51c3fed39510f9b0af862b8552294ceae6aeed6fc879cca6b53379e099d58301

Analysis

max time kernel
78s
max time network
130s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
29-05-2024 21:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

820f46eca72897a7738b3b5c2526063d_JaffaCakes118.apk
Size

1.9MB
MD5

820f46eca72897a7738b3b5c2526063d
SHA1

f3b87b5fc4837ec752357f6536639f91c7400840
SHA256

51c3fed39510f9b0af862b8552294ceae6aeed6fc879cca6b53379e099d58301
SHA512

9900dfe6793e73756ad864409fbc478529c17df00caa5f57eac01719a823d1195730790d70b46584a03f4f3ed2f1b829e2be9be2f40a5bb1d964ad3471df609e
SSDEEP

49152:4qNGWEGPFJT6sdThCO2JK1H0jw878KQm73ZGj:4qo+9JjdlCOmn78zJ

Score

8^/10

collection credential_access discovery evasion execution impact persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

Suppress Application Icon
T1628.001

Processes:

com.spacegame.cashshow.hack

pid process

4516 com.spacegame.cashshow.hack
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.spacegame.cashshow.hack

description ioc process

File opened for read /proc/cpuinfo com.spacegame.cashshow.hack
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.spacegame.cashshow.hack

description ioc process

File opened for read /proc/meminfo com.spacegame.cashshow.hack
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

Clipboard Data
T1414

Transmitted Data Manipulation
T1641.001

Processes:

com.spacegame.cashshow.hack

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.spacegame.cashshow.hack
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

Scheduled Task/Job
T1603

Processes:

com.spacegame.cashshow.hack

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.spacegame.cashshow.hack

pid	process
4516	com.spacegame.cashshow.hack

description	ioc	process
File opened for read	/proc/cpuinfo	com.spacegame.cashshow.hack

description	ioc	process
File opened for read	/proc/meminfo	com.spacegame.cashshow.hack

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.spacegame.cashshow.hack

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.spacegame.cashshow.hack

com.spacegame.cashshow.hack
1⤵
- Removes its main activity from the application launcher
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Schedules tasks to execute at a specified time
PID:4516

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.spacegame.cashshow.hack/databases/evernote_jobs.db
Filesize
16KB

MD5
58c0b6e45328752b20ac6e719ac034f8

SHA1
372b2638afd00bbbc4034657b3df3d2e428fb367

SHA256
9d74f93afa5a179b1ba2f19f154b2880aa8b99c88209802099045a0874d2426a

SHA512
2d347d5824b9ab701e341c89e8327a95fd6bab8e92ee15ce9550da368d773e22bff304072a4854df5ab763750a7401f7aa61a49e3292d62c27fa9f20536eb3ab

Download Submit
/data/user/0/com.spacegame.cashshow.hack/databases/evernote_jobs.db
Filesize
16KB

MD5
504db0e03b28765f5a2e3cbd9795afc7

SHA1
57855ff14dcd97a7ad8d72698be9ab895b40a88e

SHA256
f33ca9a0ea68c8730b4060d166b7a98000e7d88e84a768d82494bac842766392

SHA512
aacce280b704130e541136bafef49daaa43375a68d0960bf7c4664d1a2baca5ecf7df2e75d0d89f69bc8ee45ec09a91aef94100de1f63da449b030d969b94ef8

Download Submit
/data/user/0/com.spacegame.cashshow.hack/databases/evernote_jobs.db-journal
Filesize
512B

MD5
a71d75ccd6e68c5ffb9a9dc620c1b282

SHA1
79f4eefc40f007da59cf1ac1a64cdf6d136e2c3f

SHA256
f28651579f53ca5ac3b639b22b99666f35ed5b4f1574c1d8f0b9ce3c3e453428

SHA512
ab0c4121491ee877a53e2ac02d2003cc446daa851064e81eac91acfc8bf4ccf7bfedf8cc09085f0f42412335594acfabe3cf8d9c96ca8e50f995390c023c8e4b

Download Submit
/data/user/0/com.spacegame.cashshow.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
9baeabc13f47b533e2b8edddb5689710

SHA1
cf050292277eecd14ff6ce40c174f0898bf46f23

SHA256
563be36c21d2ed7e5ef2546f063d7ec0d7a7996018c28373506e759c2425d738

SHA512
a5b2089aca300bc2d5bf4d610236e687be9e3abf94ac525ba825aefb8143360ba50c5cd25b5da1bb82546e9ae11f67efbabdcc92f7b159ed5b213b547b633a27

Download Submit
/data/user/0/com.spacegame.cashshow.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
1558edbcfdffca7c68f58ebaad75be18

SHA1
4fe9896de1bc8f7a116e851008b2960a62ee65f8

SHA256
722258b6734c349da85ddfe451710e552beefdba64e582930bb7b1d24a961b75

SHA512
8370fa678e6fa7971ba4a7f96a4b9f773c76758f9d8b62288a9eb391c04339299c06813782dcdbab317efe3b30b75651248a988812448bb98fce11547e42b658

Download Submit
/data/user/0/com.spacegame.cashshow.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
ee1008f0dead201815b3987f4524df00

SHA1
8f72ff65964d796e4bc9361d87a405b366289fea

SHA256
281d22beafb1fd914c476ac2d30d06c4f1190fecaa7d5de759663dbd4397fbb3

SHA512
0955dee5255295032c2661a0b2b0a663bb65d2953569c6395034d3116e89cc5cb7af52c141c8330db1ee6b14c9679ea1bd28335734b9a166c4d053502d4c8a67

Download Submit