d9648402587e722419ad9ed8f113e6706e7ceda56a2994121e3c2f2c6fd192e9

Analysis

max time kernel
179s
max time network
131s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
21-05-2024 16:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

63f5b3e70623fa11bc82e3d71523ba85_JaffaCakes118.apk
Size

328KB
MD5

63f5b3e70623fa11bc82e3d71523ba85
SHA1

db1a0a7662a91fe409cc006c8a86c89fc8275b27
SHA256

d9648402587e722419ad9ed8f113e6706e7ceda56a2994121e3c2f2c6fd192e9
SHA512

cc09bda79e842cf4887cfa15957bf0db8ed5ac2c1960c932ab1fd5fb9012334b43e0eda6ddf39753cd30fd0db0fb8531b842dbafeee0716d24bdd33958cfc97f
SSDEEP

6144:2e3wxpMexgY+jarjdLMCW1zjU/buPXsFwsDDGcZtVjcs+7xs:2PxpV++hNUMSPZQqcftky

Score

8^/10

discovery evasion persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

T1628.001

Processes:

tms.px.train

pid process

5154 tms.px.train
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
evasion

T1407

Processes:

tms.px.train

ioc pid process

/data/user/0/tms.px.train/files/v.jar 5154 tms.px.train
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

tms.px.train

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses tms.px.train
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

tms.px.train

description ioc process

Framework service call android.app.IActivityManager.registerReceiver tms.px.train
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

tms.px.train

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo tms.px.train
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

T1422

pid	process
5154	tms.px.train

ioc	pid	process
/data/user/0/tms.px.train/files/v.jar	5154	tms.px.train

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	tms.px.train

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	tms.px.train

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	tms.px.train

tms.px.train
1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:5154

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/tms.px.train/databases/t_u.db
Filesize
24KB

MD5
fe67167fe07284cf64b9ad8dd86d7044

SHA1
036a4ed6202cfcb3d9f874fc70ed1a3c8a0856e2

SHA256
fa13d6ebb4434629291b7477f89ee3d8507beaaa038a04ce0f56af8d5558a848

SHA512
1656f8a3419c9fee47dc558db1a105da58968e804087e471008c1b742350727dcad0524dc5e2e1a521e40603fe73018c8d2d1722929d88b0213eefef4d774687

Download Submit
/data/data/tms.px.train/databases/t_u.db-journal
Filesize
512B

MD5
9d1aa459d9df18768a088a48bb25bedd

SHA1
6edaed69f5990961d1c8a9c4f2b65c48123f42b7

SHA256
c475f788ee8c495c5386d432402a3f16e9e2ac1ea85078eb8957b4091c2117cd

SHA512
8349f7b12d9f5036297f6bde1c742d7c921b7e4e54cef7b538db978f92fd21651139db61e27a72ed98cedd0abd2e89e9ef72fc886f6f3a7595733e5d173d252f

Download Submit
/data/data/tms.px.train/databases/t_u.db-journal
Filesize
8KB

MD5
c4547d0fb3e9aa77c39184c7bf4ad438

SHA1
18da8857855434d0e745347453b7a027161c6964

SHA256
0055da87ae28b232ce5aeb8a744758dc2838a8a739fa18361549338e3381981f

SHA512
61bc86ce19e14633977901e83cb5cf51228e85fe9e651d8c46dabd3e5abacb73d860b8892d99c4aa32a5ff26d05d1e9512f4f402c51d93f8b61e88cbd51b47cd

Download Submit
/data/data/tms.px.train/databases/t_u.db-journal
Filesize
8KB

MD5
ce62181b4c34b162f364c00557bf6bdc

SHA1
09633c0865326fbb33dd5ecd92f9069f84e9f3f9

SHA256
0ee8530d8c078046dd447bdcf98aea1212fb8af3e1e86d7bdd68deeba0af15f1

SHA512
2aa9d147736f3dc0722c0e37e9801b55144b18c469cc16bdc4e9e85b8b11ddb79547bb4a7a8aa7dbe3be9172f46baa758df5b4dda8f4e654e472b78d03c86081

Download Submit
/data/data/tms.px.train/files/v.jar
Filesize
188KB

MD5
f09458c16f639a360dc284640f9598c5

SHA1
fa2aa1fe360000e0756da51c790755c599def485

SHA256
e358877146fa29274dfc9612d3bed40d324c60c955bfd3fa3f49801e8c498435

SHA512
768c922729eb72ba37d4070575025d88dc46b94c38d854ad2a586cd1acfb7742d386ec74a18464f2391bb3159c085bf428cd54383dc882505760f9bd27b8855c

Download Submit
/data/user/0/tms.px.train/files/v.jar
Filesize
319KB

MD5
8b326ffbebf17b6dbf3f6d6224f148c7

SHA1
aaa5dec5c14ac72c39ab2e3116b7fb9c8e99061a

SHA256
7591ce43ea43cd03bb4d5fad2e8d437ee067e7d1b276471e8a8c0d05af954a88

SHA512
01e7931fdd71bfb1f7645c0db394b638bf4438620f4650d10ff1667463646ac7071a353345c5a0799027415f4ab95e066893519539de918aab1789f9a17675e6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads