Analysis
-
max time kernel
48s -
max time network
154s -
platform
android_x64 -
resource
android-x64-20240514-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system -
submitted
22-05-2024 05:35
Static task
static1
Behavioral task
behavioral1
Sample
662dc37e22bc734704718609fd803370_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
662dc37e22bc734704718609fd803370_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
662dc37e22bc734704718609fd803370_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
662dc37e22bc734704718609fd803370_JaffaCakes118.apk
-
Size
1.8MB
-
MD5
662dc37e22bc734704718609fd803370
-
SHA1
be35c7462b472ac8c60964311aef2fa80bf8d18a
-
SHA256
a5a62b3cfb4c62d15be22802e4873d62a52472a94b1d972b02f1022f451e7092
-
SHA512
215418d65c1add4f32c13faf70a42b8662848fc1c2b9b5cfb8410c50f286e0b80af12e146a5924e131d70689b0c9af2c05209fd80e7c0e9ae6db332ede099329
-
SSDEEP
49152:U9e5oh7nATCs83N6g5mmr1fwGoMBloMHXlu0QfF73ZUY:U9e5oh7nUCsmU/Mv5HXlu1D
Malware Config
Signatures
-
Processes:
com.noodlecake.waywardsouls.hackpid process 5107 com.noodlecake.waywardsouls.hack -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
com.noodlecake.waywardsouls.hackdescription ioc process File opened for read /proc/cpuinfo com.noodlecake.waywardsouls.hack -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
com.noodlecake.waywardsouls.hackdescription ioc process File opened for read /proc/meminfo com.noodlecake.waywardsouls.hack -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
com.noodlecake.waywardsouls.hackdescription ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.noodlecake.waywardsouls.hack -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.noodlecake.waywardsouls.hackdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.noodlecake.waywardsouls.hack -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.noodlecake.waywardsouls.hackdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.noodlecake.waywardsouls.hack -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
com.noodlecake.waywardsouls.hackdescription ioc process Framework service call android.app.job.IJobScheduler.schedule com.noodlecake.waywardsouls.hack
Processes
-
com.noodlecake.waywardsouls.hack1⤵
- Removes its main activity from the application launcher
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
PID:5107
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.noodlecake.waywardsouls.hack/databases/evernote_jobs.dbFilesize
16KB
MD512627a2ec645c4a4bc50dba5903afd59
SHA1504005c938517e61bcf68b65a055c2faba635c2e
SHA256f177ffae9650eb4f407c2d9a510bb5a5abe1ece2fdfe24effc62478a1bfa5903
SHA5127ff69589296e02383a217373399e75d8a82fa17146e4273f4c0eb630f096dd9f394a3324d60858b02f7e5cf177c82c6d966f5cbedb68ae6a98df7cc851b79cfd
-
/data/data/com.noodlecake.waywardsouls.hack/databases/evernote_jobs.dbFilesize
16KB
MD5f13351995c2eb7a2effe019baab7d874
SHA1af116fefd649feab93a1dcbf94061e6093b9cc92
SHA2568aa2f0e0541dc779f8492d7b7f7a2c24c1f895614441110489d69dedf3f8c0f7
SHA512506a259fb27d013d080bfd90e3088842c7906aba266c18d132267d2dab10820af19d64e61a5446692918add3e3659f710db0a1f99bb248b88024db76a4281148
-
/data/data/com.noodlecake.waywardsouls.hack/databases/evernote_jobs.db-journalFilesize
512B
MD5d50cf92c3c1f5992d14f47d25b278c3b
SHA1af1f8df07b12206dcc6ef6aff741211224fe47af
SHA256dd3f1aa44de9dc4e004cff0cd25f45110bf01a936d1a0c9d908c751a27070aaf
SHA512483bfec44e971bd01ba48efe2a3b4b051bb3b7f07b242d9f4e9670efa22bda56689d361f690730c06017ee79fecf83121dbdaf0272c87c40c32e31bd9cf3dce4
-
/data/data/com.noodlecake.waywardsouls.hack/databases/evernote_jobs.db-journalFilesize
8KB
MD5120a4216d27999c0cef9609fc4c107c9
SHA114790ea6651d9630cb6e340755876c6906b9de80
SHA25696e0290c07bddee9ab478240296d771f24d78c2ef067bad3fed9bc9c1c19a85d
SHA51224e308fb78ca8e2ec39e02dd07fff77f8d21a4750486ac02871e06b4eb9153340ca1f132d4622550f2c63588211a6252dd5f3e4178bea0de560f25a0bc795877
-
/data/data/com.noodlecake.waywardsouls.hack/databases/evernote_jobs.db-journalFilesize
8KB
MD54f03e9ef6ce789954355e804d9ed35b8
SHA1f5cf090ef1c5d93962b96fdd72c6386b6eac11f8
SHA2563237f4e1526b374daf2333c2200d336e22c218e000f73cfbd1f9dce0acbb6c93
SHA51260346dce74e5c1094aacfc12c8bb3f4ae21dfb8effc1790b1cf2e02f41754ff93534d5982b1d6cb9dcad918cce3e1c4960c49d20bb0f171be7e32bf9c4c0c2b6
-
/data/data/com.noodlecake.waywardsouls.hack/databases/evernote_jobs.db-journalFilesize
8KB
MD5e91e68e06d39e56310dbc8d3ebcc36c4
SHA1d223eb5235514cabf4aa7107bbce1413db6839aa
SHA256ec795c6e5d7e09250dcb84d7204a8573e669c53a6863b20f6393df5203b9dbd8
SHA5129085cb666f7407715369660f638a6a2bbc05f7fa48e9253634e943de9da1814547a9530adc1156d960fcefc3925b8669bb0800bd7c17ff8b83b340b676769fe4