75b66f0b62efd1bbd3fa88ed037735b87c1b14dd3edafbc6c57f8e914f5caaef

Analysis

max time kernel
44s
max time network
159s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
23-05-2024 16:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6b8b91b7963bca247a9200f938275c38_JaffaCakes118.apk
Size

6.1MB
MD5

6b8b91b7963bca247a9200f938275c38
SHA1

ec18222197774051013a5dd848f3acdafce6cf3f
SHA256

75b66f0b62efd1bbd3fa88ed037735b87c1b14dd3edafbc6c57f8e914f5caaef
SHA512

96d4db21ca9416b90087465d55859d2601a8b656fd052cd140451155e2575712c437e442d5a6044538f59042bdc2785776965f6df7b1523abd7701865db0837a
SSDEEP

98304:g8CdrTLh4pUcxh7EMEjzeFsX1wh5AfL+sqG8+fPQQ8/5DeRMNryAiRgqU2XybWxz:9bhozeFj5abv3C98X1XyGf0K3

Score

8^/10

collection credential_access discovery evasion execution impact persistence stealth trojan

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 5 IoCs

evasion

System Information Discovery

T1426

Processes:

com.crowdstar.covetHome.hack

ioc	process
/data/local/bin/su	com.crowdstar.covetHome.hack
/data/local/xbin/su	com.crowdstar.covetHome.hack
/sbin/su	com.crowdstar.covetHome.hack
/system/bin/su	com.crowdstar.covetHome.hack
/data/local/su	com.crowdstar.covetHome.hack

Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

Suppress Application Icon
T1628.001

Processes:

com.crowdstar.covetHome.hack

pid process

4619 com.crowdstar.covetHome.hack
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.crowdstar.covetHome.hack

description ioc process

File opened for read /proc/cpuinfo com.crowdstar.covetHome.hack
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.crowdstar.covetHome.hack

description ioc process

File opened for read /proc/meminfo com.crowdstar.covetHome.hack
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

Clipboard Data
T1414

Transmitted Data Manipulation
T1641.001

Processes:

com.crowdstar.covetHome.hack

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.crowdstar.covetHome.hack
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

Process Discovery
T1424

Processes:

com.crowdstar.covetHome.hack

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.crowdstar.covetHome.hack
Acquires the wake lock 1 IoCs

Processes:

com.crowdstar.covetHome.hack

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.crowdstar.covetHome.hack
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.crowdstar.covetHome.hack

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.crowdstar.covetHome.hack
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

Scheduled Task/Job
T1603

Processes:

com.crowdstar.covetHome.hack

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.crowdstar.covetHome.hack

pid	process
4619	com.crowdstar.covetHome.hack

description	ioc	process
File opened for read	/proc/cpuinfo	com.crowdstar.covetHome.hack

description	ioc	process
File opened for read	/proc/meminfo	com.crowdstar.covetHome.hack

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.crowdstar.covetHome.hack

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.crowdstar.covetHome.hack

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.crowdstar.covetHome.hack

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.crowdstar.covetHome.hack

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.crowdstar.covetHome.hack

com.crowdstar.covetHome.hack
1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Acquires the wake lock
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
PID:4619

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.crowdstar.covetHome.hack/databases/OneSignal.db

Filesize
40KB

MD5
2479ff01e32c1445266304f37e9e7b35

SHA1
63a2b50d03eff98a4b5e684f1f95996b78219e6c

SHA256
c276033016c0ae04c4e1a7128d443a01aab24d99c434696ee1b01fef2d3acf15

SHA512
14b24f8be6f9a88e31a2d74f3f13cf9e84817bfe445b8b8a873c1678f274714237b3f1a2fc9c5821c300fc72418e3229439107c2a2ff307007409dee6fdf16d3

Download Submit
/data/user/0/com.crowdstar.covetHome.hack/databases/OneSignal.db-journal

Filesize
512B

MD5
574e0c8f483153e0b3a268921622befa

SHA1
54ee350aa3c941f271821ab88f51d0611d049240

SHA256
88d268484f4b3147ca68f38badd80da64638926cffc8cf3513e38e30f2300b3a

SHA512
dc672da5ef21c8f5f7a7aceae3e55beee6043fcd71cbebd7dbde93a73cdde67791be5da1a33182f2275156d3bb1eac36d82ae302bf0227b34b2c6320992855a1

Download Submit
/data/user/0/com.crowdstar.covetHome.hack/databases/OneSignal.db-journal

Filesize
8KB

MD5
626642bfbec9d1cf6c3442d22ed356d6

SHA1
357ad8216e12eeff80bfcb31fa8bbffc5119132f

SHA256
c5a22cf970cb7087688456071587f7645389781b51a7c2b383670ac70bf8f028

SHA512
3819a00268e3aeea2fb22a9a97d23f0b0e7a3bdcaf9cf301a308ef922d0cf31821977f1e0c7f24e7cb654a8ebb9bf178650836fb839ce7a728296a688705aa25

Download Submit
/data/user/0/com.crowdstar.covetHome.hack/databases/OneSignal.db-journal

Filesize
8KB

MD5
99cc95ebbe0989ba7188cc6e3889d283

SHA1
6bbddb9ca0254cf300be8a445351018e0ea6a90a

SHA256
ffe62089fa3ae2ceffc1757d8bab81404f9139af2b6c211aac710b635379b43d

SHA512
eda0697cb79572011c73bfc2617a866b98ccb663b51e6baa12fa86f9451fc75b349b2d809950956e448830a11fee18c049866befae3cc1191043a7eb117ef300

Download Submit
/data/user/0/com.crowdstar.covetHome.hack/databases/evernote_jobs.db

Filesize
16KB

MD5
9213126947d3f90056b8030697271c31

SHA1
694095c7704c50e7d8e72cbc13dda304bd574984

SHA256
37b4547176c6b91ab3a8b2bd7bf4a88ba8d83422b10f8943f5f34521766fb43e

SHA512
184124b289854b84e6cf75b22d4b2d221446ec8ecba39175421aa1cfd50bcc07f093fa571675cdc99dd1e496728cd5d97e427f208957d3fff0a7b8955fd192f4

Download Submit
/data/user/0/com.crowdstar.covetHome.hack/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
da6a718bcb47f1bbedf8b442f865fbb1

SHA1
0284ef76b4d6f2fd7d93154bb4d37a7a48ec9fd0

SHA256
1749dd41ae556e580d90345c5949a14428717f6e6c60a024b7715daa889910b9

SHA512
5b9c8650e8c420acddadafaf196b50a6c47e349c56a9dcfaa13ebec2e6863840f137a5330ee2b4b5665abf787da9207a3994ac0f97606d2f4a8106e79683e7c7

Download Submit
/data/user/0/com.crowdstar.covetHome.hack/databases/evernote_jobs.db-journal

Filesize
512B

MD5
61bd8ec5433a7575c0039dbe74451dbe

SHA1
98f2b408aeb0909bbaac7bd38e64c4eb272be5a3

SHA256
b229d46cad785c3ea03b1e0ec9c3161a5054e1bccf0276f50919c8b0a5c344ae

SHA512
4409162fdb7b6dccd2333c8587de66152be1fdba7f57b94dc13a510ee39bb84b77e6cb8310a0e32c380e09e9679104c1c7dc5f17ce39570d49c6b5a6376893c0

Download Submit
/data/user/0/com.crowdstar.covetHome.hack/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
b4664081fa2cfc6aa34daa65d011c406

SHA1
004e21257d8e730e61b6713ea4c0f3867907b1d6

SHA256
de7b634130cfa8a511ef55a45fccbee8587da63ef6ec1cd254711cc56604e55b

SHA512
aae01acf02de646fd103e0e3c147aa12ae6e0e6204f6082f81ecd31065595887b5e0d51947fb7d2095d80b31eca0b269b93132effa8588d0d587d48279065214

Download Submit
/data/user/0/com.crowdstar.covetHome.hack/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
3f049250fb8775a997a921b98ff887c9

SHA1
0436332fc856f214b35e0cdbecbb9da9ce66fcf9

SHA256
4a82ce2e0badcdb503365b3eae1aac76312c84b07886c2ba044899f20d409a91

SHA512
a00eee84daf6d5782fa8be6eb937ec7abd2cff33ff333378fbd472e5c3332d48ab2763b8f0e9ae4a2010a45710d4df5f22a607a17a63d4d88d3d86105074d2f7

Download Submit
/data/user/0/com.crowdstar.covetHome.hack/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f8df0513495121c82816d4c806d87a80

SHA1
0dc218a1d78d4f10a939f63dc2995e101cdabf0c

SHA256
612e8c6cda864c28a1c823e5dde50c77343e37c84c7d97ef8a6e86d96bdec245

SHA512
ac99aa95b1ae7861d8f266f2ba85bf9c40156d39b81b888d097aa60bc1e836a4e97b7dff0158aa6ca98d87462a19bea54cc7db2f1bbfec0b51b5ccc246cd723e

Download Submit
/data/user/0/com.crowdstar.covetHome.hack/databases/google_app_measurement_local.db

Filesize
16KB

MD5
dfa14747ad16cb265dd3c0df5ded5a00

SHA1
9d0d4df48081c049a79c4000de57de7859060a7f

SHA256
9f55514eea95e282412385797ad493da460b60b65c8a714d69a6633d68c990de

SHA512
97d6be542292bb8db59db5a8069823b927f4b6b33bcee185e92ade1df3ea618ad148f568777dae68ae6fb72742c3892c5b62267f119bf194ee4d378e7b886096

Download Submit
/data/user/0/com.crowdstar.covetHome.hack/databases/google_app_measurement_local.db

Filesize
16KB

MD5
1ba59da5f3abcaff88956af717dc2147

SHA1
7f6081e1ea633d1870df622461a04114f1a7589c

SHA256
c29b4efa9ff47dc4514f0b05829f5b24d6ac8dd6ffe7caa0c602fea6f81b7f7f

SHA512
926310a1817488856df127d537eeaa0c0d888155979bdbe0f29a6ea876da6ca3d4204ab6f95760a94c02b0b57b6b4a810b16ba65b3d42a4861fa2a3ebf6cc97f

Download Submit
/data/user/0/com.crowdstar.covetHome.hack/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e693a14bd14c0bb1901c4cf80006576e

SHA1
38156cf511f6ccff35cb2d7f02cae75f3df23f8e

SHA256
64aea111fc84893b1f8115108746042b48a6dcfe0cf1d9c19f406eff0f083b7a

SHA512
bcbac8fa2ed9fb8ff2edf26b54c65f3c83a01fea5075950860d84fede16926b6e38eb8c3713ade9fc9802ec8d2c813d98eda05114603d3ac125744922e2286c3

Download Submit
/data/user/0/com.crowdstar.covetHome.hack/databases/google_app_measurement_local.db

Filesize
16KB

MD5
818548be1885386cc995f564f36a8e8e

SHA1
008b0c602ed55b1122dadfb3a20db517d55c10b3

SHA256
b4765a86f69c122307448d0c6e81cebd52ffbc59b0d19da42971e2857f773e6d

SHA512
47840561a1eded73600b656576a7a9195bd1beddb79b08090b9e6bd9ab610de6cfb0a334310bfefe0b33ef157d420aaa17c6315fa2e689398da3328c4460a02f

Download Submit
/data/user/0/com.crowdstar.covetHome.hack/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/user/0/com.crowdstar.covetHome.hack/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
dd92f1db240a2001319d374cfbe2fdd7

SHA1
de50793c543fa7fdd0b80be4d80bf41024feb44d

SHA256
e93620781b0aad416cb45fa005f743cd16a3453900fc8b37d2a8752ee5ad4d8e

SHA512
0fbb93d1231b7940d393907653e618ee065ca664a19587349dc6ddaf399b6d85607d4952b765aa9254647838629ce8df7efc426b94c9b9eab356a843930f14f8

Download Submit
/data/user/0/com.crowdstar.covetHome.hack/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
ee4c3789c42959e73e4e53d096edf774

SHA1
6b40efc7310e3a121a12d64c78682285e8597318

SHA256
68127830e820304866c1033a07b935b48459339cd39ecd1ac6c089cc3913fa64

SHA512
eed0a6361f0444e569b52cdfc1cce04a084a796962aec2d50dc9d81875c41296a42ad44eb7a5d779923cfcfc81751599452b8693c8ad969e9fd6da79c4507c0c

Download Submit
/data/user/0/com.crowdstar.covetHome.hack/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
7a231c5623090abad194ba0fa74bce54

SHA1
9686907cfcccaf44e01d4dc5e59eeab6c013d186

SHA256
cd0707c53e075b6858482a0f79ec2e4bea0431d81bec135f553cf09508d151cf

SHA512
8c5b3b156f0572b4db25c88c179dfe64aade8f3f246dd797352197847bfa6758da77d27958c29e6b8a2b1c242163e3a4cf050e0488ea76150b221b74941f2abd

Download Submit
/data/user/0/com.crowdstar.covetHome.hack/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
f509e3bcbc7c53923f02a2479efe4ccd

SHA1
3bb77fe30037260e34d2b6db67f41bf1087f95b7

SHA256
cccd529c7685b8e8f8fb4b995264e808d0f57df2eee2d48314c694ccfeb344a0

SHA512
b4e8625e82b65e2b0e2c96fda5a9d97a1109df16f832878ae9665eb8ee2bc2732c2c39ef6884b328a76d9113294d3ae182afd7c855f5e764e0a6e66986c406ff

Download Submit
/data/user/0/com.crowdstar.covetHome.hack/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
b78b11f7e4897153b91033bf8e0d054b

SHA1
1fded61f0e957c96d29e152dc97df57be6283617

SHA256
5bbca20c39ad8d5d2912ee5bf1effdc526b89c8c7c2f25ee6945f75a129a42bb

SHA512
365cb11e5b88490ae88d06386caa61b1d253e547125a38ab8e8a2398bcb3b4a614983a3661cfbef8592e02583f75f316fc367550132ea998bfdf179d24e95c29

Download Submit
/data/user/0/com.crowdstar.covetHome.hack/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
cb9b452ece46cc9c8ee6c862e66c4404

SHA1
c18df26d03293400baa37e1a9f0c4b9341b65ab0

SHA256
265b66852bdbc871e6877a579b901d9d73187a7578535c11509dec044b531498

SHA512
52c5afc27280c14d91981db01e077194d91c0102dc2077e0688e87d306bfca3b3a4dd39e40522293d42af550fe8dd014fa22255b55c4ebfe72d56ec90a6a037d

Download Submit
/data/user/0/com.crowdstar.covetHome.hack/no_backup/com.google.InstanceId.properties

Filesize
2KB

MD5
dc6caa441ea5fe3d2ce22ff6cc19d0c2

SHA1
eb5d2cd84613da6ea770a0fde988b0303b673c49

SHA256
7991668679b76a27b495cdf91a14e239c079a44d08d3c95977b9db86a3f76c36

SHA512
3e285d05105e07686560ab937536f3c9867519f72d85e4ee06a78f48674b0f013f7386e372eea0985a7f7842ed70128852292b55d79a7da0e3a7db5339f4df66

Download Submit