124074e575560365a93cbef654360a960c72f9a6396084176f2873dabfd90456

General

Target

71f1c810374d3204c48b1921ccdbf637_JaffaCakes118.apk
Size

25.1MB
MD5

71f1c810374d3204c48b1921ccdbf637
SHA1

5f83afaaac1b872399f136e3b67d662a08ca3a59
SHA256

124074e575560365a93cbef654360a960c72f9a6396084176f2873dabfd90456
SHA512

deda204cab1f5c051009e9ac048080b1e463b98852ada531701374bfacef8250f2a8d7c49bb284a9298d01d1cb3dd97d0d387c81643d09d784e8982d26b51b7f
SSDEEP

786432:YbP6wMnjFE1pDxZnvA4ZMRj6edH7H6Ybz4LPfXCWCEJBFkZDX++WrRlyYOVBaXL:YbP6wM6kfILFkglMa7

Score

7^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks Android system properties for emulator presence. 1 TTPs 1 IoCs

evasion

System Checks

T1633.001

description	ioc	Process
Accessed system property	key: ro.product.model	redclouds.game.jjj

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	redclouds.game.jjj

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	redclouds.game.jjj

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	redclouds.game.jjj

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	redclouds.game.jjj

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	redclouds.game.jjj

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	redclouds.game.jjj

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	redclouds.game.jjj

redclouds.game.jjj
1⤵
- Checks Android system properties for emulator presence.
- Checks CPU information
- Checks memory information
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4252

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1

T1624

Broadcast Receivers

1

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

3

T1633

System Checks

3

T1633.001

Credential Access

Discovery

System Information Discovery

2

T1426

System Network Configuration Discovery

1

T1422

System Network Connections Discovery

2

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/redclouds.game.jjj/cache/1582435991586.jar

Filesize
9KB

MD5
e8e0527a01aefdb89afd2c508f131da1

SHA1
f1103e6b260c657ceb3d95f1b023af3fda8b133a

SHA256
f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce

SHA512
fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

Download Submit
/data/data/redclouds.game.jjj/databases/google_analytics_v4.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/redclouds.game.jjj/databases/google_analytics_v4.db-journal

Filesize
512B

MD5
2eadd6cfd3257386b601727efbe604f8

SHA1
a508babf7b04ffde7c37154314b2154b829cd092

SHA256
f4b10d62e838ba9071ccf94f1d705f8362c04ba3c637fef2733ab2d276d9abb8

SHA512
3576aff83526b739733c0ccfb193ecd394198bf230dfb710ff77deff19ea76e8a091941deeafdcde3c4e5a979e7c98b25139a6faa0447515007aee6425285a2c

Download Submit
/data/data/redclouds.game.jjj/databases/google_analytics_v4.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/redclouds.game.jjj/databases/google_analytics_v4.db-wal

Filesize
52KB

MD5
08c3ca77da5d2ebebd2c381768e5e4cc

SHA1
5826e2211d9e42d8ffee9198a16abeaf39f52024

SHA256
12bfab2e10b5eb9d5a25b63cc4fe34f1dcee36f66a98c02eb56d175bf866ebd9

SHA512
5b5251f705554af2a5e2c529f39426b3b017acfa4dbb440459e08bf16380a545ed0b15ed9e54cfca13cf462845c047ad00f14c5a955fc7746bd9c016d5fa3a87

Download Submit
/data/data/redclouds.game.jjj/files/INSTALLATION

Filesize
36B

MD5
80aa6112260a378c16397fe615f801c7

SHA1
d4128ccacaa5b20de615a51ed1c8f7da00f57c40

SHA256
a2c25975d3b86eb65c88fe85f9063de59c4f58693e508a118a102e08e22d385e

SHA512
27656481d2fcb7932b0074a42b6df71d9375ba2df21e0b648605993902b04cb7c469ec9ba56256bb383f15ebdddb0ed8e44f3498dc4f7cb5cebc83301432a87e

Download Submit
/data/data/redclouds.game.jjj/files/adc/data/iap_cache.txt

Filesize
3B

MD5
1707b1bf51214dc5971885f13d87058f

SHA1
dd60af9dee6f8961978a28213120da9ba4ae8fad

SHA256
24c87ba6f294bf74f363ba790b7ff17a3e989ab4fd93706ab3965d2bba382f43

SHA512
bec7aa568dcceea362e7eb563ce68c84a3ed5372882765137b2d1b8e083da226c65bc96ae754abdbcf646d57c3fc79e0b52e28258268f8e04c29465e29fac6d5

Download Submit
/data/data/redclouds.game.jjj/files/adc/data/zone_state.txt

Filesize
191B

MD5
b531ea6a661dc73e7895d9a0f86b8b98

SHA1
04d088680ef351f902358116a0fee7094673b95b

SHA256
c1720e5606e827f00919a6bac53daf5e75844adf8990806b984ed33087c293a8

SHA512
4e9559e86fedcf1059b4759467c8509a9ce4c7eb85f9331fe76e2ea716f2df8f7f4509aaa382adc8e8ab6210cc87263ce5a6a580aefc539cce46bbf3b690303a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads