96fb8b8d23e69239bf2ce04b6dc122c476e7b20d735aa24cff153803cfc4c6f4

Analysis

max time kernel
11s
max time network
130s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
18-05-2024 14:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

55259564c9321d32b249c4afd162eefd_JaffaCakes118.apk
Size

7.3MB
MD5

55259564c9321d32b249c4afd162eefd
SHA1

14d85319652f9047cd4dd2569a78bbf9c81b2709
SHA256

96fb8b8d23e69239bf2ce04b6dc122c476e7b20d735aa24cff153803cfc4c6f4
SHA512

0cf0611bb8b73ad6e74c12c96a1333d9161ee48e12bf3c17c5df0deb7ad96d4bf9acac8897ca9cfa6e8ee14c2fa1671003638490e558a434ef3226beac3887b1
SSDEEP

98304:vk0L5nCNdy3W4T7rUivk6TaHohd7tz1kgfOuIx2A7/8ds:vk0lygdPUivk8iohdrsx2G/os

Score

8^/10

discovery evasion persistence stealth trojan

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

T1426

Processes:

com.magzter.edu

ioc process

/system/app/Superuser.apk com.magzter.edu
/system/xbin/su com.magzter.edu
Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

T1628.001

Processes:

com.magzter.edu

pid process

5117 com.magzter.edu
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.magzter.edu

description ioc process

File opened for read /proc/meminfo com.magzter.edu
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.magzter.edu

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.magzter.edu
Checks the presence of a debugger
evasion

ioc	process
/system/app/Superuser.apk	com.magzter.edu
/system/xbin/su	com.magzter.edu

pid	process
5117	com.magzter.edu

description	ioc	process
File opened for read	/proc/meminfo	com.magzter.edu

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.magzter.edu

com.magzter.edu
1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Checks memory information
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5117

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.magzter.edu/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6648B8D903B0-0001-13FD-A93132F6D1F4BeginSession.cls_temp
Filesize
79B

MD5
15c34fe7b681df091061f27bd3e25930

SHA1
a3d5c9bf3985a78c8cfaaaa31e6b0ab8d3734dd3

SHA256
cddc51c2b30452d06bbdca2ead9e748d72ea2274ac0fd8c9012eda8b0b5b66cb

SHA512
2ce9830f74ebcb3902ca5a4fe436cf8d3d7b65d88b262d1a9756bb8dae659d7c56341b85882acc49e1e1b6ff873bb970ba3e11a645876c0010553f8df40135be

Download Submit
/data/data/com.magzter.edu/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6648B8D903B0-0001-13FD-A93132F6D1F4SessionApp.cls_temp
Filesize
111B

MD5
47949e8ac9a49e4fd380f204c868b887

SHA1
bfdce0bf7a92db76b3c70ffcda8a3ce6b96bd4aa

SHA256
d300d6af241a5c29387dcdb57f0dccc1de8be1466a44110668c8d43095bd4384

SHA512
2b0dca7b4cfc1c619a970b53cb6e87febaaa64e711a1f1852d69baf106a772cbf9e1c1400602c13c9b90d2586228d7fdea1e706ca0ac54f8fb3780fdd7345baa

Download Submit
/data/data/com.magzter.edu/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6648B8D903B0-0001-13FD-A93132F6D1F4SessionDevice.cls_temp
Filesize
131B

MD5
c7c0b3bbaf94958ce862f4657e349466

SHA1
7db937951a75b969b8841cdeb5f8c50df8e49bff

SHA256
4e0ff625c639c214a0bc15ec087f896db2ddeb431267eb24f0218eb936f632b2

SHA512
aa4aa09f64363e43cebb906fc2e2c2e468bff13c4589f740411d16505b15526ab80df48128d0af6b11e7f9ec1c4e066fcafc67a28359991d1d47de8c419309b2

Download Submit
/data/data/com.magzter.edu/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6648B8D903B0-0001-13FD-A93132F6D1F4SessionOS.cls_temp
Filesize
15B

MD5
2566d27ce8c28d8961f082c375d7535e

SHA1
92fe585b1a2c9c523d2fa1f65ab5c1b6a1a6edaf

SHA256
5acdb54ddba2e264f6822fbdbc4e9b5158f57d43785c2f01d981956b18f7a90a

SHA512
1c70679bbd25a57f9ac02083d5af0fe72b1417cf3070a195497f03d6f492e87b1ed3f570de7ea7c814c995a1530e32610d9570f31a480648f4062e8d3287be8f

Download Submit
/data/data/com.magzter.edu/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize
2KB

MD5
4a30831f93a17248f60d21368ae55809

SHA1
0322d9b5f5aba1ce38fb8d12019405e3f47e78aa

SHA256
3649ca868e77a1daf3e5d0deba2019fc44ceae4906f09019c48e998069f55bba

SHA512
bea919af2b9c87201df79036ef078cd11411f224cf07693e3687a67fcbe1e0f27aaf3b96c62071bafc345731bc580168adb7e6f9ee6e96620d8c648e5d027885

Download Submit
/data/data/com.magzter.edu/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize
515B

MD5
f7812a0d7a1b644582f454836b21ffce

SHA1
b090ab5039843d937daf96b0fca00bb1dadc3547

SHA256
e92761b05ca4e5180ba867c10f3d782a404e6933f36282c1b3f7143b4d3ece9e

SHA512
f2e18f921b303e4e730570d29d52adba23f99e843b36609b41915b96a4e1f47132d28c1d3e34a321065efc5690e3af6d28bd20757e15d37a067f639d0c65b7d5

Download Submit
/data/data/com.magzter.edu/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp
Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/com.magzter.edu/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_0396c56c-b0bb-4c5a-8efe-66c60b18a679_1716041947413.tap
Filesize
396B

MD5
1ebbfefecb64b5e88cffd564cf7b996b

SHA1
e667920ae44cb5dcd630825b651e0d1dc3e5dbed

SHA256
a7c959adb80213ff5470506aac0d5e6130bf73f3c3ecd9be0e42b3159e100846

SHA512
6daa3ca16bb484ea12045af71d03da55a8f5a2f742622298e3a2d57f0e5021483d0ac676b2fe610ca9358548ac00d95a701822be2196f5905044d16fc246a2d0

Download Submit
/data/data/com.magzter.edu/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_12ab76c7-b12e-4001-9d07-4d72ec4c2717_1716041953667.tap
Filesize
503B

MD5
051454d67cc12a4a1f085c33ed1ab573

SHA1
a0211d56c0d6003be0a8fa779f0ff6e70dde71a2

SHA256
49512aa402f8ab21a6a6dc27e42ef446b475d12e6419503991cf91964e060c4d

SHA512
50033b77883a8b2affa6480c79f3918ec52a3ecadcc8cc4260ce1b25cae5e4ed89c27b91ad0be6beb24de24719e8ca9032a06b1a27f667933b6699168ccf657e

Download Submit
/data/data/com.magzter.edu/files/SsGXrfESq
Filesize
358KB

MD5
46bbd1cfc6b3ba5fe1e69321cbab150e

SHA1
7e26d4d7cf8f7451254dc7dbc227d85cedf0e313

SHA256
e6e3a79729a42914bf9e838bc4cb89c8f5157c13a4a77aadd744a38c7a34d998

SHA512
422c73b86a4948fb38c287df901a64215c46ef8d364a856d8ddc0d05e5225daa64909a7ae545cf21c9a697a66653e364cc8514bf63218b7b08732531286dd75b

Download Submit
/data/data/com.magzter.edu/files/SsGXrfESq
Filesize
635KB

MD5
80a0e6a615f3045bbd36049b3a0ba233

SHA1
549137b3dc700b4b190f3172e372c29898f92bb8

SHA256
45900411c2462d398e3855b42f438279fdb790e2dd8bcd5c4cecf078716d1349

SHA512
316c387f0b42fce02bf333a24df362f0a1df412360ca4c0606a6f888e91f91d45b169a8ba9326bcd8b5048c4b9f0bc1d2ab24319fe86387ecf1c4b4cc145aa00

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads