5af05586488154782b2f591b3df25157351b3eb28aa0ff5226d4054f9f9071b8

Analysis

max time kernel
25s
max time network
139s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
28-05-2024 09:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7c78ddeb38e7bcb53b7708a6ba9e69d9_JaffaCakes118.apk
Size

14.8MB
MD5

7c78ddeb38e7bcb53b7708a6ba9e69d9
SHA1

7e3527b319ef40493729e5539cfe96e001b481fb
SHA256

5af05586488154782b2f591b3df25157351b3eb28aa0ff5226d4054f9f9071b8
SHA512

f1dcfdf8a0348af70274b39f903628fe7aae2f0e25506c726e499d49f4bfe70caf9375e9327d82c83754f9cdf33addbe8662a82fbd2fc775f444a6bb3fec1729
SSDEEP

393216:rmk0xV/D4GIpY8x7Yd3AAyGR+ztyBr2grhk:rBGIp83Hyq+cx2gru

Score

8^/10

discovery evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/xbin/su	com.badmanners.murglar
/system/app/Superuser.apk	com.badmanners.murglar

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.badmanners.murglar

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.badmanners.murglar

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.badmanners.murglar

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.badmanners.murglar

Checks the presence of a debugger
evasion

com.badmanners.murglar
1⤵
- Checks if the Android device is rooted.
- Checks memory information
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:4306

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.badmanners.murglar/databases/google_app_measurement_local.db

Filesize
16KB

MD5
6b63b92f6d4ec960961ab1deba76d015

SHA1
bf6ffccf76f70b897c1a6cb46d129418190f509d

SHA256
a16377ad9b4b59218937f24a93699b9a7cc2409814ad71504ffb45c59fc699c9

SHA512
43e6e2290c76065c77021b625e5f31d41df9f98b2efec0db7e363c7b34bbbeccff92699465c899a34400ddd1195d67f580e4f0eb92479defdaebe4ea24fd9e21

Download Submit
/data/data/com.badmanners.murglar/databases/google_app_measurement_local.db

Filesize
16KB

MD5
57b283e51dab082ae113672baa1960bb

SHA1
8b65575ab272820922fcce6eaf7ca2c1887b9419

SHA256
d3c40457cbd4e793d09aadd4bc2a611044bdc71953dc8264391077ee8801ba39

SHA512
ab560ce7ee269f35be61189bcbae430cc966db1b128f23273d88b7d74ba4631eeb689551d08b0c037ba8dc0068d492f6d26d55d714eb4f0d422b853e7adbf9ac

Download Submit
/data/data/com.badmanners.murglar/databases/google_app_measurement_local.db

Filesize
16KB

MD5
bde71e7480384bd01d6ebfe9cbf80aac

SHA1
d6aff700c60b515bae5fe876cb8ea5407720779e

SHA256
3afcdc5282cf3684cc2a6f4c691ffa6b855841e6a255911073cadbbb1e629d11

SHA512
83a4c54f1cde8bcf612bff69cc8ffd623c5d6538124d2529f64851b4eac13ca9bce1ae056b98d60e47b8d34e5ef732bc15d6118ca7e1cd2738097ea4fb587dfc

Download Submit
/data/data/com.badmanners.murglar/databases/google_app_measurement_local.db

Filesize
16KB

MD5
546ff8bd70c913ca9e14613667fc6602

SHA1
689e747ef5e7b1223cfd2f622961b0eba6e4a8c6

SHA256
f6f03172a557ec54a64955da327a38e6cfc4904ea22d954607624e035046526f

SHA512
96f18a3d309f4e407d007ee86a506f6548fcfef5b2a5c424c2f46e114ee517bf51142e388df64bfb1ed80e56959dfd6ed207227ec407d0a59501291963e2a3d0

Download Submit
/data/data/com.badmanners.murglar/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f4454081e11d3179fa3dcc3fd0dcb5f6

SHA1
759f557aebd3fb8c878596a19b4fcf5d95f006df

SHA256
8df4b3cc2b4c9718aa036bf28a06cedf01df81bbfc296b85a6f08ec9f873c23a

SHA512
65769107da3456c6ca96b168b4ebd08a501970934e176f91181d3f8e9256dc6a5677137fba13beaa1a81ef8f1ec4cbc3aba17c37be44a04c2a59b745cd53728e

Download Submit
/data/data/com.badmanners.murglar/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
c31a7f6cf7360fee54cad2bb6dd5b5fd

SHA1
b79940f058720d69e0e46de51c9a874ec9221e9e

SHA256
b73b8e4724a7e8d7c16b0740ed6a4eb41a34d97200d203b558f801ccc1b46e8a

SHA512
504c28653a3c2e4a20e77bfbdac283682c2e353f800b894a777099ecb802402be33062b684221b0e292411ab78f88ab5f241a1e4eceb9912ee561b599e6c2bcc

Download Submit
/data/data/com.badmanners.murglar/databases/google_app_measurement_local.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.badmanners.murglar/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
4e21b8485272b44d2dd0b8627e53f179

