93a0f9c688ee9c17ca883f0eb186ea450bd0f6b39c13e97723d9ce17a9ae26d1

Analysis

max time kernel
25s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
21-05-2024 11:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6311dbe19b9ec870859f47a134941e57_JaffaCakes118.apk
Size

1.8MB
MD5

6311dbe19b9ec870859f47a134941e57
SHA1

376ddd9b97ecfcd018ffdb11f93fb677ccf88429
SHA256

93a0f9c688ee9c17ca883f0eb186ea450bd0f6b39c13e97723d9ce17a9ae26d1
SHA512

d2555ef6a70edf2c59770abafb37a59c6b7b5061a14ff768d97fe70b1e60f046dd564ab97a375a7821b74784e7f11814fff755b9882dc9f97dde2cffea10f736
SSDEEP

49152:0sUkysx15lYOJLoM4v62mvteFp0QX73ZrH:06tzLoG2Uty1t

Score

8^/10

collection credential_access discovery evasion execution impact persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

T1628.001

Processes:

com.devolver.reigns.hack

pid process

4612 com.devolver.reigns.hack
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.devolver.reigns.hack

description ioc process

File opened for read /proc/cpuinfo com.devolver.reigns.hack
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.devolver.reigns.hack

description ioc process

File opened for read /proc/meminfo com.devolver.reigns.hack
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

T1414

T1641.001

Processes:

com.devolver.reigns.hack

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.devolver.reigns.hack
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

T1603

Processes:

com.devolver.reigns.hack

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.devolver.reigns.hack

pid	process
4612	com.devolver.reigns.hack

description	ioc	process
File opened for read	/proc/cpuinfo	com.devolver.reigns.hack

description	ioc	process
File opened for read	/proc/meminfo	com.devolver.reigns.hack

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.devolver.reigns.hack

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.devolver.reigns.hack

com.devolver.reigns.hack
1⤵
- Removes its main activity from the application launcher
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Schedules tasks to execute at a specified time
PID:4612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.devolver.reigns.hack/databases/evernote_jobs.db
Filesize
16KB

MD5
58c0b6e45328752b20ac6e719ac034f8

SHA1
372b2638afd00bbbc4034657b3df3d2e428fb367

SHA256
9d74f93afa5a179b1ba2f19f154b2880aa8b99c88209802099045a0874d2426a

SHA512
2d347d5824b9ab701e341c89e8327a95fd6bab8e92ee15ce9550da368d773e22bff304072a4854df5ab763750a7401f7aa61a49e3292d62c27fa9f20536eb3ab

Download Submit
/data/user/0/com.devolver.reigns.hack/databases/evernote_jobs.db
Filesize
16KB

MD5
9123ffe00ee2c7e99c81acf570555299

SHA1
a51cf98456972b14f3bae49b13e12d1d88175385

SHA256
6d250f86664c28ec3751f0f9130a03a8ce42e10998725aa386323f22e43a1c81

SHA512
800e38b5caba5ceb1a5d3947f35c498d47f3ed7df54e3ea0163c282585df84e91c9cc31566d7d00e7bfd7f65c06d75f1384f0562e58564ef786b369eb7e2f6dd

Download Submit
/data/user/0/com.devolver.reigns.hack/databases/evernote_jobs.db-journal
Filesize
512B

MD5
95cc4a3e2e5679b67fd73f1208959423

SHA1
23da7e75585eba4ca6e2c0643e2a492d3dc5b9c7

SHA256
2dea4430727e2f86d56882c05cc722febe404fdd8ab76907ffef043f6fd9c799

SHA512
e063eb82d40588f30e93f43a240ba323b2254a2d8c437282b55ca49cae2ff7f00d00a0ff09c6bd256dd667b02b0ac7dd4a4635171336f2d2bb84ff8a4dce8abd

Download Submit
/data/user/0/com.devolver.reigns.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
f669eac4e9a3122732d123108f814b04

SHA1
814f2aef84fd97a41bbfb507e4b5489f6c46aa82

SHA256
2a39b5fcf67dd9cdbeb5637d0720d0c2306a8b3f8d77367af9cf08565fa3ae01

SHA512
97aa798b3acac9547caa596851108d085e7d8feeaddffc86efc7af8e55cdf957052f31d91b48512e5efd0ee2cddccacea35373072b86fc55232e7fda25b8d650

Download Submit
/data/user/0/com.devolver.reigns.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
899f8b7a89faa688a011c16865d46571

SHA1
33ab33660f666dd30a56e49152da51f73a8ecbb4

SHA256
f33dba49d7a67011e3f37b2e82567668c690db693118bfab43bc16f61e378c68

SHA512
4b401640c5b54bb65aaf72f63614ee825c4160fbbbf1769928d10b89086ed0c2ac4c24a77da643e61726918136534b187d1467b47778544dee0441e11942eece

Download Submit
/data/user/0/com.devolver.reigns.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
df6d277a3f1d92cd47d1d7f9b88e33e0

SHA1
92215fd78afa1072baaa7806e009c0257142cce5

SHA256
f52949ab546d9e6693366ff1d642913bbdb13a4b2a2508fe77347f677cd333dc

SHA512
cb6bba8a30b2d14690ad35600315f73ec85843a0b89b8c1bd13f052ed54a1a74f4306e020c6418364ab6c7c48b8cb9ba2b81e4c6f99f2486620e03dc185c45d3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads