b895e8d27a676d5d3559e64027a0e0480848abf1aaa6bf8816b57239f9681228

Analysis

max time kernel
23s
max time network
139s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 14:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

679b1be11616efb8e3aabcbd679c344e_JaffaCakes118.apk
Size

2.0MB
MD5

679b1be11616efb8e3aabcbd679c344e
SHA1

ab1606c851d8f2a800f57bd6d8cf6ff868db68bc
SHA256

b895e8d27a676d5d3559e64027a0e0480848abf1aaa6bf8816b57239f9681228
SHA512

20de519d8d6c519c53f126a5602c6dde38f650521cdfe67cdd02a542aea7c9b3af087d8b354f72a4a152ba8a8ea65ef92c7c4a3234f2d25b21e8321f8dacb814
SSDEEP

49152:qmJgNofS40Hn7thEtP4M4k1oLfKQmnA73ZWw:ZgNoFKQ4bAszmo

Score

8^/10

discovery evasion execution persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

T1628.001

Processes:

com.raftsurvival.raft.hack

pid process

4278 com.raftsurvival.raft.hack
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.raftsurvival.raft.hack

description ioc process

File opened for read /proc/cpuinfo com.raftsurvival.raft.hack
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.raftsurvival.raft.hack

description ioc process

File opened for read /proc/meminfo com.raftsurvival.raft.hack
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

com.raftsurvival.raft.hack

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.raftsurvival.raft.hack
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.raftsurvival.raft.hack

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.raftsurvival.raft.hack
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

T1603

Processes:

com.raftsurvival.raft.hack

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.raftsurvival.raft.hack

pid	process
4278	com.raftsurvival.raft.hack

description	ioc	process
File opened for read	/proc/cpuinfo	com.raftsurvival.raft.hack

description	ioc	process
File opened for read	/proc/meminfo	com.raftsurvival.raft.hack

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.raftsurvival.raft.hack

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.raftsurvival.raft.hack

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.raftsurvival.raft.hack

com.raftsurvival.raft.hack
1⤵
- Removes its main activity from the application launcher
- Checks CPU information
- Checks memory information
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
PID:4278

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.raftsurvival.raft.hack/databases/evernote_jobs.db
Filesize
16KB

MD5
5d85664f8e614fcaef42be2e6f649027

SHA1
09c6288922102f6114a823f4992415fd3373d61e

SHA256
55f8907e91226ef43a05583c7b4623b4e26994b62d20c8603975ccc1fa3b9409

SHA512
3d6006a3e82d00fe9bc443e940acc5df12ec84114fcbcf8fbc8099c085cb1229b21a217b7445129b50558bfef5100894686d7359eb80b7ef087b65c7be3bc6e9

Download Submit
/data/data/com.raftsurvival.raft.hack/databases/evernote_jobs.db
Filesize
16KB

MD5
061992c5755b907550099f3b7b7f09d4

SHA1
53719d89c047a42bb70c268727295ff0163219cc

SHA256
71a3b67bb7b2d8ad4af534038655f1f65943f818a702a0a160bc7293231814d6

SHA512
a550857b26171d4a2c8156b17d4fc63d024e9d2235ab790c4f40090b9d1ce2bdb1e64c76fafc3cfa3a0f44030e2e493ce8491932a18d3aec6f51d46a2e0233e0

Download Submit
/data/data/com.raftsurvival.raft.hack/databases/evernote_jobs.db-journal
Filesize
512B

MD5
fdea54f75db9343f036c057dd2904055

SHA1
b444cf86e516070718596af5ccf83e48ccc3e517

SHA256
60ad0567279f00102698937728a7ad4631a41397d742c1da2a9fc1064ab623e6

SHA512
d512bb6f2042319c79f1aa683e124be6cffdce7a396bb9105a8344c60b9a1a8fe1c946fb03996862b0e97ba99dc0bc4169de92b3d77b104e71900112ba53b8c3

Download Submit
/data/data/com.raftsurvival.raft.hack/databases/evernote_jobs.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.raftsurvival.raft.hack/databases/evernote_jobs.db-wal
Filesize
28KB

MD5
2e36c449287e4d7923b5a99992e0ac63

SHA1
85f276e05b8f1e8e185ec06beb4b080682977e0a

SHA256
9eda73e3cc819e746843ea1e0a88e48455bebfe329a644af0b844f3ed383a092

SHA512
f7bf2d54b3f35155d162cfae9786198c4739b2392213bed25ca20af105538f8024fdb4e5bd746afde8862b4fede3f723708008d20b2646dee6db09c6b2d5804e

Download Submit
/data/data/com.raftsurvival.raft.hack/databases/evernote_jobs.db-wal
Filesize
4KB

MD5
b6a248dbf2a5a010a18377e6889bff48

SHA1
327d54c79b046da704678cf36900964c76617121

SHA256
a37f60a91ad0cd85a35737777eafce5939b56757985d86ccace073e5696e1ef5

SHA512
0ea5e639d48b955efbfad4f3bafa8d35893544ce0f8d655c9f18ee8dcd94fd7f5f4dc74117c75f52bcb5fc3bc5f49b530d75c510f0e8e08a231739a81dba8b36

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads