29dd9e53a5b10a1ce5825cfee804122d7f6abc5e762d73098fcf5c7b7046ab2c | Triage

Analysis

max time kernel
146s
max time network
151s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
02/04/2024, 19:04

Sharing

Report Analysis Logs

General

Target

9494d9482bcb6f3d07195dfdfd1401c1_JaffaCakes118.apk
Size

254KB
MD5

9494d9482bcb6f3d07195dfdfd1401c1
SHA1

e9a942a0dbde2269d1c973d38c444ce606802b38
SHA256

29dd9e53a5b10a1ce5825cfee804122d7f6abc5e762d73098fcf5c7b7046ab2c
SHA512

46104046850916074fcceaaaa9944c15b7846d65da74828c30e413eaca565583f733f4fb5f77a1efddfee473040dc616284b69c034434947269554433cd7db55
SSDEEP

6144:byF34N/hBX7g3DWkfaT9O5bjhONLpkHn7id3nq6I:uaN/TLEhfaQ5bjhOpI2dU

Score

8^/10

evasion stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

pid	Process
4314	net.droidjack.server

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	net.droidjack.server

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

flow	ioc
14	0.tcp.ngrok.io
22	0.tcp.ngrok.io
3	0.tcp.ngrok.io

net.droidjack.server
1⤵
- Removes its main activity from the application launcher
- Acquires the wake lock
PID:4314

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Suppress Application Icon

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
f553d76d0e3fd64242b0834f349ef2fe

SHA1
26ebf0fbe2ee1bc0e6ee3b3f3381a2bf4b90144d

SHA256
2e41ce5542acec52b8e568ffb9bbce1dbc00ef5c3d2acddf2a316072fca59985

SHA512
af168732def9efd1c5323cb8b8fb869ef90f5718bced01f04c9bf86d581f06880d5ffb4d89c26092f3c250aeb81ac3dc6c60a445e6bbc7215160da2d30088f58

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
5499405c95b1f590d0b823bb88433622

SHA1
acee46fe64f1dfbde0627032c3215aa17b3025c4

SHA256
1158e76fa0f51ad4df8c4850dfa7983c7e7bf9f5db660fe20d2b2b73a621304a

SHA512
593d208c45b491f03d3a1541cc837b0fc86322ef16a002f2813f82d668d7fc3615bb4651e11735ae001b7bc1efe03951764f5a850cc0577281ba1bb6e42b5125

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
936206b55ed41ebc2ef834be36b70e3e

SHA1
df2d9bbe426c0c2e1e1bb2104209c19415010dc2

SHA256
028ca69a78488a17051893705aed1016c2114761c1a357a72ab00366feb5ef43

SHA512
18591d58ec707b0f90f5f961c1e86f180e9f9e272fcfa6f88bbaae04a977eb1ec7233a4da69bae80d5b1fed42058b43e8d0dd53d6945298c6e7803703dc0c45e

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
512B

MD5
cb4bddea381ca9a6c73bd5373b028a77

SHA1
85002cbd3171b553efa6ab9224875d1ab600491f

SHA256
cca56c55759ca1fec0298fc8b2441d5a38596b4fbc6b2598ade798efdf64408a

SHA512
75a495dd845509d1d17d830b477cde21455360fbd8834653a4e14a2e58f4f5804dcaa6b03d1d6b824b81233570d9e44faf8012179859621eb1dca9df30b2105c

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-wal

Filesize
28KB

MD5
289adf85e525745e55519e4c41867c6f

SHA1
b0ed143a6c63d0191fed5886947822a3b259ad2e

SHA256
92fe5949e94e5dfaa02a4576a913479ba09b33df38f52167f4ac559d6a53dc80

SHA512
ee00e3c16af5f73b6b9450f476cb67d245c24d7e614ca080a56d43eacde2d47dfa0a78c4ab4e201b94a17259b802bb4e1430d595f3422b22628bb8f48066e985

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-wal

Filesize
4KB

MD5
9a382e97b468ef7ecbbedff32245a462

SHA1
6233aab181d401dd02acc381bd1bd08286d2fa5f

SHA256
585f5894e707c2a3356f12c5cd53793e7bb5cf2994301950027fdad37eb48066

SHA512
d59331969ce5817e1893805f75b94e4c8d5e79dccfdacaef5e3f67a776524bd9d0257b15e4ebd1f1b705ff2044623eb7646fbfbcb361fc0c565e812387ae47c8

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-wal

Filesize
4KB

MD5
f2f0a5333a8a6225749d9e4b626caaae

SHA1
de6abd7b8280ec5821092fc731432125694f7a01

SHA256
f8772aa12d7add391a72c2699b4fbb6f740eef21836507b74f0c3720244b3f9b

SHA512
edddb01c1ae48974e4b60dcea87e8af158d5ff972b844d2461f2bbd532a2201c14c8fa3d879af65b41c4656ce2ca11178b087edb29f3103f46dc8dd8ac254a61

Download Submit