Analysis
-
max time kernel
23s -
max time network
130s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
03-06-2024 01:59
Static task
static1
Behavioral task
behavioral1
Sample
90322951bfd2bb251279a4e31585d59b_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
90322951bfd2bb251279a4e31585d59b_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
90322951bfd2bb251279a4e31585d59b_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
90322951bfd2bb251279a4e31585d59b_JaffaCakes118.apk
-
Size
1.8MB
-
MD5
90322951bfd2bb251279a4e31585d59b
-
SHA1
bc2d95637ba17628cf387518ce74e7b21888ed77
-
SHA256
6a14393721d173d8b87d7d00c2b28a6e9f7e3542852282aa9148be324fea4cbc
-
SHA512
2b39524b4e658ba45fb96704cf44e5746f4d7470f042bddb2300f884854517f13e79d8bbfb6e5b0846becd6c92353b36c8a8e72a6e1f662f4836d3ec178de0c6
-
SSDEEP
24576:SYaMQTsyVAE0sqd3x0YUHxP0vslOz/wlCFfpFf1cmRh3+jP6WobRcCfO1uUk8lPl:SYA+a+CKvBFimnWoan1ul8E0QJ73ZPw
Malware Config
Signatures
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.tocaboca.tocaboo.hackdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.tocaboca.tocaboo.hack -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.tocaboca.tocaboo.hackdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.tocaboca.tocaboo.hack -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
com.tocaboca.tocaboo.hackdescription ioc process Framework service call android.app.job.IJobScheduler.schedule com.tocaboca.tocaboo.hack
Processes
-
com.tocaboca.tocaboo.hack1⤵
- Removes its main activity from the application launcher
- Checks CPU information
- Checks memory information
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.tocaboca.tocaboo.hack/databases/evernote_jobs.dbFilesize
16KB
MD55d85664f8e614fcaef42be2e6f649027
SHA109c6288922102f6114a823f4992415fd3373d61e
SHA25655f8907e91226ef43a05583c7b4623b4e26994b62d20c8603975ccc1fa3b9409
SHA5123d6006a3e82d00fe9bc443e940acc5df12ec84114fcbcf8fbc8099c085cb1229b21a217b7445129b50558bfef5100894686d7359eb80b7ef087b65c7be3bc6e9
-
/data/data/com.tocaboca.tocaboo.hack/databases/evernote_jobs.dbFilesize
16KB
MD54dbe7c13ace5aba5034ac824ed61586e
SHA1e1a2ce2e6dc45f01afe2e3b5957bb7c7fbd4929e
SHA256790795cbde73b7d08e5ccbfe13b0227f0d4399a02162e0d80aa4f9dd6d4fbad4
SHA5126fdb5313c7ddaf26a6acb2a2c5a7240ca06265da1e23d07f8b388b60c234e0079f038ca14470a7d1a6d7023c08dbed5188d945594ceb4ac77f811ae86b88c1cc
-
/data/data/com.tocaboca.tocaboo.hack/databases/evernote_jobs.db-journalFilesize
512B
MD5240378b18db27dc3322a54cfd545b404
SHA15b012694d3a6f7b1d074fdb23002004537d85a5b
SHA256ec2f83e322db33749f20100dea8e4a6ab300b2b5c74934b6fbaebb577350dbb1
SHA51261b7df60c57d8bdede996213d3ca9063f92dd032e8692d8a44285b2c4c4541f0abad4c0fabe01e27df87fa0f0edf74f01bd38e25cfdd897db204e4377444b835
-
/data/data/com.tocaboca.tocaboo.hack/databases/evernote_jobs.db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.tocaboca.tocaboo.hack/databases/evernote_jobs.db-walFilesize
28KB
MD50683e44a880a40b9232a28497fb8b748
SHA1416fc3ed2980174fc2dbbcdfa06339dbced97df3
SHA256875dbdb044611e9cdd732089b7b0668a18db985771c56d79af2b2d59fd9e50b1
SHA512c9a2e259012a004923b50f913c1001e3d23cea5d7434c7a61dd32a9d6ebc8d47d53679e6b6dc8bd80fd9d9df73e0e28ef56a9b00d858f02a41d8ac9d6e84e5f7
-
/data/data/com.tocaboca.tocaboo.hack/databases/evernote_jobs.db-walFilesize
4KB
MD5cb2c25c8bf007326abc0a56dba509dee
SHA1b60219627eaf18fe9bbc317d9f957a7897bb56d8
SHA25689eda6e0eeaef84e334a77678d3eaedf259857e9bdbc605e48f8907dff34aa7c
SHA51223c6dd18a6b83790b5a525506ab05454b9c9c7fe2cddd9804a017f3c034e0d0e253ea09653da5658cb818bce3e9f1479ea98e1efb31aa2fd870e1571b3046bf6