cc314c4f4acf97313871a514e2520cfdd14629049d8ec38440c1109da9d5ed0c

Analysis

max time kernel
153s
max time network
153s
platform
android_x64
resource
android-x64-20240221-en
resource tags

androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
submitted
11/04/2024, 12:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ed6d6788440704952d19b2bbbcc280c8_JaffaCakes118.apk
Size

726KB
MD5

ed6d6788440704952d19b2bbbcc280c8
SHA1

5a04f3564b99c3f2a4cae4540f5b64fc0371cd28
SHA256

cc314c4f4acf97313871a514e2520cfdd14629049d8ec38440c1109da9d5ed0c
SHA512

a34529f3d893bf2916509829d514b7a4c76ac7e08380a3670f9eed8593f3cc30cae9f10f9ae96862aab761f91edb76ce4cb22194000da303eebcdb7826272ad7
SSDEEP

12288:AoHlEEAqlsMji8AWk8vN0SQ6vDdYU3w3Zy80cSIrRJqljGzBmuUaLsVIs:xZZrjLa8vNEYeZyqS8UgmNaLDs

Score

8^/10

discovery evasion stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
5048	com.app.open

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.app.open

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.app.open

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

com.app.open
1⤵
- Removes its main activity from the application launcher
- Checks memory information
- Acquires the wake lock
PID:5048

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.app.open/databases/wap.db

Filesize
16KB

MD5
d7bf7ccdfa025796f221353f0d87ee38

SHA1
162bcd1711c5f50be09df6a2e4eebaa9c69ad69b

SHA256
e8fd65c3418408d09c4e40426d0340c9043c320fb83263c8103258f44d97feaf

SHA512
1dacc1aeb84be133fa33ad79640220293bf777e2801abefa41a355f9573b279397df4e3488edbddbd291cff27dd91ffd9f5f5dad92ff86c099845512ee81fb3a

Download Submit
/data/data/com.app.open/databases/wap.db-journal

Filesize
512B

MD5
255f0bcf3b483b8db9d090a171f14499

SHA1
2d38100d2a7508f5d731e907f90276c506435188

SHA256
32dc955bb267f429fe02e85027a1ecd21f1c87e9568ec22ffb8e94b7694f9382

SHA512
be9cdd83d3c445da7cdb0f08b43a8fec887d5947a830a13c01d45d168bc945a81b504f4191f4bc4dba9f09cac6f61bed674f669795b16f732b2f6136b619675a

Download Submit
/data/data/com.app.open/databases/wap.db-journal

Filesize
8KB

MD5
ce9180395bc5a30a30566c4ba3e82df0

SHA1
573641c0eccdb943fa788170c012940534ef9ed3

SHA256
88f43b6ebe3829425f7987dfa049ba01fe621a4178f328c2322c4ef586748470

SHA512
8cbc51b0a2925cb66cc89dcbc09ec98854382e0a2f59bc15e0b8cc48f652a0362b440dd39f14867639ec24c27983b62cdc81c1bd98039d1e6fcb943bd9d4e6d7

Download Submit
/data/data/com.app.open/databases/wap.db-journal

Filesize
8KB

MD5
b3ac37df69f9388b1d03aedb15e6d75d

SHA1
b993edb13a685b58f72d56b0a28e346de54d2d49

SHA256
e65e3e9bf5f93adf198b30565cc10f440e1907fc6a1c88906e0540647736158f

SHA512
3ce2524f86372450f21a2b949f14866873b586644c9d8193d542db724f132f6b05a9e7e610d15ca0b159e8dabfc0fec1090e82d850802081e6323cd3a4506787

Download Submit