29dd9e53a5b10a1ce5825cfee804122d7f6abc5e762d73098fcf5c7b7046ab2c | Triage

Analysis

max time kernel
146s
max time network
154s
platform
android_x64
resource
android-x64-arm64-20240221-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
submitted
02/04/2024, 19:04

Sharing

Report Analysis Logs

General

Target

9494d9482bcb6f3d07195dfdfd1401c1_JaffaCakes118.apk
Size

254KB
MD5

9494d9482bcb6f3d07195dfdfd1401c1
SHA1

e9a942a0dbde2269d1c973d38c444ce606802b38
SHA256

29dd9e53a5b10a1ce5825cfee804122d7f6abc5e762d73098fcf5c7b7046ab2c
SHA512

46104046850916074fcceaaaa9944c15b7846d65da74828c30e413eaca565583f733f4fb5f77a1efddfee473040dc616284b69c034434947269554433cd7db55
SSDEEP

6144:byF34N/hBX7g3DWkfaT9O5bjhONLpkHn7id3nq6I:uaN/TLEhfaQ5bjhOpI2dU

Score

8^/10

evasion stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

pid	Process
4379	net.droidjack.server

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	net.droidjack.server

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

flow	ioc
43	0.tcp.ngrok.io
49	0.tcp.ngrok.io
25	0.tcp.ngrok.io

net.droidjack.server
1⤵
- Removes its main activity from the application launcher
- Acquires the wake lock
PID:4379

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Suppress Application Icon

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
70ab0184149f2a2235ce82b245bb5c3a

SHA1
ee3b0fbc494cf364705fddb1f3ff3503e4f70ffa

SHA256
27df39c9b9de413f6bc5ccd57272857ef5500c20ffc8b4e90e35088b3f4af80f

SHA512
52d291e398d4b4c5d754d02aa2afbce0b8f87c71b60ba5f29f2d6adc6f72318b97d7fc252fbb77a6cc721b6a7c0cf052c58ddd0648069bbeb5ab259089a22cd2

Download Submit
/data/user/0/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
3dcb8abeb0bfa1fd4504742be9bd2e03

SHA1
119c7615947d979766f1f92c0ef008b4ac86f4d9

SHA256
f02784e6e69a91bbdd728886c297b52211f3c203c1b52bfa69c737466004f029

SHA512
0ad53256202bb4f62a1adedabebaa5882bb791c3ef761ab2fa3a05b8ad497ee8388da4657efe3c46a57507699b4562e2e0c2ecebc62c50334b497a174edc4597

Download Submit
/data/user/0/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
f99ebc7609a929306d5259074bf08bbe

SHA1
2a8a3cb7918b7f7be44630ae497b9df303f8280e

SHA256
92e34183e961cc5d5930cc0254f766021307c8ec8a6dcaf2e2fcfffe511b71ba

SHA512
abe426b03dac27b98c83bd447e2598f59350d1d6e7a6d6ffbed10f4df7ff674f543ca1b5ad6aac0e6404e67f48482f7aaffb6ae6209dd9f7754484bf5548b892

Download Submit
/data/user/0/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
512B

MD5
5fe21a87817a8f0c5091ef43d8463932

SHA1
6043b578f8bae185c4a24cd1c4b2525b56b45015

SHA256
ec4d93e17f68ebf2a8d8b32539ee464bc03c6db21790e6f4281066d19599cba0

SHA512
78781b7f531735b3df312ceb10b80331d1b2d7454b259d5ab440c9b14045ff890fc4466bf5b1747eaee48e527883c674e7a1da03964869c665da321d14321549

Download Submit
/data/user/0/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
8KB

MD5
55da2d13a30009c3f5e202c0c7d61943

SHA1
e0be8bedb51d2fcdf2e6fcd6ed085e79ed47219e

SHA256
ed7da096c4dc896959cc91498f864e7fc3092fd38c9d07848f9c7acb8a42e94d

SHA512
c330ae56e82bde8fd241263283923275618a2b14682883a7c7e368a7d12ad20e816bf211281fceefdc1a29a131c02250179d88f07b27de6016a34e87fa28b446

Download Submit
/data/user/0/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
8KB

MD5
5ee0f62c8dbb595c4c1e95eb80a65ae8

SHA1
c5ee3901dc9e19ec5734dddb2c732c1c9589e45f

SHA256
8b1f37c3004e91032c43491855b029a04a32e7239f09b4709049090e8a4587c0

SHA512
1d7cbec67611cd751d0068e45b1426b0a8884a5e8a83efbd2e245d765965bf4a3795ce74594e02fba6f528e064babefd2c1b9566d978a64e92e9f38efd127ed3

Download Submit
/data/user/0/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
8KB

MD5
d3c27d8a3d11baf6dd0fb0b0532ac17d

SHA1
826a858293cb20479ab632239876a4d3f22b0acd

SHA256
e0cca1acfde74abdfba8813d70405d0ff793785de8a4e26b5588bb194d4b7138

SHA512
09569141858ec07ecd72451b176c518c681b2b6aff49a7fc760ed38efa575b20e36a85ae34f568eedbd229f28e6622bca438d8e871d8459f864f7ca5000d0cb7

Download Submit
/data/user/0/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
8KB

MD5
482ddcb0a70a2139b18d13bea65aee39

SHA1
9c34adbb44a26284416f0dda17e79e78195e5ac5

SHA256
6e0d44ec5fa6eb269ce18e5fb0fec32b3b04328ffd0df9ba90631d29968b0764

SHA512
acf4ff1a70c2d8e61fd8c15fab5b6bb39b5e1094a82c5ce85bbe3aa0a33398323cacfc91134c531ca6943800715e5f06306864e41acdd26ca000fc55c30373a6

Download Submit