75b66f0b62efd1bbd3fa88ed037735b87c1b14dd3edafbc6c57f8e914f5caaef

Analysis

max time kernel
47s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
23-05-2024 16:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6b8b91b7963bca247a9200f938275c38_JaffaCakes118.apk
Size

6.1MB
MD5

6b8b91b7963bca247a9200f938275c38
SHA1

ec18222197774051013a5dd848f3acdafce6cf3f
SHA256

75b66f0b62efd1bbd3fa88ed037735b87c1b14dd3edafbc6c57f8e914f5caaef
SHA512

96d4db21ca9416b90087465d55859d2601a8b656fd052cd140451155e2575712c437e442d5a6044538f59042bdc2785776965f6df7b1523abd7701865db0837a
SSDEEP

98304:g8CdrTLh4pUcxh7EMEjzeFsX1wh5AfL+sqG8+fPQQ8/5DeRMNryAiRgqU2XybWxz:9bhozeFj5abv3C98X1XyGf0K3

Score

8^/10

discovery evasion execution persistence stealth trojan

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 4 IoCs

evasion

System Information Discovery

T1426

Processes:

com.crowdstar.covetHome.hack

ioc	process
/data/local/su	com.crowdstar.covetHome.hack
/data/local/bin/su	com.crowdstar.covetHome.hack
/data/local/xbin/su	com.crowdstar.covetHome.hack
/sbin/su	com.crowdstar.covetHome.hack

Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

Suppress Application Icon
T1628.001

Processes:

com.crowdstar.covetHome.hack

pid process

4330 com.crowdstar.covetHome.hack
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.crowdstar.covetHome.hack

description ioc process

File opened for read /proc/cpuinfo com.crowdstar.covetHome.hack
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.crowdstar.covetHome.hack

description ioc process

File opened for read /proc/meminfo com.crowdstar.covetHome.hack
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

Process Discovery
T1424

Processes:

com.crowdstar.covetHome.hack

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.crowdstar.covetHome.hack
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

System Network Configuration Discovery
T1422

Processes:

com.crowdstar.covetHome.hack

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.crowdstar.covetHome.hack
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.crowdstar.covetHome.hack

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.crowdstar.covetHome.hack
Acquires the wake lock 1 IoCs

Processes:

com.crowdstar.covetHome.hack

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.crowdstar.covetHome.hack
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.crowdstar.covetHome.hack

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.crowdstar.covetHome.hack
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

Scheduled Task/Job
T1603

Processes:

com.crowdstar.covetHome.hack

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.crowdstar.covetHome.hack

pid	process
4330	com.crowdstar.covetHome.hack

description	ioc	process
File opened for read	/proc/cpuinfo	com.crowdstar.covetHome.hack

description	ioc	process
File opened for read	/proc/meminfo	com.crowdstar.covetHome.hack

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.crowdstar.covetHome.hack

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.crowdstar.covetHome.hack

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.crowdstar.covetHome.hack

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.crowdstar.covetHome.hack

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.crowdstar.covetHome.hack

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.crowdstar.covetHome.hack

com.crowdstar.covetHome.hack
1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
PID:4330

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.crowdstar.covetHome.hack/databases/OneSignal.db-journal
Filesize
512B

MD5
8cec4e9a95f81f5fb5c114250fa39775

SHA1
020468f1f7d059fb173a15ae2605f97dc22d5a43

SHA256
8aaef82e591e67c2ac7bff059f08830cfaeabb7ba0c77391297b7b93c1afeb16

SHA512
427d3171b9add800120fe26772cada8e34d6620590e53b82287af23c38f808e394adc5c5dbe5bcd491d3ceb2fe80374e0436a43f281306897ff4f5e62cb15b67

Download Submit
/data/data/com.crowdstar.covetHome.hack/databases/OneSignal.db-wal
Filesize
52KB

MD5
3eeac836154c705797004ef294e4abd4

SHA1
ed36a78fa832729bc01bf032b5c58a324b9d9cff

SHA256
c6ddebc42a538529de55ce1e9a44c71bb07fa6c90d2fe18f800a7c4bfcda4d99

SHA512
c2f2acb612af34d2761d10a3a0e2297d9b81725657674050098315de4e6d9b522901514dc42a8eee5dcfd59551bde257299f240af38ca711520578de1279de92

Download Submit
/data/data/com.crowdstar.covetHome.hack/databases/evernote_jobs.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.crowdstar.covetHome.hack/databases/evernote_jobs.db-journal
Filesize
512B

MD5
7f76fada140030f71ccc912d0ec08be3

SHA1
02068ba6b2cb5f500aaf8b9db673ce1f54329986

SHA256
0daa185a4e86c6ceba43d3536e482a629cb2ac177e4c74c177ae41719ac23ae6

SHA512
6fcb1ae6ad26719cc0bd301be9c7a0c2a1521359214ebcbbb3d4a858a29bad0e30c1e777f05261a95e6a6db31fddde8ebcec1501e484bf5d4cf806ea445242d0

Download Submit
/data/data/com.crowdstar.covetHome.hack/databases/evernote_jobs.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.crowdstar.covetHome.hack/databases/evernote_jobs.db-wal
Filesize
32KB

MD5
37c3e835a606925bd6946292bd70188b

SHA1
c7bbdc25bbed483906463b5309a6e0af9d468a79

SHA256
678b110dced26d86bf60cc52a44bb4a024ebe64e9bc93a5383844b66b75683cc

SHA512
3f36f1187201beb741b6fa957c72e6e861e71135fedee1b31aac719bd0993fcadea4c4b9d10843d663d05b25b7f9dc13403f812c3d01d3b24908ae91e83da57d

Download Submit
/data/data/com.crowdstar.covetHome.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
37b51400dd5facbe9fec1514057c1ccd

SHA1
682d82fe3b5870f90c8a3bf2ed2a1c090d955279

SHA256
21284e1ac4ed85600bfab8d6194b613796f9deda7b476c1365501f024d77c65f

SHA512
57f0fe52d2f8d23b2cf9a41e1376df32aee2ed00c922d328a3e532815c2dcf3d3a85579190206a30da6be1ae76cdd0bbd32fe23a2f0d4c2666b746d298f096aa

Download Submit
/data/data/com.crowdstar.covetHome.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
d7e674d6b05f3c900bad9c24f2213b5e

SHA1
6d201062d7a2241a008cfe6e62d096c79adc7f05

SHA256
48cb90e7ed89b9324468f7127fdbaedfebbe370f54beb71098af45fc1ef2d1de

SHA512
3b4b5e83b1c560b505314e0804fa2b0ce036c32d342dad6d050dc8a76b173cbb1d7f5ccb819dd710f0b7626731938123dcb11d9920b94b3e3ccb1393039b2c71

Download Submit
/data/data/com.crowdstar.covetHome.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
8c088ec82e061c71560ebdb87b20abf9

SHA1
1216d24c9b97ceaa579d26836fbf1f8c0fc890c2

SHA256
6872eb9103e757ab3c71c93165e6cc944c465fd294be5d8e4faabd7384a32cf2

SHA512
661229ed084c2dfa01e5849bc89092af4f1011beb0a3d8cd89d539e41f5e114e21441f58a93d3eb0053e1f5cc703a9f53ee062594e16f9a4457e86fa63cf5e4b

Download Submit
/data/data/com.crowdstar.covetHome.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
f81fefe3552516c3f352755bbd326c0f

SHA1
cd6cb256e30b3ac31a3f1f2f6e7656e2ffaaa989

SHA256
f281957539f512e0e269eb7d865568c63b6a919f75ed10c3b5c85b2fb6be98dc

SHA512
5e067e9ffd2e6565a9d9bd365c4c01333e39dc2677055ab0c5f68e951e599f3d1067b144b9cf321d2b4dd102e27ab4ba50b84eff57eee000c81af9656ecc26b3

Download Submit
/data/data/com.crowdstar.covetHome.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
44693692da738db6eb133cf0e4cde91b

SHA1
e6bda56494c325d8d37ad89552263ae85d9b0550

SHA256
8fe0ac9db76d4a2dcd3b3d54c0efedcd223e25aabf716506493d50e243a7a2d4

SHA512
b34ddfe1ae343b1b12f7029ae476a0ba8e1b4043ccb520afb412b3f71335ef679bf29723c9a5c00af7e922e9982d5b3af54b2ed779da8cb601f378e5b9d26be5

Download Submit
/data/data/com.crowdstar.covetHome.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/com.crowdstar.covetHome.hack/databases/google_app_measurement_local.db-journal
Filesize
512B

MD5
124b31d69f1a9486b97798137397b454

SHA1
e8c7da6d641281aadd65efdbdcb4763c65ce494d

SHA256
dd53d8922b76c17b2720f5a278788b3110da0346811a453eef697edb79c922aa

SHA512
b46aa60270b01268dc3847469015a54418fadcbdbccec2be0fcf419448478d387808fe9fe6e7b57a6db9aa49671fe5d52abe11a9d54ec2147eb9d335f1e937ab

Download Submit
/data/data/com.crowdstar.covetHome.hack/databases/google_app_measurement_local.db-wal
Filesize
36KB

MD5
835b028b4af066de070d4e3fff2b088f

SHA1
b266c42181831efdb6742372cdc567fe75cf016e

SHA256
2c15723cddcd846d5faa5e403ec1ef1c04f3f40669dd7419cc79b2e9c3f38bc6

SHA512
10562bfb31a6e81cb31ec1b19e6070bc2a8d7d14a03396db2501b4385109f34fe3f5e7ccdc4f6c220f17ac8dab6d7f898d23c2f7f829acca2754c8dcec239986

Download Submit
/data/data/com.crowdstar.covetHome.hack/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
7ce4af2bc9dafc2f2aa7ead34d3cb251

SHA1
9e80de988a151fa734c4524089eff646ce436bbf

SHA256
5a33e60e3374da4ecb9a79023baa8e25cbd0b9ae38d3558beaf7c337811880e2

SHA512
bd993ab1bc19553f0226ce0c9ed94dc80710cccaef036969e6ce7859e004f2977abe17f693b51d58c291854c2d92461ba494a06a3fa2277975d12b8bc63a365e

Download Submit
/data/data/com.crowdstar.covetHome.hack/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
04a0f8b4e004cead0a4133728809035c

SHA1
3347356ea37e74fdd34f3ee604eb5dee59b253e8

SHA256
8aad2e63091db228df30faacbdb977c36918eed4931cf3641d56112cb0cbc9f1

SHA512
a9f6d6edad70dfc18737b565ab0d48d3d6ab2789c77ffef73a20a281c94fd40127b6fee56ee7dcfa4e8be5243762286ebe9f9721696969d18714e49eeafe8070

Download Submit
/data/data/com.crowdstar.covetHome.hack/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
170fb183d201fdd66afe3ccfb58308bc

SHA1
c9f8c60ab52a5d97b268f8bf622f825f07522366

SHA256
8af9192c7c27c8d1efcfca04bfa4c4f697ab40b086f17f8930c2ab40eff1fb03

SHA512
6176f278d76899c72a0b6e8ed69270f71e37fa06d8e28026aa5738e4749796d4eaf2a0cd06c5daaf88b10d9b99eabcff81a85986fa67a576ea099b5ba7ff8abd

Download Submit
/data/data/com.crowdstar.covetHome.hack/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
d1c551a7a1e3b204a223f97cac38a271

SHA1
9e46881bd056a14927a29f74567cedbd1fdc19e2

SHA256
40507e88836ee0c4cd678dfb5175394294fa5de64d1e727c026174eab33ec61c

SHA512
d9696259add02b1e18de2d792a14458439111fbd0795088a0b8a55b8057feb9004244373827312b773f55d43b1f4e6140010bbeeddc7daa814459e3e5a655c3d

Download Submit
/data/data/com.crowdstar.covetHome.hack/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
27e6e9ef0945dcf762a6a8c2a2e04657

SHA1
24de1fcd6a199872c4b026827f16d84463fac34d

SHA256
f9bf35bb60045bdecac1962c8916a453e75677abafb06221936ad5de2dd9851d

SHA512
4e70fad22f1aa6fbc4674b3f125550e1ad63c0fb169fc6bb60dc79ab713f78cbdb78b9f4df175fb325bf24c877624207a8eb76d1d0be8e0e3c6cca102dd42a43

Download Submit
/data/data/com.crowdstar.covetHome.hack/no_backup/com.google.InstanceId.properties
Filesize
2KB

MD5
caad89a6af0d041d4edd67a3efd8f103

SHA1
13baabe1edb78f740dcd1eda25877395127528c0

SHA256
1654887f72dee4be44f40d30367233b4766b13741337e4ee2a3db11454f54c9c

SHA512
62918390f3a49dd6b4928989f96822b4cdca4a9a93c3ebb11461a9e22cc5865d6c0f8946d11e16a089c9232b2fa7ee0cfbc9abf424c4258bf81d9a2cb289705a

Download Submit