ca2df1006a6acf6dbfe973d57b48be3e8093a071550a65073a256b50189deb95

Analysis

max time kernel
48s
max time network
149s
platform
android_x64
resource
android-x64-20240611.1-en
resource tags

androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
submitted
16-06-2024 06:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b2184a0aa2aa9ac231f37e634c27be16_JaffaCakes118.apk
Size

6.7MB
MD5

b2184a0aa2aa9ac231f37e634c27be16
SHA1

024abd05bb770bee58b98f6eac7d7059d059443a
SHA256

ca2df1006a6acf6dbfe973d57b48be3e8093a071550a65073a256b50189deb95
SHA512

648254b4c6ecdd18109684514d5ccdc824cabba6c29477ec0d5199fa9375a9c3a16647eb8f552b1f8b5a440ebd275f963c58e57e1532e8f7348b0b5e91758a71
SSDEEP

196608:7XVWkkKHRs1prmI2ZjGeO2s3wql9xwlZCWGXf0Kc:7FWkkKHRo1mxxGiql9xKj2f5c

Score

8^/10

collection credential_access discovery evasion execution impact persistence stealth trojan

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 4 IoCs

evasion

T1426

Processes:

com.cassette.aquapark.hack

ioc	process
/data/local/bin/su	com.cassette.aquapark.hack
/data/local/xbin/su	com.cassette.aquapark.hack
/sbin/su	com.cassette.aquapark.hack
/data/local/su	com.cassette.aquapark.hack

Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

T1628.001

Processes:

com.cassette.aquapark.hack

pid process

5214 com.cassette.aquapark.hack
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

T1414

T1641.001

Processes:

com.cassette.aquapark.hack

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.cassette.aquapark.hack
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.cassette.aquapark.hack

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.cassette.aquapark.hack
Acquires the wake lock 1 IoCs

Processes:

com.cassette.aquapark.hack

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.cassette.aquapark.hack
Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.cassette.aquapark.hack

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.cassette.aquapark.hack
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

com.cassette.aquapark.hack

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.cassette.aquapark.hack
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.cassette.aquapark.hack

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.cassette.aquapark.hack
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

T1603

Processes:

com.cassette.aquapark.hack

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.cassette.aquapark.hack
Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.cassette.aquapark.hack

description ioc process

File opened for read /proc/cpuinfo com.cassette.aquapark.hack
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.cassette.aquapark.hack

description ioc process

File opened for read /proc/meminfo com.cassette.aquapark.hack

pid	process
5214	com.cassette.aquapark.hack

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.cassette.aquapark.hack

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.cassette.aquapark.hack

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.cassette.aquapark.hack

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.cassette.aquapark.hack

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.cassette.aquapark.hack

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.cassette.aquapark.hack

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.cassette.aquapark.hack

description	ioc	process
File opened for read	/proc/cpuinfo	com.cassette.aquapark.hack

description	ioc	process
File opened for read	/proc/meminfo	com.cassette.aquapark.hack

com.cassette.aquapark.hack
1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:5214

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.cassette.aquapark.hack/databases/evernote_jobs.db
Filesize
16KB

MD5
074d301635630995ee8e0ee2dd952ba2

SHA1
b9392e0dd3c0d48fe8e029a51398451ab41bd4c8

SHA256
ad7ad152e9be706e812af23fd70f3a69ae1a1f67d67a44cad3277677a8c50119

SHA512
8b2710a981b316e05582d1924350a452f64fae0257213699a82f6475a8f3b0ffebb63ba110e80a50b86cb507d4315247f05a2fd700cfc6d4033ea7fbc63d6f38

Download Submit
/data/data/com.cassette.aquapark.hack/databases/evernote_jobs.db-journal
Filesize
512B

MD5
11e0abc127b8df31412b0206eb2edafb

SHA1
85c72422579253aa1d02db49a20a9b7f5ba90e6c

SHA256
f9c32f58645817c898fba4d93919350a7861eee2242f20260c5b4036ee622573

SHA512
f4f2eddb999c8a214ed08c72198e54fa17f8323dbaaa2cbcb7b60fad1b4f41360f52f86996c5e04c03c8ee414eb895bce33aac9ed28dd574dba7001f119f0083

