Analysis Overview
SHA256
bc057f0bae84d48e79944eb98154795acef33f5e6670766227eb68cc73a3cdeb
Threat Level: Likely malicious
The file c0cfdf18b4670edaca2db15601c2c1fe_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Removes its main activity from the application launcher
Obtains sensitive information copied to the device clipboard
Queries the mobile country code (MCC)
Registers a broadcast receiver at runtime (usually for listening for system events)
Schedules tasks to execute at a specified time
Checks CPU information
Checks memory information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-25 13:08
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-25 13:08
Reported
2024-08-25 13:11
Platform
android-x86-arm-20240624-en
Max time kernel
23s
Max time network
137s
Command Line
Signatures
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.aim.racing.hack
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | freegeoip.net | udp |
| US | 15.197.148.33:443 | freegeoip.net | tcp |
| US | 1.1.1.1:53 | lp.androidapk.world | udp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.180.14:443 | android.apis.google.com | tcp |
Files
/data/data/com.aim.racing.hack/databases/evernote_jobs.db-journal
| MD5 | 0bc131468ed45ab7046f3fe1717fa6a5 |
| SHA1 | 54a557d2137464b89d5f733cd450de0a10898b36 |
| SHA256 | 30e9af5b948d3111cb43d7d255bd7658dac5b9e266d7f48ac049f20480d31678 |
| SHA512 | 4ec2be4bfb4f6f2af75cf81bc3d6e976a4df214fad590367c35e4d7fa9e3439156f7e7c2fc3338b061b0782f7729b17d85fef06311cae2bfdde99f62fcd08a82 |
/data/data/com.aim.racing.hack/databases/evernote_jobs.db
| MD5 | 5d85664f8e614fcaef42be2e6f649027 |
| SHA1 | 09c6288922102f6114a823f4992415fd3373d61e |
| SHA256 | 55f8907e91226ef43a05583c7b4623b4e26994b62d20c8603975ccc1fa3b9409 |
| SHA512 | 3d6006a3e82d00fe9bc443e940acc5df12ec84114fcbcf8fbc8099c085cb1229b21a217b7445129b50558bfef5100894686d7359eb80b7ef087b65c7be3bc6e9 |
/data/data/com.aim.racing.hack/databases/evernote_jobs.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.aim.racing.hack/databases/evernote_jobs.db-wal
| MD5 | 07e008dad1d6df348fd3edc8ca14f151 |
| SHA1 | 7fffb68b7d5919d2f5b9c0cd15586bf2baa8d426 |
| SHA256 | ce785b57d1eda5092b08c9a32fa9af8e0b8a3fffbf4a460c48212c164ff1b350 |
| SHA512 | d584f8d694851e5ca690acbecf1b7a3ea395183293f4a39690545d48c1982f66fdca9a99004a9b214d7d9d7810a88f6e958820c4d47d011215b3edc367294b27 |
/data/data/com.aim.racing.hack/databases/evernote_jobs.db-wal
| MD5 | 72b05d4d5556c1566c3320cad4f4ed2e |
| SHA1 | 9b8e99862b4393a8ec383b33750a4d702eb09fe7 |
| SHA256 | d627d59aac07138fee83b930cdbcc18632fd37147c951a74fb2d92ccc5070b72 |
| SHA512 | d9b03b0f4a65adaf2e8ce2b53ecb60193b3c1881719c0342e518f67777a771804199d4f43e825b5146fc24c5041a5ed74f5d1fe373ecb742bc26f01643643ef7 |
/data/data/com.aim.racing.hack/databases/evernote_jobs.db
| MD5 | 68b7ec01933967addad46a2e47701e7c |
| SHA1 | eb7e8731a3bff12de987e121ec6935948cd621bd |
| SHA256 | 2d6a3152023a9362a4e7956fb2a2b79fe372384b3f5833a4c3e36aa12cecae7c |
| SHA512 | 6439864732b0c718859d8c0485fc912783b52b60729f0168137e91dc8afac5cfb1e20c0c44c6eccaa6adba23ecebbe3b293d1d9183e461e9e137bf41718ef29f |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-25 13:08
Reported
2024-08-25 13:11
Platform
android-x64-20240624-en
Max time kernel
19s
Max time network
175s
Command Line
Signatures
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.aim.racing.hack
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.201.100:443 | tcp | |
| GB | 172.217.16.238:443 | tcp | |
| BE | 142.251.168.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | freegeoip.net | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| GB | 74.125.71.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | lp.androidapk.world | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.201.104:443 | ssl.google-analytics.com | tcp |
| US | 15.197.148.33:443 | freegeoip.net | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| GB | 216.58.201.98:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.180.3:443 | tcp | |
| GB | 142.250.180.3:443 | tcp | |
| US | 1.1.1.1:53 | g.tenor.com | udp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 142.250.179.234:443 | semanticlocation-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.180.14:443 | android.apis.google.com | tcp |
| GB | 142.250.180.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
| GB | 142.250.179.238:443 | www.youtube.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | mdh-pa.googleapis.com | udp |
| GB | 142.250.200.10:443 | mdh-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 142.250.110.84:443 | accounts.google.com | tcp |
Files
/data/data/com.aim.racing.hack/databases/evernote_jobs.db-journal
| MD5 | 0896a8b08aa0ef93ca9e2b781a0ba89c |
| SHA1 | 5e671bcdfbbd1bea8fca8d60bbdcd97c24377c5b |
| SHA256 | 0b772b2c8f490f58bbd2e6e0e547ad9b93a3835a523f2edced1bb76f63c5b9d4 |
| SHA512 | d7dd4cbb5646a50793bc57c67cbfe6b4c576cec64bcbb767a8aa94fc884c86610f3cfaab277751628a6562ad869ce9f904658ccb6500241da9bae46973dc169e |
/data/data/com.aim.racing.hack/databases/evernote_jobs.db
| MD5 | 12627a2ec645c4a4bc50dba5903afd59 |
| SHA1 | 504005c938517e61bcf68b65a055c2faba635c2e |
| SHA256 | f177ffae9650eb4f407c2d9a510bb5a5abe1ece2fdfe24effc62478a1bfa5903 |
| SHA512 | 7ff69589296e02383a217373399e75d8a82fa17146e4273f4c0eb630f096dd9f394a3324d60858b02f7e5cf177c82c6d966f5cbedb68ae6a98df7cc851b79cfd |
/data/data/com.aim.racing.hack/databases/evernote_jobs.db-journal
| MD5 | fb1d580753bc39f60b3476aad26e67b2 |
| SHA1 | bc98db5bc221fb4e72461c95ec7a1c4f222d681f |
| SHA256 | 67667dbcae22e0409829045f98ce168768c63060a62b9ac8f68a7f402c40d601 |
| SHA512 | e8d125a7b24c8dcfb248ab1339f5b6290da05a917e18cd61d1c18343f5befd14456109071bd1a9d8d4f9e1402168de5124ae0429455b2ac5e79581f3780db063 |
/data/data/com.aim.racing.hack/databases/evernote_jobs.db-journal
| MD5 | 9b63db7330031326809bbd09b0d5acbd |
| SHA1 | 00d12610ef9f1a862e71957a1afb353f35497a1e |
| SHA256 | 92a4be94543f9deda7d32cceef87bf4c6bbd51706ea1a8cd5613affdb265ce98 |
| SHA512 | f365386f7d2fa4860f379500350e04909fe3d9d7bcdacc1abf1dbf2e752ce5cd770b68fa239a407c444baf58a8e8fc8a8525caed9fe23098a1caa51d3b61654d |
/data/data/com.aim.racing.hack/databases/evernote_jobs.db-journal
| MD5 | 18c079d1b96a1768023171064b459036 |
| SHA1 | c4c4b65e4737f50b08abefb02eedeea6ae365aca |
| SHA256 | d0c134fa720c89b5de67b02bd4da0bdab87817bb8fc8b4ebcff788c4d24667c4 |
| SHA512 | e93bf3a7bcc6e3610f01dbcf80d95832922ea4fc36c427d34d5c45456056cf0228edb29ebf434d02a9838310f0c7457d68f85dbfe738e7bc9cffed22fc0329b4 |
/data/data/com.aim.racing.hack/databases/evernote_jobs.db
| MD5 | e2e903c52e27a12d15831f46372e910d |
| SHA1 | 612a15ae79a4657a61b8c770e4b1d59ba3feb93d |
