2d560439776a0a4b4a87085762213e2dab9e0b5c8182836c4054d954be957c6f

Analysis

max time kernel
119s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240611.1-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
submitted
15/06/2024, 02:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

acaa5d82516d48ec1beb39d528624088_JaffaCakes118.apk
Size

1.9MB
MD5

acaa5d82516d48ec1beb39d528624088
SHA1

f532d72a837d24b89b83c63ec97ef29eb2f6425e
SHA256

2d560439776a0a4b4a87085762213e2dab9e0b5c8182836c4054d954be957c6f
SHA512

2a7d4e2cd766062d9d5968158b0c0aee8dcfa41440662e78be61a25d0fe96473eb2c546c30349011f40786514231cb0399c267d91634557c1d2a4acfa13f12b3
SSDEEP

24576:gVhZrwAxILwHjeR3jC4fXShWCy1YQF1fiW6yL0/ht5O1jEexTyzPu98LLUVWnNn0:chZrbjyJhXIWPT352/h3MTb0QE73ZLG

Score

8^/10

collection credential_access evasion execution impact persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4494	com.imangi.templerun.hack

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.imangi.templerun.hack

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.imangi.templerun.hack

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.imangi.templerun.hack

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.imangi.templerun.hack

com.imangi.templerun.hack
1⤵
- Removes its main activity from the application launcher
- Obtains sensitive information copied to the device clipboard
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4494

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.imangi.templerun.hack/databases/evernote_jobs.db

Filesize
16KB

MD5
58c0b6e45328752b20ac6e719ac034f8

SHA1
372b2638afd00bbbc4034657b3df3d2e428fb367

SHA256
9d74f93afa5a179b1ba2f19f154b2880aa8b99c88209802099045a0874d2426a

SHA512
2d347d5824b9ab701e341c89e8327a95fd6bab8e92ee15ce9550da368d773e22bff304072a4854df5ab763750a7401f7aa61a49e3292d62c27fa9f20536eb3ab

Download Submit
/data/user/0/com.imangi.templerun.hack/databases/evernote_jobs.db

Filesize
16KB

MD5
daca2c115044087b132fd8b49b79ef4f

SHA1
23e091aa86f7586f293b4543829eda433b8b4849

SHA256
87944c302c28b5e2aaa3425429949c2840e0892ae6a8f97289ee3ee8ad53f0bc

SHA512
95914cd0d3c5a9092ff0458f7bb3b504b244ecd0343ded068a2e3778342dceb493cc8c860299f4f121a16b2fa8f00bd7fdead9c2cd9435d46df799ccb8703926

Download Submit
/data/user/0/com.imangi.templerun.hack/databases/evernote_jobs.db-journal

Filesize
512B

MD5
82550d393317ccb0523c5d138430954a

SHA1
b3513b164db2b3ad425caddb4b733faad4bb6b2a

SHA256
13c9ccfc54f563540319f8b90f206b6ab5b28f696ed52f5ee8dbee3981a6f145

SHA512
92d72164ac5c462b4eb2b764e3f24d473b7dd384e3a01598a2147fbfd043ab84cdf2d178e57c5cc4124c10d60f1250987228fab9a43aa0b6e4a23c984cfedd6d

Download Submit
/data/user/0/com.imangi.templerun.hack/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
7e44810d5b4e4b6f51486717a0c2ff66

SHA1
f05f2a7b29b2ea7d595f7817908871e5ef992d79

SHA256
8720a54ad2271c32c48ecbdc462ea954982ac28a80cf34ffcdff59863938c73b

SHA512
c0a9cf35eea5795ddadc983362ab6ec6ce694bf2c6d35e88479e0111b8c8bb6af439dd43eaf43ec438888e7c5b58190f4db1253d362fe55951d4e2dac40030bf

Download Submit
/data/user/0/com.imangi.templerun.hack/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
949df34771c755aaffb92c113c214132

SHA1
10c03d25b78db4dcdfffa724449bc0146b6849fa

SHA256
c9d251e0c884b1192e9771e2f6c0252f8322b68dbf99ec8af6f3dbe3f9752901

SHA512
79fbe500a53545c361548acd85c7dfd613ba168b2fad7018a86d30c04d2e2c3f2a7876fb547416e0ad991693a94022b9b83998dbc521a620ee0480b26bb0b28f

Download Submit
/data/user/0/com.imangi.templerun.hack/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
d2df11727cb428e8acf5621c7a49ef7e

SHA1
72e387dfd05aa2f6731b99e9fa88b691a1d23f12

SHA256
dd1fa2e30a805a6361911e935fa719dc22f93b055b6193e888a0849fa55d6794

SHA512
85eeb8649296e878d5b14a0e61fab70ae306259667e3ed5ce2628a4f8b9b33e1f50c34b33a5b4ca68845a3c0746e6ac7066329fb2738c4fb1543f5f04332c406

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads