29dd9e53a5b10a1ce5825cfee804122d7f6abc5e762d73098fcf5c7b7046ab2c | Triage

Analysis

max time kernel
145s
max time network
151s
platform
android_x64
resource
android-x64-20240221-en
resource tags

androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
submitted
02/04/2024, 19:04

Sharing

Report Analysis Logs

General

Target

9494d9482bcb6f3d07195dfdfd1401c1_JaffaCakes118.apk
Size

254KB
MD5

9494d9482bcb6f3d07195dfdfd1401c1
SHA1

e9a942a0dbde2269d1c973d38c444ce606802b38
SHA256

29dd9e53a5b10a1ce5825cfee804122d7f6abc5e762d73098fcf5c7b7046ab2c
SHA512

46104046850916074fcceaaaa9944c15b7846d65da74828c30e413eaca565583f733f4fb5f77a1efddfee473040dc616284b69c034434947269554433cd7db55
SSDEEP

6144:byF34N/hBX7g3DWkfaT9O5bjhONLpkHn7id3nq6I:uaN/TLEhfaQ5bjhOpI2dU

Score

8^/10

evasion stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

pid	Process
5032	net.droidjack.server

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	net.droidjack.server

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

flow	ioc
6	0.tcp.ngrok.io
22	0.tcp.ngrok.io
30	0.tcp.ngrok.io

net.droidjack.server
1⤵
- Removes its main activity from the application launcher
- Acquires the wake lock
PID:5032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Suppress Application Icon

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
ab9b76032f3671e636504f620ed4d205

SHA1
21e1e3ef5f95af48acdd224ef1f40ff12467521d

SHA256
4da0f7c511a540be366bd92014b6279194cf5da3c47ddb8acb48526f1ad967ab

SHA512
9e133dfb122855076eec7967f0e73fef6f8cdd655b32f9ee5d8cc7de1114212d10764839359b38b63e73772517910662109d87336a8507a99ca1085758841725

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
85ce313c20a8b011661a026d2cdfae08

SHA1
11b4c6c4b53019df75f848b61858899aeb3c22c6

SHA256
7b70360e7320d753e534d28e2955c11780ffebb99405beb3b02c1e9ca87bd2e6

SHA512
44b9eff34cd3b3da92fd23ab4379703f95512cddc8ef93363a7ce17f017e00fb9e676b3ebcc967b1cf77bcda5202ff37f51b6743e9250fa04262ae964f34c34a

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
4312c971b08306f17a624c580a8429a6

SHA1
4109186f09628f723cfccb91e06b15643522511b

SHA256
eed85ddb4b8c35fd71dd0de2dce1cc7d66ff64a064581635b32524690d8ea3bb

SHA512
9e7e5b06d586e0fe5aa512fcf7a690d6f527b04d760994e284dbbcff09cb4289445e9f2efd5aa856da790daffe06037ba74f784b97febffed9879698c74ba813

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
512B

MD5
d3a17102471ad3075f92ecc39512d5ab

SHA1
4b202dce827d9f647e6c470b62ed024854ee741f

SHA256
f389c93bcd8fb97ec6ada929278fcedd3a3374c15a9011b51401ee0eb756c801

SHA512
03427536ecbdafc5709d569cd090f9cb28577fa2aa7e826acc9fa5ffc9e7c8d109bba6e5fc6f32b55209e7535ab59f300d5350c3b1b2e038cf8a48d0047f9bf1

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
8KB

MD5
9471dd5630bfcddcc6be7d4ac70615cb

SHA1
6533c3ec0735dc25181915bef039b2ed7e08e944

SHA256
846c2b1b7b2f71a4b3883a45b55a02ada454d701e76e2a3eece10805a964cada

SHA512
7e0594407240e3dd7fe578118b04aae79caf24b1831d80db9235770f94f1efb3e0d51903c37a111889d7d3277aca5526937c4b25e04f17c8bb79adb68315f012

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
8KB

MD5
93a0f58a3d9fb27a07064f19bca84fd8

SHA1
b6d0a3b6421662a8354d1f7451eeb533aae52024

SHA256
5cb1faa605b9f17848d403ec9c577f0f51744c47e3a13f4442e239360e8abefc

SHA512
3d32d27b9c1fcf610f8ead5ac036ac40fc2df85f269ea993891fd266008a96bd69731f5b292bf990d7459f7db477a8788801ac430aef03abf9af929085dded47

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
8KB

MD5
171131b73dd728d4be5515a30e767d66

SHA1
0e4a0dd14566247e68dc0f781089293cac393802

SHA256
f63a5cc717341f70a417055a7abc027cd15ec4c25e51950a1750965098466c15

SHA512
db1945b0e2de5e6db43411ff2cf7db1222100fa303a3c7fab076843097ef6e23fa96d4d7b04556831a3197ba753f19c21fdb1111dc692ff5bd5ddcdb574928ed

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
8KB

MD5
5b4f14e07369be2c596dbb1e909c8652

SHA1
13fff6144b75d7e87d8aaef475ab3bac380d44f6

SHA256
f6b79ace6a79249ea557ef724e908a968143405cb829eb57e43ee1b05b5ec04f

SHA512
96b0897af11a8f156841e04a3f0f6dee6144360980a9a8fd544e6d38cf983c89ba09534c23ca068d5a0bbd204948cefdaffefa874c562a84e0a89dc4cc0905da

Download Submit