ca6c6007727514ac10ddd61d5d9b85854b17026dd5eb89cc15a69dc2e93cf0b4

Analysis

max time kernel
23s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
23-05-2024 15:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6b5b879e6029fd20d7a01bea3efc1313_JaffaCakes118.apk
Size

1.9MB
MD5

6b5b879e6029fd20d7a01bea3efc1313
SHA1

99dd9c3c0af157a0565a0f516552d1999a3bf092
SHA256

ca6c6007727514ac10ddd61d5d9b85854b17026dd5eb89cc15a69dc2e93cf0b4
SHA512

1713355cae8107c1de03e9e484c018c00db8ee05058d7822a8dbfb864e79df7041d865978cc3a834eddbe847ab5fee587456cf02f08a799dc4326ce768cb2745
SSDEEP

49152:AOonvjLZ2CYTGnUKhOd2xMSA0Vuld7ydbfQ0QR2S73ZGB:AOonoClPoqW7kb41Ql

Score

8^/10

discovery evasion execution persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

T1628.001

Processes:

com.mojang.minecraftpe.hack

pid process

4286 com.mojang.minecraftpe.hack
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.mojang.minecraftpe.hack

description ioc process

File opened for read /proc/cpuinfo com.mojang.minecraftpe.hack
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.mojang.minecraftpe.hack

description ioc process

File opened for read /proc/meminfo com.mojang.minecraftpe.hack
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

com.mojang.minecraftpe.hack

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.mojang.minecraftpe.hack
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.mojang.minecraftpe.hack

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.mojang.minecraftpe.hack
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

T1603

Processes:

com.mojang.minecraftpe.hack

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.mojang.minecraftpe.hack

pid	process
4286	com.mojang.minecraftpe.hack

description	ioc	process
File opened for read	/proc/cpuinfo	com.mojang.minecraftpe.hack

description	ioc	process
File opened for read	/proc/meminfo	com.mojang.minecraftpe.hack

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.mojang.minecraftpe.hack

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.mojang.minecraftpe.hack

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.mojang.minecraftpe.hack

com.mojang.minecraftpe.hack
1⤵
- Removes its main activity from the application launcher
- Checks CPU information
- Checks memory information
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
PID:4286

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.mojang.minecraftpe.hack/databases/evernote_jobs.db
Filesize
16KB

MD5
5d85664f8e614fcaef42be2e6f649027

SHA1
09c6288922102f6114a823f4992415fd3373d61e

SHA256
55f8907e91226ef43a05583c7b4623b4e26994b62d20c8603975ccc1fa3b9409

SHA512
3d6006a3e82d00fe9bc443e940acc5df12ec84114fcbcf8fbc8099c085cb1229b21a217b7445129b50558bfef5100894686d7359eb80b7ef087b65c7be3bc6e9

Download Submit
/data/data/com.mojang.minecraftpe.hack/databases/evernote_jobs.db
Filesize
16KB

MD5
c5beebf923cc24854f723067b89d7861

SHA1
4da53d06ce60939535171933bb12c0fe86bd8282

SHA256
02a48a3e1b0f9fcec76699402b4d22298abb3497b6f8276b62fd3f4111b13cce

SHA512
cb390ac18996b0cb37c996dfedd7a7523ce09c120022116ac85af09cd28937552bb8bab7959de4bed95234aab67592b5a7d9b02b1445b909cef0ae75cc1e5525

Download Submit
/data/data/com.mojang.minecraftpe.hack/databases/evernote_jobs.db-journal
Filesize
512B

MD5
c26c4b692820664b0599d6ef9d73c4c4

SHA1
bd49783b7556fbc62da0951f2b6c738835be32e3

SHA256
e9c415b65b6e69876c293ce87913629718d6c9fbdaf3b4a84ce8dab495699019

SHA512
1fc80311289b8370b7c6049bdc7ccecf66af5847035021f7f0649f944056faba627d1f02def7708d782be060aedda7ecbce232c1c7d3d7e9907f0ad3658605ac

Download Submit
/data/data/com.mojang.minecraftpe.hack/databases/evernote_jobs.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.mojang.minecraftpe.hack/databases/evernote_jobs.db-wal
Filesize
28KB

MD5
03f46702a7963c07d8b87d4a2e17a21c

SHA1
518673068537b56755866c05255fd7831cb66ce5

SHA256
9f189ddf6de89a89abb5b0b9323df45410d2af1fff29fc271d525226d0bdee4b

SHA512
77c01a2f96f1d93ecdeca4b8d17748fde4aa86549866686821589b0af6ecd9e01bd58dd3e91255db85efd833d26ba8628c3eac890d50376da29b62670abfab51

Download Submit
/data/data/com.mojang.minecraftpe.hack/databases/evernote_jobs.db-wal
Filesize
4KB

MD5
12f18e39dded92a766233d5df9e16aff

SHA1
720ec80ea0b0a2311d110699f96ece8c7fc0583b

SHA256
c5595d811a79edde541b30c8d69ded1919e957c78eb06836576c26157b99f003

SHA512
c0a9811c641456052d5ad65a31a40b228a9a29bfc0547ad9d1e4e3cd81e657cd3982c43b69d1c571d37226769ccdcf76fbb85d496d5d4143ac411b018cc876c1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads