Analysis

  • max time kernel
    23s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    03-06-2024 01:59

General

  • Target

    90322951bfd2bb251279a4e31585d59b_JaffaCakes118.apk

  • Size

    1.8MB

  • MD5

    90322951bfd2bb251279a4e31585d59b

  • SHA1

    bc2d95637ba17628cf387518ce74e7b21888ed77

  • SHA256

    6a14393721d173d8b87d7d00c2b28a6e9f7e3542852282aa9148be324fea4cbc

  • SHA512

    2b39524b4e658ba45fb96704cf44e5746f4d7470f042bddb2300f884854517f13e79d8bbfb6e5b0846becd6c92353b36c8a8e72a6e1f662f4836d3ec178de0c6

  • SSDEEP

    24576:SYaMQTsyVAE0sqd3x0YUHxP0vslOz/wlCFfpFf1cmRh3+jP6WobRcCfO1uUk8lPl:SYA+a+CKvBFimnWoan1ul8E0QJ73ZPw

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

Processes

  • com.tocaboca.tocaboo.hack
    1⤵
    • Removes its main activity from the application launcher
    • Checks CPU information
    • Checks memory information
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    PID:4279

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tocaboca.tocaboo.hack/databases/evernote_jobs.db
    Filesize

    16KB

    MD5

    5d85664f8e614fcaef42be2e6f649027

    SHA1

    09c6288922102f6114a823f4992415fd3373d61e

    SHA256

    55f8907e91226ef43a05583c7b4623b4e26994b62d20c8603975ccc1fa3b9409

    SHA512

    3d6006a3e82d00fe9bc443e940acc5df12ec84114fcbcf8fbc8099c085cb1229b21a217b7445129b50558bfef5100894686d7359eb80b7ef087b65c7be3bc6e9

  • /data/data/com.tocaboca.tocaboo.hack/databases/evernote_jobs.db
    Filesize

    16KB

    MD5

    4dbe7c13ace5aba5034ac824ed61586e

    SHA1

    e1a2ce2e6dc45f01afe2e3b5957bb7c7fbd4929e

    SHA256

    790795cbde73b7d08e5ccbfe13b0227f0d4399a02162e0d80aa4f9dd6d4fbad4

    SHA512

    6fdb5313c7ddaf26a6acb2a2c5a7240ca06265da1e23d07f8b388b60c234e0079f038ca14470a7d1a6d7023c08dbed5188d945594ceb4ac77f811ae86b88c1cc

  • /data/data/com.tocaboca.tocaboo.hack/databases/evernote_jobs.db-journal
    Filesize

    512B

    MD5

    240378b18db27dc3322a54cfd545b404

    SHA1

    5b012694d3a6f7b1d074fdb23002004537d85a5b

    SHA256

    ec2f83e322db33749f20100dea8e4a6ab300b2b5c74934b6fbaebb577350dbb1

    SHA512

    61b7df60c57d8bdede996213d3ca9063f92dd032e8692d8a44285b2c4c4541f0abad4c0fabe01e27df87fa0f0edf74f01bd38e25cfdd897db204e4377444b835

  • /data/data/com.tocaboca.tocaboo.hack/databases/evernote_jobs.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.tocaboca.tocaboo.hack/databases/evernote_jobs.db-wal
    Filesize

    28KB

    MD5

    0683e44a880a40b9232a28497fb8b748

    SHA1

    416fc3ed2980174fc2dbbcdfa06339dbced97df3

    SHA256

    875dbdb044611e9cdd732089b7b0668a18db985771c56d79af2b2d59fd9e50b1

    SHA512

    c9a2e259012a004923b50f913c1001e3d23cea5d7434c7a61dd32a9d6ebc8d47d53679e6b6dc8bd80fd9d9df73e0e28ef56a9b00d858f02a41d8ac9d6e84e5f7

  • /data/data/com.tocaboca.tocaboo.hack/databases/evernote_jobs.db-wal
    Filesize

    4KB

    MD5

    cb2c25c8bf007326abc0a56dba509dee

    SHA1

    b60219627eaf18fe9bbc317d9f957a7897bb56d8

    SHA256

    89eda6e0eeaef84e334a77678d3eaedf259857e9bdbc605e48f8907dff34aa7c

    SHA512

    23c6dd18a6b83790b5a525506ab05454b9c9c7fe2cddd9804a017f3c034e0d0e253ea09653da5658cb818bce3e9f1479ea98e1efb31aa2fd870e1571b3046bf6