30d80b3e80b4971e34a3beb9d30269e8fe31187b74b95400321e4cee31ae3cd0

Analysis

max time kernel
26s
max time network
133s
platform
android_x64
resource
android-x64-arm64-20240611.1-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
submitted
14-06-2024 06:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a861b5adf601edea92c6f5ed1178866e_JaffaCakes118.apk
Size

1.9MB
MD5

a861b5adf601edea92c6f5ed1178866e
SHA1

6e647c9f3434eded590b1be6070650c136c461e3
SHA256

30d80b3e80b4971e34a3beb9d30269e8fe31187b74b95400321e4cee31ae3cd0
SHA512

daa30f68a611cdccc0c1e21db4b8e3a8adbbc14b69dea89bdeb8fcf23931e23dfb6b251541b2087996f47dc677bd75c74b756930d7590e402989977fe263f207
SSDEEP

49152:Rk6Pq/Yq3ODcpTmnqV1trYsPuMsY0Qe73Z5Y:Rk6Pq/YGbpSG1xYktsY17

Score

8^/10

collection credential_access evasion execution impact persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

T1628.001

Processes:

com.zynga.crosswordswithfriends.hack

pid process

4433 com.zynga.crosswordswithfriends.hack
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

T1414

T1641.001

Processes:

com.zynga.crosswordswithfriends.hack

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.zynga.crosswordswithfriends.hack
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

T1603

Processes:

com.zynga.crosswordswithfriends.hack

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.zynga.crosswordswithfriends.hack
Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.zynga.crosswordswithfriends.hack

description ioc process

File opened for read /proc/cpuinfo com.zynga.crosswordswithfriends.hack
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.zynga.crosswordswithfriends.hack

description ioc process

File opened for read /proc/meminfo com.zynga.crosswordswithfriends.hack

pid	process
4433	com.zynga.crosswordswithfriends.hack

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.zynga.crosswordswithfriends.hack

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.zynga.crosswordswithfriends.hack

description	ioc	process
File opened for read	/proc/cpuinfo	com.zynga.crosswordswithfriends.hack

description	ioc	process
File opened for read	/proc/meminfo	com.zynga.crosswordswithfriends.hack

com.zynga.crosswordswithfriends.hack
1⤵
- Removes its main activity from the application launcher
- Obtains sensitive information copied to the device clipboard
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4433

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.zynga.crosswordswithfriends.hack/databases/evernote_jobs.db
Filesize
16KB

MD5
58c0b6e45328752b20ac6e719ac034f8

SHA1
372b2638afd00bbbc4034657b3df3d2e428fb367

SHA256
9d74f93afa5a179b1ba2f19f154b2880aa8b99c88209802099045a0874d2426a

SHA512
2d347d5824b9ab701e341c89e8327a95fd6bab8e92ee15ce9550da368d773e22bff304072a4854df5ab763750a7401f7aa61a49e3292d62c27fa9f20536eb3ab

Download Submit
/data/user/0/com.zynga.crosswordswithfriends.hack/databases/evernote_jobs.db
Filesize
16KB

MD5
2e0dbecb2180efc21252083113ee6a1b

SHA1
27d25ddbaac404019653edb4cc94a3d7d534c0f0

SHA256
3f9d03e0f6d5774fddaee86a93ae05012a4146a7bd0a484aa93f04b4594b7a84

SHA512
798295f9f0c58182e625d2c1b18022ab962023850e86f1f3d5330e927ad5ad46f0cadaa77b60ff22597683ee87258cf7ed00040a4469085f434270b177032c4e

Download Submit
/data/user/0/com.zynga.crosswordswithfriends.hack/databases/evernote_jobs.db-journal
Filesize
512B

MD5
b5d30e32f9976f424fe596b9ed7fc67a

SHA1
bd2c33036ad483dac586a1fd5fd88c840cc3a261

SHA256
6f75b5d887d37c375145802ed11b53195586685c9629fce938a4501dec76abb8

SHA512
fe4a79330e9196e704c48a7f14d69036454e0def8f016b4e9ef75677d1b11f2d11035bef205dfe94b45a860b55f0581ed37bf01bcee63c3223e1cc91c814ba5a

Download Submit
/data/user/0/com.zynga.crosswordswithfriends.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
bc8c9bca61820c563f96a1bdba547ee2

SHA1
c1de98395473ed7cbefa8b1a01970d28c2276676

SHA256
0884d531bd1f3b79cda6c66a279b0f494ba94f6164b25180fe4892106600df59

SHA512
9fb648457df0ba924da35bcb20d7e4a92895723198fdb2e27d2e16ad63d0aa7dbbd27eb34b3e02ae3ca943bc52ac245c549f149926c12eaa4a4532ab690d5955

Download Submit
/data/user/0/com.zynga.crosswordswithfriends.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
b369b0de7b1a43f893b564ad6ed46f26

SHA1
b52e572a7eb7359de267b4b9afb801cb2c3930ca

SHA256
89638af749323715ad59e90d7ad797425adde313ebf86f9253665037f0f1b8f3

SHA512
07d29be95d641b74af450582175684ea3d58eb00c8dd5dfb18a38d58a66b772618027d34649501964d792b69dd5752b476cb15162bb7eab67eb4890ca70a7c26

Download Submit
/data/user/0/com.zynga.crosswordswithfriends.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
2a36c5518fea44215c5c82f123bf72df

SHA1
25d90ed0f621f5616725e0f42e2637ca5be0870b

SHA256
8908ff12d08c437c3c4284cfcfa01b29976d56a1abc3f7e290615085a0b12fa5

SHA512
fa23a6fea6a66e3e182246bfc0b51b0c84fa1ac76346eee01f0fb052e08eddaa59e2375677beb93ee7466496806baa3cb30d6bc023fb86fb5a5e8e3d2ebf0efd

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads