Analysis
-
max time kernel
48s -
max time network
153s -
platform
android_x64 -
resource
android-x64-20240514-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system -
submitted
23-05-2024 15:15
Static task
static1
Behavioral task
behavioral1
Sample
6b5b879e6029fd20d7a01bea3efc1313_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
6b5b879e6029fd20d7a01bea3efc1313_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
6b5b879e6029fd20d7a01bea3efc1313_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
6b5b879e6029fd20d7a01bea3efc1313_JaffaCakes118.apk
-
Size
1.9MB
-
MD5
6b5b879e6029fd20d7a01bea3efc1313
-
SHA1
99dd9c3c0af157a0565a0f516552d1999a3bf092
-
SHA256
ca6c6007727514ac10ddd61d5d9b85854b17026dd5eb89cc15a69dc2e93cf0b4
-
SHA512
1713355cae8107c1de03e9e484c018c00db8ee05058d7822a8dbfb864e79df7041d865978cc3a834eddbe847ab5fee587456cf02f08a799dc4326ce768cb2745
-
SSDEEP
49152:AOonvjLZ2CYTGnUKhOd2xMSA0Vuld7ydbfQ0QR2S73ZGB:AOonoClPoqW7kb41Ql
Malware Config
Signatures
-
Processes:
com.mojang.minecraftpe.hackpid process 5179 com.mojang.minecraftpe.hack -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
com.mojang.minecraftpe.hackdescription ioc process File opened for read /proc/cpuinfo com.mojang.minecraftpe.hack -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
com.mojang.minecraftpe.hackdescription ioc process File opened for read /proc/meminfo com.mojang.minecraftpe.hack -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
com.mojang.minecraftpe.hackdescription ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.mojang.minecraftpe.hack -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.mojang.minecraftpe.hackdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.mojang.minecraftpe.hack -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.mojang.minecraftpe.hackdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.mojang.minecraftpe.hack -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
com.mojang.minecraftpe.hackdescription ioc process Framework service call android.app.job.IJobScheduler.schedule com.mojang.minecraftpe.hack
Processes
-
com.mojang.minecraftpe.hack1⤵
- Removes its main activity from the application launcher
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
PID:5179
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.mojang.minecraftpe.hack/databases/evernote_jobs.dbFilesize
16KB
MD512627a2ec645c4a4bc50dba5903afd59
SHA1504005c938517e61bcf68b65a055c2faba635c2e
SHA256f177ffae9650eb4f407c2d9a510bb5a5abe1ece2fdfe24effc62478a1bfa5903
SHA5127ff69589296e02383a217373399e75d8a82fa17146e4273f4c0eb630f096dd9f394a3324d60858b02f7e5cf177c82c6d966f5cbedb68ae6a98df7cc851b79cfd
-
/data/data/com.mojang.minecraftpe.hack/databases/evernote_jobs.dbFilesize
16KB
MD5a023826a57091b3f8786432b483d0a4d
SHA125425d7273e73d6509993b74c54c90344957f489
SHA25676b7303f5cef2bb02508f304b463c9fd5c77d0449fe1f6b5b469777b86248584
SHA5129a33dee46f0025ea896df09e99d6992d8338a02386f0da3d0e1f8fc2cbb9b0566963ebe61631edd781e849a381a5fcfc44de564dfa2b1d44b38a6432864a7f6d
-
/data/data/com.mojang.minecraftpe.hack/databases/evernote_jobs.db-journalFilesize
512B
MD572eda3fc04477af3c8556379df0ac8d7
SHA14fab219248406af3b36e9f0a97a4f9a08246dcb6
SHA256d5e7048cbb59d86613eedb022233d319a6c46d6c612f5e049071691b7439af87
SHA51227c7b6070fa953cf419442a42e9ffd7701698c4d48cb66270e93e8acad09550ff677622ec227a16bb5c71e7f626de3ed592bdd486f6b0313490571514a864ba9
-
/data/data/com.mojang.minecraftpe.hack/databases/evernote_jobs.db-journalFilesize
8KB
MD5e63467349eac5fe675bb7493fbecc236
SHA1e6052083add093c49a355889a736d221574c7080
SHA25640c2977cfea0c705de503399cbc869f31d5823b69e5287b85ef3aac472d9bd89
SHA5128dad6ea66cb4f13777db087e17b8f3e927ec71165d95b326cf7461dc1da96701392f655ac42bf657eafd1aa1ad66d6933650a9f39897ee89d72e9ebc48fb38f2
-
/data/data/com.mojang.minecraftpe.hack/databases/evernote_jobs.db-journalFilesize
8KB
MD5903a158d95870f22bbffa9ac371e465b
SHA1167c3089ff759948df898f89d9f73902b0c34bec
SHA256e5ecb7536c044cb1041aaa1f5451761ed631daf7c8ffdb5ed12497ecea77591f
SHA5129ab004753101a9bd0fae967429e8c20ee695ef43703b559d0ffac967a2b3cd18bf62457e51f2cb9d3e34cbbfc63b9bd94b454f0de5fae894d8c54fad2283e404
-
/data/data/com.mojang.minecraftpe.hack/databases/evernote_jobs.db-journalFilesize
8KB
MD5f0128a8ae40a468bc2685d5d839552e4
SHA1e46370b4e9bd03b1c4aa7a0a8bb2706794c81dd9
SHA2560796f90de5fb7f7863286e0f021bab93f162f809e6eae411facd86953f8d0622
SHA512b0bf92a06dae4f46c643386cc8ace1b02634c727111ecc624a680a4fa91b1c98468e5ce128ecd1b2947dcd8c4b57bf0990c1c4bfd1903f814aa0270dedb25464