Analysis Overview
SHA256
505b5994b4ce11b73d844709e4cca8e701597b44c944c7edd22f5587fc6c611c
Threat Level: Likely malicious
The file b3ae7ccaafecd53677ebb87b48713fd0_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Removes its main activity from the application launcher
Obtains sensitive information copied to the device clipboard
Queries the mobile country code (MCC)
Registers a broadcast receiver at runtime (usually for listening for system events)
Schedules tasks to execute at a specified time
Checks CPU information
Checks memory information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-21 13:41
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-21 13:41
Reported
2024-08-21 13:44
Platform
android-x86-arm-20240624-en
Max time kernel
23s
Max time network
131s
Command Line
Signatures
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.machinezone.gow.hack
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | freegeoip.net | udp |
| US | 3.33.130.190:443 | freegeoip.net | tcp |
| US | 1.1.1.1:53 | lp.androidapk.world | udp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
Files
/data/data/com.machinezone.gow.hack/databases/evernote_jobs.db-journal
| MD5 | 483d341164a054b877a553bf1d785f58 |
| SHA1 | d8b53a2dbbc96e231b03531fcea9c8d5c570d9e1 |
| SHA256 | 7b318ad83f6630df5738d667c8bf230c73eb56402a9a47d9513f820741ef1a32 |
| SHA512 | 2ff98d4b5af2edc1dd3c7979b55bab32ab964e463a377fa41e795a710d3d568dcf78aaef6f37ac69c251ce53008833226d78e0129228e74d70357a4e9a00b7c0 |
/data/data/com.machinezone.gow.hack/databases/evernote_jobs.db
| MD5 | 5d85664f8e614fcaef42be2e6f649027 |
| SHA1 | 09c6288922102f6114a823f4992415fd3373d61e |
| SHA256 | 55f8907e91226ef43a05583c7b4623b4e26994b62d20c8603975ccc1fa3b9409 |
| SHA512 | 3d6006a3e82d00fe9bc443e940acc5df12ec84114fcbcf8fbc8099c085cb1229b21a217b7445129b50558bfef5100894686d7359eb80b7ef087b65c7be3bc6e9 |
/data/data/com.machinezone.gow.hack/databases/evernote_jobs.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.machinezone.gow.hack/databases/evernote_jobs.db-wal
| MD5 | 8a276a1314c76d107b67c2ff8495d359 |
| SHA1 | 97c908f4cab81ae9a05b9ba73c554d9e3e9bf638 |
| SHA256 | a928e36d09649924ec8f4b751693ce7f424e10c03874133b86cbdb7d2ab64a37 |
| SHA512 | 1af4600d7e60f0321e3a82c8906f99e007f5b5074fa69f78ee11b5962c35374d106403e22807a2370a52c6ec94e5d5b1a07d881e6a7d03ac8ab4c312178a1a24 |
/data/data/com.machinezone.gow.hack/databases/evernote_jobs.db-wal
| MD5 | d8c5ad914f78b1643bbbaf88b0e2c84b |
| SHA1 | b9ddf2c74be5a2268f50d51cfb65cb4d24ce7bc4 |
| SHA256 | 487810add01b1f71ebde2a19dd51f46847d11d11bc095cbb26209fcda2ca34ed |
| SHA512 | 61dcc66f9a49df02d431ab7e150d23134409e54a8276f700b0bca9baf99e3f7da05f0b25bc199a4ffaaa50f4157006e38c7e5796601ac48abbc7ef66e345b402 |
/data/data/com.machinezone.gow.hack/databases/evernote_jobs.db
| MD5 | 1ba79a1771025afbc06a8560503e41a2 |
| SHA1 | 54f825dc68570f8b31c4ed7da80c9071811110b8 |
| SHA256 | 73cf9d6f1ea5781b54366879e057fa53fcf4125134f5b08fbf44adbda19b8238 |
| SHA512 | 11d640766b6821452fdf88168d93a26cbb9ac3315e74b0d094d768b54aa3725cae8c5dc030e6c8ba212d5b364888c06467838ea673cf1a905f41af04e40c3812 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-21 13:41
