Malware Analysis Report

2024-10-19 12:06

Sample ID 240520-p1w93abd22
Target 5f27dd84cb04b3afdf8c6128d1c70c88_JaffaCakes118
SHA256 2912101be6902d0679f88c0d9174cc737bc1c63fa61c16d0cad93ea0b169583a
Tags
collection credential_access discovery evasion execution impact persistence stealth trojan
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

2912101be6902d0679f88c0d9174cc737bc1c63fa61c16d0cad93ea0b169583a

Threat Level: Likely malicious

The file 5f27dd84cb04b3afdf8c6128d1c70c88_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

collection credential_access discovery evasion execution impact persistence stealth trojan

Removes its main activity from the application launcher

Checks if the Android device is rooted.

Obtains sensitive information copied to the device clipboard

Registers a broadcast receiver at runtime (usually for listening for system events)

Queries the mobile country code (MCC)

Checks CPU information

Checks memory information

Queries information about running processes on the device

Checks if the internet connection is available

Acquires the wake lock

Schedules tasks to execute at a specified time

Requests dangerous framework permissions

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-20 12:48

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-20 12:48

Reported

2024-05-20 12:54

Platform

android-x64-arm64-20240514-en

Max time kernel

107s

Max time network

132s

Command Line

com.square_enix.android_googleplay.FFT_en2.hack

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /data/local/su N/A N/A
N/A /data/local/bin/su N/A N/A
N/A /data/local/xbin/su N/A N/A
N/A /sbin/su N/A N/A
N/A /system/bin/su N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Processes

com.square_enix.android_googleplay.FFT_en2.hack

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.179.234:443 tcp
GB 142.250.179.234:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
GB 142.250.178.14:443 tcp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 kanoki.jikutate.com udp
US 1.1.1.1:53 lp.androidapk.world udp
NL 188.226.186.198:80 kanoki.jikutate.com tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp

Files

/data/user/0/com.square_enix.android_googleplay.FFT_en2.hack/no_backup/com.google.InstanceId.properties

MD5 12e62688b354b709a73c36eee5dd7e74
SHA1 ec5c32a5c383e3c096c85bb8838033e5be06eb22
SHA256 85e1fa98b15c2c6aa15123123262bfbe577aca03083ea149c6e134f81596cead
SHA512 134288ee5f4747254e511fc7998151c71882abf957f933dd7aeedc695e81e2d65561a35e44b5b4711e1095a386323c881665eeeb1841e6a0a7b3fef443220da7

/data/user/0/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db-journal

MD5 44e9fe1557dc5b91f6f93622dca02d31
SHA1 2c691416ecfd14e0077db39e0184ecbf8af1a648
SHA256 6b1c1ba83f80eea58d3177f3a17339b37afa1d0e9a2ff3dcd07d642c13db364f
SHA512 a18cec89dc501a781b322a229c597134f4c3ac4e99912bff46d872d85295fa787306b1035254b175b2c47c32bf88706420d3b382aee23549b1ceea04d2127490

/data/user/0/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db

MD5 d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA1 07ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA256 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

/data/user/0/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db-journal

MD5 c75ee5be057de0e44c2282cf58d11a99
SHA1 b34b784509a2c4e148cad6fe634330c8b110a357
SHA256 bc9a0733b108511dfa4f46ed4a12c86e3ba12501aa688ddf1efb210936f76d9c
SHA512 448dc86e7b3a77ac1e3e346389b39070af194c5c8abcf4ec6e9c2be3428702c63f9f821a22aa5424ee343bdf4110b7b5764e459f9e8d1e7e83fbcd9a22772fed

/data/user/0/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db-journal

MD5 2f0c66669f7234eac71ec4dfec8cb7b1
SHA1 a9001653fbf87746f6ae4083a681a79c09821dbc
SHA256 00cf8a72b739c09ac6d93a4a837f7d2a0a521096e1c6c3c81615fbc35a473e04
SHA512 5d461538f1144db0f1e7d2cc2c285f798ff8fa15f8733f07810384fa36122979be5ddbea2144c9dc767bbdb4e0e825650c0dcea2a93d14584b22a160e7fafd4c

/data/user/0/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db-journal

MD5 5ab9b083c20fdec366693f02b3bfedec
SHA1 229d3b99d8a24ef05200daf5c3122a26af31c2db
SHA256 d03747976a45ffd4d3aadde63d4de08493d0d0c2a5d9428966eb3c56d0851a6e
SHA512 cdb751b1e6158588522fb0587ab99abaac9649c6d2965e87cb105b5762bdd5d839c180ef7342a876fa9d846ddd7f6a74146f438415f028e6d085c9db7eb04923

/data/user/0/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db-journal

MD5 be0f3094560c2f3497c729ab6fd7cff4
SHA1 9d5c5ac95760f36146f4ae71d9ba095c9e3f83d3
SHA256 5f6a4addf014f11c1d648edeccb6ce89d492f63df9ecd063e96644bee85dfba4
SHA512 beee4377d7cb3bff728f1045e8a1931c67cdb966ecd5039558d5a0756dfe4f7edcf07b7ee0cb62d5a63666d9a9e423f79db63fb8d47ff444b443ec1f2f2f08f0

/data/user/0/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db-journal

MD5 321bd9a2e4e4ee250ec68499d1e35391
SHA1 1f6fe11b5567f4b678a5e03f87435482bdb3bc6f
SHA256 5fdd2a6951d75d03a061fc9ec7e3fd0ede7dcf5e1ebd24b1a8421098a4c03720
SHA512 c1dbb3991df512a7b2a3354d2499428cb844ff6c2ced95ce80588ccff1a03154de78df1b8d27916cad4688309b883b1739ae7d08d43815718cea18fba3607be7

/data/user/0/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db

MD5 00ae31a365eb23fa2e9ea7ea67f7a226
SHA1 039648c2f7121ca70872eea4300790fb3e64990b
SHA256 853fb158ab500ecdcba48f00c6e0982720021e0694ac6dd2af1f2ad9c7a6f2c8
SHA512 a2218916948477bd10d593da8ca001b414b2c2b7b6eb669136cb0ca13fb1da8ee29a90f879d1d8b905d16dd1221c27ca2d40e93f8e4d3fdc5fdf86134539e817

/data/user/0/com.square_enix.android_googleplay.FFT_en2.hack/databases/evernote_jobs.db-journal

MD5 e1aee54d55ad3a083b7c92c45bab2990
SHA1 d1f826c7830a3b56361824051423dd9d293c4dbe
SHA256 50a4d2966e76c80619fea4f924a65d461d6735d2df5c188d592c2b06fc59cb53
SHA512 4beae759b77971d01c8c8f552dc642a9b9854acb5c80e9e6476c71b7a01cdd97cff6d34a9d8f02f37b46a48b1a1d43ce67784e7902ea346c172427b3f0a1889b

/data/user/0/com.square_enix.android_googleplay.FFT_en2.hack/databases/evernote_jobs.db

MD5 6903a881b83727ef8745750405819147
SHA1 e0fd472df403c42b383e9015fb802ae80aec3623
SHA256 c0f10131e0f66a8d335feb068fc7073e6b928443bb5b9e54d20bc431c369d161
SHA512 b243b130d2dbcf7b48b398a48bfa260a71d1cbc1fefafb540437fc558d7d61bde3bc3287cf5d6d55890cc39e42559bebf08d09374e49386d2af2dfddfdad5378

/data/user/0/com.square_enix.android_googleplay.FFT_en2.hack/databases/evernote_jobs.db-journal

MD5 756db91923b0c062fdfa039826f4a93e
SHA1 2a27d7c002619b1548e1acd4ae2c0b960f3779aa
SHA256 016d1357339ef0d8260d942451e8c25b48eb56a996a752c454c74c0b1cde23ec
SHA512 b18b6cf9ae89ad3ab4e33457c580e931ab205445b11a40f96b22ed4cd2b810904348b235282c95e4dc49d0b6118c54ccbfd7074360afe30f957ff1919ac68cf7

/data/user/0/com.square_enix.android_googleplay.FFT_en2.hack/databases/evernote_jobs.db-journal

MD5 adea58cabde963c4be7a53297a73930b
SHA1 389f6817988d69029765a2bc00de56c363a724a6
SHA256 59228c4a8c0b3a90912348472a3088426dd50dfd7da27323a3a0803e7d257008
SHA512 c15b2f64b7197fe68ac4a0359cb5d96455b8ad147304ea1791695c337557dee8601930d04bba8ad581037aaa79fd549b7157f311085149f479af2a48879a7761

/data/user/0/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db

MD5 65fe27e623d901f196283a1f267b14f8
SHA1 fb2834bdad9f655672af3adf05c530db790417c5
SHA256 a30843b0b53b69ad99e8a2e56f90bdc53d4b92bd3ee1f0af6e2c189c3363329e
SHA512 c5844a1adaef6ec29855694cb1afa7f819901f63d951f68f5745e30efcdd27f7af4bb4d4c0884f381d9121a5ac59ecce0fdc14203d3ca795c79819bff153ab14

/data/user/0/com.square_enix.android_googleplay.FFT_en2.hack/databases/evernote_jobs.db-journal

MD5 20d0af032cd5ee1036ca5e6ae587ac88
SHA1 82e80f83c5cbe8e5c1dacdf5e02c61da82ef37c7
SHA256 605fccf43820163e977d553603dbfe19436526a69c6093d53ec127ebcbbb7445
SHA512 4ee6a9cef2608e73d8f789b7b91eef3a33411011e3fdb39d1830eb6385436f55d67f9a4ac3eb5d24c2c71018ce5836e77742e95a707192e8c8f31a2d34d53874

/data/user/0/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db

MD5 a9345db2d048de9268e5d76e297ea03b
SHA1 7b37a28f01575da7e0d46eab6588f4c77aac9259
SHA256 4828344f215d1f8a4faba52090ac2ae83a72dba11b294d14f5b2d4cbbb03388a
SHA512 c9c06d198ab2ab6177edc1fe8dabf9c9e6bf13c17d888a4abad72f268358bad4b887041bd93762bb009998a941eaf65e8323d4477f6e4eff97ce388f6d1b8aa7

/data/user/0/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db

MD5 62864b2e8f5af19ce00152baa67f4948
SHA1 c84d44d06ab8685242c410a60b09feb3dc3b54a9
SHA256 c9592968f7912b4e51747b4f25148ea6d8589e757c611a0970693fface5f5544
SHA512 1a4066022434a70524a35a1f8dae92b4877d784728e1345357e277f5288376fbef8f6f2d630aae11adc4ce3ed47a6901298c53220db7b4f65826de8c9bb0a4c8

/data/user/0/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db

MD5 818548be1885386cc995f564f36a8e8e
SHA1 008b0c602ed55b1122dadfb3a20db517d55c10b3
SHA256 b4765a86f69c122307448d0c6e81cebd52ffbc59b0d19da42971e2857f773e6d
SHA512 47840561a1eded73600b656576a7a9195bd1beddb79b08090b9e6bd9ab610de6cfb0a334310bfefe0b33ef157d420aaa17c6315fa2e689398da3328c4460a02f

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-20 12:48

Reported

2024-05-20 12:54

Platform

android-x86-arm-20240514-en

Max time kernel

26s

Max time network

130s

Command Line

com.square_enix.android_googleplay.FFT_en2.hack

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /data/local/bin/su N/A N/A
N/A /data/local/xbin/su N/A N/A
N/A /sbin/su N/A N/A
N/A /data/local/su N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Processes

com.square_enix.android_googleplay.FFT_en2.hack

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.212.227:443 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 kanoki.jikutate.com udp
NL 188.226.186.198:80 kanoki.jikutate.com tcp
US 1.1.1.1:53 lp.androidapk.world udp

Files

/data/data/com.square_enix.android_googleplay.FFT_en2.hack/no_backup/com.google.InstanceId.properties

MD5 4ae35374b21cdd3b604d9ced7e3b1184
SHA1 9d2a3dd54b794f15abce9e4ea1e48b4234c7b319
SHA256 97a85b59fc9bc8c6c6f7f856612f13f292de8f87424fce1d3f317071b65be0f9
SHA512 eb4ef1a8812053512da31899b39bfbb87555d67c88b69bf7ab790172d556b813a170a2dacaa0e80ad745648a8440a10332b2e2feb38c2249353caf183d4ed982

/data/data/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db-journal

MD5 7c22a70b8e34361b765dc528968079fc
SHA1 ee6114c90d37199a6b1fc1266603a29209dab346
SHA256 30fba8dfceff6b629cf227340ab9fec8797777f0d778bf36fc534eb0b48f2e1d
SHA512 2db78f9f125efd619d0d19f65e566f65c43b94bb165f5fbbb2468d3ff813195ff356d868343d5280b01efe0630b16582cd5e5dd30063ba8442f03247bb6e0903

