Analysis
-
max time kernel
111s -
max time network
184s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
-
submitted
24-05-2024 17:09
General
-
Target
6f3b42c3b3eefba228151c2726656609_JaffaCakes118.apk
-
Size
27.5MB
-
MD5
6f3b42c3b3eefba228151c2726656609
-
SHA1
ef7fa8f4b318fa3cdce84972a0e3c9bcd31b537e
-
SHA256
1f72cf0c757ac796bc910f0ebacf060936fbe66f3a593945678094180e1d7edf
-
SHA512
38668d28dddeca7c405fd1a9290b5e2c94afb6914a6f3c0baad143c770f5c6841905660aa52bc8d5e25e5877c7b6b0bbea8db89f9a7678c98ecc0f53a9cf0364
-
SSDEEP
786432:iwNjOhbAlOR2KTOhWcAtksERnU8RjrAvfe8Gtmu:iSOhc+2KTaWc5s0UWQHe8GtF
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 3 IoCs
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Loads dropped Dex/Jar 1 TTPs 11 IoCs
Runs executable file dropped to the device during analysis.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Checks if the internet connection is available 1 TTPs 1 IoCs
-
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes
-
com.cyberpony.stickman.warriors.archers1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.cyberpony.stickman.warriors.archers/app_working/facebook.dexFilesize
252KB
MD53bc7b2f808b674ad7d0f475e32f76a41
SHA10f0d3cf3f3ee266940a2efb766956bf4d6665812
SHA256ccca0b419dab1b2dc7f617d3d038040ff17323d847df5ea2885ca21ab323da25
SHA51251fda7c7b420260a45c6ee3a0fa6561fe190d6fabade54f6939a26eebc0b27ff53acf881989dcd8352971e179879d6474985b172ff74d6e927db0a1ce5a3dcc7
-
/data/user/0/com.cyberpony.stickman.warriors.archers/app_working/flurry.dexFilesize
623KB
MD50168469cf8197390b5589493dab26900
SHA1024df60dfaa34f8f36fb374411bce42340fba111
SHA256643732d42396e874bee6a46b3679fb07c933a38d4154068a2d9284c6cd4e5eff
SHA5121d880f4fc5a52926c0a5c8f0e77e0212d8b441e9ae47eb9ef596d02bbbeaa333bbf99ba8a9918c0145d8203a761116a5bf783f3ea7caaaadaca90ba05157b4bf
-
/data/user/0/com.cyberpony.stickman.warriors.archers/app_working/revmob.dexFilesize
129KB
MD50cfd33137e611ce57ca829de7193b740
SHA18d6602c51b8e59e3158816eedf293c20cab3a29f
SHA256faa407470def95bd2d3133b1bdb126df1adbd69c385a2b3374187910c32573b7
SHA512daec5619d965c2980d86f345b4501044be879ebee7bc024e8d155951ed4e8bc00565c5f8aca5ba9ac82a7cd367ed517d42313f523105108cec2b9f6bc7bc2bb3
-
/data/user/0/com.cyberpony.stickman.warriors.archers/app_working/startapp.dexFilesize
563KB
MD57e1a5d687bea14d7207120a33f422f93
SHA1b3280de56f8398747bddaf53b6296c8839205773
SHA2562058edafbf23b3747c862dc335fa1b95a59a636de07766e47ce7f7e0b61636f5
SHA512ed1c38a4fdc2e0cbc164f256082b316188237b9417087289704b2361ede319832e9566da218c25f6b9f57c7b641c586d6754c70a2458feb9f8bd2838b9a75887
-
/data/user/0/com.cyberpony.stickman.warriors.archers/app_working/yandex.dexFilesize
343KB
MD5f8d1e2b032baaedddd11ff11f845284d
SHA1b28cb88a2b4b46876bf93f1c3b1dd6d72bc8225f
SHA256bc8a4f3cd6414fe90c18f3228ea687d7016055f2eddf7fb59d94bd204d8ee38b
SHA5121255ca3fa9160699c3318cc738991a69f70502c4526b9f4ebe7caeffec8b62aed21208294498ae07506327b6522adf2ae176d64c5ad8ff70d74ba3f09a731d3f
-
/data/user/0/com.cyberpony.stickman.warriors.archers/cache/1582435991586.jarFilesize
9KB
MD5e8e0527a01aefdb89afd2c508f131da1
SHA1f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34
-
/data/user/0/com.cyberpony.stickman.warriors.archers/cache/1582435991586.jarFilesize
20KB
MD5fde2ee00cbd121cfab5290b078aa3ceb
SHA1e2b77d5320e155e413d040a8c20020962065b2f8
SHA2562897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56
-
/data/user/0/com.cyberpony.stickman.warriors.archers/databases/google_analytics_v4.dbFilesize
