b895e8d27a676d5d3559e64027a0e0480848abf1aaa6bf8816b57239f9681228

Analysis

max time kernel
24s
max time network
154s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
22-05-2024 14:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

679b1be11616efb8e3aabcbd679c344e_JaffaCakes118.apk
Size

2.0MB
MD5

679b1be11616efb8e3aabcbd679c344e
SHA1

ab1606c851d8f2a800f57bd6d8cf6ff868db68bc
SHA256

b895e8d27a676d5d3559e64027a0e0480848abf1aaa6bf8816b57239f9681228
SHA512

20de519d8d6c519c53f126a5602c6dde38f650521cdfe67cdd02a542aea7c9b3af087d8b354f72a4a152ba8a8ea65ef92c7c4a3234f2d25b21e8321f8dacb814
SSDEEP

49152:qmJgNofS40Hn7thEtP4M4k1oLfKQmnA73ZWw:ZgNoFKQ4bAszmo

Score

8^/10

collection credential_access discovery evasion execution impact persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

T1628.001

Processes:

com.raftsurvival.raft.hack

pid process

5120 com.raftsurvival.raft.hack
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.raftsurvival.raft.hack

description ioc process

File opened for read /proc/cpuinfo com.raftsurvival.raft.hack
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.raftsurvival.raft.hack

description ioc process

File opened for read /proc/meminfo com.raftsurvival.raft.hack
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

T1414

T1641.001

Processes:

com.raftsurvival.raft.hack

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.raftsurvival.raft.hack
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

com.raftsurvival.raft.hack

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.raftsurvival.raft.hack
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.raftsurvival.raft.hack

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.raftsurvival.raft.hack
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

T1603

Processes:

com.raftsurvival.raft.hack

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.raftsurvival.raft.hack

pid	process
5120	com.raftsurvival.raft.hack

description	ioc	process
File opened for read	/proc/cpuinfo	com.raftsurvival.raft.hack

description	ioc	process
File opened for read	/proc/meminfo	com.raftsurvival.raft.hack

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.raftsurvival.raft.hack

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.raftsurvival.raft.hack

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.raftsurvival.raft.hack

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.raftsurvival.raft.hack

com.raftsurvival.raft.hack
1⤵
- Removes its main activity from the application launcher
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
PID:5120

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.raftsurvival.raft.hack/databases/evernote_jobs.db
Filesize
16KB

MD5
12627a2ec645c4a4bc50dba5903afd59

SHA1
504005c938517e61bcf68b65a055c2faba635c2e

SHA256
f177ffae9650eb4f407c2d9a510bb5a5abe1ece2fdfe24effc62478a1bfa5903

SHA512
7ff69589296e02383a217373399e75d8a82fa17146e4273f4c0eb630f096dd9f394a3324d60858b02f7e5cf177c82c6d966f5cbedb68ae6a98df7cc851b79cfd

Download Submit
/data/data/com.raftsurvival.raft.hack/databases/evernote_jobs.db
Filesize
16KB

MD5
41c23de1afc52e26a29f660d69337733

SHA1
5c694a5503ad6cd6830fb2a4c98d52ee2727bfd9

SHA256
b93aba580171a9ec08dd9129416f7a30dcaf67976f1b2e89939d3136db97c26a

SHA512
eabcc7db57f71664808952e527c56ff28fc1a9766e20249d68c56c7bd72a9719afcfccf610700304144c497df392cc8047e6f19edf2d5ac7b95c4b69f767446a

Download Submit
/data/data/com.raftsurvival.raft.hack/databases/evernote_jobs.db-journal
Filesize
512B

MD5
1888cc0f41235d59cefd4da78926dd86

SHA1
49943f9fa771c8b964a2c0e4b931fd56422c0c92

SHA256
f242403a9e89ea6b2d2013235ae32483f1f1e99ce07ed353c8d21f9a795e9a4f

SHA512
39a5f4673a020d2f4f56433308444f3c38477750d6e23bcb32a7941d8924acba4e29d6b821575a72b93506d39fd9da14e6d8d44ca3d29aad75e3fe1735badcdf

Download Submit
/data/data/com.raftsurvival.raft.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
db27dcc5495ac471f1fe560d755b89ac

SHA1
f25891d7b0c3be0090288996dbdc905ff232b8ee

SHA256
b04384243c90dadd495b3ff4ef058cd725e5f99307df3f8faf36e8a119ebf6a0

SHA512
c1d0094b2c39733fe151c75e2fa5188843fa43dcf20068670229cf68ab4e8c66da15346f33535bfefed789a73dd4074ed1517895897364001cbe22fe2701b9d1

Download Submit
/data/data/com.raftsurvival.raft.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
c7a10a184a04e959a78e1c259f7b56ba

SHA1
50b4890009b8ecee087a20b7f8b201a8c0d29b6f

SHA256
bf5fad3483bd5c96155dc89eab62777d9531e5780dc9d3776d90a98d9214dc96

SHA512
dde356f19bc630f2bdc84e02430521f42a129e56765c5cce02656d88013cec4ecbc679c46f9cd367241b654bd88d430e2452c628d9a04c9ea1a3c40091ae71e5

Download Submit
/data/data/com.raftsurvival.raft.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
32ccc918378f1ec4fdd5adc20a589c91

SHA1
d079126a2231a146216028a72950953e06a23f9d

SHA256
bfe212a0cc23060ea8ca7c1fac65b3f61a2189d60b298680d7986022ec7abecc

SHA512
de183195224a2de2834d098f459c5bb23d57182a2c96101c8dbbc7e391971742ebf8058314b38113cc93afb51a7ce3e735e6e56ad974bd39df71af0963535ec6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads