136fee591e4a56325b3ffb0f52ca63b6969738f736abe66ad2297a88ffde5dda

Analysis

max time kernel
5s
max time network
156s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
27/04/2024, 02:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

023a615be04ba326572c53030ec32fe1_JaffaCakes118.apk
Size

17.4MB
MD5

023a615be04ba326572c53030ec32fe1
SHA1

1c523eade2c5008e6732e25d1975b7c2a805ec6d
SHA256

136fee591e4a56325b3ffb0f52ca63b6969738f736abe66ad2297a88ffde5dda
SHA512

237d40fb085e320c4c273384fd96687e5f5ecea72d2441989158d6a9c7f0872988c081a935cd7dcc3556b8650229320ea2bd2404fb0fa89172f6e7bf930598a8
SSDEEP

393216:zsAJHBuXLxXWCjZEuw5UWPRuqTBspWuvCn7K/NYIfIDXPucgAK:3BuXlZEuw9PRuqXkL/CM

Score

7^/10

evasion persistence

Malware Config

Signatures

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	ROKINvip.apk

ROKINvip.apk
1⤵
- Makes use of the framework's foreground persistence service
PID:4183
- getprop
  2⤵
  PID:4217

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ROKINvip.apk/files/GG-qWwO/lib02.so

Filesize
6KB

MD5
cbda98dc21eff1fa8a4af9881c82c985

SHA1
01e61708677b64663aae6064014743825fe3ac1e

SHA256
51a162bbcf0073bd973272d90cfa28f45d257913521e1f61e2d2d45ec227c45d

SHA512
bf5836b70dd358cf411998c9eaf0224689ae13827a54318a02039071038f6779771efc4d6bd9b317a8d0ced0ec29fbf60c557dba8612be27fb4316b0dc7a140b

Download Submit
/data/data/ROKINvip.apk/files/GG-qWwO/version.gg

Filesize
5B

MD5
8860b0b3ad5538d2ccc6c2bdd0341a1a

SHA1
f0861b26b45d5351bd8010d42badf0d75e0bd0eb

SHA256
732394c9545439bf5afb2bb367a14807ce1aa795f29ac844ac78d8c18657be99

SHA512
484b5acf68321f90f47ab30d138281e61d5c342e7ecbe9de882196adbf355a2e577fb3a94d9b25736e67cf7c55ca05aed7de398a1055dbcc23a955f28ab3551d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads