Analysis
-
max time kernel
49s -
max time network
152s -
platform
android_x64 -
resource
android-x64-20240514-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system -
submitted
03-06-2024 01:59
Static task
static1
Behavioral task
behavioral1
Sample
90322951bfd2bb251279a4e31585d59b_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
90322951bfd2bb251279a4e31585d59b_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
90322951bfd2bb251279a4e31585d59b_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
90322951bfd2bb251279a4e31585d59b_JaffaCakes118.apk
-
Size
1.8MB
-
MD5
90322951bfd2bb251279a4e31585d59b
-
SHA1
bc2d95637ba17628cf387518ce74e7b21888ed77
-
SHA256
6a14393721d173d8b87d7d00c2b28a6e9f7e3542852282aa9148be324fea4cbc
-
SHA512
2b39524b4e658ba45fb96704cf44e5746f4d7470f042bddb2300f884854517f13e79d8bbfb6e5b0846becd6c92353b36c8a8e72a6e1f662f4836d3ec178de0c6
-
SSDEEP
24576:SYaMQTsyVAE0sqd3x0YUHxP0vslOz/wlCFfpFf1cmRh3+jP6WobRcCfO1uUk8lPl:SYA+a+CKvBFimnWoan1ul8E0QJ73ZPw
Malware Config
Signatures
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.tocaboca.tocaboo.hackdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.tocaboca.tocaboo.hack -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.tocaboca.tocaboo.hackdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.tocaboca.tocaboo.hack -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
com.tocaboca.tocaboo.hackdescription ioc process Framework service call android.app.job.IJobScheduler.schedule com.tocaboca.tocaboo.hack
Processes
-
com.tocaboca.tocaboo.hack1⤵
- Removes its main activity from the application launcher
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.tocaboca.tocaboo.hack/databases/evernote_jobs.dbFilesize
16KB
MD512627a2ec645c4a4bc50dba5903afd59
SHA1504005c938517e61bcf68b65a055c2faba635c2e
SHA256f177ffae9650eb4f407c2d9a510bb5a5abe1ece2fdfe24effc62478a1bfa5903
SHA5127ff69589296e02383a217373399e75d8a82fa17146e4273f4c0eb630f096dd9f394a3324d60858b02f7e5cf177c82c6d966f5cbedb68ae6a98df7cc851b79cfd
-
/data/data/com.tocaboca.tocaboo.hack/databases/evernote_jobs.dbFilesize
16KB
MD516b4741d88b5ee7ee8f932d7683225f5
SHA1053c809a592da360004f6dd0dc7c73e8c8f4d568
SHA256bbda11d595d576c6b012f9ee0a98754af41849736c52ae29b5d260eabaf88021
SHA51281ca9ebeb82a285ddfba7d9e49f5e8baf4172d4dd6c309a241a8538d9dd0bc2aa3b467c0816e0ec3984acc04efdd043f4187f37131430b9fdd6cd6e6e28ee153
-
/data/data/com.tocaboca.tocaboo.hack/databases/evernote_jobs.db-journalFilesize
512B
MD5ba7305579fd8df73dd7b98e6d6c2436f
SHA1a74cba9b62449537b4cf1808f9a10cd93b117116
SHA256c43855a204b29e3a3f2f948756c177272806db9f20f46608af22aaf33b817575
SHA512a6384005fea78bf2d6890d15de9221503beb5d29efcbe92bc881abd479cfa7dee9b4ceb6b6ea8912a5d24ed72645206bb7c89766c3282aeef127ae0d50bff5ec
-
/data/data/com.tocaboca.tocaboo.hack/databases/evernote_jobs.db-journalFilesize
8KB
MD543ed2b84b404c98701eae89f47e06332
SHA1cb8589359dd9f72df913aaa21115259a2bd34e9e
SHA2569138aa3e4cfe7813314a35f893eed49fe03f06988cdd69b737566c566852ec36
SHA512ce61aee1e091fa6c7dbfdf5b9915daabaca9c3ada0622744a9a8ca565e7755ec7178a6a79886969893dd301375f5ac28a51ee9020f15134c21749701829fc8f9
-
/data/data/com.tocaboca.tocaboo.hack/databases/evernote_jobs.db-journalFilesize
8KB
MD578c37deb9e070c0dd04c18868e7eb180
SHA14e8439f4877f6e5608382e8851ab38a3d22e7ef0
SHA256aa24d25da192efadc3b8332f941a85cef6566af11e40fd80ff58272581eaedd6
SHA512fba0a434a9695889ee3c2e0b94cb7e56951bff43c324062fec4e90ab3fb8a862f9be1a040df67c74e3abdb758c00f66c9673b27f2629322ff2a046b3b0322b4d
-
/data/data/com.tocaboca.tocaboo.hack/databases/evernote_jobs.db-journalFilesize
8KB
MD53049ad0c6e16454a6565c061d28132c7
SHA1bd8c0aa15bdc087b4a8769b8538b95a6db9c910a
SHA2563cee5c2bf0f517190e047b8a8e8601694182089c331d27294771e2dcd1f1b3ec
SHA51275f89a3e2dbdd6720564bbbfe52ab261a2f3abd5ba9f31e25990a80b34a781ea712680547c627d66327b195c51629a2ea36664fd861a3479884c29885a10dad8