2d560439776a0a4b4a87085762213e2dab9e0b5c8182836c4054d954be957c6f

General

Target

acaa5d82516d48ec1beb39d528624088_JaffaCakes118.apk
Size

1.9MB
MD5

acaa5d82516d48ec1beb39d528624088
SHA1

f532d72a837d24b89b83c63ec97ef29eb2f6425e
SHA256

2d560439776a0a4b4a87085762213e2dab9e0b5c8182836c4054d954be957c6f
SHA512

2a7d4e2cd766062d9d5968158b0c0aee8dcfa41440662e78be61a25d0fe96473eb2c546c30349011f40786514231cb0399c267d91634557c1d2a4acfa13f12b3
SSDEEP

24576:gVhZrwAxILwHjeR3jC4fXShWCy1YQF1fiW6yL0/ht5O1jEexTyzPu98LLUVWnNn0:chZrbjyJhXIWPT352/h3MTb0QE73ZLG

Score

8^/10

collection credential_access discovery evasion execution impact persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
5031	com.imangi.templerun.hack

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.imangi.templerun.hack

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.imangi.templerun.hack

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.imangi.templerun.hack

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.imangi.templerun.hack

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.imangi.templerun.hack

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.imangi.templerun.hack

com.imangi.templerun.hack
1⤵
- Removes its main activity from the application launcher
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:5031

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1

T1603

Persistence

Event Triggered Execution

1

T1624

Broadcast Receivers

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Hide Artifacts

1

T1628

Suppress Application Icon

1

T1628.001

Virtualization/Sandbox Evasion

2

T1633

System Checks

2

T1633.001

Credential Access

Clipboard Data

1

T1414

Discovery

System Information Discovery

2

T1426

System Network Configuration Discovery

1

T1422

Lateral Movement

Collection

Clipboard Data

1

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

1

T1641

Transmitted Data Manipulation

1

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.imangi.templerun.hack/databases/evernote_jobs.db

Filesize
16KB

MD5
12627a2ec645c4a4bc50dba5903afd59

SHA1
504005c938517e61bcf68b65a055c2faba635c2e

SHA256
f177ffae9650eb4f407c2d9a510bb5a5abe1ece2fdfe24effc62478a1bfa5903

SHA512
7ff69589296e02383a217373399e75d8a82fa17146e4273f4c0eb630f096dd9f394a3324d60858b02f7e5cf177c82c6d966f5cbedb68ae6a98df7cc851b79cfd

Download Submit
/data/data/com.imangi.templerun.hack/databases/evernote_jobs.db

Filesize
16KB

MD5
f59de41d0147448d627874bb87d02e65

SHA1
41f374175a9a1ec981fbb1c7ac3a57f84950fd04

SHA256
870b165d312c8d712d75fcf856e4dbf4a457d44c68fe46db400787b9cfdae00f

SHA512
7bae112a957d03aec94b885cd631a76bb0cfc2c1a2b55fb23e39b76cc2f518318a65f814af47a03a526a90ddd8b018b39c4ad9d08a5f2a480cc06b17996420ad

Download Submit
/data/data/com.imangi.templerun.hack/databases/evernote_jobs.db-journal

Filesize
512B

MD5
b107baeb6c710f7fcf394bf3527ed598

SHA1
4e3420e434206eb6144ebd066ab91d4ea7af2efb

SHA256
74b6332a344e6257fcb87df4073a5a8a52d712e3eb3e086780978e70edfd6935

SHA512
8eccc14f2fe0abc06aebf6b6c470d85796aedd54b11329cb78acf0651821f7d159fc15b82985ec334d466ab78ffffbbaa4a3014c7220ce472917ebf64e6c0031

Download Submit
/data/data/com.imangi.templerun.hack/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
a8831d9ed52f77643f130fda87075f50

SHA1
5d63f3508fa0702d50dacafe4f340e728040e2c0

SHA256
bca1d48fde2a66d79a1b193bd22ab75ba233d45438d74d1015e297c7cfaad1aa

SHA512
aa4f311935ed272ad3784445373e38f2d5ac6dde7178364ef24c4a4215c5ece38de072a702f4144aa5b6e7bd4512c1d9105cb13d599804afd48347d93c81a8ad

Download Submit
/data/data/com.imangi.templerun.hack/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
0d5602e9f958f0972997b93fd63731c2

SHA1
7da7593872123a2fe478e18f5cc41f9a240416ec

SHA256
27f8d02517cd0984b5654102527c5ec28647cf091bd3fd30dab0b4904d119572

SHA512
3e6be7870d8cce7cc6d3270c251ad51e11009f865e3bd4a830ec3940ba8f475333f89ca945953f51111682e9fd1ef8620b97875ad3ec5c0303cbea8add6694d6

Download Submit
/data/data/com.imangi.templerun.hack/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
c62358ee4a815cb6824258d4089b4cb2

SHA1
7d4aad4ebb6734213042f56cdbf8718b78afe22c

SHA256
65cd00b735584bd94bf152ea9c4b995f15faae8bae451df2daaf9e9a35b8e040

SHA512
dd530f5f2d2c1db36bc40b61027838d10daee7f1de3786137eb18e909f4ab6f6c3088451b6cda147f6d7f0143bdeb680b2905b004110da4bad0f91591697ee2d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads