96fb8b8d23e69239bf2ce04b6dc122c476e7b20d735aa24cff153803cfc4c6f4

Analysis

max time kernel
18s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
18-05-2024 14:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

55259564c9321d32b249c4afd162eefd_JaffaCakes118.apk
Size

7.3MB
MD5

55259564c9321d32b249c4afd162eefd
SHA1

14d85319652f9047cd4dd2569a78bbf9c81b2709
SHA256

96fb8b8d23e69239bf2ce04b6dc122c476e7b20d735aa24cff153803cfc4c6f4
SHA512

0cf0611bb8b73ad6e74c12c96a1333d9161ee48e12bf3c17c5df0deb7ad96d4bf9acac8897ca9cfa6e8ee14c2fa1671003638490e558a434ef3226beac3887b1
SSDEEP

98304:vk0L5nCNdy3W4T7rUivk6TaHohd7tz1kgfOuIx2A7/8ds:vk0lygdPUivk8iohdrsx2G/os

Score

8^/10

discovery evasion persistence stealth trojan

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

T1426

Processes:

com.magzter.edu

ioc process

/system/app/Superuser.apk com.magzter.edu
/system/xbin/su com.magzter.edu
Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

T1628.001

Processes:

com.magzter.edu

pid process

4563 com.magzter.edu
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.magzter.edu

description ioc process

File opened for read /proc/meminfo com.magzter.edu
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

T1541

Processes:

com.magzter.edu

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground com.magzter.edu
Checks the presence of a debugger
evasion

ioc	process
/system/app/Superuser.apk	com.magzter.edu
/system/xbin/su	com.magzter.edu

pid	process
4563	com.magzter.edu

description	ioc	process
File opened for read	/proc/meminfo	com.magzter.edu

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	com.magzter.edu

com.magzter.edu
1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Checks memory information
- Makes use of the framework's foreground persistence service
PID:4563

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.magzter.edu/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6648B8EC0084-0001-11D3-10925098FE58BeginSession.cls_temp
Filesize
79B

MD5
e632afcc6da6028fd952fa1f6da9485d

SHA1
91180c0ba3f53dc7578882daf54ab758d42418eb

SHA256
31449fb30998b17a13ba0b9eecfec63f9a20c3f8d4ebd93f3d27680dbcf9ec2d

SHA512
cea3c2089873fdd7d02f5ab403e0db2c65eb3a5f2792c766595d1c076982feefab927ed0c7d12bc0216b2bebf716fefe2fc550803bb7aa2c259ee66f2112339c

Download Submit
/data/user/0/com.magzter.edu/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6648B8EC0084-0001-11D3-10925098FE58SessionApp.cls_temp
Filesize
111B

MD5
d718645cb6c26c7670477247aea00c54

SHA1
7fcbbc95db7ea49f5041c5c0b76de1cc7d5ed6c6

SHA256
6da43840a7e66ca8a6a0430563539e838c01d49d4e50274014195fa157e5ad03

SHA512
91fad4dd4aba022ae67454a69c82ed17faefca351ba5e86c82623bf576939f54682230f52709f1faca4a65d5c052515da531cd07bf4c5d6c6cebdb158762c4cf

Download Submit
/data/user/0/com.magzter.edu/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6648B8EC0084-0001-11D3-10925098FE58SessionDevice.cls_temp
Filesize
131B

MD5
a081a181b51398a894afcde960088d1d

SHA1
32649a5999ab3ff9d09ce42d214ab183a8c8539d

SHA256
3f0e9edd4620f102cb98129dacef73befef25a5892918fa3c3a4a4378e09c62f

SHA512
72c401b6fd33c59903867a02b632e11964dea4b5945f7b565fc4b728a910ef6474e6521d3579d97d163bc09ddb70d9077f7c58e915e6fac9fa2d1c3a3d39162d

Download Submit
/data/user/0/com.magzter.edu/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6648B8EC0084-0001-11D3-10925098FE58SessionOS.cls_temp
Filesize
15B

MD5
b3d9541cc92a9153d14e5160f8d8c008

SHA1
2e1ac80eb381dd82a03795b682f92020348c0113

SHA256
1ead5b213c87f182ffce484c34f7d9f140ad3425c0f303f460492efe8a26c56d

SHA512
78074409135a210ba4e1407ad9b3f784f5683e83aac4ce3482d4e8135425cf2b30db1ff5dd0041901c490a551a477237c6d255671c7b1fad74090980dcf3334f

Download Submit
/data/user/0/com.magzter.edu/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize
2KB

MD5
6d4d62c2eac61fbe907d59af62b17717

SHA1
f3d2d54e4906734c21dfa218c3b34c21614a4554

SHA256
335b5161297cf552c9667f916bfee7bb8d38c0037edb4f884dcabd9cb01eeca0

SHA512
55d446fd3da8f335a4b2fd77c1a488c277979cf314fb5d9588a44104cc6df7164e9cc39988698864c54489b8727eb90c580aa439c6301560eb0491a5a9e81a3c

Download Submit
/data/user/0/com.magzter.edu/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize
515B

MD5
96e130c25d5757f84c904e273f265d5f

SHA1
f1bbb37a89daf3d8418e090ac4907160bc68265d

SHA256
ee371e9c950a8855bafa52a1f2b4cf38b71b3f60d81939f68351e856ab37f50d

SHA512
792b3944013a2e2b73bbfe99a4d3ffda89be3d6e426bd0a4aaa137dab2fcbe00655bb22f8633ed3c34e7ada0c7806a2f3e408a231bb7e7d4c4333582c3c46c6e

Download Submit
/data/user/0/com.magzter.edu/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp
Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/user/0/com.magzter.edu/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_9fe9c4d3-1db7-473c-a7dd-2728e697b912_1716041979555.tap
Filesize
461B

MD5
57715ac674cb67447c9b479802507061

SHA1
9c922c14b0c1d9948e7c0e23ebd56e978a822696

SHA256
17446ad7e0ab80471495ab093b97d84baaf14307763b98e7a2dbf8fdba9e0e96

SHA512
70eaca39d30c7b84dd5f78acc8f97bbd846f76580599e89da9c266011a9d9d40408d3e0e37337abae7d5d786a2d2934d6ab44591feabf0cd51987dc84b33090f

Download Submit
/data/user/0/com.magzter.edu/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_eb710dfa-3a2c-4d38-8a05-3357da40fa41_1716041965202.tap
Filesize
397B

MD5
47f2d1d8f46010625b7a92e47c286164

SHA1
96a7db8f2a53dd39d3a0d99a40b8e5b56d8b9972

SHA256
62107a98fe87270f0799d53d27547d04f4d3a6d2a5c14d361c6021d6a15d944b

SHA512
cd49ffd823e0236753b211ee63f6eb48979b0563250d08287506b2ad6a50829b9dc0a8d155ddd2974b471863cda276b41346306b1399fa95da29e966731db1d4

Download Submit
/data/user/0/com.magzter.edu/files/SsGXrfESq
Filesize
358KB

MD5
46bbd1cfc6b3ba5fe1e69321cbab150e

SHA1
7e26d4d7cf8f7451254dc7dbc227d85cedf0e313

SHA256
e6e3a79729a42914bf9e838bc4cb89c8f5157c13a4a77aadd744a38c7a34d998

SHA512
422c73b86a4948fb38c287df901a64215c46ef8d364a856d8ddc0d05e5225daa64909a7ae545cf21c9a697a66653e364cc8514bf63218b7b08732531286dd75b

Download Submit
/data/user/0/com.magzter.edu/files/SsGXrfESq
Filesize
635KB

MD5
80a0e6a615f3045bbd36049b3a0ba233

SHA1
549137b3dc700b4b190f3172e372c29898f92bb8

SHA256
45900411c2462d398e3855b42f438279fdb790e2dd8bcd5c4cecf078716d1349

SHA512
316c387f0b42fce02bf333a24df362f0a1df412360ca4c0606a6f888e91f91d45b169a8ba9326bcd8b5048c4b9f0bc1d2ab24319fe86387ecf1c4b4cc145aa00

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads