Overview

overview

8

Static

static

1

7ff4395816...18.apk

android-9-x86

8

7ff4395816...18.apk

android-10-x64

8

7ff4395816...18.apk

android-11-x64

8

Analysis

  • max time kernel
    50s
  • max time network
    158s
  • platform
    android_x64
  • resource
    android-x64-20240514-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
  • submitted
    29-05-2024 07:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7ff43958165e7480e6bafc2f46ff3991_JaffaCakes118.apk

  • Size

    1.9MB

  • MD5

    7ff43958165e7480e6bafc2f46ff3991

  • SHA1

    c0c917acd604d2541dee447ff9bd1701e10c05b1

  • SHA256

    a2cf49470ba61389d381beff0547022e86e99c247fa5915e9e379d2ae0c35e98

  • SHA512

    3c16c47271655efda57f3224e93f8fa126ae65a1353f915f80953ab6148e953f898eccfd3b62da8cd31c5430e9f47b82e84db826bcaf94a80bbf43f81b187099

  • SSDEEP

    49152:JDSfu8uDQxeHPxmqJ730nCg21l50Q0EfEkEe73Zoy:RSfFLxeHPIqSnbs51j

Score
8/10
collectioncredential_accessdiscoveryevasionexecutionimpactpersistencestealthtrojan

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • com.templegatesgames.RaceAndroid.hack
    1⤵
    • Removes its main activity from the application launcher
    • Checks CPU information
    • Checks memory information
    • Obtains sensitive information copied to the device clipboard
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    PID:5228

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.templegatesgames.RaceAndroid.hack/databases/evernote_jobs.db
    Filesize

    16KB

    MD5

    12627a2ec645c4a4bc50dba5903afd59

    SHA1

    504005c938517e61bcf68b65a055c2faba635c2e

    SHA256

    f177ffae9650eb4f407c2d9a510bb5a5abe1ece2fdfe24effc62478a1bfa5903

    SHA512

    7ff69589296e02383a217373399e75d8a82fa17146e4273f4c0eb630f096dd9f394a3324d60858b02f7e5cf177c82c6d966f5cbedb68ae6a98df7cc851b79cfd

    Download Submit

  • /data/data/com.templegatesgames.RaceAndroid.hack/databases/evernote_jobs.db
    Filesize

    16KB

    MD5

    db35d03e6b204f8329ed90497b9e12ed

    SHA1

    28184b7a4b7407c9a03a9ab7cc42cf03e26a95fa

    SHA256

    498cd83396e005e3ec7376c1a7323594d33ec8209124e533ec7a03e73f7b301d

    SHA512

    240ff140f149529e73984f808d9fac0ba0427cb7a41aa919593e8d396bf9eea1293ea6ce2fc6d9ef7e4d0b88a9cd3498da9fe5f0399d44cf667277d25eba960b

    Download Submit

  • /data/data/com.templegatesgames.RaceAndroid.hack/databases/evernote_jobs.db-journal
    Filesize

    512B

    MD5

    41047465323945e8f6e9c3357cf1fc87

    SHA1

    ef3cfa420b570e4865c0f166b5d28bbb3803131b

    SHA256

    6e6239ba3cc8b752665ab20e2a224c8e3463392a42c6265b76ccdc3e29e3f313

    SHA512

    72b681e9c8118cabeb2c2769a478e73b7c3f461f311594d7510c0c32e638d541c87a0d8d00804aef9468de0a4c3e0a93ebe85116b2061c8dade5dc2f7085144d

    Download Submit

  • /data/data/com.templegatesgames.RaceAndroid.hack/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    d26fd000b8ee64e952604eb39566de8e

    SHA1

    3d9085a43b9d42cb460f885261580fe4e7659959

    SHA256

    d51553373f906aa94c31edb55e94a17d803c49d13ec522ea8670df73b13d298f

    SHA512

    a0fce79b73c0ff136d6e013fa3bc95db14b4f2fc82c85753c4614ff92476cd93df61dce2215ccfd1b4519d08b46bd171fb436e4ab1772429efbb731188329802

    Download Submit

  • /data/data/com.templegatesgames.RaceAndroid.hack/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    a91cc143006f15800675f5996bf730ed

    SHA1

    f8ba68356977cef61d279e1fa7bda1ff6f508318

    SHA256

    5bc27b412a31667cfe5e802b78bb4799aa21e917200cb7ee698f01df8a119ce3

    SHA512

    8da62de2ed473454d1fd77a3978f37a3a11864459bd3090bd2237bc69688e7411d932ca3eb9888c29ececfe1143b8bc243327f16d9c7e1f3c5da59cdb10d3e4b

    Download Submit

  • /data/data/com.templegatesgames.RaceAndroid.hack/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    3cfd816ba9df333a663e47eb49db6f2c

    SHA1

    e5324ce9c72a37bc5f0b7437e5e6612d61795a28

    SHA256

    251288d6cf38f663f401bf8c8eab4a022c4fa1325b35015e55f1b9c2801a2184

    SHA512

    a4452ed1bac7d13e70871f6c89f9dde68fbed537bfa62be166ea6406e89526bf10d195e61f6e040fd37ee1f8f03b812e4a9cbbc5f4dda44f8008171029d326de

    Download Submit