30d80b3e80b4971e34a3beb9d30269e8fe31187b74b95400321e4cee31ae3cd0

Analysis

max time kernel
25s
max time network
152s
platform
android_x64
resource
android-x64-20240611.1-en
resource tags

androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
submitted
14-06-2024 06:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a861b5adf601edea92c6f5ed1178866e_JaffaCakes118.apk
Size

1.9MB
MD5

a861b5adf601edea92c6f5ed1178866e
SHA1

6e647c9f3434eded590b1be6070650c136c461e3
SHA256

30d80b3e80b4971e34a3beb9d30269e8fe31187b74b95400321e4cee31ae3cd0
SHA512

daa30f68a611cdccc0c1e21db4b8e3a8adbbc14b69dea89bdeb8fcf23931e23dfb6b251541b2087996f47dc677bd75c74b756930d7590e402989977fe263f207
SSDEEP

49152:Rk6Pq/Yq3ODcpTmnqV1trYsPuMsY0Qe73Z5Y:Rk6Pq/YGbpSG1xYktsY17

Score

8^/10

collection credential_access discovery evasion execution impact persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

T1628.001

Processes:

com.zynga.crosswordswithfriends.hack

pid process

5041 com.zynga.crosswordswithfriends.hack
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

T1414

T1641.001

Processes:

com.zynga.crosswordswithfriends.hack

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.zynga.crosswordswithfriends.hack

pid	process
5041	com.zynga.crosswordswithfriends.hack

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.zynga.crosswordswithfriends.hack

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

T1422

Processes:

com.zynga.crosswordswithfriends.hack

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.zynga.crosswordswithfriends.hack

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.zynga.crosswordswithfriends.hack

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.zynga.crosswordswithfriends.hack
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

T1603

Processes:

com.zynga.crosswordswithfriends.hack

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.zynga.crosswordswithfriends.hack
Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.zynga.crosswordswithfriends.hack

description ioc process

File opened for read /proc/cpuinfo com.zynga.crosswordswithfriends.hack
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.zynga.crosswordswithfriends.hack

description ioc process

File opened for read /proc/meminfo com.zynga.crosswordswithfriends.hack

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.zynga.crosswordswithfriends.hack

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.zynga.crosswordswithfriends.hack

description	ioc	process
File opened for read	/proc/cpuinfo	com.zynga.crosswordswithfriends.hack

description	ioc	process
File opened for read	/proc/meminfo	com.zynga.crosswordswithfriends.hack

com.zynga.crosswordswithfriends.hack
1⤵
- Removes its main activity from the application launcher
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:5041

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.zynga.crosswordswithfriends.hack/databases/evernote_jobs.db
Filesize
16KB

MD5
12627a2ec645c4a4bc50dba5903afd59

SHA1
504005c938517e61bcf68b65a055c2faba635c2e

SHA256
f177ffae9650eb4f407c2d9a510bb5a5abe1ece2fdfe24effc62478a1bfa5903

SHA512
7ff69589296e02383a217373399e75d8a82fa17146e4273f4c0eb630f096dd9f394a3324d60858b02f7e5cf177c82c6d966f5cbedb68ae6a98df7cc851b79cfd

Download Submit
/data/data/com.zynga.crosswordswithfriends.hack/databases/evernote_jobs.db
Filesize
16KB

MD5
5e6479bbc08c61e215963834c60f9a02

SHA1
eb957f1f741d4be929d96fd1cdde2c029f845303

SHA256
30f08e3fffe5d26eb7f09ffc8daeb4782581d106d27d2a78327f07e5a7705355

SHA512
a812590ef5682d8d2149bc71e01d7fc56ad8512555f4b00de96377d6967f7949e5c8d68355ab80d9040b32ccea87ceeb8793f1fbb5482e3e89e227a453748ea0

Download Submit
/data/data/com.zynga.crosswordswithfriends.hack/databases/evernote_jobs.db-journal
Filesize
512B

MD5
559c8a076accb2f88e7e2f05e4085675

SHA1
2cd740e180a42b28f732ac4cc055a5adb51056cb

SHA256
0ac5ffea64f916380403f9dbbc4a9c6bae6a25b2cc06ff569f1384a33d3dc1dc

SHA512
74dc58c94095e57b72081ca00e5472b267b38797bb93e4866a79db08f810acb1e28ed245a3ba53af3b26d6086041c43057de55b20b2d774c8733db94daf74496

Download Submit
/data/data/com.zynga.crosswordswithfriends.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
e54a53c6048b6f5d9872a4102d18b3e4

SHA1
1c7a72fdf38d38acbd640f025ea0602319d98dfb

SHA256
0915b376f865f8083dc0f3bb825ec1079b2cbe733ea3e8f06ccaa83f22ae8374

SHA512
50341bcee3dba10e37c2cf10451b8cd2d8d6f6f1c2a6219df9fe0c905457a3f7720921f11b81c397737c42f41c933000a8c222e42479d31dadbcceada747dbe0

Download Submit
/data/data/com.zynga.crosswordswithfriends.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
86a7bda04b0ce1e6607f9a6c4513cac3

SHA1
287e9ad7edfaa780ecc6877a2afebbd9cfc199ce

SHA256
37a0e09c5c318869e005f22f2b2bc8938788d72b545b025068aa61f7a8dbe2b1

SHA512
47ac24493f0285147ee00486fd5e5222659b5d350752159a4fe9f9cdcd4bff56f2a054ae0d0e278defeae8bab8da14f0533f7fd00c131d458ca0e19d5e0db7f5

Download Submit
/data/data/com.zynga.crosswordswithfriends.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
b90620f14d526b0b7a31e52293757590

SHA1
8089ee6770fd1364e90b659cae3859eaaa9c3861

SHA256
a92b333bfa7a90865ac2731faca69651e4239faec6a523832d29fd9d1dc499cc

SHA512
8d726f08f257bb069fa7193cdf7aaa662aeed80d59f8a92c79bf664efc8f11d3c31096ce5f54855cb6249bafc88c09dafcdef5f4c17d606374e068e16f5d799e

Download Submit