a5a62b3cfb4c62d15be22802e4873d62a52472a94b1d972b02f1022f451e7092

Analysis

max time kernel
24s
max time network
133s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
22-05-2024 05:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

662dc37e22bc734704718609fd803370_JaffaCakes118.apk
Size

1.8MB
MD5

662dc37e22bc734704718609fd803370
SHA1

be35c7462b472ac8c60964311aef2fa80bf8d18a
SHA256

a5a62b3cfb4c62d15be22802e4873d62a52472a94b1d972b02f1022f451e7092
SHA512

215418d65c1add4f32c13faf70a42b8662848fc1c2b9b5cfb8410c50f286e0b80af12e146a5924e131d70689b0c9af2c05209fd80e7c0e9ae6db332ede099329
SSDEEP

49152:U9e5oh7nATCs83N6g5mmr1fwGoMBloMHXlu0QfF73ZUY:U9e5oh7nUCsmU/Mv5HXlu1D

Score

8^/10

collection credential_access discovery evasion execution impact persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

Suppress Application Icon
T1628.001

Processes:

com.noodlecake.waywardsouls.hack

pid process

4634 com.noodlecake.waywardsouls.hack
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.noodlecake.waywardsouls.hack

description ioc process

File opened for read /proc/cpuinfo com.noodlecake.waywardsouls.hack
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.noodlecake.waywardsouls.hack

description ioc process

File opened for read /proc/meminfo com.noodlecake.waywardsouls.hack
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

Clipboard Data
T1414

Transmitted Data Manipulation
T1641.001

Processes:

com.noodlecake.waywardsouls.hack

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.noodlecake.waywardsouls.hack
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

Scheduled Task/Job
T1603

Processes:

com.noodlecake.waywardsouls.hack

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.noodlecake.waywardsouls.hack

pid	process
4634	com.noodlecake.waywardsouls.hack

description	ioc	process
File opened for read	/proc/cpuinfo	com.noodlecake.waywardsouls.hack

description	ioc	process
File opened for read	/proc/meminfo	com.noodlecake.waywardsouls.hack

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.noodlecake.waywardsouls.hack

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.noodlecake.waywardsouls.hack

com.noodlecake.waywardsouls.hack
1⤵
- Removes its main activity from the application launcher
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Schedules tasks to execute at a specified time
PID:4634

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.noodlecake.waywardsouls.hack/databases/evernote_jobs.db
Filesize
16KB

MD5
58c0b6e45328752b20ac6e719ac034f8

SHA1
372b2638afd00bbbc4034657b3df3d2e428fb367

SHA256
9d74f93afa5a179b1ba2f19f154b2880aa8b99c88209802099045a0874d2426a

SHA512
2d347d5824b9ab701e341c89e8327a95fd6bab8e92ee15ce9550da368d773e22bff304072a4854df5ab763750a7401f7aa61a49e3292d62c27fa9f20536eb3ab

Download Submit
/data/user/0/com.noodlecake.waywardsouls.hack/databases/evernote_jobs.db
Filesize
16KB

MD5
5d8c006edb3bb230e0c77b564a0d169c

SHA1
150a8ea8cfc18a3b9644da132caa63bcb97965c4

SHA256
52a313ef0eb3c4b36196f381ff45c695f6ad4049510556fc1f237440ff3182a3

SHA512
2d6fe11f5c9ec6a77b291fbcf65b2ba4e781ef7c9dd052e5e87fc67e22c0dfb6c1b499f9d4e8c5e19523e53940588691b8f937a73c45197c166297080cc24d51

Download Submit
/data/user/0/com.noodlecake.waywardsouls.hack/databases/evernote_jobs.db-journal
Filesize
512B

MD5
4caf9852d1d295b9499fa422607fedad

SHA1
be7114bdeacb203a47eb9151fbbdbbb0a5683882

SHA256
eff3353b0adb9296250b8302789c5f8374dc0e06842d68be102bb98ccbe9716b

SHA512
3bf21d6949cd01a825b956a8e6b383a908b8272664a580705cb97ee5d73c9d367c3dc9074a6ed9abf3b5c5db1093bf76f52b03984957a50ebe7e283e54f1b5f3

Download Submit
/data/user/0/com.noodlecake.waywardsouls.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
ad403aad8432b5d12651923262356b8f

SHA1
37aff7e9ec79a7dd65e354df7670c46cf6b4e936

SHA256
90bfe37ec72c058c28700cd0a4ceed5bc44f13e071857fb8ac4c164a3445688d

SHA512
6a9521cb11c564a4f0acf24a29f1eb1327ad1e2fce6f36114f72cead15713ada1ce89c4eebbc501f093df18b3ceb75c560694941517e67fb1c9fcf353a9bee60

Download Submit
/data/user/0/com.noodlecake.waywardsouls.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
2f39c302dce0b100bdfe6e32cd1b2890

SHA1
263a9925ab12d14a37bf6d40a44066c767f219d8

SHA256
5b98d3b216357c22413212ae3881a3ef8668d9019f8142adcb5be41c862affef

SHA512
8348f1d9950bc488203b655aff1458540250deae239ba4690b7357794de85bfde7dd5d5ea74eb9610e28aeaf7e301750b727f1254edb116fa1d3a8770464e89d

Download Submit
/data/user/0/com.noodlecake.waywardsouls.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
86ebd77b1edbe3321e7d1a7956f0b8ae

SHA1
9e6d2fd9989a03a4aeb394eb25e691d871bf0d64

SHA256
3505ba975ec4347e16eab58da1ad65fd537775d9ce750b99c76704c15e748516

SHA512
efb514b82ff26c2265f4ca155a46531420c391f713c8a4339f1bd6a0b2e227b060a2d1582586a02ef0c8e474eaef73d7eddc09db21e2027eb340c573199969bc

Download Submit