cc314c4f4acf97313871a514e2520cfdd14629049d8ec38440c1109da9d5ed0c

Analysis

max time kernel
149s
max time network
159s
platform
android_x64
resource
android-x64-arm64-20240221-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
submitted
11-04-2024 12:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ed6d6788440704952d19b2bbbcc280c8_JaffaCakes118.apk
Size

726KB
MD5

ed6d6788440704952d19b2bbbcc280c8
SHA1

5a04f3564b99c3f2a4cae4540f5b64fc0371cd28
SHA256

cc314c4f4acf97313871a514e2520cfdd14629049d8ec38440c1109da9d5ed0c
SHA512

a34529f3d893bf2916509829d514b7a4c76ac7e08380a3670f9eed8593f3cc30cae9f10f9ae96862aab761f91edb76ce4cb22194000da303eebcdb7826272ad7
SSDEEP

12288:AoHlEEAqlsMji8AWk8vN0SQ6vDdYU3w3Zy80cSIrRJqljGzBmuUaLsVIs:xZZrjLa8vNEYeZyqS8UgmNaLDs

Score

8^/10

discovery evasion stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

T1628.001

Processes:

com.app.open

pid process

4590 com.app.open
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.app.open

description ioc process

File opened for read /proc/meminfo com.app.open
Acquires the wake lock 1 IoCs

Processes:

com.app.open

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.app.open
Reads information about phone network operator. 1 TTPs
discovery

T1422

pid	process
4590	com.app.open

description	ioc	process
File opened for read	/proc/meminfo	com.app.open

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.app.open

com.app.open
1⤵
- Removes its main activity from the application launcher
- Checks memory information
- Acquires the wake lock
PID:4590

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.app.open/databases/wap.db
Filesize
16KB

MD5
6c1b2010705b03b6c7a484bc722ead6a

SHA1
87c1a3988fb85f2092a4d648e034be0d1f81202c

SHA256
4b0f118036fd23259cd6ccd34a5d2b7f09cd55ac47ec92939d77ef3b5ede3219

SHA512
d436ddb7eb9aceaee4b5a11561759ae5bbf611c8af3f7d3ce87c0aa8c4f670d0644a525cac983dc5cbcd738697f3969ce3ab107d8f2997cabdff3a75b1d2ba0c

Download Submit
/data/user/0/com.app.open/databases/wap.db-journal
Filesize
512B

MD5
4d5b0028d6e210d4d71c5ba934c56c0e

SHA1
c71bbf2b6528b98e5c40e2b77f6e51b5f4b6c639

SHA256
6f76e302f1333fc61040b25eafab0c4cf3fbde26a149f9be77a0f20622d7028d

SHA512
260ca575e828e993f8b59594a3595486f47fc80774f123941b61ca6257e8a05de16dab8059223623d6859c4c70a3915483b46a6d746a030943ef72a7241763c1

Download Submit
/data/user/0/com.app.open/databases/wap.db-journal
Filesize
8KB

MD5
4c17653e6012a75dcf187e3f40cc8450

SHA1
a454a6faeddebe41df96e53c3ded85cdae2753bb

SHA256
2ffab69ba9d63f43bc2cced99d67e8d00b528eace0ec49b68e913442f7dcee00

SHA512
8f9ed15672cd6c1f1e8fc1e432eff7cbe38165e70b50d9ba7191bf5e59221af102ec71b07ba77b4c20157387347875204331534e85cc344caff1ce89d3bbfd63

Download Submit
/data/user/0/com.app.open/databases/wap.db-journal
Filesize
8KB

MD5
6ff509ac20b62562ba1fb335c460ff71

SHA1
33b028a458aee9c6b04bbdee6e9d890ff087a584

SHA256
65790c77fa156946b20487c3d8c8edc695453257c02c3c9ba6786e32604acadd

SHA512
7feada172b881fb84427790bd6fb152ad9ffafdf31b3b4001446a1b033b301f5a888f230db85e35ca7fb9d41128a4600aab55d2f18b85bb027c7f3b882bde37f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads