Analysis
-
max time kernel
24s -
max time network
132s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system -
submitted
23-05-2024 15:15
Static task
static1
Behavioral task
behavioral1
Sample
6b5b879e6029fd20d7a01bea3efc1313_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
6b5b879e6029fd20d7a01bea3efc1313_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
6b5b879e6029fd20d7a01bea3efc1313_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
6b5b879e6029fd20d7a01bea3efc1313_JaffaCakes118.apk
-
Size
1.9MB
-
MD5
6b5b879e6029fd20d7a01bea3efc1313
-
SHA1
99dd9c3c0af157a0565a0f516552d1999a3bf092
-
SHA256
ca6c6007727514ac10ddd61d5d9b85854b17026dd5eb89cc15a69dc2e93cf0b4
-
SHA512
1713355cae8107c1de03e9e484c018c00db8ee05058d7822a8dbfb864e79df7041d865978cc3a834eddbe847ab5fee587456cf02f08a799dc4326ce768cb2745
-
SSDEEP
49152:AOonvjLZ2CYTGnUKhOd2xMSA0Vuld7ydbfQ0QR2S73ZGB:AOonoClPoqW7kb41Ql
Malware Config
Signatures
-
Processes:
com.mojang.minecraftpe.hackpid process 4508 com.mojang.minecraftpe.hack -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
com.mojang.minecraftpe.hackdescription ioc process File opened for read /proc/cpuinfo com.mojang.minecraftpe.hack -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
com.mojang.minecraftpe.hackdescription ioc process File opened for read /proc/meminfo com.mojang.minecraftpe.hack -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
com.mojang.minecraftpe.hackdescription ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.mojang.minecraftpe.hack -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
com.mojang.minecraftpe.hackdescription ioc process Framework service call android.app.job.IJobScheduler.schedule com.mojang.minecraftpe.hack
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.mojang.minecraftpe.hack/databases/evernote_jobs.dbFilesize
16KB
MD558c0b6e45328752b20ac6e719ac034f8
SHA1372b2638afd00bbbc4034657b3df3d2e428fb367
SHA2569d74f93afa5a179b1ba2f19f154b2880aa8b99c88209802099045a0874d2426a
SHA5122d347d5824b9ab701e341c89e8327a95fd6bab8e92ee15ce9550da368d773e22bff304072a4854df5ab763750a7401f7aa61a49e3292d62c27fa9f20536eb3ab
-
/data/user/0/com.mojang.minecraftpe.hack/databases/evernote_jobs.dbFilesize
16KB
MD55087d696ee9f33ebf9badfbc566f7418
SHA154346511d9322505a01d07463905f620e9980655
SHA2563943f4964380c992091af9f6a31badcfa5146dd8030c55677a44c0bda6d7f282
SHA512f9d74e5f8ef28e841f8b6d7fa1ef54a8276692022dc2e1309f7eeedeb26446d3a5bdb8c00beb157227681323cf626d13505e5103dd076a3075c2d4aae2bc953b
-
/data/user/0/com.mojang.minecraftpe.hack/databases/evernote_jobs.db-journalFilesize
512B
MD5d8759dacd826c742bc311bbffa722c9d
SHA1733c1b75f171d1060d43b079dc8238953168a233
SHA2561b7cd885186acfdf2e990bd60b1173ce26d5e519f3d7c2910167031810386f40
SHA51247af3b41e6f2cd4c7d08232c2dabf576a2e47394c6c08adee8654ef5ca6e3c6b920bfd5b08eff426f73259132f0ae0f7b84d912ff75ba47ad9db244daa827778
-
/data/user/0/com.mojang.minecraftpe.hack/databases/evernote_jobs.db-journalFilesize
8KB
MD5d19cedcf500cc22612c6b86c9ead6845
SHA17d894eeba15f4ddfaeb77c3f5c4cf55ca4e2c452
SHA2566331b04a84d596354c918539a44ad0115d83efb65c05006f5614b323a5d2e836
SHA5125e83514c2f52b8273c98bfca73dcfc96dcc714067cc7c918f2e13d138174ccee175a75aa8069cd70d6a6bd8f8b0d1f7bc60ee0782122967fba1a01fb9388c28c
-
/data/user/0/com.mojang.minecraftpe.hack/databases/evernote_jobs.db-journalFilesize
8KB
MD5d2990178867a9b5bc4fce1c75a6252b5
SHA18d64e12ebc62c53465f1773c244a8e9d9cf3fa27
SHA25636044da4d7656f0864c7fffd0e3e3b73ff8b13a33afef6640e3d09f7c91f7c68
SHA512b390fbbb4b3b3cd09dce26cb11380e16d2d202266d34a7386009c47f02c140e720d31c1fb35a1322b677f2fec6687387eed0a8518c412974a2593702901fbc24
-
/data/user/0/com.mojang.minecraftpe.hack/databases/evernote_jobs.db-journalFilesize
8KB
MD57b119b575ef1136714fd4fbd27ffbd68
SHA1ee1733563663c2ca0e5798b4d2848bd930684a99
SHA2565dfd4161388db7b1985156e2348718a3640485d5697a1225106f1f9bdcf6ae5a
SHA5123df95b3dfe3158a06bd1146f145705f33fc4f292dd280b33e74af2c95a68f28f3c7eaba78ecd85c6f1591186c1d2a5702375f9c582fe67145a52be462364181b