Analysis
-
max time kernel
23s -
max time network
131s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
21-05-2024 11:04
Static task
static1
Behavioral task
behavioral1
Sample
6311dbe19b9ec870859f47a134941e57_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
6311dbe19b9ec870859f47a134941e57_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
6311dbe19b9ec870859f47a134941e57_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
6311dbe19b9ec870859f47a134941e57_JaffaCakes118.apk
-
Size
1.8MB
-
MD5
6311dbe19b9ec870859f47a134941e57
-
SHA1
376ddd9b97ecfcd018ffdb11f93fb677ccf88429
-
SHA256
93a0f9c688ee9c17ca883f0eb186ea450bd0f6b39c13e97723d9ce17a9ae26d1
-
SHA512
d2555ef6a70edf2c59770abafb37a59c6b7b5061a14ff768d97fe70b1e60f046dd564ab97a375a7821b74784e7f11814fff755b9882dc9f97dde2cffea10f736
-
SSDEEP
49152:0sUkysx15lYOJLoM4v62mvteFp0QX73ZrH:06tzLoG2Uty1t
Malware Config
Signatures
-
Processes:
com.devolver.reigns.hackpid process 4279 com.devolver.reigns.hack -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
com.devolver.reigns.hackdescription ioc process File opened for read /proc/cpuinfo com.devolver.reigns.hack -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
com.devolver.reigns.hackdescription ioc process File opened for read /proc/meminfo com.devolver.reigns.hack -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.devolver.reigns.hackdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.devolver.reigns.hack -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.devolver.reigns.hackdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.devolver.reigns.hack -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
com.devolver.reigns.hackdescription ioc process Framework service call android.app.job.IJobScheduler.schedule com.devolver.reigns.hack
Processes
-
com.devolver.reigns.hack1⤵
- Removes its main activity from the application launcher
- Checks CPU information
- Checks memory information
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
PID:4279
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16KB
MD55d85664f8e614fcaef42be2e6f649027
SHA109c6288922102f6114a823f4992415fd3373d61e
SHA25655f8907e91226ef43a05583c7b4623b4e26994b62d20c8603975ccc1fa3b9409
SHA5123d6006a3e82d00fe9bc443e940acc5df12ec84114fcbcf8fbc8099c085cb1229b21a217b7445129b50558bfef5100894686d7359eb80b7ef087b65c7be3bc6e9
-
Filesize
16KB
MD5593ef231a9c8beeace88169f40f3db0e
SHA182216bd72eb854fabc1a331a59fddb5f0c7bdcf9
SHA256a332f409d367f8b67d890f985dad62239f17a0f79f9e8df7a42dfd1096883e7c
SHA512e32ad8e882443bcda769f6b46be8712cf3c0c61a68d1a9af2efbcd212b0087227c9c1a65269beab73d6222c3e73babaaf5a6dbfd61d3963284e7bbc296843263
-
Filesize
512B
MD5930d7746abfb1b4fdbc67def5a8c83ca
SHA138d455db9dda5c816924e81a0997ad59da41974b
SHA256c57f2bd036134d29f13e1cc53e209f6ccf1c28675bbdb712fae20cb05eea2b1c
SHA5127db6788c31eba410008a3bcbfd023e0b968dc6869904144a1e2fc4f740fa612d4a7ecb8e37b8299558d3e0d8ad2315b53c393db4352866dca9ece6eb2c519126
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
28KB
MD55878eabd1b79af33e80d7af722c64a89
SHA1d36382b38b35566d63ad08d9a5cf007f8eb3e944
SHA256d55329e8513cae67c8c4a7ad70eb6b79dc37987e2debcae475d47edbaa4ecd1c
SHA512d0a09c4f3da854b7e29d98ce27bfd69f345f6bf6cc8571614269326d5fc4cbcdc9162b026d7d06d1bf5def4f9705fcdd28418db57d2764ec4a9e874bec7d714c
-
Filesize
4KB
MD5b5fa5b1c8e84000ae5db5dd2238ea358
SHA1edb888b0a5292c1f75d637ebf8625dcd8b62d71a
SHA2566207f2d3383b38d633cd9daa97fde85e0579c2bb78666508944f088b6ab46c92
SHA51291d01febb23cfb43e675c0afe194a6c9b437b11a5242731955159bd259653a52a9843a1b03a868d5e1e1880b5da53f1b42e51b08cad4cd6d5f0cb29fb646849b