix.android_googleplay.FFT_en2.hack

description	ioc	process
File opened for read	/proc/cpuinfo	com.square_enix.android_googleplay.FFT_en2.hack

description	ioc	process
File opened for read	/proc/meminfo	com.square_enix.android_googleplay.FFT_en2.hack

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.square_enix.android_googleplay.FFT_en2.hack

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.square_enix.android_googleplay.FFT_en2.hack

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.square_enix.android_googleplay.FFT_en2.hack

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.square_enix.android_googleplay.FFT_en2.hack

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.square_enix.android_googleplay.FFT_en2.hack

com.square_enix.android_googleplay.FFT_en2.hack
1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Acquires the wake lock
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
PID:4502

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.square_enix.android_googleplay.FFT_en2.hack/databases/evernote_jobs.db
Filesize
16KB

MD5
6903a881b83727ef8745750405819147

SHA1
e0fd472df403c42b383e9015fb802ae80aec3623

SHA256
c0f10131e0f66a8d335feb068fc7073e6b928443bb5b9e54d20bc431c369d161

SHA512
b243b130d2dbcf7b48b398a48bfa260a71d1cbc1fefafb540437fc558d7d61bde3bc3287cf5d6d55890cc39e42559bebf08d09374e49386d2af2dfddfdad5378

Download Submit
/data/user/0/com.square_enix.android_googleplay.FFT_en2.hack/databases/evernote_jobs.db-journal
Filesize
512B

MD5
e1aee54d55ad3a083b7c92c45bab2990

SHA1
d1f826c7830a3b56361824051423dd9d293c4dbe

SHA256
50a4d2966e76c80619fea4f924a65d461d6735d2df5c188d592c2b06fc59cb53

SHA512
4beae759b77971d01c8c8f552dc642a9b9854acb5c80e9e6476c71b7a01cdd97cff6d34a9d8f02f37b46a48b1a1d43ce67784e7902ea346c172427b3f0a1889b

Download Submit
/data/user/0/com.square_enix.android_googleplay.FFT_en2.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
756db91923b0c062fdfa039826f4a93e

SHA1
2a27d7c002619b1548e1acd4ae2c0b960f3779aa

SHA256
016d1357339ef0d8260d942451e8c25b48eb56a996a752c454c74c0b1cde23ec

SHA512
b18b6cf9ae89ad3ab4e33457c580e931ab205445b11a40f96b22ed4cd2b810904348b235282c95e4dc49d0b6118c54ccbfd7074360afe30f957ff1919ac68cf7

Download Submit
/data/user/0/com.square_enix.android_googleplay.FFT_en2.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
adea58cabde963c4be7a53297a73930b

SHA1
389f6817988d69029765a2bc00de56c363a724a6

SHA256
59228c4a8c0b3a90912348472a3088426dd50dfd7da27323a3a0803e7d257008

SHA512
c15b2f64b7197fe68ac4a0359cb5d96455b8ad147304ea1791695c337557dee8601930d04bba8ad581037aaa79fd549b7157f311085149f479af2a48879a7761

Download Submit
/data/user/0/com.square_enix.android_googleplay.FFT_en2.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
20d0af032cd5ee1036ca5e6ae587ac88

SHA1
82e80f83c5cbe8e5c1dacdf5e02c61da82ef37c7

SHA256
605fccf43820163e977d553603dbfe19436526a69c6093d53ec127ebcbbb7445

SHA512
4ee6a9cef2608e73d8f789b7b91eef3a33411011e3fdb39d1830eb6385436f55d67f9a4ac3eb5d24c2c71018ce5836e77742e95a707192e8c8f31a2d34d53874

Download Submit
/data/user/0/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
00ae31a365eb23fa2e9ea7ea67f7a226

SHA1
039648c2f7121ca70872eea4300790fb3e64990b

SHA256
853fb158ab500ecdcba48f00c6e0982720021e0694ac6dd2af1f2ad9c7a6f2c8

SHA512
a2218916948477bd10d593da8ca001b414b2c2b7b6eb669136cb0ca13fb1da8ee29a90f879d1d8b905d16dd1221c27ca2d40e93f8e4d3fdc5fdf86134539e817

Download Submit
/data/user/0/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
65fe27e623d901f196283a1f267b14f8

SHA1
fb2834bdad9f655672af3adf05c530db790417c5

SHA256
a30843b0b53b69ad99e8a2e56f90bdc53d4b92bd3ee1f0af6e2c189c3363329e

SHA512
c5844a1adaef6ec29855694cb1afa7f819901f63d951f68f5745e30efcdd27f7af4bb4d4c0884f381d9121a5ac59ecce0fdc14203d3ca795c79819bff153ab14

Download Submit
/data/user/0/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
a9345db2d048de9268e5d76e297ea03b

SHA1
7b37a28f01575da7e0d46eab6588f4c77aac9259

SHA256
4828344f215d1f8a4faba52090ac2ae83a72dba11b294d14f5b2d4cbbb03388a

SHA512
c9c06d198ab2ab6177edc1fe8dabf9c9e6bf13c17d888a4abad72f268358bad4b887041bd93762bb009998a941eaf65e8323d4477f6e4eff97ce388f6d1b8aa7

