Analysis
-
max time kernel
48s -
max time network
151s -
platform
android_x64 -
resource
android-x64-20240514-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system -
submitted
21-05-2024 11:04
Static task
static1
Behavioral task
behavioral1
Sample
6311dbe19b9ec870859f47a134941e57_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
6311dbe19b9ec870859f47a134941e57_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
6311dbe19b9ec870859f47a134941e57_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
6311dbe19b9ec870859f47a134941e57_JaffaCakes118.apk
-
Size
1.8MB
-
MD5
6311dbe19b9ec870859f47a134941e57
-
SHA1
376ddd9b97ecfcd018ffdb11f93fb677ccf88429
-
SHA256
93a0f9c688ee9c17ca883f0eb186ea450bd0f6b39c13e97723d9ce17a9ae26d1
-
SHA512
d2555ef6a70edf2c59770abafb37a59c6b7b5061a14ff768d97fe70b1e60f046dd564ab97a375a7821b74784e7f11814fff755b9882dc9f97dde2cffea10f736
-
SSDEEP
49152:0sUkysx15lYOJLoM4v62mvteFp0QX73ZrH:06tzLoG2Uty1t
Malware Config
Signatures
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.devolver.reigns.hackdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.devolver.reigns.hack -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.devolver.reigns.hackdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.devolver.reigns.hack -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
com.devolver.reigns.hackdescription ioc process Framework service call android.app.job.IJobScheduler.schedule com.devolver.reigns.hack
Processes
-
com.devolver.reigns.hack1⤵
- Removes its main activity from the application launcher
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.devolver.reigns.hack/databases/evernote_jobs.dbFilesize
16KB
MD512627a2ec645c4a4bc50dba5903afd59
SHA1504005c938517e61bcf68b65a055c2faba635c2e
SHA256f177ffae9650eb4f407c2d9a510bb5a5abe1ece2fdfe24effc62478a1bfa5903
SHA5127ff69589296e02383a217373399e75d8a82fa17146e4273f4c0eb630f096dd9f394a3324d60858b02f7e5cf177c82c6d966f5cbedb68ae6a98df7cc851b79cfd
-
/data/data/com.devolver.reigns.hack/databases/evernote_jobs.dbFilesize
16KB
MD5cd7fe4e65d71fc4332f1c30e861a011c
SHA12488ad0723446e9db84323040c2223011d9aedbe
SHA2565a9e8a739530ba4547a4f3ecb522d75cf84f5fa6c0db8773c299086b7dec16a4
SHA5120b61991e2288687571375abefa08931c6608b3f74aeff3684d41f0bf3d58efb042dcae6f6564fdfdb65a64876fb22b01ee5d89e27bab22b826a8d6315e415b98
-
/data/data/com.devolver.reigns.hack/databases/evernote_jobs.db-journalFilesize
512B
MD5876b3e3ddeb69a87de1ddeca158acaaf
SHA1e7a3f733bdbbbcc62315730125bfdbbddca7868b
SHA2567bc497fa45c14e6f3312724c3d4ceb38da5f85371d075077660416ca54270007
SHA5120f450a4108d4dbd0cb2383d7881b1c8dc796c801f28c714506e44299190dcfb897d5ead8f1b48330fbdd16d6a3b99e4d2c1c5290c4e8593bf65a86d79aa293d7
-
/data/data/com.devolver.reigns.hack/databases/evernote_jobs.db-journalFilesize
8KB
MD5b8bed42b9a0ae1cee6816c30bc728d12
SHA1dbcc0a6789e73c1a2fc785df72ce91f2e0a67d83
SHA25611a029314baa1d6c7aa3a4e989f00ff7bb7ff945cbb942ec163280d04777bc14
SHA51295ce8e1893264f2ddfb47d6634d86adbf472970dfbb7ce615333a4230ff225aeb394a73629e1ccb81103a40b6c86063cb778ca66281dbe26d527715e7ad9954b
-
/data/data/com.devolver.reigns.hack/databases/evernote_jobs.db-journalFilesize
8KB
MD54185ce15770d972713629662a5eb1141
SHA116a70c2e89d21de8a857ee920940b19dc9c360f5
SHA256743257cce6b7bbfff0ea8eaf2feebd5122c209fe74140e3dc64d4c547b076f1e
SHA512203556631bd12fb99456f3a544ecfd24a34d20c89395cb07da0bfaa3e6fc6aa1dbfc404c07561e7826078261505589bcd86e92e1849612d1d12210422a5a4f7d
-
/data/data/com.devolver.reigns.hack/databases/evernote_jobs.db-journalFilesize
8KB
MD5b5e0e483ae2c1921263146b1c1315ec2
SHA17f37486fe9cf71f80ab6be362dc815c6eda78ef5
SHA2562f28c03635ad74fce6923b4ba097a6d5283a12d6c4deece8fa50c2e38a1be50e
SHA51242e894cfa573fefe6e732aaaeba906bafd5943c278e610138fe2eb2a27ddb426f7534badddd09c8dcce9ec6e0dc58982e37b53c0ac91ac741e329ae575f1f072