28KB
MD560ae3555b60853ad5a921e6f0e489e7f
SHA1707ea120f60037bddac28635b5f3c0d74a69dfc1
SHA25668be1e675b68f8a894c80caa952c1205e292c427657bb79a58b9b366934d1d8a
SHA512550cfd40a3a3bc7be604a81c9c9c879078033d12282cf32ca6464851479823febd12ed2162ca6241b01a03ad52cd80cf3fe3c0252591e68cb11a8ceb682f2f39
-
/data/user/0/com.cyberpony.stickman.warriors.archers/databases/google_analytics_v4.db-journalFilesize
512B
MD5dc181bd68bb5cc3548f957883890a4c3
SHA1f285db590c77d707ce8d1c14dec8aa558a9f57eb
SHA2566f706a490ff7aa6550bc64d1463abad40c5d7702eb54396f9b1fd9dd63d46ee7
SHA5127c60424dcf0ac9b2f9e5faadc5ae9cad6aede9076e4fb061cf13c75bf971705c69adafbbc831cff3be84f337620133b400af72249608a3b78bed0fe18094ea5d
-
/data/user/0/com.cyberpony.stickman.warriors.archers/databases/google_analytics_v4.db-journalFilesize
8KB
MD5fb3b6567e1b8396198612e165c78b833
SHA1718adb2a49f9b86d0f40d6b3f65ee4c57f73df48
SHA25660ec206d77f080c0ef588663fb1ab3c0d1b3c63c3fd5848c6e005150594cdf2d
SHA51222656dea2d993408a5f58c0bdea4e5cc0d14c76a7a8323cd7508ff442dbd117deb0d3a655c3d11b2711438647dc66cb66cdacc78e520a388c209d7b8f115fb8c
-
/data/user/0/com.cyberpony.stickman.warriors.archers/databases/google_analytics_v4.db-journalFilesize
4KB
MD5b4c61ee06a508ac1ef75772141fa6e89
SHA190af7b96bbb68de150aaff54542e5ac46bfc7d77
SHA256ad0249c6aabb3d82ae4045cc20c4572c309178a1def583a77b6aeec6f92c7273
SHA512a08664b689ab17338b36cf0c3e641d45ab6a17f4ad338ee696aff3b81dd1989980c0d30cb75192d1d0864479e17c51a260e1e94837d1411d7b3ef9ad1035ffe2
-
/data/user/0/com.cyberpony.stickman.warriors.archers/databases/google_analytics_v4.db-journalFilesize
8KB
MD51890fc8ea9e78191e172ce0b1e2f9b20
SHA1568c6c9a2ba4d63fdc72fa25563c564fdbb8fbff
SHA256ba082ad2a0748e8e683f080c14317f5d13ed429b8bef13965a91136f6a736827
SHA512f82c236fa4f4bc5365e1b65380213d0ffdc5f4c3e971865517dab348d1055f211bd487e7a831e1c9bafa9f385f7cf0aba1c9511e439fd5369602b35bff0360c8
-
/data/user/0/com.cyberpony.stickman.warriors.archers/databases/google_analytics_v4.db-journalFilesize
8KB
MD5310ab4b26be270ca770c44d76ef34ca9
SHA1034e8416c96e74d57862a8f5f99cb809a3f43b8f
SHA256c3e4a760c7413c9313dab34a0a36622d06c7d3cac39bcaee60ba5207afed73fb
SHA512c143e2ce889c6033e4692090e75588c7fafacdd90d578ec51056d25dfad72670363987a076441c640ebd2993bd7355c64405bec9b8ff95ca0bc79893687e803d
-
/storage/emulated/0/.appodealFilesize
5B
MD588278dd6f1c310e699905218a9161893
SHA1616e70e35b2ce06b150fb71911606ea34fa100b6
SHA256469abedf5797bb56f1afa35a227eba1d8f7b3e22c99426e527da4b0d839dde15
SHA51286b75a46ffbd2c5f9d3dc8c3a3ab8c52a5a93ae22c669c3f20b7a715be6875af0fdbe25e7899e6b4c8ec9d328b634d2674d5749c2174ad3af0e95b3483fbb106
-
/storage/emulated/0/Android/data/com.cyberpony.stickman.warriors.archers/files/Unity/77c9d3b6-5871-4364-b8fc-00e781b8c99b/Analytics/configFilesize
293B
MD58673a8ac0b06a9d056d08d62f857ba4b
SHA1a351bea1932270bafbe468584058fef20dcfc31e
SHA25683b3f90c4edf1f122c8faf9784ca0aee4dd017c65493ac181c1814211703db96
SHA512edf28eb7fcef654f139285d308f817ee230d6f064a4c865109d6dfe6f73c11f8f35737c8159c8a302118237ab980899ba5773f547cc9da4028643a53b08e324f
-
/storage/emulated/0/Android/data/com.cyberpony.stickman.warriors.archers/files/Unity/77c9d3b6-5871-4364-b8fc-00e781b8c99b/Analytics/valuesFilesize
149B
MD522ef6c84fa44ac0e056aa131f1663eb2
SHA166067914b3ece5f55921df4bbea273718b2e6145
SHA256ba0a273b380328bd648555a259dce7f8b3ddf4c9b46f449ce3c9c3bb0b5ec913
SHA51273778cdf08dab0781a9706f40620b7a75af7d649dfef0a8cbc4547ddb29cc8507c3d8a279d5cf016ecd6c0a550ebb13b1b150eb6b23d507d99c8901530ec872b