/data/data/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db-wal

MD5 9f5cd3a3520e6164887c4d5b25654e84
SHA1 d0f323be7289e196dfa383b41c6eed842a958f94
SHA256 12398a107e75fbc3ad9bacd2970546420b80d5ff61f0975d6eb8db28d187f7e1
SHA512 fd53ef079a4af0c8d6f3f308048b3e3acfdd8eb8ce842b37fe7c647581aede472c65c6a3d162855921802ddfae191636e44b28d8315b79db337b6798e0d87805

/data/data/com.square_enix.android_googleplay.FFT_en2.hack/databases/evernote_jobs.db-journal

MD5 4d42bd8ea09a420aa903fd7b871aac43
SHA1 06ef0e9397bb576bcef1dd06465f193fa197d051
SHA256 accdf1b3fe79777bab93ecfcc37e60525c466723d335b9cd5326f25f6eda46bd
SHA512 7d47dbcfeec258faf176e5a91db040c609380f6820591a4950c367ed9d1d5471452f11b41c5cd347ffce65cfc3d7770cb8cef4df1abb98ab67b13d63f170c357

/data/data/com.square_enix.android_googleplay.FFT_en2.hack/databases/evernote_jobs.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.square_enix.android_googleplay.FFT_en2.hack/databases/evernote_jobs.db-wal

MD5 1f9edac8bfef8e390a0682dd4f33c869
SHA1 abda1288d4926a58f31e05549cc4c1ce700dfa70
SHA256 2104061e2ea9f53b6051d9a9afe7760c8d4ed3fdc81c9509c658d8a0b7a96ae5
SHA512 552e917cb69bdbd640af591a8b83747297346090d3b279fe8d7bf9829bb6c8391950ad73d4f8c0b35308d6fff5bd12e8c40f27c53db24356c8d0085961c44ac3

/data/data/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db-wal

MD5 8d07119d47e57ba1a36f4a3434d87f53
SHA1 fc679c698fafb85cc65053bc9f9b9457b715fa67
SHA256 ace1343c9b5d355c34fa0bb3a5a1a752f0e746f2a6735838405111601dce2e1c
SHA512 132a45bf124ac1443edd13b8137567bc52d8155ff3f2a4cc4bf8220e7ee0dd62db374477227538c7cc32377d11ac8e65bcea5559e041254a23091d259c2d2206

/data/data/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db

MD5 932bd26b6deb30d70846af754d31da64
SHA1 eb29660605aa7ff11460c8ab75f62998cd9d601c
SHA256 56738f606987ef589c615dee9602bd64e3f3f9cf4321911a99d309d8f45423ae
SHA512 27c374e0ca0f8d0bcd4be21b2a0070a142c11ef5b958acdf232ce79d6514882a650e56ef2bb39b16e5089899ea79e28006e0da5e58deb1a0fafe7eb1d65cbd8e

/data/data/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db-wal

MD5 d87ea23e340ddf786dfe3dfcd99bdee1
SHA1 9ed725d948377096b62097dfacaab2d99794530c
SHA256 fe8c70fda86e9f47009004dc327cc2f87c2f9629730e40ea69de284596cbe1d4
SHA512 02e57be6dcf92da82e6f4fa84d098ab2011ffaa6ec4e1300133d316b789894363b63b0274561120e11288e1fd8db7f0da6bf85882529254390de703211b32562

/data/data/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db

MD5 80a4773ae39a3055de33c423225d5ea3
SHA1 5bca1dfc7915ed940ec7859d61682218d357320e
SHA256 f9123efde50635c3631e7b95ae7c0ee0de42529242c055c693dc9bbfde663741
SHA512 e27c12520aa1baf130cf578ce7f798501d9ec07f99067b676eb222b023ba7e16a06c3a409cdbd986eaffd6a2e44741b127f63274f4d872dbea576b4c950aa200

/data/data/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db-wal

MD5 3a2d47f0586b268e1824a27677c252c8
SHA1 3c3c4f0987cb2829b04b2f37ecac09ccac7e72ea
SHA256 5dd6988172b0c2b736cf7595f8feb06bb5cfcb2f32c2408429745fa964ad6f68
SHA512 385b7e5127ddd944e3a6aff2bb1131562ebcc096b5d4766bdecda818b15ce0ee1eb664dfcc6b2e766165e9a1ad2cb7022c9ca5658edb30efd1e90c0772b67f34

/data/data/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db

MD5 5fb153da4e92dd0502744964daf66f87
SHA1 0e706fea87c7a1f2bdbb6d182208d92bbf79a1b0
SHA256 3b73f8b0ed8cd30eff22bdef47439b2bcfac10a77b32706df1546ce1698374a5
SHA512 483a0ef0ed9a30ae822a3d8b2b306cd35bcf1e6a0a0083409f843d607393bf1f5046a4c4d22e7a958645aece5649d344fdde8d094dbb8bd27fbc816879a40ca8

/data/data/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db-wal

MD5 43bbc1084d24222ada402e5d2b255c8a
SHA1 9eb381d46ed32a2c41637a4e94dee0b39344892b
SHA256 f47a2639695d6b58402d6f5a1de63d87a7d8ab5ec6e1bb6ec6ed99bcad79f32a
SHA512 409c06dfe303937e3a290ba25b3ffbb70bb78e9ed5ec5000ba274b90c5d99f01b4fd4671d16068f284be146745085128f87838f33a1ca62d82109c7e45ed274f

/data/data/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db

MD5 3b24098f7f6de1964ea1bcdc5351eb09
SHA1 e793b288f4673a3b757ddbf48ebccf3dc8cda6d0
SHA256 6ee9bdae448976418d9a58f6a40b5a059f64f68a6188dffafc4338016433e9f5
SHA512 ad5d854a33933a81b36cc56a78279215c6bca297c55e0fb2808fda17921c2054a651352705bff79202b5d257c05d8699d398c0b5ea2f5f34780b3ebb399a586f

/data/data/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db-wal

MD5 7e50fb85a7bf68ba4d7f07504cb1440b
SHA1 db651531cfc089bf2e283f1e6e2f19ed60374368
SHA256 42e9c08f6c8c2fa5b9ace57b62be8dd950a1b6181f86c1d2862342d1703d0b31
SHA512 a39e47eda0f6e40461be49deb5a18b9e55c9c961ba6fdae78870c4e7a45a4820ad95f77d0f9dd6594c4f5f02e7779fe2e7f0db6cba61ecdccf8a6f06c4145949

/data/data/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db

MD5 44693692da738db6eb133cf0e4cde91b
SHA1 e6bda56494c325d8d37ad89552263ae85d9b0550
SHA256 8fe0ac9db76d4a2dcd3b3d54c0efedcd223e25aabf716506493d50e243a7a2d4
SHA512 b34ddfe1ae343b1b12f7029ae476a0ba8e1b4043ccb520afb412b3f71335ef679bf29723c9a5c00af7e922e9982d5b3af54b2ed779da8cb601f378e5b9d26be5

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-20 12:48

Reported

2024-05-20 12:54

Platform

android-x64-20240514-en

Max time kernel

25s

Max time network

150s

Command Line

com.square_enix.android_googleplay.FFT_en2.hack

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /data/local/su N/A N/A
N/A /data/local/bin/su N/A N/A
N/A /data/local/xbin/su N/A N/A
N/A /sbin/su N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Processes

com.square_enix.android_googleplay.FFT_en2.hack

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.74:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 kanoki.jikutate.com udp
NL 188.226.186.198:80 kanoki.jikutate.com tcp
US 1.1.1.1:53 lp.androidapk.world udp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp
GB 142.250.187.238:443 tcp
GB 142.250.200.2:443 tcp

Files

/data/data/com.square_enix.android_googleplay.FFT_en2.hack/databases/evernote_jobs.db-journal

MD5 1a4580716f23c0853c9396cb64bf7c2b
SHA1 bd96b3bea551aa585812273defacabf7133da749
SHA256 cee06aa5a3236bf3127f14aa662d1f8433096453ef2eb06a6d07ecd58d0ec3bc
SHA512 05918fde13119907cdf739ca6e0f9eaa4e3cf9e6f9f67698ce1009be88cecc4f5767591785c118b92df2f3cb9cb8adf4dca591b7ebf06c914e8890ca52be5b33

/data/data/com.square_enix.android_googleplay.FFT_en2.hack/databases/evernote_jobs.db

MD5 8fea5210ca4f00afcbd7ed247420bff4
SHA1 330dcd970ac196dcacd596c8c3202e11d6da11f6
SHA256 1558d884af7c7d780dcea7824db71dacd8343c71ade7305619fa669053a5ae0b
SHA512 5453157cc33f095837cc8d813961337bd5b8faca1fef7bceed33577b1244dcfe4dac430709f0a4736db9f3fe92912cba1c394c4c16186cae1c920f9eaa0f01d2

/data/data/com.square_enix.android_googleplay.FFT_en2.hack/databases/evernote_jobs.db-journal

MD5 4320fcce9e3af47c7cc33ba816429863
SHA1 074401badec7c39df330d02e75794a63d6d9e530
SHA256 c3e5e8a49e6676f415b414b3aac80be974ac9452b15dd9940e6b0fc54850d515
SHA512 fecb549b701fbbb28e10fc4ef34b4115706e6ffd565b8ac435900ba58c9e22f7e8cb70bd57dbb9dd610c0564723dc6c1996d2265257af9af37128b86826e61cb

/data/data/com.square_enix.android_googleplay.FFT_en2.hack/databases/evernote_jobs.db-journal

MD5 15aa0be68eebadad90f8f3cfb58f82b9
SHA1 20ae3201ea4ebcf911cf9d43618a781c8d50ee2e
SHA256 6f7444faa98a4225afeaeb26f31167cfa08d5ce9eb0019523d197e811449e239
SHA512 713b259b2af1fb7d03d2adf1d41e8ddc7cdb554937d9812f4512e835dabb05406ebe5a3c9c2f328b4f73a5e0d559f56c5d14fea3ec0c2a554695f5b8a727824d

/data/data/com.square_enix.android_googleplay.FFT_en2.hack/no_backup/com.google.InstanceId.properties

MD5 9b3bb43be6e431d525df46da38d843d1
SHA1 889b0c049e46ff7d6f1931d1a6bf3005c996f769
SHA256 5bfb4b537c878b5303e91b7fae199959fe60136bd9ffb6440b84860bea330458
SHA512 6f7ae5fde29d3add842a434efd6375e8136f8ae8c0e6f81a3b5e12933af38f4a1eb35c72651453584b532e546aff3b7c40d12aa489f51256a7069fd859a7990c

/data/data/com.square_enix.android_googleplay.FFT_en2.hack/databases/evernote_jobs.db-journal

MD5 1e02f6b525ce3433d4a07e703d9ac538
SHA1 96cd091a709699db8092549853a778360d9f8baa
SHA256 0ad5ec6280b606e54438f4bbac283354579b98b7a9bd0881cf712c80d52eb496
SHA512 53eb0c83604702c08e75b37aaf0df1eab6fb0d4c4da8da20df3298e2b5a1eb94302b91f2fd0d8563d54b476bd6e416db6b6adf4edfd48b76c3d348348f4db387

/data/data/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db-journal

MD5 37d071b2edbff4e4419762d164271099
SHA1 e6c882bf92b431b026e1e47d1dcc32617cd295f4
SHA256 83a99dcfaa99df8ec93ad0ca7b21d5b021800070a728b0b5e1570bff3450e703
SHA512 98adb297e06de83ce0039eba445353e7279be47a281021908650bfea953834c3a7c670ed2f2433a0b8dc5599c2c011194f11dd49344a8b66247cf079d1b7a327

/data/data/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db

MD5 eb52a90bb70b76e946b62f50b6f7fb85
SHA1 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA256 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512 b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

/data/data/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db-journal

MD5 c626cb105ece6653989537c6f4834332
SHA1 dff739c4455451df279cf27875e901cf51d1be39
SHA256 14ae51befdb90fa0c6f0463b976a45d9d449143ab8edac5cd2cb3c9cffd9372a
SHA512 97dbfd0f752a0d3d09ee7fc9364554e574a3731ce34e4abcb94871eed5328d465977a117f0e0361a99eb4b310a66c0f37057fddd89c463c2caeaad94364cb53f

/data/data/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db-journal

MD5 0a44876e61be026f4dbea9bb1cee7d97
SHA1 41c61c90efbf1382e5a06fcace68d6fa610cefe6
SHA256 34c67f6bd1d191b19efcb12a1dc9bd8dfc3ed59c2e078ad4fc59ab69bd02918e
SHA512 4adbb432fb8b82cbccb21915b180f1b2691e29ca3f02b7d86cf8dd366303fe04347b53b5a5cf77bf628fffc0078bced484ca5f96e390082db5d239b03a0c253c

/data/data/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db-journal

MD5 89d20efa78fbeb548327945b33692385
SHA1 2b5a289ddc9f61ebe4df894fffb6c73fdc317830
SHA256 ac72d921b7427f5887000725e857b38c0061c3b29f97f8daf6ed9614ffcc3a4b
SHA512 c94d4769a50c4679da555a02b22c10119f7e3e54364be9cce0869b6b0ed78be8a1bcdb576db51a872c0ab2ff9c20db3039885fb50d51909d10a721ba779515fa

/data/data/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db-journal

MD5 e212fc3eb91d5aaaf151349d55c26ba1
SHA1 2b563aef370139b0d00653820fbcc979a8a53faa
SHA256 66005c6f997fa7363bf068117df608107c8c08f1bc67c24e6499c30dfdc5660f
SHA512 a56e89eb0c238d2cd3abdd6cf03b25085ddeffb372313a333cf82892e65f6799e48b64af7a15e78e8d2b3f5754a7de250b80f63cb80daee5e9db150352028d23

/data/data/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db-journal

MD5 5409c888812038f5e5a5f1752250d1b8
SHA1 e9da3826c6d4ce3cdd52cecca8d390a0894a37d3
SHA256 63efe1fab8141db8493b5e218706848bcb33b902a6a04fc78df9caf6d7ff77b7
SHA512 aaaedcd334cbfeb5c28fca9d22e5d6219f172a4eae0f9266c63c13102c924cfdb5a3f21ddef594a2e9799b8d47d86977ec0a5b955462dc78581ebba7c4fa855a

/data/data/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db

MD5 7f16473974ee0f8cb15e816fbb009f92
SHA1 2ae328636bc670cff0b33e1b3dc2cec25a113d66
SHA256 4cd7d1d07ed9daa96ff8486c6acf69bdcfe5dc73db3e76ce8b0a0f3c4786c2fd
SHA512 590567df2be1bceba236aa8f745a1844cba2741079e02604843bf565cd41b4b961e742b1362fead940b9dfe760bff729936c70f2335d2477bd3a50ac0faa786d

/data/data/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db

MD5 a6868190b8fe6dcea2e0e1f511c1d9b8
SHA1 88d9ef84707992ef7825db8ab631058c31513a9d
SHA256 e76db0f5d331212fa1ce6e0444b02a8ccc35dda9a045616ae60e0e0c1e2f30e0
SHA512 029996bcbd664f9a0d6b54abe93181821fcdace3fead7ed8c385eba733c048f018714e8dded5f2642632aaf89e53a2a9b8e0b8fd9bb29e0e5c17622c39828d19

/data/data/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db

MD5 c77d1aa2d283543be84ac5fe8cd48ab3
SHA1 fce14639b14a97876c46da611aeab55c68e647ca
SHA256 261c2aa9b017f9bd9a9e0b9eb1eed20e2fc7c85c498aa55589b6415aa95be1b1
SHA512 d59622f64561ee1208344f1fd87c48a3e8d9915da21d34b25b327429baddb551bd91e50bf7ff7b5fb947b4c5dd0e552d825cf59fa9fe0042c60820501d98396c

/data/data/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db

MD5 b2995206a76b58220338b2439fe566aa
SHA1 a7e080284d9a936196af2b89e12e682a08063e3d
SHA256 3311b1086dacee2035388231fa81fea915cd6169c2743e605647f68bb132fd7e
SHA512 8a2ef8f53866e36dba8eee3a79f7f7fa83c4b82ea1f7cda1c8eef089020dbe19bfa0c8ecf156801c5f52b33de80e9cd2a55bcdbb39023ecd0ac456d9dcc6f673

/data/data/com.square_enix.android_googleplay.FFT_en2.hack/databases/google_app_measurement_local.db

MD5 2f1eeee3602c828b8e9f81f6fbd20d41
SHA1 d240b568bb6929702815b9a5edd05ad635671caa
SHA256 458aa953a9e0adbf5b8765ebcf6b51bc5b5a48b7664e85d25c7a8ce9781a2d5c
SHA512 a8642cc12cb9af0cd9d3fdc4bb1fe3b246d02af6b36714d80cdd2809def699b0b93eb585187c17f0a8e19801879e2e9edef7963ee416ae9e8cc35fd9cede2859