9579d69ede30626ee7615739d19bf1aee654ffcdaad5d4b4ba8cec42eef2a3e0

Analysis

max time kernel
51s
max time network
152s
platform
android_x64
resource
android-x64-20240611.1-en
resource tags

androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
submitted
15-06-2024 19:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

afecf973b5cc3d22cb18dae57cc3917d_JaffaCakes118.apk
Size

1.8MB
MD5

afecf973b5cc3d22cb18dae57cc3917d
SHA1

a072c4a3bf22e4b957a92e20bdd1ef020c127d9c
SHA256

9579d69ede30626ee7615739d19bf1aee654ffcdaad5d4b4ba8cec42eef2a3e0
SHA512

7cce4471b3b3e79b90006494d94ea335212df69a5c5fa58ba1d9428e592eec59ac4e93358f8b9503919e31ff7fed0a67ae04cc4fc126353e8eabc9e0248a1ca3
SSDEEP

49152:E50ejxvtdewe4/mEkS512WtFB1iP6EKQCigZx73ZOV:E5lXeDe3VWuEzFgZ0

Score

8^/10

collection credential_access discovery evasion execution impact persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

T1628.001

Processes:

com.puzzlegame.puzzledom.hack

pid process

5051 com.puzzlegame.puzzledom.hack
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

T1414

T1641.001

Processes:

com.puzzlegame.puzzledom.hack

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.puzzlegame.puzzledom.hack
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

com.puzzlegame.puzzledom.hack

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.puzzlegame.puzzledom.hack
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.puzzlegame.puzzledom.hack

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.puzzlegame.puzzledom.hack
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

T1603

Processes:

com.puzzlegame.puzzledom.hack

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.puzzlegame.puzzledom.hack
Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.puzzlegame.puzzledom.hack

description ioc process

File opened for read /proc/cpuinfo com.puzzlegame.puzzledom.hack
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.puzzlegame.puzzledom.hack

description ioc process

File opened for read /proc/meminfo com.puzzlegame.puzzledom.hack

pid	process
5051	com.puzzlegame.puzzledom.hack

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.puzzlegame.puzzledom.hack

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.puzzlegame.puzzledom.hack

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.puzzlegame.puzzledom.hack

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.puzzlegame.puzzledom.hack

description	ioc	process
File opened for read	/proc/cpuinfo	com.puzzlegame.puzzledom.hack

description	ioc	process
File opened for read	/proc/meminfo	com.puzzlegame.puzzledom.hack

com.puzzlegame.puzzledom.hack
1⤵
- Removes its main activity from the application launcher
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:5051

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.puzzlegame.puzzledom.hack/databases/evernote_jobs.db
Filesize
16KB

MD5
12627a2ec645c4a4bc50dba5903afd59

SHA1
504005c938517e61bcf68b65a055c2faba635c2e

SHA256
f177ffae9650eb4f407c2d9a510bb5a5abe1ece2fdfe24effc62478a1bfa5903

SHA512
7ff69589296e02383a217373399e75d8a82fa17146e4273f4c0eb630f096dd9f394a3324d60858b02f7e5cf177c82c6d966f5cbedb68ae6a98df7cc851b79cfd

Download Submit
/data/data/com.puzzlegame.puzzledom.hack/databases/evernote_jobs.db
Filesize
16KB

MD5
af6e40df2d4821ae6b78c5356006e01f

SHA1
217667f50ba96496112bc4197fafb58bab52ba23

SHA256
39bbcbcd7448564a949f80304d3d6a7fa9a6c18f3bd19a63d612a88631d29d38

SHA512
43949fea9953fb5a6aa0dedd3bd24440c263a9ccb4f760bc892c3bc85ba82cf4705a2d13fd77e8166c9efd8306384f52c45065160eda9ed42dbb2a9a4820a65a

Download Submit
/data/data/com.puzzlegame.puzzledom.hack/databases/evernote_jobs.db-journal
Filesize
512B

MD5
70dd35b96294512e1ad8386f61623f53

SHA1
972df5f6cd73bd555f5ea3becdf735da3630c1e2

SHA256
167c8c676f44c793f49057d1598e5bb42b4078c3e019180ac323c99dcc639ee1

SHA512
b41b55d4f97491526600b1ec249d167b3b5ac59f14a571258eb82efb9efe870f4dfb1b0e4246f7b6d0210ed7543707e87eaa127dba54ba7082576b8a3f267eb7

Download Submit
/data/data/com.puzzlegame.puzzledom.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
261b78422cb3965942479cf6ef560bae

SHA1
ca852592f5fac0d9a63498c6ab23490a3d115fc8

SHA256
b75cbac29107d22235c582a76b8bdbc05b32ec09de76b737a5327f32b6e2fc9a

SHA512
56a4f0c9c5718298ca11f5648adfc87acf9624ee62968f95a8e25f9ae2d4422f979eac1bd783f3cb45a065dbaff637951017a50456e081a1a924076847880dc8

Download Submit
/data/data/com.puzzlegame.puzzledom.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
2ee2495793da1d5183d3bcee819abd07

SHA1
95fad09225f000024942dbdbe7290dafb7d99fcd

SHA256
10794a6facbb41f7a89622a350309f21e3bb76a2f5bf411309e9b59be063888f

SHA512
90648f0bd33553f20160017ea5798a6ccfae68058f6b36022b17991ff8065d7c814c6ed0b065454c9e790933765d9cd80917bbdf56e02553cc4fd8d878c3c2f2

Download Submit
/data/data/com.puzzlegame.puzzledom.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
655b8e13a7bc5ff8bd722b13748a69cd

SHA1
b11c546a2a75c35a8c01833da9e37ee25ed8f6b9

SHA256
f48131ff356200e98c4f395ecac0d31e680e05a67a7e588370394bb87f7b0fc6

SHA512
ec10ccd8c34f59a78a9c32570a3be1bf2882f5af22adde46fc9505da3fce4a0ca8e3d89ba15f7e3b0c0c87f84899388c097d076126c7d6715bdc6e2c62739a6d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads