Overview

overview

8

Static

static

1

6c382b1afc...18.apk

android-9-x86

8

6c382b1afc...18.apk

android-10-x64

8

6c382b1afc...18.apk

android-11-x64

8

Analysis

  • max time kernel
    25s
  • max time network
    131s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    23-05-2024 20:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6c382b1afcefa0a6fe12926cbd014958_JaffaCakes118.apk

  • Size

    1.9MB

  • MD5

    6c382b1afcefa0a6fe12926cbd014958

  • SHA1

    a289cb96ad2320f2448334b4fa72466046bb95ab

  • SHA256

    1a0ec944618778ddafaaa291b364106b8c36ff76a1818b918219d8046ae30e9d

  • SHA512

    0e100dd6a19fc266fcd8bdac7532343fb6f9bf576c98f3a15dbc12b4d53c130d7a9f986218359fd8deef204d19dfdcc8693cd768ae34046522ca10842da54ebd

  • SSDEEP

    49152:Fu283rlE6u7oYr0FfjzGAwb6c/X1E0QnwQw/wb73ZUA:Fu28ju7oY4FXGdb6ca1nb6G

Score
8/10
discoveryevasionexecutionpersistencestealthtrojan

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • com.surpax.ledflashlight.panel.hack
    1⤵
    • Removes its main activity from the application launcher
    • Checks CPU information
    • Checks memory information
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    PID:4312

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.surpax.ledflashlight.panel.hack/databases/evernote_jobs.db
    Filesize

    16KB

    MD5

    5d85664f8e614fcaef42be2e6f649027

    SHA1

    09c6288922102f6114a823f4992415fd3373d61e

    SHA256

    55f8907e91226ef43a05583c7b4623b4e26994b62d20c8603975ccc1fa3b9409

    SHA512

    3d6006a3e82d00fe9bc443e940acc5df12ec84114fcbcf8fbc8099c085cb1229b21a217b7445129b50558bfef5100894686d7359eb80b7ef087b65c7be3bc6e9

    Download Submit

  • /data/data/com.surpax.ledflashlight.panel.hack/databases/evernote_jobs.db
    Filesize

    16KB

    MD5

    6099db189cf94789497d6c2282f2ed07

    SHA1

    f2b6d191314fb17f339528a341e662468688386f

    SHA256

    8028c1b5792fae128ab1f161fe6018aa1aeae613d092cc9c01833ef8a049f28e

    SHA512

    938694529f47e215afd74ecefc4897a7c633e0657bffdd396430d7cea496e6798277321c51e19fb8bff75971428cb05b38492e516811d275d0905633405d22b7

    Download Submit

  • /data/data/com.surpax.ledflashlight.panel.hack/databases/evernote_jobs.db-journal
    Filesize

    512B

    MD5

    1e06681054bb274db52a072617ee1fb6

    SHA1

    d462d8abd4a40f8a2cf8c59bb62ad00b8f6dec09

    SHA256

    c780d9774945b75af3b5579c4329736e9535b41e1f3d843cc0e8970f10508bb6

    SHA512

    c32f0430fbff75509afe16a99fdb5c4eda6950cdd4b00290d2439ea3876d7a96fbef8ecb44ed2cc572bb99935edd6d4266f8f31eab0524b7469f10716ff87975

    Download Submit

  • /data/data/com.surpax.ledflashlight.panel.hack/databases/evernote_jobs.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.surpax.ledflashlight.panel.hack/databases/evernote_jobs.db-wal
    Filesize

    28KB

    MD5

    01bea6e607e0ff87bfad3bc410922524

    SHA1

    133a51d090f939f7d3dacf9fb32261b3c58f0ef3

    SHA256

    b556f799def275539ded86abbd4ca57240f7a197a62dca8d8525ddce124c94b5

    SHA512

    3e5b90ad584c38b6e19ea80e210126ffef358d78384943585612f64ec4b1584e640fba9a1f0e95d38f8ec8d138f8704dd0f95984b484419cbd95b9c22f5a73ab

    Download Submit

  • /data/data/com.surpax.ledflashlight.panel.hack/databases/evernote_jobs.db-wal
    Filesize

    4KB

    MD5

    316e09ed2b1712922a9771656ccb52fa

    SHA1

    ef60e61449eefd3ac5e71f67c12c6a7cf0e72cb8

    SHA256

    5bc56f76e9f9f83e877f713dfa4a43332ae99a7241022280d48c47d671b702e6

    SHA512

    c67a8db9d2e114c32df8a95f9c073d3e89fa8e17d84c3e901215315c17f74969807f66eb4250cd147c19aeeadba86b428b938da2d4e2fe764d26ed7faac98cc5

    Download Submit