Analysis
-
max time kernel
25s -
max time network
131s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system -
submitted
03-06-2024 01:59
Static task
static1
Behavioral task
behavioral1
Sample
90322951bfd2bb251279a4e31585d59b_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
90322951bfd2bb251279a4e31585d59b_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
90322951bfd2bb251279a4e31585d59b_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
90322951bfd2bb251279a4e31585d59b_JaffaCakes118.apk
-
Size
1.8MB
-
MD5
90322951bfd2bb251279a4e31585d59b
-
SHA1
bc2d95637ba17628cf387518ce74e7b21888ed77
-
SHA256
6a14393721d173d8b87d7d00c2b28a6e9f7e3542852282aa9148be324fea4cbc
-
SHA512
2b39524b4e658ba45fb96704cf44e5746f4d7470f042bddb2300f884854517f13e79d8bbfb6e5b0846becd6c92353b36c8a8e72a6e1f662f4836d3ec178de0c6
-
SSDEEP
24576:SYaMQTsyVAE0sqd3x0YUHxP0vslOz/wlCFfpFf1cmRh3+jP6WobRcCfO1uUk8lPl:SYA+a+CKvBFimnWoan1ul8E0QJ73ZPw
Malware Config
Signatures
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
com.tocaboca.tocaboo.hackdescription ioc process Framework service call android.app.job.IJobScheduler.schedule com.tocaboca.tocaboo.hack
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.tocaboca.tocaboo.hack/databases/evernote_jobs.dbFilesize
16KB
MD558c0b6e45328752b20ac6e719ac034f8
SHA1372b2638afd00bbbc4034657b3df3d2e428fb367
SHA2569d74f93afa5a179b1ba2f19f154b2880aa8b99c88209802099045a0874d2426a
SHA5122d347d5824b9ab701e341c89e8327a95fd6bab8e92ee15ce9550da368d773e22bff304072a4854df5ab763750a7401f7aa61a49e3292d62c27fa9f20536eb3ab
-
/data/user/0/com.tocaboca.tocaboo.hack/databases/evernote_jobs.dbFilesize
16KB
MD55703bc52fe64684bff0f0a869b448978
SHA19e1e9a0f7d384591bc72576294c490b53318ccaa
SHA2564e29eab3886d59e7172a73123ab7f7fafc4f695812960d4e2d95a04a0033701a
SHA5126d9e1e23fbe1724855911531127c9c94b8fcbe7049d6883f2a75f37ca555dfe5dfe5c95044d6bda4d98b0e6ef2a98f87db83b298fb289f4d6983fc26e028b2ad
-
/data/user/0/com.tocaboca.tocaboo.hack/databases/evernote_jobs.db-journalFilesize
512B
MD58e5b695d2bd79088416703fafbe0ea48
SHA1460bc77cfd217443c8c213cdc7b622f8a5f160a6
SHA256e5e3cdaee908e70154cd54ca25ad78ae6aaeca44e7f7694313a7077916f4d538
SHA512502ff51535baab2625b44213ac0813e2a1b00df8bdbc4e586cb97635cae12e95799628906464b44b242e8cc7be6c04962b7670c6efc6e6795419455cea0ccb13
-
/data/user/0/com.tocaboca.tocaboo.hack/databases/evernote_jobs.db-journalFilesize
8KB
MD5943ce76658156a58ad4418675586accc
SHA1d80e1ea747d48ccfb11b25239e3d4d9bfd5a7551
SHA256d9f43fde5170e13b8c28f4163f3ff28b1405fa2086ca15dd2cb0de22562b8238
SHA51205032f3c145dbf0cc5beed4429be036108363aede4b1c59b80e853f305dec34f8fae4f355ea12e4e32c199b0fd59d23f518158826b3d498e21060b3e2a94bff5
-
/data/user/0/com.tocaboca.tocaboo.hack/databases/evernote_jobs.db-journalFilesize
8KB
MD52e0987075a781de1bcd7b6a1201185b3
SHA1368382bd3a3ff4db3836812dc8a934776835e0cd
SHA2565b85864f1e1eda3118d2e833137170f891d0c471165ff366a467a3a33d16b012
SHA5124c22ea1a19ced1a6091177a28addf8e5e5b9fe06aa81c5f0d36f70640d66aebd91a01e04f5ffb377954fb05c7ba4312abebcf96f4fcf4459064e722a5066dbe5
-
/data/user/0/com.tocaboca.tocaboo.hack/databases/evernote_jobs.db-journalFilesize
8KB
MD5b9f40da9466818d4e005ca227bac206f
SHA19b47455688cca026a45e30a7d88d68ffbb6aa42b
SHA2563f4f97220488de33e7f8550ff83ebe9e2a54cf224bdf105bcf8ca6ba267d9fd6
SHA512c183d1cc12fef6a847e5fb7cb909df9551c6365ed7e20489a5fa38aabce54ae86dad8fdd8deab74527d5c7c144d5f2216e803f39741830ac03270a4991a98d2b