SHA1
35f3ca637105b315439190e2c60765ae171f3147

SHA256
e26c087036bc8c0a9caa5029d2da06e95d3532cd088c85450b41a5b95f98839a

SHA512
c5b38e86fba91fcb1cbcb44bff24d42ad276d65fe10476b17aab5e7d30d7b29963cb9607430cc10592992053c0e3ff2212e9d8a79d457ca775d116e512781116

Download Submit
/data/data/com.badmanners.murglar/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
ca77c3eed3da4ee6fd77c0a50d6f8748

SHA1
10cb3955595f16a8598c782d7f8dbc0b388ed3b2

SHA256
cf724ea9ecf37a1bf1bed3e8f898d66a28f93e4714e334bac9b15dd6578df8b2

SHA512
3f86ff389a1722646ebecbf4e704bcfcd1d76b564908c816c53715c7f8a3b5c8a8fb0ca0c6256a1c35245f30648d3f5409cd69a5e311fd37aecb1e293f2d40b4

Download Submit
/data/data/com.badmanners.murglar/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
96d250bcc14a481c06839d1802b919f7

SHA1
1e2776b9225a966bf19be1124e61b50189356f9d

SHA256
e9082c2a067fe887a51d2c72e317b631ba08283fc84411782e675601c0d9d2d6

SHA512
663157be9b7ec29747007c37b64f34b17da2406e5a8d38fa01d4410ec2b372c45dd31fa8318ace4cf331c87d9bc72cea50c5c6603478000adea2da4769f06e26

Download Submit
/data/data/com.badmanners.murglar/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
a35dfd524e308a81209d067a2ceaed29

SHA1
2308ad3980ae0fcaee6204872b1c9304698b2a67

SHA256
65e48cc64eb7730415a6acebac47eddb3fe1b46f264bebf2a1161c807cd952b1

SHA512
c2781f3acf9df8951ee06cf72cf802acbda50828845b00d3321579163b95d0c62325bbac79a32c3c1c6281f96ea3963c2a862df509f409f89bf1a5d49206552c

Download Submit
/data/data/com.badmanners.murglar/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
3dafae0302985ece5b7bd00dc82219e5

SHA1
995dbee558b3f48c96c22f77f88af0da3e129bd6

SHA256
54d24b7bcef4ff53ca0ab3989434236e6d866db86bf3aa2b1a8f52803078ccc1

SHA512
e002520056b890beb7dcd9d2a83fc75923f0ba9e713a78c40dcc39bfdb91b3395d755da92b8d60301043a454774a85d4f4e0138a377572fcbebaa54a8b19eb4a

Download Submit
/data/data/com.badmanners.murglar/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6655A3280018-0001-10D2-83C65A3B9E5BBeginSession.cls_temp

Filesize
77B

MD5
a5f0c0747b7e03e50d7d39dc2056d71b

SHA1
1f38d7621d17eb12144e7e2e6b5b7aa5934f40f3

SHA256
a9bb170e878e934e82e79115e20b2d6c968630af0d707b7c308af822e33c8820

SHA512
2c1b514b940dcaefa40684324a8ad87440b44c31993fec2454ac5d48aa67c4f37dbb30a2565ba74dbdee9190bdd0def4b134d7242d3bd3600fdcdb18c5d74c6f

Download Submit
/data/data/com.badmanners.murglar/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6655A3280018-0001-10D2-83C65A3B9E5BBeginSession.json

Filesize
132B

MD5
e5291584fac84328a8443f3dc326344e

SHA1
cdfe89d5a718a8aae7bdc05c04b1b3be4a1d0a44

SHA256
4a6c549f1dafd90b8ada4f367e1263d248425b3b4bc1a0e3c6efac898dc3bbe4

SHA512
c49aad2ebae88f9d0c44fbd9dfb1a55585cffb6ee51a45811faa93582e2b93ecf921ad2ffd65c6df39e092df5588371bdff788c01acf00933485a26fa5c67ce2

Download Submit
/data/data/com.badmanners.murglar/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6655A3280018-0001-10D2-83C65A3B9E5BSessionApp.cls_temp

Filesize
127B

MD5
086023d5ed419094ebfdaf846b261630

SHA1
460887e0b42e794ce405d7fc162842953ae2275b

SHA256
a99ef254f377721c140ce5bf03f4e5a27c7b444548c39659857c994965d99f26

SHA512
a87899690c8e9d880a2355ced6f30d2b953f4c837752323cade8c0f19d5f08a8cf0003d6144388dea87023b2c93cc529d3ed9d637a74d0fc886f75ac40ad2262

Download Submit
/data/data/com.badmanners.murglar/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6655A3280018-0001-10D2-83C65A3B9E5BSessionApp.json

Filesize
241B

MD5
ce0ea07cb44c7742d49a4ba4f4ce725e

SHA1
27224207ea564315e6312fe39f97bce35f314ac7

SHA256
0da1163d1fa81b877e083c866ef7f898ecb28b25545bc944dd7711ffe937a47a

SHA512
ac9d820cf0219bdf8e87421c0a16950edea6289dcd9764add8e0c382b31e0e80953966cac2c9d1cde111f8c8beff14ca65feb852017f33d86d6b6f6f3a916095

Download Submit
/data/data/com.badmanners.murglar/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6655A3280018-0001-10D2-83C65A3B9E5BSessionDevice.cls_temp

Filesize
48B

MD5
cf9cb0612d588a1f71b63084cea67316

SHA1
3d035bb92fd3f8997160cf8025c40239af74d3ca

SHA256
0d37c5a64baf86735501f9044eeb926b3d46548cdcf67c2cd1f773df36624ac9

SHA512
70f000233e181e3b7c6fcf07aa04fdb570f970335837f8d1c4680a9f78af9f9e17c73a0a5646770f7a8787e338899edc4a5197b023865a4da894b1aca12bf600

Download Submit
/data/data/com.badmanners.murglar/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6655A3280018-0001-10D2-83C65A3B9E5BSessionDevice.json

Filesize
202B

MD5
75db92d50c80a89e068550028c62acec

SHA1
d78ea55f5dc682e4da456d26383249f608fe894f

SHA256
1dfc488309883b61beb3462567a9befeaf36bb475a07a7ecef2be60bedb4b5a2

SHA512
dbb81daa5fab357f087dc295e7861444f945eb4c3883a09926b47312ce526bc069266a8a24b2a5b4921fb13e797696c5824195f0a79317e279ccf7855ca2ee13

Download Submit
/data/data/com.badmanners.murglar/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6655A3280018-0001-10D2-83C65A3B9E5BSessionOS.cls_temp

Filesize
14B

MD5
9b3d4522944ce6396563812bfdb92fa9

SHA1
6d2a6133c8f01938a48ccc77ef86ad8ca335c020

SHA256
d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9

SHA512
091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

Download Submit
/data/data/com.badmanners.murglar/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6655A3280018-0001-10D2-83C65A3B9E5BSessionOS.json

Filesize
54B

MD5
93023624eb8dff5c20050da136aaae0a

SHA1
acfd1ffed752c28fb135ba83c0c6345ddf2f6995

SHA256
968bcd7c4f1abed89a09cc0e6dadd238a81e8655e64196b39a86be49ceecd39c

SHA512
bb25dfa144d3f0e17203936c503c5fedec5f9ca710e177f99e273010ba4a682199d4bda5684151d65f3cb1549f4611b3a645ce39646d3db9a1b2c17d6b160579

Download Submit
/data/data/com.badmanners.murglar/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
413B

MD5
ce716397e6b1e124e0aea05514ac566a

SHA1
b130691786274e8914f0d46cafa79fec5e8a00a3

SHA256
7cc8ab65bb93fcb740417c474e740f1d00c77a5655fec8ed0d72e2524ca3fe18

SHA512
eb7be1980f70067e3685ab3bc75080f520a50ca69c195f6ee9aa61efaf063eeaa489c801e1bbe08cfaf60089be582a928e31ce0ba19e53e6e64a4638dc054924

Download Submit
/data/data/com.badmanners.murglar/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
881B

MD5
19feeb2196a93f692eed8f11c356106b

SHA1
296aa9cac5b5d2e3a8434649372905773f4cbee3

SHA256
ba5dcd7178b300dbc1a80076e8cf6859f137f9c1a04b8e6101a35275e9f072b6

SHA512
65f06e7a09b4cb8eb8daf819a7f2bebbe4fb3c022ee08e7b0d6c20cf86cff216c80d069c95ee1f6e00021130f8b8d4a7d1fb04fe7331665be836fdaaa29b8e4f

Download Submit
/data/data/com.badmanners.murglar/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/com.badmanners.murglar/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_8a78f716-845a-47c8-9162-4891bf23c381_1716888362734.tap

Filesize
333B

MD5
465aa02a250ce94934fe35dc3905915a

SHA1
491dd25a73dc00eab27b337e794b5121d23cd33b

SHA256
3c670ed578998279901540b045f1e1dea2bb3fd8fcd416a93bdffc62186d0ce9

SHA512
5ca1f68192cc80dfcea56e225cb681dde741a77ffdcfa829426a053542d4ae234dff3e2a376e83bb64465a395c62ab6efbc7ee41c9ed78851b5fc667550918ff

Download Submit
/data/data/com.badmanners.murglar/no_backup/com.google.InstanceId.properties

Filesize
2KB

MD5
df8f3824ea6ee76d00a37da6ba9a8a64

SHA1
e430d0fe66534f1cad1a5b86cca738524d8db0a4

SHA256
dff3cb09411b902840dd54900d7e77e8ff291b2eeda3f527fe6f20ca7841fb4b

SHA512
5ce2ff3f44f7bbcecbf1f75018ae936240c84fa540f541f4bf11f0c45b3c0688ed03c896079ace7c786da60ee029cb009b25e6602e6b8cee2e6b69eb66fc1152

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads