Analysis

  • max time kernel
    25s
  • max time network
    131s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240514-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
  • submitted
    03-06-2024 01:59

General

  • Target

    90322951bfd2bb251279a4e31585d59b_JaffaCakes118.apk

  • Size

    1.8MB

  • MD5

    90322951bfd2bb251279a4e31585d59b

  • SHA1

    bc2d95637ba17628cf387518ce74e7b21888ed77

  • SHA256

    6a14393721d173d8b87d7d00c2b28a6e9f7e3542852282aa9148be324fea4cbc

  • SHA512

    2b39524b4e658ba45fb96704cf44e5746f4d7470f042bddb2300f884854517f13e79d8bbfb6e5b0846becd6c92353b36c8a8e72a6e1f662f4836d3ec178de0c6

  • SSDEEP

    24576:SYaMQTsyVAE0sqd3x0YUHxP0vslOz/wlCFfpFf1cmRh3+jP6WobRcCfO1uUk8lPl:SYA+a+CKvBFimnWoan1ul8E0QJ73ZPw

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

Processes

  • com.tocaboca.tocaboo.hack
    1⤵
    • Removes its main activity from the application launcher
    • Checks CPU information
    • Checks memory information
    • Obtains sensitive information copied to the device clipboard
    • Schedules tasks to execute at a specified time
    PID:4557

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.tocaboca.tocaboo.hack/databases/evernote_jobs.db
    Filesize

    16KB

    MD5

    58c0b6e45328752b20ac6e719ac034f8

    SHA1

    372b2638afd00bbbc4034657b3df3d2e428fb367

    SHA256

    9d74f93afa5a179b1ba2f19f154b2880aa8b99c88209802099045a0874d2426a

    SHA512

    2d347d5824b9ab701e341c89e8327a95fd6bab8e92ee15ce9550da368d773e22bff304072a4854df5ab763750a7401f7aa61a49e3292d62c27fa9f20536eb3ab

  • /data/user/0/com.tocaboca.tocaboo.hack/databases/evernote_jobs.db
    Filesize

    16KB

    MD5

    5703bc52fe64684bff0f0a869b448978

    SHA1

    9e1e9a0f7d384591bc72576294c490b53318ccaa

    SHA256

    4e29eab3886d59e7172a73123ab7f7fafc4f695812960d4e2d95a04a0033701a

    SHA512

    6d9e1e23fbe1724855911531127c9c94b8fcbe7049d6883f2a75f37ca555dfe5dfe5c95044d6bda4d98b0e6ef2a98f87db83b298fb289f4d6983fc26e028b2ad

  • /data/user/0/com.tocaboca.tocaboo.hack/databases/evernote_jobs.db-journal
    Filesize

    512B

    MD5

    8e5b695d2bd79088416703fafbe0ea48

    SHA1

    460bc77cfd217443c8c213cdc7b622f8a5f160a6

    SHA256

    e5e3cdaee908e70154cd54ca25ad78ae6aaeca44e7f7694313a7077916f4d538

    SHA512

    502ff51535baab2625b44213ac0813e2a1b00df8bdbc4e586cb97635cae12e95799628906464b44b242e8cc7be6c04962b7670c6efc6e6795419455cea0ccb13

  • /data/user/0/com.tocaboca.tocaboo.hack/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    943ce76658156a58ad4418675586accc

    SHA1

    d80e1ea747d48ccfb11b25239e3d4d9bfd5a7551

    SHA256

    d9f43fde5170e13b8c28f4163f3ff28b1405fa2086ca15dd2cb0de22562b8238

    SHA512

    05032f3c145dbf0cc5beed4429be036108363aede4b1c59b80e853f305dec34f8fae4f355ea12e4e32c199b0fd59d23f518158826b3d498e21060b3e2a94bff5

  • /data/user/0/com.tocaboca.tocaboo.hack/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    2e0987075a781de1bcd7b6a1201185b3

    SHA1

    368382bd3a3ff4db3836812dc8a934776835e0cd

    SHA256

    5b85864f1e1eda3118d2e833137170f891d0c471165ff366a467a3a33d16b012

    SHA512

    4c22ea1a19ced1a6091177a28addf8e5e5b9fe06aa81c5f0d36f70640d66aebd91a01e04f5ffb377954fb05c7ba4312abebcf96f4fcf4459064e722a5066dbe5

  • /data/user/0/com.tocaboca.tocaboo.hack/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    b9f40da9466818d4e005ca227bac206f

    SHA1

    9b47455688cca026a45e30a7d88d68ffbb6aa42b

    SHA256

    3f4f97220488de33e7f8550ff83ebe9e2a54cf224bdf105bcf8ca6ba267d9fd6

    SHA512

    c183d1cc12fef6a847e5fb7cb909df9551c6365ed7e20489a5fa38aabce54ae86dad8fdd8deab74527d5c7c144d5f2216e803f39741830ac03270a4991a98d2b