Download Submit
/data/user/0/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
62864b2e8f5af19ce00152baa67f4948

SHA1
c84d44d06ab8685242c410a60b09feb3dc3b54a9

SHA256
c9592968f7912b4e51747b4f25148ea6d8589e757c611a0970693fface5f5544

SHA512
1a4066022434a70524a35a1f8dae92b4877d784728e1345357e277f5288376fbef8f6f2d630aae11adc4ce3ed47a6901298c53220db7b4f65826de8c9bb0a4c8

Download Submit
/data/user/0/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
818548be1885386cc995f564f36a8e8e

SHA1
008b0c602ed55b1122dadfb3a20db517d55c10b3

SHA256
b4765a86f69c122307448d0c6e81cebd52ffbc59b0d19da42971e2857f773e6d

SHA512
47840561a1eded73600b656576a7a9195bd1beddb79b08090b9e6bd9ab610de6cfb0a334310bfefe0b33ef157d420aaa17c6315fa2e689398da3328c4460a02f

Download Submit
/data/user/0/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/user/0/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
321bd9a2e4e4ee250ec68499d1e35391

SHA1
1f6fe11b5567f4b678a5e03f87435482bdb3bc6f

SHA256
5fdd2a6951d75d03a061fc9ec7e3fd0ede7dcf5e1ebd24b1a8421098a4c03720

SHA512
c1dbb3991df512a7b2a3354d2499428cb844ff6c2ced95ce80588ccff1a03154de78df1b8d27916cad4688309b883b1739ae7d08d43815718cea18fba3607be7

Download Submit
/data/user/0/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db-journal
Filesize
512B

MD5
44e9fe1557dc5b91f6f93622dca02d31

SHA1
2c691416ecfd14e0077db39e0184ecbf8af1a648

SHA256
6b1c1ba83f80eea58d3177f3a17339b37afa1d0e9a2ff3dcd07d642c13db364f

SHA512
a18cec89dc501a781b322a229c597134f4c3ac4e99912bff46d872d85295fa787306b1035254b175b2c47c32bf88706420d3b382aee23549b1ceea04d2127490

Download Submit
/data/user/0/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
c75ee5be057de0e44c2282cf58d11a99

SHA1
b34b784509a2c4e148cad6fe634330c8b110a357

SHA256
bc9a0733b108511dfa4f46ed4a12c86e3ba12501aa688ddf1efb210936f76d9c

SHA512
448dc86e7b3a77ac1e3e346389b39070af194c5c8abcf4ec6e9c2be3428702c63f9f821a22aa5424ee343bdf4110b7b5764e459f9e8d1e7e83fbcd9a22772fed

Download Submit
/data/user/0/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db-journal
Filesize
4KB

MD5
2f0c66669f7234eac71ec4dfec8cb7b1

SHA1
a9001653fbf87746f6ae4083a681a79c09821dbc

SHA256
00cf8a72b739c09ac6d93a4a837f7d2a0a521096e1c6c3c81615fbc35a473e04

SHA512
5d461538f1144db0f1e7d2cc2c285f798ff8fa15f8733f07810384fa36122979be5ddbea2144c9dc767bbdb4e0e825650c0dcea2a93d14584b22a160e7fafd4c

Download Submit
/data/user/0/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
5ab9b083c20fdec366693f02b3bfedec

SHA1
229d3b99d8a24ef05200daf5c3122a26af31c2db

SHA256
d03747976a45ffd4d3aadde63d4de08493d0d0c2a5d9428966eb3c56d0851a6e

SHA512
cdb751b1e6158588522fb0587ab99abaac9649c6d2965e87cb105b5762bdd5d839c180ef7342a876fa9d846ddd7f6a74146f438415f028e6d085c9db7eb04923

Download Submit
/data/user/0/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
be0f3094560c2f3497c729ab6fd7cff4

SHA1
9d5c5ac95760f36146f4ae71d9ba095c9e3f83d3

SHA256
5f6a4addf014f11c1d648edeccb6ce89d492f63df9ecd063e96644bee85dfba4

SHA512
beee4377d7cb3bff728f1045e8a1931c67cdb966ecd5039558d5a0756dfe4f7edcf07b7ee0cb62d5a63666d9a9e423f79db63fb8d47ff444b443ec1f2f2f08f0

Download Submit
/data/user/0/com.square_enix.android_googleplay.FFT_en2.hack/no_backup/com.google.InstanceId.properties
Filesize
2KB

MD5
12e62688b354b709a73c36eee5dd7e74

SHA1
ec5c32a5c383e3c096c85bb8838033e5be06eb22

SHA256
85e1fa98b15c2c6aa15123123262bfbe577aca03083ea149c6e134f81596cead

SHA512
134288ee5f4747254e511fc7998151c71882abf957f933dd7aeedc695e81e2d65561a35e44b5b4711e1095a386323c881665eeeb1841e6a0a7b3fef443220da7

Download Submit