Analysis
-
max time kernel
23s -
max time network
130s -
platform
android_x86 -
resource
android-x86-arm-20240603-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240603-enlocale:en-usos:android-9-x86system -
submitted
04-06-2024 19:51
Static task
static1
Behavioral task
behavioral1
Sample
960f321ea40284d2448f74fa084a4152_JaffaCakes118.apk
Resource
android-x86-arm-20240603-en
Behavioral task
behavioral2
Sample
960f321ea40284d2448f74fa084a4152_JaffaCakes118.apk
Resource
android-x64-20240603-en
Behavioral task
behavioral3
Sample
960f321ea40284d2448f74fa084a4152_JaffaCakes118.apk
Resource
android-x64-arm64-20240603-en
General
-
Target
960f321ea40284d2448f74fa084a4152_JaffaCakes118.apk
-
Size
1.8MB
-
MD5
960f321ea40284d2448f74fa084a4152
-
SHA1
fcdcd49a1e27efc3caa1f702e8ab90fa890c9b57
-
SHA256
51a20d14b3b6eca1f88f974f4eb85ccbbd95e6e869434e244b600f9b7cbea4f0
-
SHA512
5076f8aea374878f9e26f3fa381ee8549b14975099f8a5552eb38e2604824ec06f697570f8fbefd5f0118070ed6213f43dfd7238fdb7d18607466badacb87c74
-
SSDEEP
49152:4co+NV20WMDDgH8YRaomEBN3/o0QK73Z5m:4b+SJMocY3BNvo1R
Malware Config
Signatures
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.blueboat.justtwopics.hackdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.blueboat.justtwopics.hack -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.blueboat.justtwopics.hackdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.blueboat.justtwopics.hack -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
com.blueboat.justtwopics.hackdescription ioc process Framework service call android.app.job.IJobScheduler.schedule com.blueboat.justtwopics.hack -
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.blueboat.justtwopics.hack1⤵
- Removes its main activity from the application launcher
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.blueboat.justtwopics.hack/databases/evernote_jobs.dbFilesize
16KB
MD55d85664f8e614fcaef42be2e6f649027
SHA109c6288922102f6114a823f4992415fd3373d61e
SHA25655f8907e91226ef43a05583c7b4623b4e26994b62d20c8603975ccc1fa3b9409
SHA5123d6006a3e82d00fe9bc443e940acc5df12ec84114fcbcf8fbc8099c085cb1229b21a217b7445129b50558bfef5100894686d7359eb80b7ef087b65c7be3bc6e9
-
/data/data/com.blueboat.justtwopics.hack/databases/evernote_jobs.dbFilesize
16KB
MD5658cd5828dcf0f655c102c72e9c3cfee
SHA1876a6614bba1e03a056f1c9ea692272f504be510
SHA2561ba72c0cf447ae1cd60337de285d60476ee0c1ad656e94886bbe1240f4553259
SHA512320b89fbcc06c95d45fd4a8d2b69e900cff8ec83506a169504e6409f2b79869f6fa1b0a65638f3cf85fd464ccb2d0c81a70b03b1e9c094a6f9921fe4f2c84316
-
/data/data/com.blueboat.justtwopics.hack/databases/evernote_jobs.db-journalFilesize
512B
MD546c40ca3fdc24ee3503c435b3d8ac0ed
SHA187fef54c7af5e1ff92dbbf270d9647baa50b1982
SHA256fffe490129a9a077366b98686198a5dbdf3b9f7eb708ea82382845f6bf15ae2e
SHA51243dbc12b94bcb84ea6b0a936575bfc079640bc75bedca833ddd7ca1a0cd934a4fee2450bf0c9d5eca4ae7f56467c0c97bfba5f19f53b30c419407422c259fa5d
-
/data/data/com.blueboat.justtwopics.hack/databases/evernote_jobs.db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.blueboat.justtwopics.hack/databases/evernote_jobs.db-walFilesize
28KB
MD5c3b48885c4ad7866ba7381f9b665ef46
SHA10dd05d3355ea14b4e92b0739e070ff016e261dd3
SHA25633b9ab5a97061ac9e6dcf9c43b960423f117dd6a39a99a868dcf3d3dfc7c6f3d
SHA512eccd4cdc984025d16f85933545117d900b62f01fb6d37139420d5e1d88817a1779e9c013071351d326878b767d52837013b736200624988612f0817ee1ef85df
-
/data/data/com.blueboat.justtwopics.hack/databases/evernote_jobs.db-walFilesize
4KB
MD511b68ef625552f4d317774d8a29b64a3
SHA1cb43883685166373f8d88da8090bf3ef59c5c247
SHA256fe32da7e7c005ffc081a6041d682c15bec66b0ed8ad82a99ca3f3103b468e890
SHA51203dbef696972a8ac3c684e7f55d9dd6e7f937eae1e5ef14b5e3c02f3cb9e1381faafc90a861820d8c213defc52f0e55c5e7295fff2427677697915255447f588