ca2df1006a6acf6dbfe973d57b48be3e8093a071550a65073a256b50189deb95

Analysis

max time kernel
24s
max time network
164s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
16-06-2024 06:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b2184a0aa2aa9ac231f37e634c27be16_JaffaCakes118.apk
Size

6.7MB
MD5

b2184a0aa2aa9ac231f37e634c27be16
SHA1

024abd05bb770bee58b98f6eac7d7059d059443a
SHA256

ca2df1006a6acf6dbfe973d57b48be3e8093a071550a65073a256b50189deb95
SHA512

648254b4c6ecdd18109684514d5ccdc824cabba6c29477ec0d5199fa9375a9c3a16647eb8f552b1f8b5a440ebd275f963c58e57e1532e8f7348b0b5e91758a71
SSDEEP

196608:7XVWkkKHRs1prmI2ZjGeO2s3wql9xwlZCWGXf0Kc:7FWkkKHRo1mxxGiql9xKj2f5c

Score

8^/10

discovery evasion execution persistence stealth trojan

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 4 IoCs

evasion

T1426

Processes:

com.cassette.aquapark.hack

ioc	process
/data/local/su	com.cassette.aquapark.hack
/data/local/bin/su	com.cassette.aquapark.hack
/data/local/xbin/su	com.cassette.aquapark.hack
/sbin/su	com.cassette.aquapark.hack

Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

T1628.001

Processes:

com.cassette.aquapark.hack

pid process

4297 com.cassette.aquapark.hack
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.cassette.aquapark.hack

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.cassette.aquapark.hack
Acquires the wake lock 1 IoCs

Processes:

com.cassette.aquapark.hack

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.cassette.aquapark.hack
Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.cassette.aquapark.hack

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.cassette.aquapark.hack
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

com.cassette.aquapark.hack

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.cassette.aquapark.hack
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.cassette.aquapark.hack

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.cassette.aquapark.hack
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

T1603

Processes:

com.cassette.aquapark.hack

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.cassette.aquapark.hack
Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.cassette.aquapark.hack

description ioc process

File opened for read /proc/cpuinfo com.cassette.aquapark.hack
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.cassette.aquapark.hack

description ioc process

File opened for read /proc/meminfo com.cassette.aquapark.hack

pid	process
4297	com.cassette.aquapark.hack

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.cassette.aquapark.hack

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.cassette.aquapark.hack

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.cassette.aquapark.hack

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.cassette.aquapark.hack

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.cassette.aquapark.hack

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.cassette.aquapark.hack

description	ioc	process
File opened for read	/proc/cpuinfo	com.cassette.aquapark.hack

description	ioc	process
File opened for read	/proc/meminfo	com.cassette.aquapark.hack

com.cassette.aquapark.hack
1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4297

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.cassette.aquapark.hack/databases/evernote_jobs.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.cassette.aquapark.hack/databases/evernote_jobs.db-journal
Filesize
512B

MD5
89a76489d9ed9720a779410e5b0f8123

SHA1
632b1adb326beb91a03e2764bddafcebe788a163

SHA256
ad60a8517e57be49b2b625ad3f287a4dbdb636ea781649711b255ff7168c4a9e

SHA512
b8fce3c1df68fd114842ef4bb8f8ee2166be8a679390cc1000225847418933060e70fdc56bbd65c6b4f30dbf52e785e7142d6e409fd4f03f99a491b29ad1d7ce

Download Submit
/data/data/com.cassette.aquapark.hack/databases/evernote_jobs.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.cassette.aquapark.hack/databases/evernote_jobs.db-wal
Filesize
32KB

MD5
c64759d7a8051bbc4e6e17f11b990e81

SHA1
2e5bc3966b366fcd3b22d1b0761412366a7f3da9

SHA256
72efd6ce36e1701e802c2733938bd7e48061352d301468e4365fc94612c56ab1

SHA512
d1184574b66ff640798b9457b9496eb3807068329fb3c69f67458b3c2ec95a68a9b52dd5e76908a1c2b476e1440399d109a928fb9620bc5fd037535b9d656834

Download Submit
/data/data/com.cassette.aquapark.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
3b2b12ac92e39f8ac551ace1b3be8643

SHA1
59e397176d98043a6df25ee45464442c763fe7b4

SHA256
206f5fabc1f4e5ce23ced4f7d3a2ff35feb7bb405c42e9811b219ecd048b75db

SHA512
f394f1caad8466acf093919c6223286d8c82985e36ce86935354f018d711442fe3e1276a6fd626e207089b6e3034df5eb3d1039adeb37e28a0b709d53ae6a407

Download Submit
/data/data/com.cassette.aquapark.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
051e9fbaa244b4c56279cae4f57a19c7

SHA1
d373ff9ab2ccd86e0f89ceb9f19f2347b56b22ea

SHA256
3f74eb6251c83e6831b4617603fd68f5e8a4cdccb83d21fbabb495ac6e43245f

SHA512
86a96ebdecdd1b7f5ea208d086d4fdb7672692146be89f78d6eab82db3615f026afef2a71595989dedcd5bee02fee94844e7f2c4666c207e7690c4bf23572d7f

Download Submit
/data/data/com.cassette.aquapark.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
199274cc57460b2b2248d0f3dcc0bfca

SHA1
6f34b3ae9275b8d18e28767a48280b4da49078b3

SHA256
093349480d9319a809060b50572c5f8cef173195c516ffe790648973e68f93bd

SHA512
160f3dc5c039e5cfa7a1a305e18c6e96ae2d029f8b1b7c1917099e6e1c95a625e9d9df30af7a9532bdc673e79bbf32cd4ebc0cfde7e8e1d14ceae0cf59db2672

Download Submit
/data/data/com.cassette.aquapark.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
977b1d23b4806e8f6abbe261ed1e575f

SHA1
20bc634370fa759b061294a6cc9088ea3b5f78d1

SHA256
fe964283dec48c256a422b3535e445273980923d58f1781a9731e43f7c4e444c

SHA512
20208ef79563b2c47d3e1cb92869413742b93cd919661553336f91b9287c3da1e3273526380cb4f9579ab4d335b79d223710514d3d0957fa0ec10c316d37a673

Download Submit
/data/data/com.cassette.aquapark.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
44693692da738db6eb133cf0e4cde91b

SHA1
e6bda56494c325d8d37ad89552263ae85d9b0550

SHA256
8fe0ac9db76d4a2dcd3b3d54c0efedcd223e25aabf716506493d50e243a7a2d4

SHA512
b34ddfe1ae343b1b12f7029ae476a0ba8e1b4043ccb520afb412b3f71335ef679bf29723c9a5c00af7e922e9982d5b3af54b2ed779da8cb601f378e5b9d26be5

Download Submit
/data/data/com.cassette.aquapark.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/com.cassette.aquapark.hack/databases/google_app_measurement_local.db-journal
Filesize
512B

MD5
2676fe786815a35da7ee12157715dd54

SHA1
f9bb42a16877ac4859845ab0672de8feffa1b394

SHA256
adba43a3b2ab2266b10766845835645c795e50587c2af975eb29c74a1c7071a4

SHA512
da3f0025dddef422a5213578445467dfe0fe470bca8f8c1189ebb0043eea7aabe13f4a62b01b7c0cbd86686b7265af6bc75c8e8684552bdbfb11f554f00f1af7

Download Submit
/data/data/com.cassette.aquapark.hack/databases/google_app_measurement_local.db-wal
Filesize
36KB

MD5
26eaef68144abfae32bb3c088f46b200

SHA1
b5d003de280771cd7a9574fcb58709fe2e27a635

SHA256
c04944554a08ebbe5490e544b4a42739ce99dda68a26c794540606b9a8698165

SHA512
78d68006df66d80203fba978903540cf52c1ac7b5750e937d40f5a634ce5262f5e84d952362d8b6e2b569479dbe2ee8ad24e25184d9c6d7aba3c5e7943fd5e3d

Download Submit
/data/data/com.cassette.aquapark.hack/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
8fd2553a1528dab0898bc7919f727f9f

SHA1
3bb9ccca0e2f05fec48019c9b4243f3f86aa2e51

SHA256
f21b093135ac2258149ad72537a6b55368b018872a7d809ca6b16b1093d114cb

SHA512
8c3ef51fbf7c6ae631c1de21e841f2494404e2ad238b8bad1ec95b967bed288390fb6b8cafda689b43a517f8772dfbb7f35c41f1890344ca799edc646bda4bae

Download Submit
/data/data/com.cassette.aquapark.hack/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
8b6792fbc30e96f508eb035b69e75540

SHA1
15de76e050d6e74216409c6437315f432f95c087

SHA256
3381b6e8acfca3710af4ab87ad107a77abb43132c1547b3e238aa8540828bf71

SHA512
f70217fa79a1a53c7d10818ca658e3b25006bfd40ed34e1a8529f90bbf7de3161916a1fec2a34bb428fcd1166333a7661d57a9b18e44fe732b17cfec0d5b458d

Download Submit
/data/data/com.cassette.aquapark.hack/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
492459372b3df715ae1317868d4f3fc9

SHA1
6d36b794edb3eb62d01cc785e4a9cc7202bd6cc0

SHA256
d1e376c7c13fba7649b6586d280758b121fc596703df4bc2bb724f394edb0049

SHA512
c2b5561d050a1ea05f49c7ce626aab2ac707ad5a13fd5d38b96afc6a9d26e8df3d58f8d6bbdbbf10d77a7eacf22f5a79414db3d26e7219b267a65b1c130a8e85

Download Submit
/data/data/com.cassette.aquapark.hack/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
4c1d15aa3d2501bccf25af1d25abe150

SHA1
e3585ef584dfdc7432ee1368d0fed78d906bde00

SHA256
954289612c76928ffe60466a8a968d70b3b1ac444f07083f34728a0153593a5c

SHA512
0e8bc8d915cbfca5e302311d9788e24b781e93e4ec280bdbc5f42e912c66284b4a40917b1568817d73bbeb017eac812dbb5e3ff062de4423ca65d552f4d87879

Download Submit
/data/data/com.cassette.aquapark.hack/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
ed0889bb467ed7c2ec94835c397ae9df

SHA1
75f85a59db38b8dfe8beac4032402c1a02f8d756

SHA256
105f1822ee7a40983482100a90726a93445e6c1cfe594e7579c8814ff595bd3e

SHA512
dad90d151925114d5e2d46f0bf37e1a3c03a05941d49cdbd1e05cf5c9f2afee4730b41789fe02100606b6578cbba33b4d72b346b80e734b6da1134496f3d5201

Download Submit
/data/data/com.cassette.aquapark.hack/no_backup/com.google.InstanceId.properties
Filesize
2KB

MD5
3ef355f6f51e9ac1c8df2e40cf5bbbbd

SHA1
a3dd9c3f59fe66e5156295abd5f8f58d408a9b4e

SHA256
42cc51de1ea67f98d510eb57b24bf11f937622dc18a470fcedd9c2b21e9b8e79

SHA512
abe2d2c1be7eebb436eb2f3a7fdc290dd5aceafb18689e6a660ce323b6cb4d93bac83c50b3682c7deddc5e4543bfecd942f2b1560643ac818a025ed197f4c4d9

Download Submit