d9648402587e722419ad9ed8f113e6706e7ceda56a2994121e3c2f2c6fd192e9

Analysis

max time kernel
178s
max time network
131s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
21-05-2024 16:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

63f5b3e70623fa11bc82e3d71523ba85_JaffaCakes118.apk
Size

328KB
MD5

63f5b3e70623fa11bc82e3d71523ba85
SHA1

db1a0a7662a91fe409cc006c8a86c89fc8275b27
SHA256

d9648402587e722419ad9ed8f113e6706e7ceda56a2994121e3c2f2c6fd192e9
SHA512

cc09bda79e842cf4887cfa15957bf0db8ed5ac2c1960c932ab1fd5fb9012334b43e0eda6ddf39753cd30fd0db0fb8531b842dbafeee0716d24bdd33958cfc97f
SSDEEP

6144:2e3wxpMexgY+jarjdLMCW1zjU/buPXsFwsDDGcZtVjcs+7xs:2PxpV++hNUMSPZQqcftky

Score

8^/10

discovery evasion stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

T1628.001

Processes:

tms.px.train

pid process

4623 tms.px.train
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
evasion

T1407

Processes:

tms.px.train

ioc pid process

/data/user/0/tms.px.train/files/v.jar 4623 tms.px.train
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

tms.px.train

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses tms.px.train
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

tms.px.train

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo tms.px.train
Reads information about phone network operator. 1 TTPs
discovery

T1422

pid	process
4623	tms.px.train

ioc	pid	process
/data/user/0/tms.px.train/files/v.jar	4623	tms.px.train

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	tms.px.train

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	tms.px.train

tms.px.train
1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Checks if the internet connection is available
PID:4623

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/tms.px.train/databases/t_u.db
Filesize
24KB

MD5
ca59a29efb4659466f012f31eb911ccf

SHA1
f9e776ace2529a0edf4760c8bc1689052db47b6e

SHA256
bc244d26285b5d909d8aa1872fd46ddd212b8ad6d90f93f21b979ec7f1cd808a

SHA512
e58a831b288f74a965a21c8bf8d281d93ad78182e95efdef58ec0c6b806cde3bbfcf4cfd0aef97bdc749d01d5490cf7ad31fc164718bc2ec324d6a46dc7ae9ef

Download Submit
/data/user/0/tms.px.train/databases/t_u.db-journal
Filesize
512B

MD5
3cf8188e4fa40e4742af208155c8a162

SHA1
6cb1b1905ba7c446e4d4dcdd16fd870a58e9ea0c

SHA256
fd802a3d9843ae4f66c84c1ba8aadb76a17f3347fec31bdd6bada9352e86a93c

SHA512
ee98b19057578a0fa91f006bc1d173b6f103bb011533ac66f7d2c2b8356c804ebd2448fac1604dff99aa07200be408769c0b53e46eff4bad6a9e10c38450dedf

Download Submit
/data/user/0/tms.px.train/databases/t_u.db-journal
Filesize
8KB

MD5
f4b1fdd82c875aa0de3531516821543d

SHA1
5c17a8ca6fafebc23bd5d546d24b044c55d45b4f

SHA256
d68843bac79b49f38e2c2daca51b600c590e40ba0d64388ee372903a91e8e084

SHA512
5034219ea626f4da687b081ed615bf9087fc43bafe8f7d6ed56be37436a313f462ffe5b03b6d97727ebe8728a80fdfefc2bd973b0c7587313bd33e5d70c5b7d0

Download Submit
/data/user/0/tms.px.train/databases/t_u.db-journal
Filesize
8KB

MD5
2d7b0853bd20cb89cb34dd9225f5dc1d

SHA1
6aee42944b59e1aa1b0e016869eb11c639681e8f

SHA256
3f098ae8dd27e61301d3205a8204535f0dda45038e5542667957fea9f52aa3cf

SHA512
096ff4e3e44c81296b23016df9dc41884f4166fb72e239f7e73d0cb263528ec4489be6b3889a912d2b5a2544180453f2a63c73bfc7cc4888786284f1d8a5506a

Download Submit
/data/user/0/tms.px.train/files/v.jar
Filesize
188KB

MD5
f09458c16f639a360dc284640f9598c5

SHA1
fa2aa1fe360000e0756da51c790755c599def485

SHA256
e358877146fa29274dfc9612d3bed40d324c60c955bfd3fa3f49801e8c498435

SHA512
768c922729eb72ba37d4070575025d88dc46b94c38d854ad2a586cd1acfb7742d386ec74a18464f2391bb3159c085bf428cd54383dc882505760f9bd27b8855c

Download Submit
/data/user/0/tms.px.train/files/v.jar
Filesize
319KB

MD5
8b326ffbebf17b6dbf3f6d6224f148c7

SHA1
aaa5dec5c14ac72c39ab2e3116b7fb9c8e99061a

SHA256
7591ce43ea43cd03bb4d5fad2e8d437ee067e7d1b276471e8a8c0d05af954a88

SHA512
01e7931fdd71bfb1f7645c0db394b638bf4438620f4650d10ff1667463646ac7071a353345c5a0799027415f4ab95e066893519539de918aab1789f9a17675e6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads