Analysis
-
max time kernel
78s -
max time network
130s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system -
submitted
29-05-2024 21:52
Static task
static1
Behavioral task
behavioral1
Sample
820f46eca72897a7738b3b5c2526063d_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
820f46eca72897a7738b3b5c2526063d_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
820f46eca72897a7738b3b5c2526063d_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
820f46eca72897a7738b3b5c2526063d_JaffaCakes118.apk
-
Size
1.9MB
-
MD5
820f46eca72897a7738b3b5c2526063d
-
SHA1
f3b87b5fc4837ec752357f6536639f91c7400840
-
SHA256
51c3fed39510f9b0af862b8552294ceae6aeed6fc879cca6b53379e099d58301
-
SHA512
9900dfe6793e73756ad864409fbc478529c17df00caa5f57eac01719a823d1195730790d70b46584a03f4f3ed2f1b829e2be9be2f40a5bb1d964ad3471df609e
-
SSDEEP
49152:4qNGWEGPFJT6sdThCO2JK1H0jw878KQm73ZGj:4qo+9JjdlCOmn78zJ
Malware Config
Signatures
-
Processes:
com.spacegame.cashshow.hackpid process 4516 com.spacegame.cashshow.hack -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
com.spacegame.cashshow.hackdescription ioc process File opened for read /proc/cpuinfo com.spacegame.cashshow.hack -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
com.spacegame.cashshow.hackdescription ioc process File opened for read /proc/meminfo com.spacegame.cashshow.hack -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
com.spacegame.cashshow.hackdescription ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.spacegame.cashshow.hack -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
com.spacegame.cashshow.hackdescription ioc process Framework service call android.app.job.IJobScheduler.schedule com.spacegame.cashshow.hack
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.spacegame.cashshow.hack/databases/evernote_jobs.dbFilesize
16KB
MD558c0b6e45328752b20ac6e719ac034f8
SHA1372b2638afd00bbbc4034657b3df3d2e428fb367
SHA2569d74f93afa5a179b1ba2f19f154b2880aa8b99c88209802099045a0874d2426a
SHA5122d347d5824b9ab701e341c89e8327a95fd6bab8e92ee15ce9550da368d773e22bff304072a4854df5ab763750a7401f7aa61a49e3292d62c27fa9f20536eb3ab
-
/data/user/0/com.spacegame.cashshow.hack/databases/evernote_jobs.dbFilesize
16KB
MD5504db0e03b28765f5a2e3cbd9795afc7
SHA157855ff14dcd97a7ad8d72698be9ab895b40a88e
SHA256f33ca9a0ea68c8730b4060d166b7a98000e7d88e84a768d82494bac842766392
SHA512aacce280b704130e541136bafef49daaa43375a68d0960bf7c4664d1a2baca5ecf7df2e75d0d89f69bc8ee45ec09a91aef94100de1f63da449b030d969b94ef8
-
/data/user/0/com.spacegame.cashshow.hack/databases/evernote_jobs.db-journalFilesize
512B
MD5a71d75ccd6e68c5ffb9a9dc620c1b282
SHA179f4eefc40f007da59cf1ac1a64cdf6d136e2c3f
SHA256f28651579f53ca5ac3b639b22b99666f35ed5b4f1574c1d8f0b9ce3c3e453428
SHA512ab0c4121491ee877a53e2ac02d2003cc446daa851064e81eac91acfc8bf4ccf7bfedf8cc09085f0f42412335594acfabe3cf8d9c96ca8e50f995390c023c8e4b
-
/data/user/0/com.spacegame.cashshow.hack/databases/evernote_jobs.db-journalFilesize
8KB
MD59baeabc13f47b533e2b8edddb5689710
SHA1cf050292277eecd14ff6ce40c174f0898bf46f23
SHA256563be36c21d2ed7e5ef2546f063d7ec0d7a7996018c28373506e759c2425d738
SHA512a5b2089aca300bc2d5bf4d610236e687be9e3abf94ac525ba825aefb8143360ba50c5cd25b5da1bb82546e9ae11f67efbabdcc92f7b159ed5b213b547b633a27
-
/data/user/0/com.spacegame.cashshow.hack/databases/evernote_jobs.db-journalFilesize
8KB
MD51558edbcfdffca7c68f58ebaad75be18
SHA14fe9896de1bc8f7a116e851008b2960a62ee65f8
SHA256722258b6734c349da85ddfe451710e552beefdba64e582930bb7b1d24a961b75
SHA5128370fa678e6fa7971ba4a7f96a4b9f773c76758f9d8b62288a9eb391c04339299c06813782dcdbab317efe3b30b75651248a988812448bb98fce11547e42b658
-
/data/user/0/com.spacegame.cashshow.hack/databases/evernote_jobs.db-journalFilesize
8KB
MD5ee1008f0dead201815b3987f4524df00
SHA18f72ff65964d796e4bc9361d87a405b366289fea
SHA256281d22beafb1fd914c476ac2d30d06c4f1190fecaa7d5de759663dbd4397fbb3
SHA5120955dee5255295032c2661a0b2b0a663bb65d2953569c6395034d3116e89cc5cb7af52c141c8330db1ee6b14c9679ea1bd28335734b9a166c4d053502d4c8a67