a2cf49470ba61389d381beff0547022e86e99c247fa5915e9e379d2ae0c35e98

Analysis

max time kernel
27s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
29-05-2024 07:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7ff43958165e7480e6bafc2f46ff3991_JaffaCakes118.apk
Size

1.9MB
MD5

7ff43958165e7480e6bafc2f46ff3991
SHA1

c0c917acd604d2541dee447ff9bd1701e10c05b1
SHA256

a2cf49470ba61389d381beff0547022e86e99c247fa5915e9e379d2ae0c35e98
SHA512

3c16c47271655efda57f3224e93f8fa126ae65a1353f915f80953ab6148e953f898eccfd3b62da8cd31c5430e9f47b82e84db826bcaf94a80bbf43f81b187099
SSDEEP

49152:JDSfu8uDQxeHPxmqJ730nCg21l50Q0EfEkEe73Zoy:RSfFLxeHPIqSnbs51j

Score

8^/10

collection credential_access discovery evasion execution impact persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

Suppress Application Icon
T1628.001

Processes:

com.templegatesgames.RaceAndroid.hack

pid process

4609 com.templegatesgames.RaceAndroid.hack
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.templegatesgames.RaceAndroid.hack

description ioc process

File opened for read /proc/cpuinfo com.templegatesgames.RaceAndroid.hack
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.templegatesgames.RaceAndroid.hack

description ioc process

File opened for read /proc/meminfo com.templegatesgames.RaceAndroid.hack
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

Clipboard Data
T1414

Transmitted Data Manipulation
T1641.001

Processes:

com.templegatesgames.RaceAndroid.hack

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.templegatesgames.RaceAndroid.hack
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

Scheduled Task/Job
T1603

Processes:

com.templegatesgames.RaceAndroid.hack

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.templegatesgames.RaceAndroid.hack

pid	process
4609	com.templegatesgames.RaceAndroid.hack

description	ioc	process
File opened for read	/proc/cpuinfo	com.templegatesgames.RaceAndroid.hack

description	ioc	process
File opened for read	/proc/meminfo	com.templegatesgames.RaceAndroid.hack

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.templegatesgames.RaceAndroid.hack

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.templegatesgames.RaceAndroid.hack

com.templegatesgames.RaceAndroid.hack
1⤵
- Removes its main activity from the application launcher
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Schedules tasks to execute at a specified time
PID:4609

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.templegatesgames.RaceAndroid.hack/databases/evernote_jobs.db

Filesize
16KB

MD5
58c0b6e45328752b20ac6e719ac034f8

SHA1
372b2638afd00bbbc4034657b3df3d2e428fb367

SHA256
9d74f93afa5a179b1ba2f19f154b2880aa8b99c88209802099045a0874d2426a

SHA512
2d347d5824b9ab701e341c89e8327a95fd6bab8e92ee15ce9550da368d773e22bff304072a4854df5ab763750a7401f7aa61a49e3292d62c27fa9f20536eb3ab

Download Submit
/data/user/0/com.templegatesgames.RaceAndroid.hack/databases/evernote_jobs.db

Filesize
16KB

MD5
d83b4a2ff6693910eef5d774a7e1b96f

SHA1
0057b88f57fca407990755a0a923697d0552556a

SHA256
98a3ab365f0f95850455f9f7ec307eae3177e5779aff67b570fb0e4314554294

SHA512
1a267f68fce319374a544f51704fbced53ba018241b097e91869e79c0c25c514869148d9d05d504b2619602531875e8bf0716f3ac7f19ef66aae6773919e8a9c

Download Submit
/data/user/0/com.templegatesgames.RaceAndroid.hack/databases/evernote_jobs.db-journal

Filesize
512B

MD5
5e80a859a70cb71c169c84310e06076a

SHA1
1e5f5e4a7e86cb1094fc8a52a8c2331bea1d4f91

SHA256
dbf101172d6e8c87d82a3442c2fe14c3703d97243c06f046f7e68ff51235bd47

SHA512
2fdcb099bc1a9bce76b61958b283aff468d30d602a8985fa9adb5f3163801bf1441a0e0d3dceb560a1967e1e9268c55d0444113513fff3827b7395307dd52179

Download Submit
/data/user/0/com.templegatesgames.RaceAndroid.hack/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
cddd9c5d2f4387e99b266f22e4856cbb

SHA1
6baab2220d3234f1114d1f9257655d1824907095

SHA256
d9d436b686745542ad428b13b2fdd5e740366b58817868bb477d9e4252bbc8fe

SHA512
a86f022614bb51a17d637a0d132c693d3bf24e8501500d6e50b2bc42e19003db67e5739cfb4201e8f863326bea4dc9d2869eaa6dc7a1dfc77e96912190509539

Download Submit
/data/user/0/com.templegatesgames.RaceAndroid.hack/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
1459d187c7949062409340305d7fd46d

SHA1
f2ac4f4a526f97606ffa3d3bf7032223d5e56500

SHA256
a4fd7376e8bbc1cdb51f8366352a03f37f617689739ba90a86d342ba490264a3

SHA512
a9557040c37b54adf7e8648f7ca23a7a585bca1e204c63024dcc3b9fbd0691a9a560d9e9d7446dea230a8f66062c1a18e0fab6987ddf7aceabbfa5456fad5491

Download Submit
/data/user/0/com.templegatesgames.RaceAndroid.hack/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
6125f1b17441e1b81fa031d9e6284d98

SHA1
b598cc761834f8114fa0beab4b0efefa0ad99b30

SHA256
539416bb68ee42f3c83d8ab0965c99ce9c0d4cafbda7531f0abd911f4937df31

SHA512
27cb7c56801d5b279c416b90d292ceac254580948707200975165ee1929fc8a286dacc4185f503e727bfc291c7d1b8782389066931a7e21cec8344cf1514aa70

Download Submit