Analysis Overview
SHA256
2d560439776a0a4b4a87085762213e2dab9e0b5c8182836c4054d954be957c6f
Threat Level: Likely malicious
The file acaa5d82516d48ec1beb39d528624088_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Removes its main activity from the application launcher
Obtains sensitive information copied to the device clipboard
Queries the mobile country code (MCC)
Registers a broadcast receiver at runtime (usually for listening for system events)
Schedules tasks to execute at a specified time
Checks CPU information
Checks memory information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-15 02:56
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-15 02:56
Reported
2024-06-15 03:01
Platform
android-x86-arm-20240611.1-en
Max time kernel
23s
Max time network
165s
Command Line
Signatures
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.imangi.templerun.hack
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | freegeoip.net | udp |
| US | 104.21.81.232:443 | freegeoip.net | tcp |
| US | 1.1.1.1:53 | lp.androidapk.world | udp |
| US | 104.21.81.232:80 | freegeoip.net | tcp |
| GB | 216.58.201.110:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| GB | 216.58.212.202:443 | tcp | |
| GB | 216.58.212.202:443 | tcp |
Files
/data/data/com.imangi.templerun.hack/databases/evernote_jobs.db-journal
| MD5 | d74b1a22eaaed65750073f9c4043b505 |
| SHA1 | 9eb4fd1e84e20d2d88435bef7865291cb9c79e6b |
| SHA256 | beec6f1076fb256a4f0d9bb589cbaf5e1877da5f63d8963fe713998d4d2efbe6 |
| SHA512 | 7bf68f77b951cbfe1700924841994809dbdec11c4e59524064448e6b674133a16b74884c82adaed202b4caf1a37acb52965d8083a512d47af0ec9abad933bdcc |
/data/data/com.imangi.templerun.hack/databases/evernote_jobs.db
| MD5 | 5d85664f8e614fcaef42be2e6f649027 |
| SHA1 | 09c6288922102f6114a823f4992415fd3373d61e |
| SHA256 | 55f8907e91226ef43a05583c7b4623b4e26994b62d20c8603975ccc1fa3b9409 |
| SHA512 | 3d6006a3e82d00fe9bc443e940acc5df12ec84114fcbcf8fbc8099c085cb1229b21a217b7445129b50558bfef5100894686d7359eb80b7ef087b65c7be3bc6e9 |
/data/data/com.imangi.templerun.hack/databases/evernote_jobs.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.imangi.templerun.hack/databases/evernote_jobs.db-wal
| MD5 | daa47e6920ee18c4a9e5f3d5d6abc4c7 |
| SHA1 | f8fe18e671ab03779eed580597e5d280be908747 |
| SHA256 | 2d90535d130996cc4389038e63d3e4633473ee790f81d00bf8766f0d403960c8 |
| SHA512 | 9fb7b0ecd2a553aa18df68d5aa12849c47a717803f8662bb02bea53b2bbf459af1099155dea094b8107ae62a4a0180453194c432e2b502886bb6d13450d37668 |
/data/data/com.imangi.templerun.hack/databases/evernote_jobs.db-wal
| MD5 | 93b83276c442494a217346a99d90acfe |
| SHA1 | fdcb4911d88cb27c6ed18a8dd83960a11b1e886d |
| SHA256 | 30701647a8aeb8ecb0bcb61d7c6a5f6f07357e7511b6d77fb7a77dbce9a43acd |
| SHA512 | d8c30b12dcd891946b3f2a5ce181e03dd69feb2b82cc58465429285ac9a04f24d2a6cbd0b01623f8d099c76cc657b8f3f716b3d30cfcf29d5faf1245a18c3a00 |
/data/data/com.imangi.templerun.hack/databases/evernote_jobs.db
| MD5 | 6bd7115bf5be1c4292ff6124f7ff5979 |
| SHA1 | 6806c31dd6c626e3d304d8367021c15449a0b6d1 |
| SHA256 | 5b7957b09953eab2f8d03b597bc62afec31d2097f93344792ada2bbed4227542 |
| SHA512 | afc67985e834fef6871fe11cdb12ae6a4ec1b09968b6b8db76275028b9ae9a4afe7030a79fdd31b326712173c31b665f6d6a013dd3abdad90f185026df87df68 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-15 02:56
Reported
2024-06-15 03:01
Platform
android-x64-20240611.1-en
Max time kernel
48s
Max time network
151s
Command Line
Signatures
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.imangi.templerun.hack
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | freegeoip.net | udp |
| US | 104.21.81.232:443 | freegeoip.net | tcp |
| US | 1.1.1.1:53 | lp.androidapk.world | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.178.8:443 | ssl.google-analytics.com | tcp |
| US | 104.21.81.232:80 | freegeoip.net | tcp |
| GB | 142.250.178.10:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.201.110:443 | android.apis.google.com | tcp |
| GB | 142.250.178.14:443 | tcp | |
| GB | 216.58.201.98:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 216.58.213.14:443 | tcp |
Files
/data/data/com.imangi.templerun.hack/databases/evernote_jobs.db-journal
| MD5 | b107baeb6c710f7fcf394bf3527ed598 |
| SHA1 | 4e3420e434206eb6144ebd066ab91d4ea7af2efb |
| SHA256 | 74b6332a344e6257fcb87df4073a5a8a52d712e3eb3e086780978e70edfd6935 |
| SHA512 | 8eccc14f2fe0abc06aebf6b6c470d85796aedd54b11329cb78acf0651821f7d159fc15b82985ec334d466ab78ffffbbaa4a3014c7220ce472917ebf64e6c0031 |
/data/data/com.imangi.templerun.hack/databases/evernote_jobs.db
| MD5 | 12627a2ec645c4a4bc50dba5903afd59 |
| SHA1 | 504005c938517e61bcf68b65a055c2faba635c2e |
| SHA256 | f177ffae9650eb4f407c2d9a510bb5a5abe1ece2fdfe24effc62478a1bfa5903 |
| SHA512 | 7ff69589296e02383a217373399e75d8a82fa17146e4273f4c0eb630f096dd9f394a3324d60858b02f7e5cf177c82c6d966f5cbedb68ae6a98df7cc851b79cfd |
/data/data/com.imangi.templerun.hack/databases/evernote_jobs.db-journal
| MD5 | a8831d9ed52f77643f130fda87075f50 |
| SHA1 | 5d63f3508fa0702d50dacafe4f340e728040e2c0 |
| SHA256 | bca1d48fde2a66d79a1b193bd22ab75ba233d45438d74d1015e297c7cfaad1aa |
| SHA512 | aa4f311935ed272ad3784445373e38f2d5ac6dde7178364ef24c4a4215c5ece38de072a702f4144aa5b6e7bd4512c1d9105cb13d599804afd48347d93c81a8ad |
/data/data/com.imangi.templerun.hack/databases/evernote_jobs.db-journal
| MD5 | 0d5602e9f958f0972997b93fd63731c2 |
| SHA1 | 7da7593872123a2fe478e18f5cc41f9a240416ec |
| SHA256 | 27f8d02517cd0984b5654102527c5ec28647cf091bd3fd30dab0b4904d119572 |
| SHA512 | 3e6be7870d8cce7cc6d3270c251ad51e11009f865e3bd4a830ec3940ba8f475333f89ca945953f51111682e9fd1ef8620b97875ad3ec5c0303cbea8add6694d6 |
/data/data/com.imangi.templerun.hack/databases/evernote_jobs.db-journal
| MD5 | c62358ee4a815cb6824258d4089b4cb2 |
| SHA1 | 7d4aad4ebb6734213042f56cdbf8718b78afe22c |
| SHA256 | 65cd00b735584bd94bf152ea9c4b995f15faae8bae451df2daaf9e9a35b8e040 |
| SHA512 | dd530f5f2d2c1db36bc40b61027838d10daee7f1de3786137eb18e909f4ab6f6c3088451b6cda147f6d7f0143bdeb680b2905b004110da4bad0f91591697ee2d |
/data/data/com.imangi.templerun.hack/databases/evernote_jobs.db
| MD5 | f59de41d0147448d627874bb87d02e65 |
| SHA1 | 41f374175a9a1ec981fbb1c7ac3a57f84950fd04 |
| SHA256 | 870b165d312c8d712d75fcf856e4dbf4a457d44c68fe46db400787b9cfdae00f |
| SHA512 | 7bae112a957d03aec94b885cd631a76bb0cfc2c1a2b55fb23e39b76cc2f518318a65f814af47a03a526a90ddd8b018b39c4ad9d08a5f2a480cc06b17996420ad |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-15 02:56
Reported
2024-06-15 03:02
Platform
android-x64-arm64-20240611.1-en
Max time kernel
119s
Max time network
132s
Command Line
Signatures
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.imangi.templerun.hack
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.178.10:443 | tcp | |
| US | 1.1.1.1:53 | freegeoip.net | udp |
| US | 104.21.81.232:443 | freegeoip.net | tcp |
| US | 1.1.1.1:53 | lp.androidapk.world | udp |
| US | 104.21.81.232:80 | freegeoip.net | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.40:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.180.14:443 | android.apis.google.com | tcp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp |
Files
/data/user/0/com.imangi.templerun.hack/databases/evernote_jobs.db-journal
| MD5 | 82550d393317ccb0523c5d138430954a |
| SHA1 | b3513b164db2b3ad425caddb4b733faad4bb6b2a |
| SHA256 | 13c9ccfc54f563540319f8b90f206b6ab5b28f696ed52f5ee8dbee3981a6f145 |
| SHA512 | 92d72164ac5c462b4eb2b764e3f24d473b7dd384e3a01598a2147fbfd043ab84cdf2d178e57c5cc4124c10d60f1250987228fab9a43aa0b6e4a23c984cfedd6d |
/data/user/0/com.imangi.templerun.hack/databases/evernote_jobs.db
| MD5 | 58c0b6e45328752b20ac6e719ac034f8 |
| SHA1 | 372b2638afd00bbbc4034657b3df3d2e428fb367 |
| SHA256 | 9d74f93afa5a179b1ba2f19f154b2880aa8b99c88209802099045a0874d2426a |
| SHA512 | 2d347d5824b9ab701e341c89e8327a95fd6bab8e92ee15ce9550da368d773e22bff304072a4854df5ab763750a7401f7aa61a49e3292d62c27fa9f20536eb3ab |
/data/user/0/com.imangi.templerun.hack/databases/evernote_jobs.db-journal
| MD5 | 7e44810d5b4e4b6f51486717a0c2ff66 |
| SHA1 | f05f2a7b29b2ea7d595f7817908871e5ef992d79 |
| SHA256 | 8720a54ad2271c32c48ecbdc462ea954982ac28a80cf34ffcdff59863938c73b |
| SHA512 | c0a9cf35eea5795ddadc983362ab6ec6ce694bf2c6d35e88479e0111b8c8bb6af439dd43eaf43ec438888e7c5b58190f4db1253d362fe55951d4e2dac40030bf |
/data/user/0/com.imangi.templerun.hack/databases/evernote_jobs.db-journal
| MD5 | 949df34771c755aaffb92c113c214132 |
| SHA1 | 10c03d25b78db4dcdfffa724449bc0146b6849fa |
| SHA256 | c9d251e0c884b1192e9771e2f6c0252f8322b68dbf99ec8af6f3dbe3f9752901 |
| SHA512 | 79fbe500a53545c361548acd85c7dfd613ba168b2fad7018a86d30c04d2e2c3f2a7876fb547416e0ad991693a94022b9b83998dbc521a620ee0480b26bb0b28f |
/data/user/0/com.imangi.templerun.hack/databases/evernote_jobs.db-journal
| MD5 | d2df11727cb428e8acf5621c7a49ef7e |
| SHA1 | 72e387dfd05aa2f6731b99e9fa88b691a1d23f12 |
| SHA256 | dd1fa2e30a805a6361911e935fa719dc22f93b055b6193e888a0849fa55d6794 |
| SHA512 | 85eeb8649296e878d5b14a0e61fab70ae306259667e3ed5ce2628a4f8b9b33e1f50c34b33a5b4ca68845a3c0746e6ac7066329fb2738c4fb1543f5f04332c406 |
/data/user/0/com.imangi.templerun.hack/databases/evernote_jobs.db
| MD5 | daca2c115044087b132fd8b49b79ef4f |
| SHA1 | 23e091aa86f7586f293b4543829eda433b8b4849 |
| SHA256 | 87944c302c28b5e2aaa3425429949c2840e0892ae6a8f97289ee3ee8ad53f0bc |
| SHA512 | 95914cd0d3c5a9092ff0458f7bb3b504b244ecd0343ded068a2e3778342dceb493cc8c860299f4f121a16b2fa8f00bd7fdead9c2cd9435d46df799ccb8703926 |