ca2df1006a6acf6dbfe973d57b48be3e8093a071550a65073a256b50189deb95

Analysis

max time kernel
48s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240611.1-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
submitted
16-06-2024 06:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b2184a0aa2aa9ac231f37e634c27be16_JaffaCakes118.apk
Size

6.7MB
MD5

b2184a0aa2aa9ac231f37e634c27be16
SHA1

024abd05bb770bee58b98f6eac7d7059d059443a
SHA256

ca2df1006a6acf6dbfe973d57b48be3e8093a071550a65073a256b50189deb95
SHA512

648254b4c6ecdd18109684514d5ccdc824cabba6c29477ec0d5199fa9375a9c3a16647eb8f552b1f8b5a440ebd275f963c58e57e1532e8f7348b0b5e91758a71
SSDEEP

196608:7XVWkkKHRs1prmI2ZjGeO2s3wql9xwlZCWGXf0Kc:7FWkkKHRo1mxxGiql9xKj2f5c

Score

8^/10

collection credential_access discovery evasion execution impact persistence stealth trojan

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 5 IoCs

evasion

T1426

Processes:

com.cassette.aquapark.hack

ioc	process
/data/local/su	com.cassette.aquapark.hack
/data/local/bin/su	com.cassette.aquapark.hack
/data/local/xbin/su	com.cassette.aquapark.hack
/sbin/su	com.cassette.aquapark.hack
/system/bin/su	com.cassette.aquapark.hack

Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

T1628.001

Processes:

com.cassette.aquapark.hack

pid process

4452 com.cassette.aquapark.hack
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

T1414

T1641.001

Processes:

com.cassette.aquapark.hack

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.cassette.aquapark.hack
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.cassette.aquapark.hack

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.cassette.aquapark.hack
Acquires the wake lock 1 IoCs

Processes:

com.cassette.aquapark.hack

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.cassette.aquapark.hack
Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.cassette.aquapark.hack

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.cassette.aquapark.hack
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

T1603

Processes:

com.cassette.aquapark.hack

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.cassette.aquapark.hack
Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.cassette.aquapark.hack

description ioc process

File opened for read /proc/cpuinfo com.cassette.aquapark.hack
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.cassette.aquapark.hack

description ioc process

File opened for read /proc/meminfo com.cassette.aquapark.hack

pid	process
4452	com.cassette.aquapark.hack

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.cassette.aquapark.hack

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.cassette.aquapark.hack

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.cassette.aquapark.hack

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.cassette.aquapark.hack

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.cassette.aquapark.hack

description	ioc	process
File opened for read	/proc/cpuinfo	com.cassette.aquapark.hack

description	ioc	process
File opened for read	/proc/meminfo	com.cassette.aquapark.hack

com.cassette.aquapark.hack
1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4452

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.cassette.aquapark.hack/databases/evernote_jobs.db
Filesize
16KB

MD5
93ce0405f96ad67a32e0e259b70d8c9f

SHA1
96bf1fdb629bbb71e5c49c6e1a3997dccbf89068

SHA256
cd397ce2a0438aa73574f975811d7876d23a5ee9eb316e20099969e18fe5ae18

SHA512
0d2dd39585ca1b7f2f58b403c5be96be12203a73222966d74f933177165e6ec1c7dd42707e2fb44b14ad0cbeb9231c3841997eee2f53eb003925ac82f2649990

Download Submit
/data/user/0/com.cassette.aquapark.hack/databases/evernote_jobs.db-journal
Filesize
512B

MD5
d135425ce1e7fa80713f958918c2841a

SHA1
2857bca16de04f74dff3409371522ade8c2ee54e

SHA256
0665c3682d6439892aa9700f16db716843d51cb2d804a61d4641b43886c26428

SHA512
edb1f70d29a36a52fa531451ced70e8401b2d7a22e96d99b0c75fb4df5ffd7e3f0330371474d8fd36279ecd318e306bd59fbc1d788fd532ddd2ac0d9a0f520bd

Download Submit
/data/user/0/com.cassette.aquapark.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
c560f88c87ee13a4f877129bafabe95d

SHA1
5c4a24cb1b8710575296b88006a23b9410f4ed77

SHA256
9401f8d1d4519ada81f125375e20afd8d39a4ec713d988d3ab315ce9a2440f06

SHA512
7b2bab588dbba62eee5feba875315c217a2b18d62d77c1c6ee6a2c06f21f410f9c0f4efe55721cbe75493796fce71f63b0dfe33570f6be25080a25a124fefb94

Download Submit
/data/user/0/com.cassette.aquapark.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
bf237fd44dc9107731663143cf9799fb

SHA1
0bc71213b7a5f66426907aec8eb7fb5cc7919af5

SHA256
913cacdc9119d4bd02ce8726b9950f4c87f0c07b4861c4794b240d5ce1efaef0

SHA512
623e29580f543bfbd3c2dab8c65c9af92692b1207f5845c376dba242588fbd114c769761ad2f5c0eefcdd250aa6b508e2da7b9134977ed91a39c72821e69f2f0

Download Submit
/data/user/0/com.cassette.aquapark.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
243aa3dcf304c7c53543a71506faea33

SHA1
c7f8d946d8995f7af5846c7fb299a946f054c024

SHA256
66361bee0b58b58e2554faaf4289ab52b79efd7dc6c6f43beedeb21a575f81da

SHA512
11bca3242e6ffd0c7bd388596fe7aef7280e7aa5a6b7ce5e02cfdc381724a3993d8f4a00d3a2b819890eb86e71f9ac4cba117b916a570188eb03171f71619404

Download Submit
/data/user/0/com.cassette.aquapark.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
e29eb3716ed216533787240674f2016a

SHA1
a7a0f0438716a9328a73f0b87a13d725393be30a

SHA256
4e0eff4f0ca3e920a9874704a24643ef51d22a8a8e76d7c6ff27962367430754

SHA512
b8d60fa05c21ead220ec4d4d5c67f287de760a1f3fd83066ef44b988fdcf4a630e7091ab208e86935b62b0dc95e16cc3477b42904389e47860220edb16729f90

Download Submit
/data/user/0/com.cassette.aquapark.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
429333c885f552ad2db7c2b97336eed3

SHA1
9d223a1ad1ddbedcd6b6d0d4a4700a3b448782b1

SHA256
4cadb26ffb3c83569f0f11b2fa22851d1a017132efd590cef460668419d5dfe9

SHA512
5a1b76dc482e1a3ba69b3c6b36d529841c98626c5039a21f3d419a4bb16058963fc8506fd65d918cdcbcedb0550ea381c6e2b008557bcfec54d8bde58b5a4ac8

Download Submit
/data/user/0/com.cassette.aquapark.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
02725333aa53890b34ad2ac4b06d8fb1

SHA1
d97fac401607e31ef35beb68fda88d55a6f364b9

SHA256
0a906bb489e80c5ab657aefdca427b98b0c0d7ec7a536793ec7eb5f3396bf8bf

SHA512
18b23641bf6e988f32aaff81155db969baf9b9a56c553ca9bf0a02c90691b040f0dc9ca5b374bfb554af6bbc7f436d65c45b9cc23bbca54a33762143835eaf97

Download Submit
/data/user/0/com.cassette.aquapark.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
dcd897152075c0d1f65b23557c905920

SHA1
90b7dece50c2e535519412f97c2fb6dbca40e7bb

SHA256
2ca774be72208207305cf55c0eb715a1eebc5a2e6db84daa0e6350ee93d852fc

SHA512
6961738acb7301ee7ada0707eb0f0b4970a8b6ccb653f051e5efa525c3287a9704103652250f1c375e4290fe14594af0f46481f14871f50f28bbd04bb3e173f3

Download Submit
/data/user/0/com.cassette.aquapark.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
818548be1885386cc995f564f36a8e8e

SHA1
008b0c602ed55b1122dadfb3a20db517d55c10b3

SHA256
b4765a86f69c122307448d0c6e81cebd52ffbc59b0d19da42971e2857f773e6d

SHA512
47840561a1eded73600b656576a7a9195bd1beddb79b08090b9e6bd9ab610de6cfb0a334310bfefe0b33ef157d420aaa17c6315fa2e689398da3328c4460a02f

Download Submit
/data/user/0/com.cassette.aquapark.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/user/0/com.cassette.aquapark.hack/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
1d8fbf349118f4466266b566f2065a6b

SHA1
8769673c1ddec14700e7d480cedd682ad85ac92f

SHA256
588f4532c197acd88923f66c6d9fe6480877e167db322d51c596d86491f169d2

SHA512
af6e143b9252723a5c9c8ef211e092f0c387528680031574f29a1241207e55229e434e346878df59dfd41b740fc4759b095680647ebc5f731cc6ddae2632d7cf

Download Submit
/data/user/0/com.cassette.aquapark.hack/databases/google_app_measurement_local.db-journal
Filesize
512B

MD5
c7f9f4be160322beda2730168689e86e

SHA1
67d61f1f583d50a7ad9fa9e634ae1a9247fb75b2

SHA256
8abe867c3f5ece343ed0418c84add39e6bd2ebc72382ddf77273556ea7f990b0

SHA512
16f63448f158b2cee0c82e51a805688bf09141610b21c2462fdbf2fd711b3ad2af3b49e7d2bdd67007454fc36ed24415a31cef6d9268749b3dd1a0a94286a25d

Download Submit
/data/user/0/com.cassette.aquapark.hack/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
900a73dee2d722bd471667d90f06ec34

SHA1
4bbb887167971939243b55fbd0273ed9b2e522f8

SHA256
963eb0c420579e57a546f4e7beb3585a540cfbc55becea64c9825a212988c095

SHA512
540f95f4ac48e95c209ba5681d75f383cbf0b55e5b245d07eaa89156209c0b75a36ff7ab4d1aefa84f7582b81f9a4b40a9ee45ffef49f4eb31925fd55be06d77

Download Submit
/data/user/0/com.cassette.aquapark.hack/databases/google_app_measurement_local.db-journal
Filesize
4KB

MD5
785c8529b7d88b025fb2e3ab1272c6b3

SHA1
31e826b4c68707809203309154b45e4d8726e66d

SHA256
71a6ee42905fb48cb4c0e5259e274507974d17d95aa5995eac132c2fefb4d2b7

SHA512
a7f0c0f0070e507360983d2fc03284e8c9ca0029275637cd91208e371c269cabb142ec7d848bbccfd032f8399ecde87a1804c309589e7bc4f9c96f972a3fef07

Download Submit
/data/user/0/com.cassette.aquapark.hack/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
82091df041bc2f25cb98a7991556c5d1

SHA1
397ff5fb091d4f35dc749bd1f4083585880d9029

SHA256
26d3282bde8474283fd536f60bc0fa37da103ff7dc5c843a9adfba73bd9b29e0

SHA512
3413dfce4cdf5f762543f268ab0103be92345a3fb54c96b8350c5fee18caa1f24481823ce918b14d6d7aaead43a66bdcea9de18d098ab9a543dc5988f1d6e425

Download Submit
/data/user/0/com.cassette.aquapark.hack/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
6a447784288f9f80000f3c19dbe7e7c8

SHA1
b971b2b1a96b33e81f8b47cf50bb58b3c99de531

SHA256
60133d74c74645e2f4b37f611a9de7647e579ae35e75a2496ae39bd68d8e3657

SHA512
e1ecbad973d20e0400204e9781a27028c72c448e6d3e805b6c211f526d165cab57ec3888b382271344b2e30637116a22a3d04a9bb9e127f068e46f374866b873

Download Submit
/data/user/0/com.cassette.aquapark.hack/no_backup/com.google.InstanceId.properties
Filesize
2KB

MD5
3e33ae580e4d3e9c915159baffc510b0

SHA1
230ca7b01296887eec526b0409f7864fa83acac7

SHA256
c6fdfb9ac3097712c7b10ef6b73f4b48eed0a0289e49455326758e63acb2376c

SHA512
9c3377175b799ed2e921199c8e973dc3e823b6042871520eac281f699e9ccf2a4faea52894b0669c633c123f05ec5708a55dead7ce41ad3dbb8bc9bfb73d0e74

Download Submit