30d80b3e80b4971e34a3beb9d30269e8fe31187b74b95400321e4cee31ae3cd0

Analysis

max time kernel
24s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
14-06-2024 06:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a861b5adf601edea92c6f5ed1178866e_JaffaCakes118.apk
Size

1.9MB
MD5

a861b5adf601edea92c6f5ed1178866e
SHA1

6e647c9f3434eded590b1be6070650c136c461e3
SHA256

30d80b3e80b4971e34a3beb9d30269e8fe31187b74b95400321e4cee31ae3cd0
SHA512

daa30f68a611cdccc0c1e21db4b8e3a8adbbc14b69dea89bdeb8fcf23931e23dfb6b251541b2087996f47dc677bd75c74b756930d7590e402989977fe263f207
SSDEEP

49152:Rk6Pq/Yq3ODcpTmnqV1trYsPuMsY0Qe73Z5Y:Rk6Pq/YGbpSG1xYktsY17

Score

8^/10

discovery evasion execution persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

T1628.001

Processes:

com.zynga.crosswordswithfriends.hack

pid process

4259 com.zynga.crosswordswithfriends.hack

pid	process
4259	com.zynga.crosswordswithfriends.hack

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

T1422

Processes:

com.zynga.crosswordswithfriends.hack

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.zynga.crosswordswithfriends.hack

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.zynga.crosswordswithfriends.hack

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.zynga.crosswordswithfriends.hack
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

T1603

Processes:

com.zynga.crosswordswithfriends.hack

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.zynga.crosswordswithfriends.hack
Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.zynga.crosswordswithfriends.hack

description ioc process

File opened for read /proc/cpuinfo com.zynga.crosswordswithfriends.hack
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.zynga.crosswordswithfriends.hack

description ioc process

File opened for read /proc/meminfo com.zynga.crosswordswithfriends.hack

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.zynga.crosswordswithfriends.hack

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.zynga.crosswordswithfriends.hack

description	ioc	process
File opened for read	/proc/cpuinfo	com.zynga.crosswordswithfriends.hack

description	ioc	process
File opened for read	/proc/meminfo	com.zynga.crosswordswithfriends.hack

com.zynga.crosswordswithfriends.hack
1⤵
- Removes its main activity from the application launcher
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4259

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.zynga.crosswordswithfriends.hack/databases/evernote_jobs.db
Filesize
16KB

MD5
5d85664f8e614fcaef42be2e6f649027

SHA1
09c6288922102f6114a823f4992415fd3373d61e

SHA256
55f8907e91226ef43a05583c7b4623b4e26994b62d20c8603975ccc1fa3b9409

SHA512
3d6006a3e82d00fe9bc443e940acc5df12ec84114fcbcf8fbc8099c085cb1229b21a217b7445129b50558bfef5100894686d7359eb80b7ef087b65c7be3bc6e9

Download Submit
/data/data/com.zynga.crosswordswithfriends.hack/databases/evernote_jobs.db
Filesize
16KB

MD5
dc2fa02fb3ad817cbdffb94e547ee420

SHA1
d947a926c5abf5570c09bbcb8026ca5a40f0fe4b

SHA256
577d2cd4071b484acca06726a0f50e7688b1d462c211762202ce67072901a33a

SHA512
8262c10785a01dddfe7d96ca83241c9900c0f3d2b47bbda69a120846f0b411d4a56472636c25f5313627aca72be8a6d8b3c1afafc662d90c6d35d30ca512b4aa

Download Submit
/data/data/com.zynga.crosswordswithfriends.hack/databases/evernote_jobs.db-journal
Filesize
512B

MD5
86872e68994f1cf62b2fe2a3d3bbd979

SHA1
9c5214e9f859e741b096716495008592e2c74487

SHA256
5ae0eeb322aa5c3cf7883a9ddc52c05a1f6c41293b8499ecf568bb9eb36bb8a4

SHA512
c51b74310c8131b7ca2fd9508b8c0e78a530eea8dd5a8ca5f7d6899d61f9af0a06ca5b28c6a94f414460ba849ef758eca57fce3c8b20feead2dccb6746b9e91c

Download Submit
/data/data/com.zynga.crosswordswithfriends.hack/databases/evernote_jobs.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.zynga.crosswordswithfriends.hack/databases/evernote_jobs.db-wal
Filesize
28KB

MD5
0f4eaedeefb3659c1b6d766a20bd7651

SHA1
893345c3fe18f382385d369e44842bdeead0a07a

SHA256
9a69c1c527b90276d6dcecf99432308374df05d509687b1f0bb4d7dd9ad6a5dd

SHA512
271810f4cf19410a486da9fbcb618fb50fef3f6b824199351b26eacffc27e312bbe6d57801e5d0a796bbcb28d19a0f40068302b6e35a5c6b6d0670c42e09fc7f

Download Submit
/data/data/com.zynga.crosswordswithfriends.hack/databases/evernote_jobs.db-wal
Filesize
4KB

MD5
40a0a04ca56a28defb32747c1fd3baf9

SHA1
f07638c57a3d8b333c0271ae21ef6a3fd76dfbe6

SHA256
b6d185df27015653380e320ac2206b421a94b7d69eb6a4a71aba21e1333378da

SHA512
17b92c1ae676fba6ac638bf62ea9e1c1d8452c923519539de29b2d5539651958eaf8da028475476c8789c9a5c249c232082b6b6af29ac30a80bc1414e2aba54d

Download Submit