Reported
2024-08-21 13:44
Platform
android-x64-20240624-en
Max time kernel
23s
Max time network
157s
Command Line
Signatures
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.machinezone.gow.hack
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | freegeoip.net | udp |
| US | 3.33.130.190:443 | freegeoip.net | tcp |
| US | 1.1.1.1:53 | lp.androidapk.world | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.169.8:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.180.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| GB | 172.217.16.228:443 | tcp | |
| GB | 172.217.16.228:443 | tcp |
Files
/data/data/com.machinezone.gow.hack/databases/evernote_jobs.db-journal
| MD5 | fafb5cdc10e3635622520cbc39967b65 |
| SHA1 | 6482d164668f1bc13ae14af1e21d67466c551a4e |
| SHA256 | 577423e00f162a3482dac9ea4c3070f8b22e9e0931e9c34dee54b005838b7c3e |
| SHA512 | d317562d65f7a7dd445c5472c3e5c99196e1f9eea6517586382d171106100698c76416b7c02f218e78fc86f73d1b016e213717e47341739a0b2d0e722391410f |
/data/data/com.machinezone.gow.hack/databases/evernote_jobs.db
| MD5 | 12627a2ec645c4a4bc50dba5903afd59 |
| SHA1 | 504005c938517e61bcf68b65a055c2faba635c2e |
| SHA256 | f177ffae9650eb4f407c2d9a510bb5a5abe1ece2fdfe24effc62478a1bfa5903 |
| SHA512 | 7ff69589296e02383a217373399e75d8a82fa17146e4273f4c0eb630f096dd9f394a3324d60858b02f7e5cf177c82c6d966f5cbedb68ae6a98df7cc851b79cfd |
/data/data/com.machinezone.gow.hack/databases/evernote_jobs.db-journal
| MD5 | 88b52534b37b2d389e645c90df64f42d |
| SHA1 | 6f7558016babe53914c0fc626db830e4a7505fd6 |
| SHA256 | 65d88f780aabe5906a7742a979c12ef3efbd43c01967e48d16e30be2c06c52f7 |
| SHA512 | 280053be6a309e1a079e1d257daef6021cd7f3e1cc75dfe10b1aa4b98abe47d72f1151d12d5d304c25a5d91aa7d337ac9be7216511a623efe862a581ca83beb0 |
/data/data/com.machinezone.gow.hack/databases/evernote_jobs.db-journal
| MD5 | f0d1e09ed59e9b4cc1795cf55a21ab7b |
| SHA1 | 2b6bdf7fc47f2f14258462247b31bfe203bb0f2e |
| SHA256 | 0b5244ad872a29b72cebf1bd688661e7a1ae3741d0d4d13492636d9959aa397d |
| SHA512 | 5a75462e4b2bf104bfc82c0bfebb14a505b67884f1a291dbbb356c050fee183322c9cb53b0f3e82a528f89a8a721f9d20be65b071303dfbd7cdcb71780d51724 |
/data/data/com.machinezone.gow.hack/databases/evernote_jobs.db-journal
| MD5 | 0396c2f4eb04b6973b9788485d2d46f6 |
| SHA1 | cbaac21a47834936a451a954e05fc1910329c876 |
| SHA256 | 3a5569de8a64bea3755521d3a90f814e0eda417bf45597ef94c858e1fabcf775 |
| SHA512 | 57002d47364d829de9f4ecb838ec6051ac814b6cb781ac963308b1588fa210dbb6469d37d7160c671b079672cd57cf477eaa1e1f3af9e1bce71bb0bc404e8bac |
/data/data/com.machinezone.gow.hack/databases/evernote_jobs.db
| MD5 | 3f61d31d444e4dbde8c6b2ef1d37c860 |
| SHA1 | 47672a21bd5b40bec1a5afabfea30db5a4344a6c |
| SHA256 | d88d3479f60bdf3e72137f5dc73ea399ba17f205f3cfb199783d5d01753f7ef2 |
| SHA512 | 086dfccf6df4f1cd284614d06b925e8edc7747074ef81ad615d5b4b7d4af099dec250f316fd0ece31199a89b0c6d80834263b9236ce9995831e8bbf302a8a520 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-08-21 13:41
Reported
2024-08-21 13:44
Platform
android-x64-arm64-20240624-en
Max time kernel
24s
Max time network
132s
Command Line
Signatures
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.machinezone.gow.hack
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.179.238:443 | tcp | |
| GB | 142.250.179.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.169.78:443 | android.apis.google.com | tcp |
| GB | 216.58.213.10:443 | tcp | |
| GB | 216.58.213.10:443 | tcp | |
| US | 1.1.1.1:53 | freegeoip.net | udp |
| US | 3.33.130.190:443 | freegeoip.net | tcp |
| US | 1.1.1.1:53 | lp.androidapk.world | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.201.104:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.187.196:443 | tcp | |
| GB | 142.250.187.196:443 | tcp |
Files
/data/user/0/com.machinezone.gow.hack/databases/evernote_jobs.db-journal
| MD5 | 9449318bb20b1d26d40b18708bffe762 |
| SHA1 | 477f9013eb8e577c29f5b89ec7257bfe87711309 |
| SHA256 | a30227d089eeec2ced4c8fae708c3407bd8a1b4c030a759beac3af571cbae79b |
| SHA512 | cc415d9bd4eaaf8cf0d7a708564e6a985ee2c6ae108c2f881672a51ada90ce374deeae7129a2575749aa0c325ea6c3aa037d82972c3eff3eb8a4072b4079d01f |
/data/user/0/com.machinezone.gow.hack/databases/evernote_jobs.db
| MD5 | 58c0b6e45328752b20ac6e719ac034f8 |
| SHA1 | 372b2638afd00bbbc4034657b3df3d2e428fb367 |
| SHA256 | 9d74f93afa5a179b1ba2f19f154b2880aa8b99c88209802099045a0874d2426a |
| SHA512 | 2d347d5824b9ab701e341c89e8327a95fd6bab8e92ee15ce9550da368d773e22bff304072a4854df5ab763750a7401f7aa61a49e3292d62c27fa9f20536eb3ab |
/data/user/0/com.machinezone.gow.hack/databases/evernote_jobs.db-journal
| MD5 | f40af80d66ca1bc66274e46d51eb9674 |
| SHA1 | 6ccf32a29eed63cf62fee9788a4632956eea1075 |
| SHA256 | 66c3a45088c9cab6cb04779e639bb3cdb41460ae8eee51e6a9e68a28f9e94ac6 |
| SHA512 | 650cc50dfe23ceca9d75cc8a3c20aa8e07f6e1d39b602fcd1060bdecd2d785847b4e4813734822ff0631dda0f87726362b3d420f1a3536df2cdfa09b8bf1ff7b |
/data/user/0/com.machinezone.gow.hack/databases/evernote_jobs.db-journal
| MD5 | 35ff1e6e817a61021bedaddf526e1f0f |
| SHA1 | 354019f340ccdec1f8823a069c4324541b515119 |
| SHA256 | c635750e56fe5434bd92028b04d9b275941fce76782eff117bc9810d8318aa45 |
| SHA512 | 6f090c837083d7e10694e3a447c00bb2a150ac527a6a44f7d5e90754e2b04b4bec23f58913e9a980ff5801fee8a333918a8fae2dffbb654655daa1b3a969b42c |
/data/user/0/com.machinezone.gow.hack/databases/evernote_jobs.db-journal
| MD5 | 11e4a4ac708339b5e86e2295c5394374 |
| SHA1 | 7e315ffa892e6e42646671462d295a71a0add0d8 |
| SHA256 | b05bdd01fb76b88291081439a257e7073613292090568d299122b4ea11b8ceae |
| SHA512 | bde1fb466854ca62671048fa910820aab14512bc49ee14623dfdf41571f863368b49801e453bdaed3bb0948c9d568c7e8436c1c6fff7d7940f710c96a7d1d771 |
/data/user/0/com.machinezone.gow.hack/databases/evernote_jobs.db
| MD5 | 133e26d8216a5bfd774e28c0a1df3fe8 |
| SHA1 | 532e480ba6c1062d2fa483541fb2c1ed3d9a0461 |
| SHA256 | 6894debbe6843885db9e7ab102f4f47ffd593e3d3ad437d937d92d40e0ea5ee8 |
| SHA512 | d35df85e66a23e9aa0c423dc40ff9b3382b47212c277fd1ec06395475da290e0eca1f2421c20c2f375e8bdac29624c1be765e49a525bd6261da7d61ea93d875c |