Download Submit
/data/data/com.cassette.aquapark.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
bb96227dc7dd13040d68ef4d616abc2f

SHA1
a411f4b944a1f2650ede47c8498649e19580726b

SHA256
41670133e7422ff0008376675827211d44da23108778eebf633620f2f4abb11d

SHA512
1e7d7e54a420e22577fea31fb8b9dfc4ac28eef1ecc3ab7d13e7c45cee6679c10fb352f741d149d1757801382824bcb83305ac12beaa3f82755e02b2b51326b2

Download Submit
/data/data/com.cassette.aquapark.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
7a78b21dbf0d5cae7e7ac32252d2ea3a

SHA1
f5f9a1c0476602bafb054c566099a56a316f43a9

SHA256
e1ba482a2543e71d6ff50c69fba8c60fdb4a5a4c4b8c408542c719e29fe29d73

SHA512
b06a9a2b11ef630ffa81867f7bbe042c012ccd16a25db4efb357bfa42fff1f02b68067a34642db24384753f68d7ffc306135b83247345ebdff6189bb44e5b69c

Download Submit
/data/data/com.cassette.aquapark.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
41434272cf26ef02d1f82273ee6b8747

SHA1
f812382ab2d28d94b63ef7b460d424de5c6c4202

SHA256
c11fe66b225bcf9bbc84e807a2a026596f823920c3c46cdcc93333dcf36f9f12

SHA512
0dc7b7e7661c8b702f4edc56383e2e32c2bc79b1295011b36248c3caf86af7b309061a162aed6654a320d34b6469c8733c6debce6e502ac1280dd76925dae33c

Download Submit
/data/data/com.cassette.aquapark.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
4a832c1940cb17011fe1066b19adaabc

SHA1
fa5f34e72d1d84f7aebf14c4a12dc293b0c82134

SHA256
ca1a3f0da8f15e20f4b192b0219e819d739cb1974ce4e3b1b8ee6e13c711cde0

SHA512
c096e07a4d0afbc778dd4378980fc36e50240ef5aca78f4f9338256ac7476e6c4c8bfa379447b63cb788eea0b74328bc6a8f9de60f9fd8e090d523d0b8be81c4

Download Submit
/data/data/com.cassette.aquapark.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
dd06bdda4c1ad026a33cc3616f0107a7

SHA1
dcd67d213115015c8d9d7f35bc68162a2b03d605

SHA256
34f591389dca953a41e27ce39e4328a803de26c0caed9f1718011b20d2d69fa4

SHA512
6a24f7fec1c4e6900059363ec94a3fc0905c1e0a33b750cba3eb44be6d68e3c7f17c0910bbcedb4a85880426c3f27bd3149c2a9d4a69665fbbc237f3c9e2e462

Download Submit
/data/data/com.cassette.aquapark.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
2d44a804225997ce7da8711785c956f7

SHA1
88c06e1011e6e5398aa44279fdfc6d83ceb2a1c3

SHA256
5a6aa22946d8022bd8646179ac8ed25757b3709a56af97a05b2afa266fa22bf7

SHA512
9fd3518ed42717671342c6c61d306b88e7c0734780e2e80c8b6d9f6b30aab9e91102b5e288b7b10ac44353a9cb217c276453115e8bdae4e8877042bc5f5f065e

Download Submit
/data/data/com.cassette.aquapark.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
d263877a73db5128cfb1dcdafbc6e710

SHA1
521e024c5b455bd7d4b4fb339420e35a0910f5a1

SHA256
99865778509abbd76f1d17b83d7774ed9f514603bb9d3aaf5467d7e76aae6767

SHA512
8752768b55edddb25b943aefee223fcf715a11c5508362a09901db433043cb2ab8ba7b2dc54d11ac871dc85670b841a5c196437165165110127f5d48dc6435a9

Download Submit
/data/data/com.cassette.aquapark.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
2f1eeee3602c828b8e9f81f6fbd20d41

SHA1
d240b568bb6929702815b9a5edd05ad635671caa

SHA256
458aa953a9e0adbf5b8765ebcf6b51bc5b5a48b7664e85d25c7a8ce9781a2d5c

SHA512
a8642cc12cb9af0cd9d3fdc4bb1fe3b246d02af6b36714d80cdd2809def699b0b93eb585187c17f0a8e19801879e2e9edef7963ee416ae9e8cc35fd9cede2859