| SHA256 | 1c215d57054ecaf23a75b0856e9302e3c62efbd7149846ff8831e46be2eeaf4c |
| SHA512 | 0047cf9edf14e1141b213bae1cc43b55f121f995f329cb337ff24d1c188ca0a8790bb63447507541e14f7068dfeca71fd09f4d9ff7f436ebc74c039bf738227a |
Analysis: behavioral3
Detonation Overview
Submitted
2024-08-25 13:08
Reported
2024-08-25 13:11
Platform
android-x64-arm64-20240624-en
Max time kernel
24s
Max time network
130s
Command Line
Signatures
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.aim.racing.hack
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.180.14:443 | android.apis.google.com | tcp |
| GB | 142.250.180.14:443 | android.apis.google.com | tcp |
| GB | 172.217.169.42:443 | tcp | |
| GB | 172.217.169.42:443 | tcp | |
| US | 1.1.1.1:53 | freegeoip.net | udp |
| US | 3.33.130.190:443 | freegeoip.net | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.16.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | lp.androidapk.world | udp |
| GB | 142.250.187.196:443 | tcp | |
| GB | 142.250.187.196:443 | tcp |
Files
/data/user/0/com.aim.racing.hack/databases/evernote_jobs.db-journal
| MD5 | 151c16157353fa37db606cdf65303739 |
| SHA1 | 4ae0f1bd2ac4df161479f9895984a1e7235e94f7 |
| SHA256 | 4383c307e76e740017279d494fd0df1b97bcad14e524317c537dd17fca5df152 |
| SHA512 | ade3119d503d95e00757dce2f5a1971f4e97673dbd6e954c27db412080b81dd8536d30ea0dbe53cdbf5bdf99485d3bb1c47e32edf3603a2ba45056a52ae9c6c3 |
/data/user/0/com.aim.racing.hack/databases/evernote_jobs.db
| MD5 | 58c0b6e45328752b20ac6e719ac034f8 |
| SHA1 | 372b2638afd00bbbc4034657b3df3d2e428fb367 |
| SHA256 | 9d74f93afa5a179b1ba2f19f154b2880aa8b99c88209802099045a0874d2426a |
| SHA512 | 2d347d5824b9ab701e341c89e8327a95fd6bab8e92ee15ce9550da368d773e22bff304072a4854df5ab763750a7401f7aa61a49e3292d62c27fa9f20536eb3ab |
/data/user/0/com.aim.racing.hack/databases/evernote_jobs.db-journal
| MD5 | c5a74fa8f08e49b788654ff292431c8d |
| SHA1 | cafa65a1461f4fec8ecdd7ac7e1ab337036adfff |
| SHA256 | ff5807ebc991c2854ec70be05855a8f17fce370c42a56d4a2024a7dd6abd7313 |
| SHA512 | 0cb75e2b6a361b06f73e9466a886220e4fe85c87dd0b74e3c76c9d670b54b1007764b1a6175808e4c8ba42274fa63edb2d3906d8ca08d75c2869253d307e73ca |
/data/user/0/com.aim.racing.hack/databases/evernote_jobs.db-journal
| MD5 | 2cf84ffd1fcaf3edfcb7cee98f1a667e |
| SHA1 | fe8224f512556e2b6997489c4ac9673fc66002b2 |
| SHA256 | 22a44f4c9d4b12d8c383111730a06c2b25b919d6074b521b92deab5f732add3d |
| SHA512 | 0895bdb0367ae66cbfcdb40b1d3433faa49d039b0e1dee61190020c5c2d9c758931ba31d9d551f3bb7490722deed5a07ac6900ce19f2a5ef2a71de139593031f |
/data/user/0/com.aim.racing.hack/databases/evernote_jobs.db-journal
| MD5 | 69506c4bd3d3ab38719ce05c9c798a1b |
| SHA1 | cd0994ad3365e11a5743b4dee8ed1ea9963aa9af |
| SHA256 | a77da57cdb68311ee2d8d8f9501fb91343be1056e3ecf1881199a3b03e5b3640 |
| SHA512 | cbe0afc61c9f6d1b057942e9906a03185c000ca9eee2d8a9b6dd716ef542cdfde02bf778c3080dd495db65aa57a5dd06686b9f1e17dfb640f8d260b4dd3e53c0 |
/data/user/0/com.aim.racing.hack/databases/evernote_jobs.db
| MD5 | f7c9ca5443e6106a5c12d77fecde1ca4 |
| SHA1 | 7e5979cd153617e788be0b31a3a12708f15431ff |
| SHA256 | bff81e151c8301a13337a4bd5f7cb4401adf4802df056f20a21b47bb69e372d1 |
| SHA512 | 65d30c803d5fa4636bc40ad9f7ef2f30e42cfc7a997c8db43c825b05218ee19de66160487334c4c067505503ace7e5f3a2c49d08f3b65dd0b15cb242fb4b37f2 |