Analysis
-
max time kernel
24s -
max time network
133s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system -
submitted
22-05-2024 05:35
Static task
static1
Behavioral task
behavioral1
Sample
662dc37e22bc734704718609fd803370_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
662dc37e22bc734704718609fd803370_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
662dc37e22bc734704718609fd803370_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
662dc37e22bc734704718609fd803370_JaffaCakes118.apk
-
Size
1.8MB
-
MD5
662dc37e22bc734704718609fd803370
-
SHA1
be35c7462b472ac8c60964311aef2fa80bf8d18a
-
SHA256
a5a62b3cfb4c62d15be22802e4873d62a52472a94b1d972b02f1022f451e7092
-
SHA512
215418d65c1add4f32c13faf70a42b8662848fc1c2b9b5cfb8410c50f286e0b80af12e146a5924e131d70689b0c9af2c05209fd80e7c0e9ae6db332ede099329
-
SSDEEP
49152:U9e5oh7nATCs83N6g5mmr1fwGoMBloMHXlu0QfF73ZUY:U9e5oh7nUCsmU/Mv5HXlu1D
Malware Config
Signatures
-
Processes:
com.noodlecake.waywardsouls.hackpid process 4634 com.noodlecake.waywardsouls.hack -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
com.noodlecake.waywardsouls.hackdescription ioc process File opened for read /proc/cpuinfo com.noodlecake.waywardsouls.hack -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
com.noodlecake.waywardsouls.hackdescription ioc process File opened for read /proc/meminfo com.noodlecake.waywardsouls.hack -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
com.noodlecake.waywardsouls.hackdescription ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.noodlecake.waywardsouls.hack -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
com.noodlecake.waywardsouls.hackdescription ioc process Framework service call android.app.job.IJobScheduler.schedule com.noodlecake.waywardsouls.hack
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.noodlecake.waywardsouls.hack/databases/evernote_jobs.dbFilesize
16KB
MD558c0b6e45328752b20ac6e719ac034f8
SHA1372b2638afd00bbbc4034657b3df3d2e428fb367
SHA2569d74f93afa5a179b1ba2f19f154b2880aa8b99c88209802099045a0874d2426a
SHA5122d347d5824b9ab701e341c89e8327a95fd6bab8e92ee15ce9550da368d773e22bff304072a4854df5ab763750a7401f7aa61a49e3292d62c27fa9f20536eb3ab
-
/data/user/0/com.noodlecake.waywardsouls.hack/databases/evernote_jobs.dbFilesize
16KB
MD55d8c006edb3bb230e0c77b564a0d169c
SHA1150a8ea8cfc18a3b9644da132caa63bcb97965c4
SHA25652a313ef0eb3c4b36196f381ff45c695f6ad4049510556fc1f237440ff3182a3
SHA5122d6fe11f5c9ec6a77b291fbcf65b2ba4e781ef7c9dd052e5e87fc67e22c0dfb6c1b499f9d4e8c5e19523e53940588691b8f937a73c45197c166297080cc24d51
-
/data/user/0/com.noodlecake.waywardsouls.hack/databases/evernote_jobs.db-journalFilesize
512B
MD54caf9852d1d295b9499fa422607fedad
SHA1be7114bdeacb203a47eb9151fbbdbbb0a5683882
SHA256eff3353b0adb9296250b8302789c5f8374dc0e06842d68be102bb98ccbe9716b
SHA5123bf21d6949cd01a825b956a8e6b383a908b8272664a580705cb97ee5d73c9d367c3dc9074a6ed9abf3b5c5db1093bf76f52b03984957a50ebe7e283e54f1b5f3
-
/data/user/0/com.noodlecake.waywardsouls.hack/databases/evernote_jobs.db-journalFilesize
8KB
MD5ad403aad8432b5d12651923262356b8f
SHA137aff7e9ec79a7dd65e354df7670c46cf6b4e936
SHA25690bfe37ec72c058c28700cd0a4ceed5bc44f13e071857fb8ac4c164a3445688d
SHA5126a9521cb11c564a4f0acf24a29f1eb1327ad1e2fce6f36114f72cead15713ada1ce89c4eebbc501f093df18b3ceb75c560694941517e67fb1c9fcf353a9bee60
-
/data/user/0/com.noodlecake.waywardsouls.hack/databases/evernote_jobs.db-journalFilesize
8KB
MD52f39c302dce0b100bdfe6e32cd1b2890
SHA1263a9925ab12d14a37bf6d40a44066c767f219d8
SHA2565b98d3b216357c22413212ae3881a3ef8668d9019f8142adcb5be41c862affef
SHA5128348f1d9950bc488203b655aff1458540250deae239ba4690b7357794de85bfde7dd5d5ea74eb9610e28aeaf7e301750b727f1254edb116fa1d3a8770464e89d
-
/data/user/0/com.noodlecake.waywardsouls.hack/databases/evernote_jobs.db-journalFilesize
8KB
MD586ebd77b1edbe3321e7d1a7956f0b8ae
SHA19e6d2fd9989a03a4aeb394eb25e691d871bf0d64
SHA2563505ba975ec4347e16eab58da1ad65fd537775d9ce750b99c76704c15e748516
SHA512efb514b82ff26c2265f4ca155a46531420c391f713c8a4339f1bd6a0b2e227b060a2d1582586a02ef0c8e474eaef73d7eddc09db21e2027eb340c573199969bc