Download Submit
/data/data/com.cassette.aquapark.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/com.cassette.aquapark.hack/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
6c4a52591aed8ca8506c83c8dde6b218

SHA1
498906d69b38d60772afa11713eeffe448d4112f

SHA256
e858d7164a6f2bc1ae71654cba611696599d85e4694093aaf5b47dbe0c751831

SHA512
70896549c5a61245e09427bfb1b8bfe472c85b4730a0d3515bb68a20ab138ffc4b3834c5f7e07b470747404b0dfbcc8eabb73d4c92b4f1075628f2ec249a6bd4

Download Submit
/data/data/com.cassette.aquapark.hack/databases/google_app_measurement_local.db-journal
Filesize
512B

MD5
c55b77e44f99908263f26ba279946a86

SHA1
1df8e354aee8fceeaaeb9080c63f1ae92edaf5ee

SHA256
18cd9041fb644fae93c96e56e85430e070a5b98d7258ca642d3483c816fa90f1

SHA512
e3e4bdc612798e330f1eb5a49b5f241be123351bd93c179592c935b349926a8f90da328864e9ca32cbfa21692c0cf22c78f4a140a65917a4f8eb35a0b49247a0

Download Submit
/data/data/com.cassette.aquapark.hack/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
501e6e7b047b102a93d5dd388dee0f37

SHA1
cd06db27118d1ae800aefaca4cc2993562a56ff7

SHA256
b40b7449053211e552299fe4a1f75da81f904f9ae8657708f7fa694e0d7f6c01

SHA512
46a35ab652291ec428bb4ce5fa272ca0c31be22762506cfffcac5af62ae031371b11ab4e5ca8da9d6618692fcf97946478bb0cd0b07b080bbcd59b9b88ee0e90

Download Submit
/data/data/com.cassette.aquapark.hack/databases/google_app_measurement_local.db-journal
Filesize
4KB

MD5
eeee1b37c10fcbe782c07f716437caeb

SHA1
d73acfd2047c64a04a81047894ec5a655c873041

SHA256
40f77e5cab65ba78ec7c2bde6f7e26c2565772ba4785a259c6eef9ed979e1fcc

SHA512
a9979d867b08471de1ade9dc2f66bc0293ab9369d74edaaa7d03ed3d914ded9edb27872cee872306000f4110f1b912654bddc06618cbead29dbc109238a931a0

Download Submit
/data/data/com.cassette.aquapark.hack/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
12dca63b5005beeda2f63149137df0b5

SHA1
2f995c273e54a11e7ed34495ff14d3d7c1fba84f

SHA256
b72e2d56cd82b5d282c22844c0a9cb92e58336098cdea80aafdc910138d85d97

SHA512
af500056283c61d3ba40d4e7c774c52607cb81987c257381f01f8c8c3375931b3d1a7e5e4f528208b818aef005530628ed04c3cd3cc6477abb5300912d71d3cb

Download Submit
/data/data/com.cassette.aquapark.hack/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
defca9a387a19c60e47068f52bc87827

SHA1
a5692e647911545f1adf52b824361c733c335542

SHA256
17c792389db1acdadff0e04cf3bbf22084385b417d7a3e48087130020d610344

SHA512
0afbd66ee82b697d8db8da124bf726045b0bba5587ed4c5bbe44953edd20a02df2b6f9838ecb374cc8a0cf51d3425345fbeccfd3056da23d9d8ef82f3eb07fb9

Download Submit
/data/data/com.cassette.aquapark.hack/no_backup/com.google.InstanceId.properties
Filesize
2KB

MD5
f4aa0682ea9723c8b3457897c50e9210

SHA1
3bfef89dc29102a37a7ad88d583de860724db96a

SHA256
f2752996fcad246d8a32661e713fccff23d7f15a107e64b40d5f79fbdde692d3

SHA512
e5ec15ec25301d9ef345fcc4785e7716d89e371bae4993efbc7b812095c931197d934eacf136ae89fb2e3878f87df48854e4ec0043244307f3b194e5bf969aea

Download Submit