b895e8d27a676d5d3559e64027a0e0480848abf1aaa6bf8816b57239f9681228

Analysis

max time kernel
97s
max time network
131s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
22-05-2024 14:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

679b1be11616efb8e3aabcbd679c344e_JaffaCakes118.apk
Size

2.0MB
MD5

679b1be11616efb8e3aabcbd679c344e
SHA1

ab1606c851d8f2a800f57bd6d8cf6ff868db68bc
SHA256

b895e8d27a676d5d3559e64027a0e0480848abf1aaa6bf8816b57239f9681228
SHA512

20de519d8d6c519c53f126a5602c6dde38f650521cdfe67cdd02a542aea7c9b3af087d8b354f72a4a152ba8a8ea65ef92c7c4a3234f2d25b21e8321f8dacb814
SSDEEP

49152:qmJgNofS40Hn7thEtP4M4k1oLfKQmnA73ZWw:ZgNoFKQ4bAszmo

Score

8^/10

collection credential_access discovery evasion execution impact persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

T1628.001

Processes:

com.raftsurvival.raft.hack

pid process

4612 com.raftsurvival.raft.hack
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.raftsurvival.raft.hack

description ioc process

File opened for read /proc/cpuinfo com.raftsurvival.raft.hack
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.raftsurvival.raft.hack

description ioc process

File opened for read /proc/meminfo com.raftsurvival.raft.hack
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

T1414

T1641.001

Processes:

com.raftsurvival.raft.hack

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.raftsurvival.raft.hack
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

T1603

Processes:

com.raftsurvival.raft.hack

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.raftsurvival.raft.hack

pid	process
4612	com.raftsurvival.raft.hack

description	ioc	process
File opened for read	/proc/cpuinfo	com.raftsurvival.raft.hack

description	ioc	process
File opened for read	/proc/meminfo	com.raftsurvival.raft.hack

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.raftsurvival.raft.hack

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.raftsurvival.raft.hack

com.raftsurvival.raft.hack
1⤵
- Removes its main activity from the application launcher
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Schedules tasks to execute at a specified time
PID:4612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.raftsurvival.raft.hack/databases/evernote_jobs.db
Filesize
16KB

MD5
58c0b6e45328752b20ac6e719ac034f8

SHA1
372b2638afd00bbbc4034657b3df3d2e428fb367

SHA256
9d74f93afa5a179b1ba2f19f154b2880aa8b99c88209802099045a0874d2426a

SHA512
2d347d5824b9ab701e341c89e8327a95fd6bab8e92ee15ce9550da368d773e22bff304072a4854df5ab763750a7401f7aa61a49e3292d62c27fa9f20536eb3ab

Download Submit
/data/user/0/com.raftsurvival.raft.hack/databases/evernote_jobs.db
Filesize
16KB

MD5
e49e2bd23edcd7fa888166098c288b10

SHA1
a8edcbebb3aaca42c451c14c2a3c72807a55fb69

SHA256
66386284dd064c76efa35bfc3da7f3f2d56d5eeb143b91002efce7bb53f3a62e

SHA512
0583c6444b10c6c797a778afc908d6697f71902e336a337c82fe0df0da2ded8e117c99df6edf9fb5cccd465c1cb5c6b420e1496ac5c419ad2f631696f02cd9c3

Download Submit
/data/user/0/com.raftsurvival.raft.hack/databases/evernote_jobs.db-journal
Filesize
512B

MD5
f0d0c67dfcf1f29eb7698baa070c55c8

SHA1
747e7611acc256a481311e5b4e34a21dfcce1a99

SHA256
9b68388aa8cbecdcda35342eca0b83f2d9cb40a2027a63d38ae81d989dea6f99

SHA512
59c8f3daa4a4e1da19990e2a46b70e66e09d13eb5456460947f4499820ac63eda80974ae61c7e2c78a8f0ad6b1e18fab8720a8c56b436a1d4beecc3d3deadc8e

Download Submit
/data/user/0/com.raftsurvival.raft.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
f9afa2882fcde3281864d2bbfda53493

SHA1
dad1af0bc05660f9c874c6168c480d73bf6e2ba6

SHA256
c08dea69b70a997a187d340766d6184ab06c372edc7d0b58b6ceecc4068e3c77

SHA512
0ee2792e47e4999de526ea213ca0c97952e39d60782237db76f9336d415c0d8bdce3daf3e5bffcb6b3a84332abdfc6a594f7316aae9f50ab7bc45ffc4c2821eb

Download Submit
/data/user/0/com.raftsurvival.raft.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
d4eaa31e5c01bb9c5ac60a3a04f8cfaf

SHA1
2e2615e686d1cba40e8ab7a979636082db93e7b2

SHA256
85707c09b571256998262c9eada2f3d280e7e907e13ee83cb16775408ad76c86

SHA512
611b1cfdbf9f39b2b7c0182faa899171896bb88ddbc77fb6519276b7a508aed9bd264cae4911aaddecc732b7075ed7d02bac8eea5b2c7e44827b4ace80cc7d7b

Download Submit
/data/user/0/com.raftsurvival.raft.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
c0dd25bdc8b1e94547989bb4c2bbe5e8

SHA1
9a31166fbde519d17367df8c9976e52c1a1039c1

SHA256
79ab45eb73375b85383592c66c33ef552d492d542e6dc68f21a0de7514884a46

SHA512
87907e65339d39c9b19ba0009b1f9decb282b3701c544fc1bb8ecea1cb58cf27bdc31ad2e68062c6723313df530b6eafcb24e8fb5e3b6f90ed86032c6304c144

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads