Analysis
-
max time kernel
24s -
max time network
164s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
16-06-2024 06:17
Static task
static1
Behavioral task
behavioral1
Sample
b2184a0aa2aa9ac231f37e634c27be16_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
b2184a0aa2aa9ac231f37e634c27be16_JaffaCakes118.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral3
Sample
b2184a0aa2aa9ac231f37e634c27be16_JaffaCakes118.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
b2184a0aa2aa9ac231f37e634c27be16_JaffaCakes118.apk
-
Size
6.7MB
-
MD5
b2184a0aa2aa9ac231f37e634c27be16
-
SHA1
024abd05bb770bee58b98f6eac7d7059d059443a
-
SHA256
ca2df1006a6acf6dbfe973d57b48be3e8093a071550a65073a256b50189deb95
-
SHA512
648254b4c6ecdd18109684514d5ccdc824cabba6c29477ec0d5199fa9375a9c3a16647eb8f552b1f8b5a440ebd275f963c58e57e1532e8f7348b0b5e91758a71
-
SSDEEP
196608:7XVWkkKHRs1prmI2ZjGeO2s3wql9xwlZCWGXf0Kc:7FWkkKHRo1mxxGiql9xKj2f5c
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 4 IoCs
Processes:
com.cassette.aquapark.hackioc process /data/local/su com.cassette.aquapark.hack /data/local/bin/su com.cassette.aquapark.hack /data/local/xbin/su com.cassette.aquapark.hack /sbin/su com.cassette.aquapark.hack -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.cassette.aquapark.hackdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.cassette.aquapark.hack -
Acquires the wake lock 1 IoCs
Processes:
com.cassette.aquapark.hackdescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock com.cassette.aquapark.hack -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.cassette.aquapark.hackdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.cassette.aquapark.hack -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.cassette.aquapark.hackdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.cassette.aquapark.hack -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.cassette.aquapark.hackdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.cassette.aquapark.hack -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
com.cassette.aquapark.hackdescription ioc process Framework service call android.app.job.IJobScheduler.schedule com.cassette.aquapark.hack -
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.cassette.aquapark.hack1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.cassette.aquapark.hack/databases/evernote_jobs.dbFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.cassette.aquapark.hack/databases/evernote_jobs.db-journalFilesize
512B
MD589a76489d9ed9720a779410e5b0f8123
SHA1632b1adb326beb91a03e2764bddafcebe788a163
SHA256ad60a8517e57be49b2b625ad3f287a4dbdb636ea781649711b255ff7168c4a9e
SHA512b8fce3c1df68fd114842ef4bb8f8ee2166be8a679390cc1000225847418933060e70fdc56bbd65c6b4f30dbf52e785e7142d6e409fd4f03f99a491b29ad1d7ce
-
/data/data/com.cassette.aquapark.hack/databases/evernote_jobs.db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.cassette.aquapark.hack/databases/evernote_jobs.db-walFilesize
32KB
MD5c64759d7a8051bbc4e6e17f11b990e81
SHA12e5bc3966b366fcd3b22d1b0761412366a7f3da9
SHA25672efd6ce36e1701e802c2733938bd7e48061352d301468e4365fc94612c56ab1
SHA512d1184574b66ff640798b9457b9496eb3807068329fb3c69f67458b3c2ec95a68a9b52dd5e76908a1c2b476e1440399d109a928fb9620bc5fd037535b9d656834
-
/data/data/com.cassette.aquapark.hack/databases/google_app_measurement_local.dbFilesize
16KB
MD53b2b12ac92e39f8ac551ace1b3be8643
SHA159e397176d98043a6df25ee45464442c763fe7b4
SHA256206f5fabc1f4e5ce23ced4f7d3a2ff35feb7bb405c42e9811b219ecd048b75db
SHA512f394f1caad8466acf093919c6223286d8c82985e36ce86935354f018d711442fe3e1276a6fd626e207089b6e3034df5eb3d1039adeb37e28a0b709d53ae6a407
-
/data/data/com.cassette.aquapark.hack/databases/google_app_measurement_local.dbFilesize
16KB
MD5051e9fbaa244b4c56279cae4f57a19c7
SHA1d373ff9ab2ccd86e0f89ceb9f19f2347b56b22ea
SHA2563f74eb6251c83e6831b4617603fd68f5e8a4cdccb83d21fbabb495ac6e43245f
SHA51286a96ebdecdd1b7f5ea208d086d4fdb7672692146be89f78d6eab82db3615f026afef2a71595989dedcd5bee02fee94844e7f2c4666c207e7690c4bf23572d7f
-
/data/data/com.cassette.aquapark.hack/databases/google_app_measurement_local.dbFilesize
16KB
MD5199274cc57460b2b2248d0f3dcc0bfca
SHA16f34b3ae9275b8d18e28767a48280b4da49078b3
SHA256093349480d9319a809060b50572c5f8cef173195c516ffe790648973e68f93bd
SHA512160f3dc5c039e5cfa7a1a305e18c6e96ae2d029f8b1b7c1917099e6e1c95a625e9d9df30af7a9532bdc673e79bbf32cd4ebc0cfde7e8e1d14ceae0cf59db2672
-
/data/data/com.cassette.aquapark.hack/databases/google_app_measurement_local.dbFilesize
16KB
MD5977b1d23b4806e8f6abbe261ed1e575f
SHA120bc634370fa759b061294a6cc9088ea3b5f78d1
SHA256fe964283dec48c256a422b3535e445273980923d58f1781a9731e43f7c4e444c
SHA51220208ef79563b2c47d3e1cb92869413742b93cd919661553336f91b9287c3da1e3273526380cb4f9579ab4d335b79d223710514d3d0957fa0ec10c316d37a673
-
/data/data/com.cassette.aquapark.hack/databases/google_app_measurement_local.dbFilesize
16KB
MD544693692da738db6eb133cf0e4cde91b
SHA1e6bda56494c325d8d37ad89552263ae85d9b0550
SHA2568fe0ac9db76d4a2dcd3b3d54c0efedcd223e25aabf716506493d50e243a7a2d4
SHA512b34ddfe1ae343b1b12f7029ae476a0ba8e1b4043ccb520afb412b3f71335ef679bf29723c9a5c00af7e922e9982d5b3af54b2ed779da8cb601f378e5b9d26be5
-
/data/data/com.cassette.aquapark.hack/databases/google_app_measurement_local.dbFilesize
16KB
MD57237409e0640cfab7bdbd429bf821a3b
SHA14c3da934842f8d4835dfe2a9c275a300e5123309
SHA2565c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f
-
/data/data/com.cassette.aquapark.hack/databases/google_app_measurement_local.db-journalFilesize
512B
MD52676fe786815a35da7ee12157715dd54
SHA1f9bb42a16877ac4859845ab0672de8feffa1b394
SHA256adba43a3b2ab2266b10766845835645c795e50587c2af975eb29c74a1c7071a4
SHA512da3f0025dddef422a5213578445467dfe0fe470bca8f8c1189ebb0043eea7aabe13f4a62b01b7c0cbd86686b7265af6bc75c8e8684552bdbfb11f554f00f1af7
-
/data/data/com.cassette.aquapark.hack/databases/google_app_measurement_local.db-walFilesize
36KB
MD526eaef68144abfae32bb3c088f46b200
SHA1b5d003de280771cd7a9574fcb58709fe2e27a635
SHA256c04944554a08ebbe5490e544b4a42739ce99dda68a26c794540606b9a8698165
SHA51278d68006df66d80203fba978903540cf52c1ac7b5750e937d40f5a634ce5262f5e84d952362d8b6e2b569479dbe2ee8ad24e25184d9c6d7aba3c5e7943fd5e3d
-
/data/data/com.cassette.aquapark.hack/databases/google_app_measurement_local.db-walFilesize
4KB
MD58fd2553a1528dab0898bc7919f727f9f
SHA13bb9ccca0e2f05fec48019c9b4243f3f86aa2e51
SHA256f21b093135ac2258149ad72537a6b55368b018872a7d809ca6b16b1093d114cb
SHA5128c3ef51fbf7c6ae631c1de21e841f2494404e2ad238b8bad1ec95b967bed288390fb6b8cafda689b43a517f8772dfbb7f35c41f1890344ca799edc646bda4bae
-
/data/data/com.cassette.aquapark.hack/databases/google_app_measurement_local.db-walFilesize
4KB
MD58b6792fbc30e96f508eb035b69e75540
SHA115de76e050d6e74216409c6437315f432f95c087
SHA2563381b6e8acfca3710af4ab87ad107a77abb43132c1547b3e238aa8540828bf71
SHA512f70217fa79a1a53c7d10818ca658e3b25006bfd40ed34e1a8529f90bbf7de3161916a1fec2a34bb428fcd1166333a7661d57a9b18e44fe732b17cfec0d5b458d
-
/data/data/com.cassette.aquapark.hack/databases/google_app_measurement_local.db-walFilesize
4KB
MD5492459372b3df715ae1317868d4f3fc9
SHA16d36b794edb3eb62d01cc785e4a9cc7202bd6cc0
SHA256d1e376c7c13fba7649b6586d280758b121fc596703df4bc2bb724f394edb0049
SHA512c2b5561d050a1ea05f49c7ce626aab2ac707ad5a13fd5d38b96afc6a9d26e8df3d58f8d6bbdbbf10d77a7eacf22f5a79414db3d26e7219b267a65b1c130a8e85
-
/data/data/com.cassette.aquapark.hack/databases/google_app_measurement_local.db-walFilesize
4KB
MD54c1d15aa3d2501bccf25af1d25abe150
SHA1e3585ef584dfdc7432ee1368d0fed78d906bde00
SHA256954289612c76928ffe60466a8a968d70b3b1ac444f07083f34728a0153593a5c
SHA5120e8bc8d915cbfca5e302311d9788e24b781e93e4ec280bdbc5f42e912c66284b4a40917b1568817d73bbeb017eac812dbb5e3ff062de4423ca65d552f4d87879
-
/data/data/com.cassette.aquapark.hack/databases/google_app_measurement_local.db-walFilesize
4KB
MD5ed0889bb467ed7c2ec94835c397ae9df
SHA175f85a59db38b8dfe8beac4032402c1a02f8d756
SHA256105f1822ee7a40983482100a90726a93445e6c1cfe594e7579c8814ff595bd3e
SHA512dad90d151925114d5e2d46f0bf37e1a3c03a05941d49cdbd1e05cf5c9f2afee4730b41789fe02100606b6578cbba33b4d72b346b80e734b6da1134496f3d5201
-
/data/data/com.cassette.aquapark.hack/no_backup/com.google.InstanceId.propertiesFilesize
2KB
MD53ef355f6f51e9ac1c8df2e40cf5bbbbd
SHA1a3dd9c3f59fe66e5156295abd5f8f58d408a9b4e
SHA25642cc51de1ea67f98d510eb57b24bf11f937622dc18a470fcedd9c2b21e9b8e79
SHA512abe2d2c1be7eebb436eb2f3a7fdc290dd5aceafb18689e6a660ce323b6cb4d93bac83c50b3682c7deddc5e4543bfecd942f2b1560643ac818a025ed197f4c4d9