Analysis
-
max time kernel
48s -
max time network
150s -
platform
android_x64 -
resource
android-x64-20240603-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240603-enlocale:en-usos:android-10-x64system -
submitted
04-06-2024 19:51
Static task
static1
Behavioral task
behavioral1
Sample
960f321ea40284d2448f74fa084a4152_JaffaCakes118.apk
Resource
android-x86-arm-20240603-en
Behavioral task
behavioral2
Sample
960f321ea40284d2448f74fa084a4152_JaffaCakes118.apk
Resource
android-x64-20240603-en
Behavioral task
behavioral3
Sample
960f321ea40284d2448f74fa084a4152_JaffaCakes118.apk
Resource
android-x64-arm64-20240603-en
General
-
Target
960f321ea40284d2448f74fa084a4152_JaffaCakes118.apk
-
Size
1.8MB
-
MD5
960f321ea40284d2448f74fa084a4152
-
SHA1
fcdcd49a1e27efc3caa1f702e8ab90fa890c9b57
-
SHA256
51a20d14b3b6eca1f88f974f4eb85ccbbd95e6e869434e244b600f9b7cbea4f0
-
SHA512
5076f8aea374878f9e26f3fa381ee8549b14975099f8a5552eb38e2604824ec06f697570f8fbefd5f0118070ed6213f43dfd7238fdb7d18607466badacb87c74
-
SSDEEP
49152:4co+NV20WMDDgH8YRaomEBN3/o0QK73Z5m:4b+SJMocY3BNvo1R
Malware Config
Signatures
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.blueboat.justtwopics.hackdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.blueboat.justtwopics.hack -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.blueboat.justtwopics.hackdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.blueboat.justtwopics.hack -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
com.blueboat.justtwopics.hackdescription ioc process Framework service call android.app.job.IJobScheduler.schedule com.blueboat.justtwopics.hack -
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.blueboat.justtwopics.hack1⤵
- Removes its main activity from the application launcher
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.blueboat.justtwopics.hack/databases/evernote_jobs.dbFilesize
16KB
MD512627a2ec645c4a4bc50dba5903afd59
SHA1504005c938517e61bcf68b65a055c2faba635c2e
SHA256f177ffae9650eb4f407c2d9a510bb5a5abe1ece2fdfe24effc62478a1bfa5903
SHA5127ff69589296e02383a217373399e75d8a82fa17146e4273f4c0eb630f096dd9f394a3324d60858b02f7e5cf177c82c6d966f5cbedb68ae6a98df7cc851b79cfd
-
/data/data/com.blueboat.justtwopics.hack/databases/evernote_jobs.dbFilesize
16KB
MD567692392248fec118e72bd871a18d872
SHA1cdd81e22d005b75686ab77ae1991e821880dac2b
SHA2567be99fc16d9ff5177d792c5c75e6003ecc746a50d9c1b1707db4761e9d30418c
SHA512efd69441f6c5e2d9fa90317a471c295a136508b7a83e68375cbf65aa57abb5a53407a050821ef5d69b0a9541db58b654c9b96c5dcbf81dba7df4536697339c58
-
/data/data/com.blueboat.justtwopics.hack/databases/evernote_jobs.db-journalFilesize
512B
MD51ae4ca8be89bb095527e832a3328a20f
SHA1368e3f7cc30d3ebb309938bce36e67ca34aa112f
SHA256b4f16be50d1c4ecdeec739d0571fecf91f02f09bc510c152c48e88e4c5b7d7c0
SHA512ee655fc670a119c0d3484be8f7eaaf333e99cac14e325a5ddee725b0a4a225d38157e0728cb536fcd16de0def0040b082423bded829a178dbde949f12acb3e0f
-
/data/data/com.blueboat.justtwopics.hack/databases/evernote_jobs.db-journalFilesize
8KB
MD5a0ec10e7a526cd48789af7a96938c713
SHA1bb1e6a1d376bed97209f722eb083b7f2892b38f3
SHA2564468c261558f1f36ee3ef0ec10bbe18e053536aec208e34bcab2fba51e48352b
SHA5126966b3122bbb1d494f910edf5d5d76e12d2880f17ec1c84371139427ac8cc107583f18368405f31c25f0e2c9dd922e4521aada81ce7cd2e06684c6e7a320e922
-
/data/data/com.blueboat.justtwopics.hack/databases/evernote_jobs.db-journalFilesize
8KB
MD5d2645801dec4e8cbe5a6b3d412dd1568
SHA19eb9882ac82110897a53eeb92dc45634025541d8
SHA25657281eef1a055a5962be7db49808ada0065f7d775755033675872cae569db3f9
SHA512e9400d9543e8402776d7b7c6443231db1ccaa5d464c0107958741e4fb9afc1d89352d3d4eb5f075c1ae5083cca3259e69c63631f9f44de3dbc6f96eb0a92b6d7
-
/data/data/com.blueboat.justtwopics.hack/databases/evernote_jobs.db-journalFilesize
8KB
MD51ff85d253b699e562185c8b91b012ed8
SHA18c77d6ec42f5aa3c93d9dcc06d0daf5e7490db57
SHA256f325eadb70de82cd7aa1ddc6a09fca952aef5a42deddc4b4d354f43f7b0c8389
SHA512216be9c7a060ecccb45fe642b80364cb5f2d3cab3794087d6535c0a502fefe7b032dcccfe93377e46d7461ed7a5c2db81f29f06bf584106a41de9fd4f90d42d2