Analysis

  • max time kernel
    48s
  • max time network
    150s
  • platform
    android_x64
  • resource
    android-x64-20240603-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240603-enlocale:en-usos:android-10-x64system
  • submitted
    04-06-2024 19:51

General

  • Target

    960f321ea40284d2448f74fa084a4152_JaffaCakes118.apk

  • Size

    1.8MB

  • MD5

    960f321ea40284d2448f74fa084a4152

  • SHA1

    fcdcd49a1e27efc3caa1f702e8ab90fa890c9b57

  • SHA256

    51a20d14b3b6eca1f88f974f4eb85ccbbd95e6e869434e244b600f9b7cbea4f0

  • SHA512

    5076f8aea374878f9e26f3fa381ee8549b14975099f8a5552eb38e2604824ec06f697570f8fbefd5f0118070ed6213f43dfd7238fdb7d18607466badacb87c74

  • SSDEEP

    49152:4co+NV20WMDDgH8YRaomEBN3/o0QK73Z5m:4b+SJMocY3BNvo1R

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.blueboat.justtwopics.hack
    1⤵
    • Removes its main activity from the application launcher
    • Obtains sensitive information copied to the device clipboard
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Checks CPU information
    • Checks memory information
    PID:5039

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.blueboat.justtwopics.hack/databases/evernote_jobs.db
    Filesize

    16KB

    MD5

    12627a2ec645c4a4bc50dba5903afd59

    SHA1

    504005c938517e61bcf68b65a055c2faba635c2e

    SHA256

    f177ffae9650eb4f407c2d9a510bb5a5abe1ece2fdfe24effc62478a1bfa5903

    SHA512

    7ff69589296e02383a217373399e75d8a82fa17146e4273f4c0eb630f096dd9f394a3324d60858b02f7e5cf177c82c6d966f5cbedb68ae6a98df7cc851b79cfd

  • /data/data/com.blueboat.justtwopics.hack/databases/evernote_jobs.db
    Filesize

    16KB

    MD5

    67692392248fec118e72bd871a18d872

    SHA1

    cdd81e22d005b75686ab77ae1991e821880dac2b

    SHA256

    7be99fc16d9ff5177d792c5c75e6003ecc746a50d9c1b1707db4761e9d30418c

    SHA512

    efd69441f6c5e2d9fa90317a471c295a136508b7a83e68375cbf65aa57abb5a53407a050821ef5d69b0a9541db58b654c9b96c5dcbf81dba7df4536697339c58

  • /data/data/com.blueboat.justtwopics.hack/databases/evernote_jobs.db-journal
    Filesize

    512B

    MD5

    1ae4ca8be89bb095527e832a3328a20f

    SHA1

    368e3f7cc30d3ebb309938bce36e67ca34aa112f

    SHA256

    b4f16be50d1c4ecdeec739d0571fecf91f02f09bc510c152c48e88e4c5b7d7c0

    SHA512

    ee655fc670a119c0d3484be8f7eaaf333e99cac14e325a5ddee725b0a4a225d38157e0728cb536fcd16de0def0040b082423bded829a178dbde949f12acb3e0f

  • /data/data/com.blueboat.justtwopics.hack/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    a0ec10e7a526cd48789af7a96938c713

    SHA1

    bb1e6a1d376bed97209f722eb083b7f2892b38f3

    SHA256

    4468c261558f1f36ee3ef0ec10bbe18e053536aec208e34bcab2fba51e48352b

    SHA512

    6966b3122bbb1d494f910edf5d5d76e12d2880f17ec1c84371139427ac8cc107583f18368405f31c25f0e2c9dd922e4521aada81ce7cd2e06684c6e7a320e922

  • /data/data/com.blueboat.justtwopics.hack/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    d2645801dec4e8cbe5a6b3d412dd1568

    SHA1

    9eb9882ac82110897a53eeb92dc45634025541d8

    SHA256

    57281eef1a055a5962be7db49808ada0065f7d775755033675872cae569db3f9

    SHA512

    e9400d9543e8402776d7b7c6443231db1ccaa5d464c0107958741e4fb9afc1d89352d3d4eb5f075c1ae5083cca3259e69c63631f9f44de3dbc6f96eb0a92b6d7

  • /data/data/com.blueboat.justtwopics.hack/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    1ff85d253b699e562185c8b91b012ed8

    SHA1

    8c77d6ec42f5aa3c93d9dcc06d0daf5e7490db57

    SHA256

    f325eadb70de82cd7aa1ddc6a09fca952aef5a42deddc4b4d354f43f7b0c8389

    SHA512

    216be9c7a060ecccb45fe642b80364cb5f2d3cab3794087d6535c0a502fefe7b032dcccfe93377e46d7461ed7a5c2db81f29f06bf584106a41de9fd4f90d42d2