Analysis
-
max time kernel
23s -
max time network
130s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
22-05-2024 05:35
Static task
static1
Behavioral task
behavioral1
Sample
662dc37e22bc734704718609fd803370_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
662dc37e22bc734704718609fd803370_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
662dc37e22bc734704718609fd803370_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
662dc37e22bc734704718609fd803370_JaffaCakes118.apk
-
Size
1.8MB
-
MD5
662dc37e22bc734704718609fd803370
-
SHA1
be35c7462b472ac8c60964311aef2fa80bf8d18a
-
SHA256
a5a62b3cfb4c62d15be22802e4873d62a52472a94b1d972b02f1022f451e7092
-
SHA512
215418d65c1add4f32c13faf70a42b8662848fc1c2b9b5cfb8410c50f286e0b80af12e146a5924e131d70689b0c9af2c05209fd80e7c0e9ae6db332ede099329
-
SSDEEP
49152:U9e5oh7nATCs83N6g5mmr1fwGoMBloMHXlu0QfF73ZUY:U9e5oh7nUCsmU/Mv5HXlu1D
Malware Config
Signatures
-
Processes:
com.noodlecake.waywardsouls.hackpid process 4304 com.noodlecake.waywardsouls.hack -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.noodlecake.waywardsouls.hackdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.noodlecake.waywardsouls.hack -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.noodlecake.waywardsouls.hackdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.noodlecake.waywardsouls.hack -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
com.noodlecake.waywardsouls.hackdescription ioc process Framework service call android.app.job.IJobScheduler.schedule com.noodlecake.waywardsouls.hack
Processes
-
com.noodlecake.waywardsouls.hack1⤵
- Removes its main activity from the application launcher
- Checks CPU information
- Checks memory information
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.noodlecake.waywardsouls.hack/databases/evernote_jobs.dbFilesize
16KB
MD55d85664f8e614fcaef42be2e6f649027
SHA109c6288922102f6114a823f4992415fd3373d61e
SHA25655f8907e91226ef43a05583c7b4623b4e26994b62d20c8603975ccc1fa3b9409
SHA5123d6006a3e82d00fe9bc443e940acc5df12ec84114fcbcf8fbc8099c085cb1229b21a217b7445129b50558bfef5100894686d7359eb80b7ef087b65c7be3bc6e9
-
/data/data/com.noodlecake.waywardsouls.hack/databases/evernote_jobs.dbFilesize
16KB
MD5dc5d2a7cf5939ce3d0261c9dc685ae3c
SHA182bc7a6c2c2d418acbb8c1fccac681b89ca80bf7
SHA256034695ec60f7ebed47014e147a62822537352b969e979b11a5bf2b1a126b53d5
SHA5121f99bc6273401a31b1f4bf5eb77c7d492b823c0f06c6c49bd4425b8628814ee620b11f13350f2c82f2621d0f566b8fac41480b1e1677ff4b1b568e35d2ad09cf
-
/data/data/com.noodlecake.waywardsouls.hack/databases/evernote_jobs.db-journalFilesize
512B
MD51c21d93cf347d62b70b313535b6c3984
SHA1500f9550df956b959494c735b906ec59206b748a
SHA256e192a0dccb26182f3c7d5cbbae64e13e4ba055afe74e23a351c183feb48aea35
SHA5124e6d7cd3f2a9317d93c322e02b71a5c9ac5266bece2a29fd0c0ccf6ee7872c7f8fad6024c719ef2f630bd6e3b2cf440e22d2dcf8fdd9e456e9a85839a9ec63c8
-
/data/data/com.noodlecake.waywardsouls.hack/databases/evernote_jobs.db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.noodlecake.waywardsouls.hack/databases/evernote_jobs.db-walFilesize
28KB
MD50875d7cc1a751325a7924d80550ccf10
SHA1fc9cba55a9ed396cd376adca8fa200b3709defe3
SHA256b16888aeaaa01a8f99d6152d7ca8fca7d8248a29634348195a29c5b9f3f7befb
SHA512a80807e131be60f168d5e9ce7cc77085d2f76e74160ea1bfc7a465446ccdd5cf56b0eb85d5a96f7d570b39f4585d8f92dab68277847aca32245ba9a001ee0ad9
-
/data/data/com.noodlecake.waywardsouls.hack/databases/evernote_jobs.db-walFilesize
4KB
MD5efb14ecc87c03cd9140367c066f4f010
SHA1311cc0e3e3e8048bdefac545e1d7345aefc8f2c8
SHA25614ccadc5960ae782ad5f04be847f99bf60eefad75bc16bd8869d5e7b7d95b69a
SHA5129ee7d6744cb5c4986adef8d26cf5e374c32d4f61cbeb901d74c6eeb25f932eea04f7fe640e7c37a174be7310dc411e7d7f1130f12a8a75ede4fad77ac7f59fe4