96fb8b8d23e69239bf2ce04b6dc122c476e7b20d735aa24cff153803cfc4c6f4

Analysis

max time kernel
10s
max time network
135s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
18-05-2024 14:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

55259564c9321d32b249c4afd162eefd_JaffaCakes118.apk
Size

7.3MB
MD5

55259564c9321d32b249c4afd162eefd
SHA1

14d85319652f9047cd4dd2569a78bbf9c81b2709
SHA256

96fb8b8d23e69239bf2ce04b6dc122c476e7b20d735aa24cff153803cfc4c6f4
SHA512

0cf0611bb8b73ad6e74c12c96a1333d9161ee48e12bf3c17c5df0deb7ad96d4bf9acac8897ca9cfa6e8ee14c2fa1671003638490e558a434ef3226beac3887b1
SSDEEP

98304:vk0L5nCNdy3W4T7rUivk6TaHohd7tz1kgfOuIx2A7/8ds:vk0lygdPUivk8iohdrsx2G/os

Score

8^/10

discovery evasion persistence stealth trojan

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

T1426

Processes:

com.magzter.edu

ioc process

/system/app/Superuser.apk com.magzter.edu
/system/xbin/su com.magzter.edu
Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

T1628.001

Processes:

com.magzter.edu

pid process

4256 com.magzter.edu
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.magzter.edu

description ioc process

File opened for read /proc/meminfo com.magzter.edu
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.magzter.edu

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.magzter.edu
Checks the presence of a debugger
evasion

ioc	process
/system/app/Superuser.apk	com.magzter.edu
/system/xbin/su	com.magzter.edu

pid	process
4256	com.magzter.edu

description	ioc	process
File opened for read	/proc/meminfo	com.magzter.edu

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.magzter.edu

com.magzter.edu
1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Checks memory information
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4256

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.magzter.edu/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6648B8ED0068-0001-10A0-4A5BCE6DB2B8BeginSession.cls_temp
Filesize
79B

MD5
f3a0fa2e91882465666a45260e3e4043

SHA1
ece08e8db66c7a355df9503acd303f45a14958cd

SHA256
d6d3d94ed648ffc9bc8f7b1ddefebd7607fff418d59fe2083d68b2c9a45bdf0d

SHA512
d2ec0efef3af4b6155c882b72f352c5ea2e5ec28ee866f43d1d2c4b3605f7c5adbed1802b13ae00ed33e023c976730dd0c8e95e8a8fa400fbee766eba80c020b

Download Submit
/data/data/com.magzter.edu/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6648B8ED0068-0001-10A0-4A5BCE6DB2B8SessionApp.cls_temp
Filesize
111B

MD5
fcafbb3aacb0d1e9fb0fbe725c7a22b0

SHA1
e12dfee36c8798feec3005fe9537aef1d6442e7f

SHA256
ed4a23ef13b739deec59d07fae9fd24a73279587fa167b9a24613315a401b1e0

SHA512
e5d86f7cee1d84cce1c5be241120688c72c3817b098a93f9a6f030b7d339719cfc9f497464c921de06aeae4e5337e06321402a52fb4fdf83bfc2421c1469b2f4

Download Submit
/data/data/com.magzter.edu/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6648B8ED0068-0001-10A0-4A5BCE6DB2B8SessionDevice.cls_temp
Filesize
131B

MD5
53157a4cc1bb8d536348b6075d5a2d19

SHA1
86426661b80c564d77505fd184559cfa0f18c613

SHA256
94f9f2092c0c471758427e1d5f12a29eed280218c1fa16fe9a855f3606be3ca1

SHA512
292a3d9ab69a14dc6a087643ccf54e1d35b0d537ee200ab7a866862f4f82ea2866eaef4cde44316e4d61084825175ed4012fed3377ce01f5d9a7588f550cd036

Download Submit
/data/data/com.magzter.edu/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6648B8ED0068-0001-10A0-4A5BCE6DB2B8SessionOS.cls_temp
Filesize
14B

MD5
9b3d4522944ce6396563812bfdb92fa9

SHA1
6d2a6133c8f01938a48ccc77ef86ad8ca335c020

SHA256
d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9

SHA512
091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

Download Submit
/data/data/com.magzter.edu/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize
1KB

MD5
1f57676c492b7f707d057a7f5024aba0

SHA1
9dbb546514e7f555a37f325842954ab0c13339e3

SHA256
802df7678b145de65a6b7b61627aafbe4ce6ea5c424da7a7baf5b1f8f4355a78

SHA512
38912b9fc3f0329a32ad3b8cdf432f40ba1ed69dc690b7445313bd3ae593d38f4f9e924d704cef11f7361acd53bb94960f99f23eb3b18669d98ce0703be93819

Download Submit
/data/data/com.magzter.edu/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize
514B

MD5
bf4cf41dd64e6c13d91cd54626bcbb40

SHA1
e46ce9a5bad721712bd60c4c2e2fb154e05daccc

SHA256
7f97b8f6c1c622d5fc524d9b9aab814cccff9e18994a3323f71df4cd501f40f7

SHA512
8a063e3a7ac369d29b6b650a1265a2b43e72fc767225f677493fd5aed6fad42a6d07f13491bd532693411f6c4bfdf6d2cc1736870069e3ba94b66f42e19fd562

Download Submit
/data/data/com.magzter.edu/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp
Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/com.magzter.edu/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_86d0d100-5f15-4e9e-a23c-b6ef192b23f3_1716041966232.tap
Filesize
395B

MD5
db22d174bfbbc4f1ab1398aec54db7ca

SHA1
f44cfdce6ac0bdc7d1f3ec369f4808ae6efac750

SHA256
7670c882bbda90a6f9159a5a13cd270b7dcc29e046954f104352ea692fc02347

SHA512
5bc5e4b3411dde3d3f6ba24ca484bf57f1b72b5dbce1c6910c0a178d5ab6dcec157c96d536124fddbf40230c7e1606cb03d5f572bcadbc3733df84359760387f

Download Submit
/data/data/com.magzter.edu/files/SsGXrfESq
Filesize
358KB

MD5
46bbd1cfc6b3ba5fe1e69321cbab150e

SHA1
7e26d4d7cf8f7451254dc7dbc227d85cedf0e313

SHA256
e6e3a79729a42914bf9e838bc4cb89c8f5157c13a4a77aadd744a38c7a34d998

SHA512
422c73b86a4948fb38c287df901a64215c46ef8d364a856d8ddc0d05e5225daa64909a7ae545cf21c9a697a66653e364cc8514bf63218b7b08732531286dd75b

Download Submit
/data/data/com.magzter.edu/files/SsGXrfESq
Filesize
635KB

MD5
80a0e6a615f3045bbd36049b3a0ba233

SHA1
549137b3dc700b4b190f3172e372c29898f92bb8

SHA256
45900411c2462d398e3855b42f438279fdb790e2dd8bcd5c4cecf078716d1349

SHA512
316c387f0b42fce02bf333a24df362f0a1df412360ca4c0606a6f888e91f91d45b169a8ba9326bcd8b5048c4b9f0bc1d2ab24319fe86387ecf1c4b4cc145aa00

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads