Analysis
-
max time kernel
47s -
max time network
131s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
23-05-2024 16:25
Static task
static1
Behavioral task
behavioral1
Sample
6b8b91b7963bca247a9200f938275c38_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
6b8b91b7963bca247a9200f938275c38_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
6b8b91b7963bca247a9200f938275c38_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
6b8b91b7963bca247a9200f938275c38_JaffaCakes118.apk
-
Size
6.1MB
-
MD5
6b8b91b7963bca247a9200f938275c38
-
SHA1
ec18222197774051013a5dd848f3acdafce6cf3f
-
SHA256
75b66f0b62efd1bbd3fa88ed037735b87c1b14dd3edafbc6c57f8e914f5caaef
-
SHA512
96d4db21ca9416b90087465d55859d2601a8b656fd052cd140451155e2575712c437e442d5a6044538f59042bdc2785776965f6df7b1523abd7701865db0837a
-
SSDEEP
98304:g8CdrTLh4pUcxh7EMEjzeFsX1wh5AfL+sqG8+fPQQ8/5DeRMNryAiRgqU2XybWxz:9bhozeFj5abv3C98X1XyGf0K3
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 4 IoCs
Processes:
com.crowdstar.covetHome.hackioc process /data/local/su com.crowdstar.covetHome.hack /data/local/bin/su com.crowdstar.covetHome.hack /data/local/xbin/su com.crowdstar.covetHome.hack /sbin/su com.crowdstar.covetHome.hack -
Processes:
com.crowdstar.covetHome.hackpid process 4330 com.crowdstar.covetHome.hack -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
com.crowdstar.covetHome.hackdescription ioc process File opened for read /proc/cpuinfo com.crowdstar.covetHome.hack -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
com.crowdstar.covetHome.hackdescription ioc process File opened for read /proc/meminfo com.crowdstar.covetHome.hack -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.crowdstar.covetHome.hackdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.crowdstar.covetHome.hack -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.crowdstar.covetHome.hackdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.crowdstar.covetHome.hack -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.crowdstar.covetHome.hackdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.crowdstar.covetHome.hack -
Acquires the wake lock 1 IoCs
Processes:
com.crowdstar.covetHome.hackdescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock com.crowdstar.covetHome.hack -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.crowdstar.covetHome.hackdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.crowdstar.covetHome.hack -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
com.crowdstar.covetHome.hackdescription ioc process Framework service call android.app.job.IJobScheduler.schedule com.crowdstar.covetHome.hack
Processes
-
com.crowdstar.covetHome.hack1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
PID:4330
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Scheduled Task/Job
1Defense Evasion
Hide Artifacts
1Suppress Application Icon
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.crowdstar.covetHome.hack/databases/OneSignal.db-journalFilesize
512B
MD58cec4e9a95f81f5fb5c114250fa39775
SHA1020468f1f7d059fb173a15ae2605f97dc22d5a43
SHA2568aaef82e591e67c2ac7bff059f08830cfaeabb7ba0c77391297b7b93c1afeb16
SHA512427d3171b9add800120fe26772cada8e34d6620590e53b82287af23c38f808e394adc5c5dbe5bcd491d3ceb2fe80374e0436a43f281306897ff4f5e62cb15b67
-
/data/data/com.crowdstar.covetHome.hack/databases/OneSignal.db-walFilesize
52KB
MD53eeac836154c705797004ef294e4abd4
SHA1ed36a78fa832729bc01bf032b5c58a324b9d9cff
SHA256c6ddebc42a538529de55ce1e9a44c71bb07fa6c90d2fe18f800a7c4bfcda4d99
SHA512c2f2acb612af34d2761d10a3a0e2297d9b81725657674050098315de4e6d9b522901514dc42a8eee5dcfd59551bde257299f240af38ca711520578de1279de92
-
/data/data/com.crowdstar.covetHome.hack/databases/evernote_jobs.dbFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.crowdstar.covetHome.hack/databases/evernote_jobs.db-journalFilesize
512B
MD57f76fada140030f71ccc912d0ec08be3
SHA102068ba6b2cb5f500aaf8b9db673ce1f54329986
SHA2560daa185a4e86c6ceba43d3536e482a629cb2ac177e4c74c177ae41719ac23ae6
SHA5126fcb1ae6ad26719cc0bd301be9c7a0c2a1521359214ebcbbb3d4a858a29bad0e30c1e777f05261a95e6a6db31fddde8ebcec1501e484bf5d4cf806ea445242d0
-
/data/data/com.crowdstar.covetHome.hack/databases/evernote_jobs.db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.crowdstar.covetHome.hack/databases/evernote_jobs.db-walFilesize
32KB
MD537c3e835a606925bd6946292bd70188b
SHA1c7bbdc25bbed483906463b5309a6e0af9d468a79
SHA256678b110dced26d86bf60cc52a44bb4a024ebe64e9bc93a5383844b66b75683cc
SHA5123f36f1187201beb741b6fa957c72e6e861e71135fedee1b31aac719bd0993fcadea4c4b9d10843d663d05b25b7f9dc13403f812c3d01d3b24908ae91e83da57d
-
/data/data/com.crowdstar.covetHome.hack/databases/google_app_measurement_local.dbFilesize
16KB
MD537b51400dd5facbe9fec1514057c1ccd
SHA1682d82fe3b5870f90c8a3bf2ed2a1c090d955279
SHA25621284e1ac4ed85600bfab8d6194b613796f9deda7b476c1365501f024d77c65f
SHA51257f0fe52d2f8d23b2cf9a41e1376df32aee2ed00c922d328a3e532815c2dcf3d3a85579190206a30da6be1ae76cdd0bbd32fe23a2f0d4c2666b746d298f096aa
-
/data/data/com.crowdstar.covetHome.hack/databases/google_app_measurement_local.dbFilesize
16KB
MD5d7e674d6b05f3c900bad9c24f2213b5e
SHA16d201062d7a2241a008cfe6e62d096c79adc7f05
SHA25648cb90e7ed89b9324468f7127fdbaedfebbe370f54beb71098af45fc1ef2d1de
SHA5123b4b5e83b1c560b505314e0804fa2b0ce036c32d342dad6d050dc8a76b173cbb1d7f5ccb819dd710f0b7626731938123dcb11d9920b94b3e3ccb1393039b2c71
-
/data/data/com.crowdstar.covetHome.hack/databases/google_app_measurement_local.dbFilesize
16KB
MD58c088ec82e061c71560ebdb87b20abf9
SHA11216d24c9b97ceaa579d26836fbf1f8c0fc890c2
SHA2566872eb9103e757ab3c71c93165e6cc944c465fd294be5d8e4faabd7384a32cf2
SHA512661229ed084c2dfa01e5849bc89092af4f1011beb0a3d8cd89d539e41f5e114e21441f58a93d3eb0053e1f5cc703a9f53ee062594e16f9a4457e86fa63cf5e4b
-
/data/data/com.crowdstar.covetHome.hack/databases/google_app_measurement_local.dbFilesize
16KB
MD5f81fefe3552516c3f352755bbd326c0f
SHA1cd6cb256e30b3ac31a3f1f2f6e7656e2ffaaa989
SHA256f281957539f512e0e269eb7d865568c63b6a919f75ed10c3b5c85b2fb6be98dc
SHA5125e067e9ffd2e6565a9d9bd365c4c01333e39dc2677055ab0c5f68e951e599f3d1067b144b9cf321d2b4dd102e27ab4ba50b84eff57eee000c81af9656ecc26b3
-
/data/data/com.crowdstar.covetHome.hack/databases/google_app_measurement_local.dbFilesize
16KB
MD544693692da738db6eb133cf0e4cde91b
SHA1e6bda56494c325d8d37ad89552263ae85d9b0550
SHA2568fe0ac9db76d4a2dcd3b3d54c0efedcd223e25aabf716506493d50e243a7a2d4
SHA512b34ddfe1ae343b1b12f7029ae476a0ba8e1b4043ccb520afb412b3f71335ef679bf29723c9a5c00af7e922e9982d5b3af54b2ed779da8cb601f378e5b9d26be5
-
/data/data/com.crowdstar.covetHome.hack/databases/google_app_measurement_local.dbFilesize
16KB
MD57237409e0640cfab7bdbd429bf821a3b
SHA14c3da934842f8d4835dfe2a9c275a300e5123309
SHA2565c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f
-
/data/data/com.crowdstar.covetHome.hack/databases/google_app_measurement_local.db-journalFilesize
512B
MD5124b31d69f1a9486b97798137397b454
SHA1e8c7da6d641281aadd65efdbdcb4763c65ce494d
SHA256dd53d8922b76c17b2720f5a278788b3110da0346811a453eef697edb79c922aa
SHA512b46aa60270b01268dc3847469015a54418fadcbdbccec2be0fcf419448478d387808fe9fe6e7b57a6db9aa49671fe5d52abe11a9d54ec2147eb9d335f1e937ab
-
/data/data/com.crowdstar.covetHome.hack/databases/google_app_measurement_local.db-walFilesize
36KB
MD5835b028b4af066de070d4e3fff2b088f
SHA1b266c42181831efdb6742372cdc567fe75cf016e
SHA2562c15723cddcd846d5faa5e403ec1ef1c04f3f40669dd7419cc79b2e9c3f38bc6
SHA51210562bfb31a6e81cb31ec1b19e6070bc2a8d7d14a03396db2501b4385109f34fe3f5e7ccdc4f6c220f17ac8dab6d7f898d23c2f7f829acca2754c8dcec239986
-
/data/data/com.crowdstar.covetHome.hack/databases/google_app_measurement_local.db-walFilesize
4KB
MD57ce4af2bc9dafc2f2aa7ead34d3cb251
SHA19e80de988a151fa734c4524089eff646ce436bbf
SHA2565a33e60e3374da4ecb9a79023baa8e25cbd0b9ae38d3558beaf7c337811880e2
SHA512bd993ab1bc19553f0226ce0c9ed94dc80710cccaef036969e6ce7859e004f2977abe17f693b51d58c291854c2d92461ba494a06a3fa2277975d12b8bc63a365e
-
/data/data/com.crowdstar.covetHome.hack/databases/google_app_measurement_local.db-walFilesize
4KB
MD504a0f8b4e004cead0a4133728809035c
SHA13347356ea37e74fdd34f3ee604eb5dee59b253e8
SHA2568aad2e63091db228df30faacbdb977c36918eed4931cf3641d56112cb0cbc9f1
SHA512a9f6d6edad70dfc18737b565ab0d48d3d6ab2789c77ffef73a20a281c94fd40127b6fee56ee7dcfa4e8be5243762286ebe9f9721696969d18714e49eeafe8070
-
/data/data/com.crowdstar.covetHome.hack/databases/google_app_measurement_local.db-walFilesize
4KB
MD5170fb183d201fdd66afe3ccfb58308bc
SHA1c9f8c60ab52a5d97b268f8bf622f825f07522366
SHA2568af9192c7c27c8d1efcfca04bfa4c4f697ab40b086f17f8930c2ab40eff1fb03
SHA5126176f278d76899c72a0b6e8ed69270f71e37fa06d8e28026aa5738e4749796d4eaf2a0cd06c5daaf88b10d9b99eabcff81a85986fa67a576ea099b5ba7ff8abd
-
/data/data/com.crowdstar.covetHome.hack/databases/google_app_measurement_local.db-walFilesize
4KB
MD5d1c551a7a1e3b204a223f97cac38a271
SHA19e46881bd056a14927a29f74567cedbd1fdc19e2
SHA25640507e88836ee0c4cd678dfb5175394294fa5de64d1e727c026174eab33ec61c
SHA512d9696259add02b1e18de2d792a14458439111fbd0795088a0b8a55b8057feb9004244373827312b773f55d43b1f4e6140010bbeeddc7daa814459e3e5a655c3d
-
/data/data/com.crowdstar.covetHome.hack/databases/google_app_measurement_local.db-walFilesize
4KB
MD527e6e9ef0945dcf762a6a8c2a2e04657
SHA124de1fcd6a199872c4b026827f16d84463fac34d
SHA256f9bf35bb60045bdecac1962c8916a453e75677abafb06221936ad5de2dd9851d
SHA5124e70fad22f1aa6fbc4674b3f125550e1ad63c0fb169fc6bb60dc79ab713f78cbdb78b9f4df175fb325bf24c877624207a8eb76d1d0be8e0e3c6cca102dd42a43
-
/data/data/com.crowdstar.covetHome.hack/no_backup/com.google.InstanceId.propertiesFilesize
2KB
MD5caad89a6af0d041d4edd67a3efd8f103
SHA113baabe1edb78f740dcd1eda25877395127528c0
SHA2561654887f72dee4be44f40d30367233b4766b13741337e4ee2a3db11454f54c9c
SHA51262918390f3a49dd6b4928989f96822b4cdca4a9a93c3ebb11461a9e22cc5865d6c0f8946d11e16a089c9232b2fa7ee0cfbc9abf424c4258bf81d9a2cb289705a