9579d69ede30626ee7615739d19bf1aee654ffcdaad5d4b4ba8cec42eef2a3e0

Analysis

max time kernel
26s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
15/06/2024, 19:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

afecf973b5cc3d22cb18dae57cc3917d_JaffaCakes118.apk
Size

1.8MB
MD5

afecf973b5cc3d22cb18dae57cc3917d
SHA1

a072c4a3bf22e4b957a92e20bdd1ef020c127d9c
SHA256

9579d69ede30626ee7615739d19bf1aee654ffcdaad5d4b4ba8cec42eef2a3e0
SHA512

7cce4471b3b3e79b90006494d94ea335212df69a5c5fa58ba1d9428e592eec59ac4e93358f8b9503919e31ff7fed0a67ae04cc4fc126353e8eabc9e0248a1ca3
SSDEEP

49152:E50ejxvtdewe4/mEkS512WtFB1iP6EKQCigZx73ZOV:E5lXeDe3VWuEzFgZ0

Score

8^/10

discovery evasion execution persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4299	com.puzzlegame.puzzledom.hack

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.puzzlegame.puzzledom.hack

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.puzzlegame.puzzledom.hack

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.puzzlegame.puzzledom.hack

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.puzzlegame.puzzledom.hack

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.puzzlegame.puzzledom.hack

com.puzzlegame.puzzledom.hack
1⤵
- Removes its main activity from the application launcher
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4299

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.puzzlegame.puzzledom.hack/databases/evernote_jobs.db

Filesize
16KB

MD5
5d85664f8e614fcaef42be2e6f649027

SHA1
09c6288922102f6114a823f4992415fd3373d61e

SHA256
55f8907e91226ef43a05583c7b4623b4e26994b62d20c8603975ccc1fa3b9409

SHA512
3d6006a3e82d00fe9bc443e940acc5df12ec84114fcbcf8fbc8099c085cb1229b21a217b7445129b50558bfef5100894686d7359eb80b7ef087b65c7be3bc6e9

Download Submit
/data/data/com.puzzlegame.puzzledom.hack/databases/evernote_jobs.db

Filesize
16KB

MD5
24661e00e51c30188995cf21ce0ed658

SHA1
7295da62d82a15e9d1453b5ac8d1e0b82bfb489f

SHA256
f38b0fa6b80733960a2c1a92fd081fb2f77c54115d4d00f75e7c7fb2acea6ab2

SHA512
1f3ae1c8caa08f012f5b953e68820ac9ab171b379399b9728d664e9c39766907ad17bda706554b6d59f20337da7fc398fd0c43ddeb6ff1545e2efff82fb23e85

Download Submit
/data/data/com.puzzlegame.puzzledom.hack/databases/evernote_jobs.db-journal

Filesize
512B

MD5
28b1aea91869f1e0ee19509099c263d7

SHA1
03b0ba0ffb42743dfe5757476b389ef0d4d59b66

SHA256
eb64099cc3c5af4ad6ebf8817873156589f50c3ca3b1841fbd1882290682d358

SHA512
bbac516d7dff7201be60b6e395f0701ec85c2a4b2a22a162c81e224f02e177f0cb1f5e8edcd937a9c8d4c5e486b3088be8dcc7f43bcc7b2e01ad250e671c95d9

Download Submit
/data/data/com.puzzlegame.puzzledom.hack/databases/evernote_jobs.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.puzzlegame.puzzledom.hack/databases/evernote_jobs.db-wal

Filesize
28KB

MD5
e118d87d5aebae2406c939ebf1cf880e

SHA1
4a945858387260c1a50ba0e0ae3ae73c124e0602

SHA256
3ee63561ff363c64d95e44044d164548ae819bbf5e53efb68d98906a8cbc2ec3

SHA512
28325bc7d0149398d6a4ae1a5da86c262d2f2804ce9edb6de246d1483b9f339fc983cac9bdc86e6efc360e73eb026c9f3cca03e5ff55534ee884089616f96a99

Download Submit
/data/data/com.puzzlegame.puzzledom.hack/databases/evernote_jobs.db-wal

Filesize
4KB

MD5
a0aee3c281d45749a45110a11bb01669

SHA1
f80699dc2890f6e5c3528457e98e6e248454f800

SHA256
8c9e063948a131e8f71e7c4456387af6bb8e67c4bcce5662ca2a591a0ee3ad9f

SHA512
c5b5fae617bf62aa78e824f4f1232ed398928fbd0ff64457a74ae5fa9ad15f2652266e0289faf2656672dd0f687c305f46231778ad242d48d98ef8f75f27cffa

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads