Analysis Overview
SHA256
c24ad8e67355cc7992a8b1854f38a16712846af7ac3099794609d7f731ffd944
Threat Level: Likely malicious
The file acecd706ac72ddea24f10225af620272_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Removes its main activity from the application launcher
Obtains sensitive information copied to the device clipboard
Queries the mobile country code (MCC)
Registers a broadcast receiver at runtime (usually for listening for system events)
Schedules tasks to execute at a specified time
Checks memory information
Checks CPU information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-15 04:47
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-15 04:47
Reported
2024-06-15 04:50
Platform
android-x86-arm-20240611.1-en
Max time kernel
24s
Max time network
141s
Command Line
Signatures
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.topfreegames.bikeracefreeworld.hack
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.180.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | freegeoip.net | udp |
| US | 104.21.81.232:443 | freegeoip.net | tcp |
| US | 1.1.1.1:53 | lp.androidapk.world | udp |
| US | 104.21.81.232:80 | freegeoip.net | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
Files
/data/data/com.topfreegames.bikeracefreeworld.hack/databases/evernote_jobs.db-journal
| MD5 | a14a161cc37215509559aa8c7c25fba3 |
| SHA1 | 879e2302e9f87b60ece6967aab96f8629c49a23c |
| SHA256 | 3b8a8a878103ff5f9b24348be7a9e355eedbe37d4995d054e425df52d6f9e8ef |
| SHA512 | 00ada29cd41c8d3b314effbe207b3cfe3d6ee092dd95f3ac81722cad05b59c2fa81dfdb8de3d0bd8e2213df6f8da53fbab8fd9a6f6c9b6ecf36aded28b32bb1c |
/data/data/com.topfreegames.bikeracefreeworld.hack/databases/evernote_jobs.db
| MD5 | 5d85664f8e614fcaef42be2e6f649027 |
| SHA1 | 09c6288922102f6114a823f4992415fd3373d61e |
| SHA256 | 55f8907e91226ef43a05583c7b4623b4e26994b62d20c8603975ccc1fa3b9409 |
| SHA512 | 3d6006a3e82d00fe9bc443e940acc5df12ec84114fcbcf8fbc8099c085cb1229b21a217b7445129b50558bfef5100894686d7359eb80b7ef087b65c7be3bc6e9 |
/data/data/com.topfreegames.bikeracefreeworld.hack/databases/evernote_jobs.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.topfreegames.bikeracefreeworld.hack/databases/evernote_jobs.db-wal
| MD5 | 911bfe06203cea094061a627fad6d7f3 |
| SHA1 | 4253e25ae2423ac2d8b16e5bbd04bc386694095f |
| SHA256 | 4b718778b28152fc014f2a3aa05d9001a341c743d3b41adb5a8d2ffa04b3c783 |
| SHA512 | 34eb40a66815816ee71781486ccffcee74ae0ae5c81dcad59d29bea9ee577051edcd607022f61415ea52ad1826368c8d89275e028382d303c39f43fc6e0e75e5 |
/data/data/com.topfreegames.bikeracefreeworld.hack/databases/evernote_jobs.db-wal
| MD5 | 3f73c4027bed8c01700b01ce19c8c822 |
| SHA1 | 8ec26b7a77bdc4c3c2b4a1d0cce6c906657f7228 |
| SHA256 | a0bab46d7c0caff1be547bc3cb0eb15a25cdcd3b73a24f5134083d964411525d |
| SHA512 | 62b49d730e1b61cbbb917ccfdeb207ca668c8f3b1716a9ad2218078ee62e192a0542e3d0ce303986039671831f8c027fd82bd2bc082b3a2f00683386e7e41c54 |
/data/data/com.topfreegames.bikeracefreeworld.hack/databases/evernote_jobs.db
| MD5 | eb426ad404bec715304973685ea00bf2 |
| SHA1 | 7ab54c1df75e7b59c59d19c3a043c311c6a39807 |
| SHA256 | 11882c3f828b04585d689a661bb5875fb94e90726d5d56c26206de0f9e285adc |
| SHA512 | c6c50f7bf4205f730276fc0f3cf9945a800dd2c2ad6cbd3db90456d34bd7c34831c955020bea833099bccb933ca5662b7601a015f1060d9adfbb85b36e007e6b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-15 04:47
Reported
2024-06-15 04:50
Platform
android-x64-20240611.1-en
Max time kernel
24s
Max time network
147s
Command Line
Signatures
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.topfreegames.bikeracefreeworld.hack
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.169.42:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | freegeoip.net | udp |
| US | 172.67.165.196:443 | freegeoip.net | tcp |
| US | 1.1.1.1:53 | lp.androidapk.world | udp |
| US | 172.67.165.196:80 | freegeoip.net | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| GB | 172.217.169.42:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.187.194:443 | tcp | |
| GB | 172.217.169.42:443 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
Files
/data/data/com.topfreegames.bikeracefreeworld.hack/databases/evernote_jobs.db-journal
| MD5 | 931126e9df24ad3951bc1de9519ebf8e |
| SHA1 | d30c5aac17ea532b163fafefb8a0404c8601eb3f |
| SHA256 | 8266214188bca8a7fa8430e4857519ee8339b38e33b6e132ee868a36391a2537 |
| SHA512 | 9874ce8b8e646191f37f8759e98321ac4dfb915c4d3f412491fd3d50cb5c921b8d1df6514dc2e2c57cd6ca6f616a30260126ffea9c933aa93f61556bc29047e4 |
/data/data/com.topfreegames.bikeracefreeworld.hack/databases/evernote_jobs.db
| MD5 | 12627a2ec645c4a4bc50dba5903afd59 |
| SHA1 | 504005c938517e61bcf68b65a055c2faba635c2e |
| SHA256 | f177ffae9650eb4f407c2d9a510bb5a5abe1ece2fdfe24effc62478a1bfa5903 |
| SHA512 | 7ff69589296e02383a217373399e75d8a82fa17146e4273f4c0eb630f096dd9f394a3324d60858b02f7e5cf177c82c6d966f5cbedb68ae6a98df7cc851b79cfd |
/data/data/com.topfreegames.bikeracefreeworld.hack/databases/evernote_jobs.db-journal
| MD5 | 89da61c958ac631b1c4b282e6011f7c1 |
| SHA1 | 82aada41bfddd7c47edcc4024e76502920fb2243 |
| SHA256 | 9ca141b36f5632a4e49139b9a317de5f2ca4dc6c9d43be4eeb2fcfa4145345af |
| SHA512 | 62df9d1de6628184812e74d45d16bf10e7ee3c226d0aa31ece80494a2c2c4e12c1d8f43f035feebf399b0f9ef43de16107f6ec53955cb393c662742e9ca17389 |
/data/data/com.topfreegames.bikeracefreeworld.hack/databases/evernote_jobs.db-journal
| MD5 | 160856b36a355c1d029ab0cce3080fd2 |
| SHA1 | c51d84bc02f6616e6561db800df08e79197590dc |
| SHA256 | 5cb1d6923e5d414d9de0f0c3261dd449fbf1a497b25405f3af840fdbdb289f9e |
| SHA512 | c88b804c48dc29fb687551125d57ef1c53db7e6fd11a07a43aea8be50b2fd085c7dabb7061ecd8520883ea8902b727bd88003fabe2f336be1258e87085f4b1f0 |
/data/data/com.topfreegames.bikeracefreeworld.hack/databases/evernote_jobs.db-journal
| MD5 | e7cd1c256da77cd9d7e6cf04e8958ce9 |
| SHA1 | 7c386c13c6366064f3feb682303df82ae4ac5ec1 |
| SHA256 | beee24cb612cdef1fc579a25b32dcff7776c675979afe828a8e7d002e3cf47b5 |
| SHA512 | 28cd1cd5e83a595cbc3506a3108ee7a55b8a1bc7a0732501852c36d1408798d971b2371c29f281ed7356e7051659feedd6f208e1af403cbcdf2ad29bb117a3a9 |
/data/data/com.topfreegames.bikeracefreeworld.hack/databases/evernote_jobs.db
| MD5 | 1d8865c76157c28c5db09ef0e166539f |
| SHA1 | bbff0262c3ff8779820802ea8501aa49fce3693d |
| SHA256 | bc2b0f66b51e2385f0e0f8632337c83d751fd4e20caae1de21c33930c50ed275 |
| SHA512 | 64024a6b250a24806d54e6878520027500cc07c7ff6808c623272193b9e0768fd04a543880837788fbf071b5c3f058349bb758813fd99117cd1eeeb44398e2f9 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-15 04:47
Reported
2024-06-15 04:50
Platform
android-x64-arm64-20240611.1-en
Max time kernel
25s
Max time network
132s
Command Line
Signatures
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.topfreegames.bikeracefreeworld.hack
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.234:443 | tcp | |
| GB | 172.217.16.234:443 | tcp | |
| US | 1.1.1.1:53 | freegeoip.net | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.232:443 | ssl.google-analytics.com | tcp |
| US | 104.21.81.232:443 | freegeoip.net | tcp |
| US | 104.21.81.232:80 | freegeoip.net | tcp |
| US | 1.1.1.1:53 | lp.androidapk.world | udp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp |
Files
/data/user/0/com.topfreegames.bikeracefreeworld.hack/databases/evernote_jobs.db-journal
| MD5 | 9daadb5ebc030128f8b29103135ec022 |
| SHA1 | 2cf71b6d86dc8dafd48caa74a438b7c4a567d72b |
| SHA256 | 3b8d53d7eba4f982af6ab13e68f15153df5629229fb0a7aab58e693591a872cd |
| SHA512 | 774dc60e3a09f6806790f17cfa284a3549e502639aefc09158822bedffb2ee13cea59c5e23c66c84b66aa724e8b043636fe9257bd823f7889e5e3d19fbd0f70a |
/data/user/0/com.topfreegames.bikeracefreeworld.hack/databases/evernote_jobs.db
| MD5 | 58c0b6e45328752b20ac6e719ac034f8 |
| SHA1 | 372b2638afd00bbbc4034657b3df3d2e428fb367 |
| SHA256 | 9d74f93afa5a179b1ba2f19f154b2880aa8b99c88209802099045a0874d2426a |
| SHA512 | 2d347d5824b9ab701e341c89e8327a95fd6bab8e92ee15ce9550da368d773e22bff304072a4854df5ab763750a7401f7aa61a49e3292d62c27fa9f20536eb3ab |
/data/user/0/com.topfreegames.bikeracefreeworld.hack/databases/evernote_jobs.db-journal
| MD5 | 71b9c74e4ece4e617dff5767158e8ed1 |
| SHA1 | d32fd0b376ee91b082d0295332e531b0e834bae9 |
| SHA256 | 58d4b763ebf32d17af090a284fb7c5080ac7cf5fb55cf4d91aa11b0039f6714b |
| SHA512 | d62253a93daa29e5433d21e9d8b7f4850db4b79c98d338f89a2f6bcdb7c1cfb39e83407a99c1fab312425614df7dfb59c22f76c7b253cb14c511ad28ba131f4e |
/data/user/0/com.topfreegames.bikeracefreeworld.hack/databases/evernote_jobs.db-journal
| MD5 | 217098dc82c5eaf0171557b094d04c1f |
| SHA1 | 34668f65668a30a08e24c6bd59b7cf33e3a28cca |
| SHA256 | 9d9258741ce39b1c7c27bbe92f41f1abfe61f2619d05f7067d3799f86e673d12 |
| SHA512 | aa2bcdc6ebe7a8d6499c58214d8e0caaee5e651b15557d51ea6c563c7d3063dcd81ee48fb4f3489cf69758145201f1853c55fb912f776cb790604ca916dc8cec |
/data/user/0/com.topfreegames.bikeracefreeworld.hack/databases/evernote_jobs.db-journal
| MD5 | 318ac1992457a26be81ad55881b46678 |
| SHA1 | 033ae45630a3cd4fe5cc63b14deb8a2d9cd232cb |
| SHA256 | e63c510fb63cb7d893757fb01b94bb4cbbd7c57d16cfc883dbac8a6faca7abb1 |
| SHA512 | 7316766f7504040cecdc609e8a0b24d730a208f59843444b5093db7b451abd245e5552e41a7b723c8f87c632b79fd937a10ceb49d42d23ab7b5ed6b9d3c14c97 |
/data/user/0/com.topfreegames.bikeracefreeworld.hack/databases/evernote_jobs.db
| MD5 | c264fe4299a2681794628723eccaa026 |
| SHA1 | e132e3a97d81a57f0ddde2a6a76a9ad1e200a160 |
| SHA256 | e20dcfa639abe4318f124050683a2550a930cf33364fce7412c0c6cd62b96694 |
| SHA512 | 7608520a026bd9916b6fc89eca8601c510f9a1c405e992af52d56ce9a42b05f1cdfc91c479e42005aecd7fe2fe3c32035e659752d764c3e67049e9d0f8a9d221 |