93a0f9c688ee9c17ca883f0eb186ea450bd0f6b39c13e97723d9ce17a9ae26d1

Analysis

max time kernel
48s
max time network
151s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
21-05-2024 11:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6311dbe19b9ec870859f47a134941e57_JaffaCakes118.apk
Size

1.8MB
MD5

6311dbe19b9ec870859f47a134941e57
SHA1

376ddd9b97ecfcd018ffdb11f93fb677ccf88429
SHA256

93a0f9c688ee9c17ca883f0eb186ea450bd0f6b39c13e97723d9ce17a9ae26d1
SHA512

d2555ef6a70edf2c59770abafb37a59c6b7b5061a14ff768d97fe70b1e60f046dd564ab97a375a7821b74784e7f11814fff755b9882dc9f97dde2cffea10f736
SSDEEP

49152:0sUkysx15lYOJLoM4v62mvteFp0QX73ZrH:06tzLoG2Uty1t

Score

8^/10

collection credential_access discovery evasion execution impact persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

T1628.001

Processes:

com.devolver.reigns.hack

pid process

5102 com.devolver.reigns.hack
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.devolver.reigns.hack

description ioc process

File opened for read /proc/cpuinfo com.devolver.reigns.hack
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.devolver.reigns.hack

description ioc process

File opened for read /proc/meminfo com.devolver.reigns.hack
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

T1414

T1641.001

Processes:

com.devolver.reigns.hack

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.devolver.reigns.hack
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

com.devolver.reigns.hack

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.devolver.reigns.hack
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.devolver.reigns.hack

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.devolver.reigns.hack
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

T1603

Processes:

com.devolver.reigns.hack

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.devolver.reigns.hack

pid	process
5102	com.devolver.reigns.hack

description	ioc	process
File opened for read	/proc/cpuinfo	com.devolver.reigns.hack

description	ioc	process
File opened for read	/proc/meminfo	com.devolver.reigns.hack

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.devolver.reigns.hack

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.devolver.reigns.hack

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.devolver.reigns.hack

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.devolver.reigns.hack

com.devolver.reigns.hack
1⤵
- Removes its main activity from the application launcher
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
PID:5102

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.devolver.reigns.hack/databases/evernote_jobs.db
Filesize
16KB

MD5
12627a2ec645c4a4bc50dba5903afd59

SHA1
504005c938517e61bcf68b65a055c2faba635c2e

SHA256
f177ffae9650eb4f407c2d9a510bb5a5abe1ece2fdfe24effc62478a1bfa5903

SHA512
7ff69589296e02383a217373399e75d8a82fa17146e4273f4c0eb630f096dd9f394a3324d60858b02f7e5cf177c82c6d966f5cbedb68ae6a98df7cc851b79cfd

Download Submit
/data/data/com.devolver.reigns.hack/databases/evernote_jobs.db
Filesize
16KB

MD5
cd7fe4e65d71fc4332f1c30e861a011c

SHA1
2488ad0723446e9db84323040c2223011d9aedbe

SHA256
5a9e8a739530ba4547a4f3ecb522d75cf84f5fa6c0db8773c299086b7dec16a4

SHA512
0b61991e2288687571375abefa08931c6608b3f74aeff3684d41f0bf3d58efb042dcae6f6564fdfdb65a64876fb22b01ee5d89e27bab22b826a8d6315e415b98

Download Submit
/data/data/com.devolver.reigns.hack/databases/evernote_jobs.db-journal
Filesize
512B

MD5
876b3e3ddeb69a87de1ddeca158acaaf

SHA1
e7a3f733bdbbbcc62315730125bfdbbddca7868b

SHA256
7bc497fa45c14e6f3312724c3d4ceb38da5f85371d075077660416ca54270007

SHA512
0f450a4108d4dbd0cb2383d7881b1c8dc796c801f28c714506e44299190dcfb897d5ead8f1b48330fbdd16d6a3b99e4d2c1c5290c4e8593bf65a86d79aa293d7

Download Submit
/data/data/com.devolver.reigns.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
b8bed42b9a0ae1cee6816c30bc728d12

SHA1
dbcc0a6789e73c1a2fc785df72ce91f2e0a67d83

SHA256
11a029314baa1d6c7aa3a4e989f00ff7bb7ff945cbb942ec163280d04777bc14

SHA512
95ce8e1893264f2ddfb47d6634d86adbf472970dfbb7ce615333a4230ff225aeb394a73629e1ccb81103a40b6c86063cb778ca66281dbe26d527715e7ad9954b

Download Submit
/data/data/com.devolver.reigns.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
4185ce15770d972713629662a5eb1141

SHA1
16a70c2e89d21de8a857ee920940b19dc9c360f5

SHA256
743257cce6b7bbfff0ea8eaf2feebd5122c209fe74140e3dc64d4c547b076f1e

SHA512
203556631bd12fb99456f3a544ecfd24a34d20c89395cb07da0bfaa3e6fc6aa1dbfc404c07561e7826078261505589bcd86e92e1849612d1d12210422a5a4f7d

Download Submit
/data/data/com.devolver.reigns.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
b5e0e483ae2c1921263146b1c1315ec2

SHA1
7f37486fe9cf71f80ab6be362dc815c6eda78ef5

SHA256
2f28c03635ad74fce6923b4ba097a6d5283a12d6c4deece8fa50c2e38a1be50e

SHA512
42e894cfa573fefe6e732aaaeba906bafd5943c278e610138fe2eb2a27ddb426f7534badddd09c8dcce9ec6e0dc58982e37b53c0ac91ac741e329ae575f1f072

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads