5af05586488154782b2f591b3df25157351b3eb28aa0ff5226d4054f9f9071b8

Analysis

max time kernel
25s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
28/05/2024, 09:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7c78ddeb38e7bcb53b7708a6ba9e69d9_JaffaCakes118.apk
Size

14.8MB
MD5

7c78ddeb38e7bcb53b7708a6ba9e69d9
SHA1

7e3527b319ef40493729e5539cfe96e001b481fb
SHA256

5af05586488154782b2f591b3df25157351b3eb28aa0ff5226d4054f9f9071b8
SHA512

f1dcfdf8a0348af70274b39f903628fe7aae2f0e25506c726e499d49f4bfe70caf9375e9327d82c83754f9cdf33addbe8662a82fbd2fc775f444a6bb3fec1729
SSDEEP

393216:rmk0xV/D4GIpY8x7Yd3AAyGR+ztyBr2grhk:rBGIp83Hyq+cx2gru

Score

8^/10

discovery evasion

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.badmanners.murglar
/system/xbin/su	com.badmanners.murglar

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.badmanners.murglar

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.badmanners.murglar

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.badmanners.murglar

Checks the presence of a debugger
evasion

com.badmanners.murglar
1⤵
- Checks if the Android device is rooted.
- Checks memory information
- Acquires the wake lock
- Checks if the internet connection is available
PID:4643

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.badmanners.murglar/databases/google_app_measurement_local.db

Filesize
16KB

MD5
1e95abeaffe32a6f0c9800a033e2f0e5

SHA1
6d7110a999cfe0cf8cd7b27372668d620e7c012f

SHA256
36db564020fb3bd2346d078ff2eaee051ba27d0df44c5405f2d17cb8558d7f10

SHA512
1b2ec87ce5a67d140aa70fb13605f859b5282390c34a3df62104e72b77316168f7dede303496ae188c66b5cfa7449c60650584408b6b1e51570384639f35fcd3

Download Submit
/data/user/0/com.badmanners.murglar/databases/google_app_measurement_local.db

Filesize
16KB

MD5
62e77447417fc1b7b40031ed313f2ed5

SHA1
68641934f7a375cef42601fd1ffa4c52271bd75f

SHA256
85506f3bdbe14527dcb3fb438110a6a4a082ae0f6626dd526b11dc18ee94341e

SHA512
32812a494d44c19576228497167c3b3cfd11a7f6e0a34483aff53c4612c77cf2aeafa94f9843a85e60d9d203b5e1a526bfc9417497b9cb2bafaab10c9352fb80

Download Submit
/data/user/0/com.badmanners.murglar/databases/google_app_measurement_local.db

Filesize
16KB

MD5
c7623ea004012e46a698f09d274c3cbf

SHA1
54e48f59a9bd501ec9596d015f86c66be599ca70

SHA256
65ea10654a71f153ccaf470595e271c3ecbedf296f2435d8aac3d14e1b956478

SHA512
d8421da53e0d7eb527edacf1f9f89a328f78bae167499673c442974aa933f0199845b89f4571e2d93cae7e98db6fa76f7ef9b7f2dc901233ff13a678b3500965

Download Submit
/data/user/0/com.badmanners.murglar/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ee9816cc9fc4fa2dc212501085e5e41f

SHA1
c50a7aaaace76d3e8df6f6501337dd43ff273fdf

SHA256
d63c2546c25db9d9046e3992ba58288f65e55271fa568c3a49f9cbfc9b484335

SHA512
a9339367eb6a73552270a658a0866107fdfae941875980b4dd7b29212b19d7c07a19fccd36a093f42248e26936c32fa713bad6c32daa1656964e5c7ba16ecbff

Download Submit
/data/user/0/com.badmanners.murglar/databases/google_app_measurement_local.db

Filesize
16KB

MD5
4e4d0e9cc4a8cb1611121c279ea284f8

SHA1
01d6caf0d79414c21af5667c3ceecfc51d71e244

SHA256
c364ea1dd1c067ce137eb204cad0b4593b658eac5f3eb55ea92c6d6dcc8e92e7

SHA512
9262e170aa3fd700a41c2674d4ba9226f4b3287641607f6a73dc1338fb8dfdbcdab532b40b3b23cea0716b9a3d59200af44f80d31ccc1661fcd48b106c1910d3

Download Submit
/data/user/0/com.badmanners.murglar/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
a777cfd103c239c88933d7a29d0a15e8

SHA1
7e52c78dd82183bad1cae7fb3033ab784f38b3fd

SHA256
86ae4cb9a789d25f220849bce37096ca391011291f9ccd8bc7528e574d2b1333

SHA512
f302c010d7b5158401237ca27f0a0777e389e1ed102627ab78c567f54ba37b1604037be185a7ab7c7feac65c77840794e6c77c5412e22724ff4b21ab3682202a

Download Submit
/data/user/0/com.badmanners.murglar/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
6556c07a0e6579c0f464f930c405714e

SHA1
77af1ff9212e2015c2abedd7b246abfeaa1fed3d

SHA256
d3c9d2efac37571756af320de7e4ff88dfc08238f578436b2badf6d2cff25eee

SHA512
56c905bdb416ac76974d656d496c9bbb11a8c1d32c99825bc243666c02bca9e3f121a8cda82a21034b881a1937e36cdb5d8215a40c7a083ca62a2f233091b86f

Download Submit
/data/user/0/com.badmanners.murglar/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
7c4bd9758933121ee87caf7a3f410100

SHA1
5aeeecfaabb919e305f3d4f2220ffe86aa891304

SHA256
492d46d5e004cda632b3389a9f4bfe650885f44d62e2240aa008a9d80f18b79b

SHA512
d3e8942d475e6fe2039554ec01351d6005bba67610eac1aa4260f83dea773dbf66afb47ee6b6e967c841bc5805db78b2e2aadce88daf17a9f3ba5c243a8403d3

Download Submit
/data/user/0/com.badmanners.murglar/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
c1313fa7f950aef2a9eb47df5e0ff82a

SHA1
30377bd657112f61059be408e9a9af34394586b2

SHA256
956d8b8826b2a5bb0e33916cd034ed67af0d863800fd48b4c8799a5f9ef190af

SHA512
62267ca5dcbb9cd3c97466f6d4fc97738d1ae002d4b0172892af857f487623e957d79153b2497e937abf1cb179cdfb8f37c77c39c7f2dd3982b50c8eee24930c

Download Submit
/data/user/0/com.badmanners.murglar/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
4d7e6173780935b5eef77ba3254e1181

SHA1
e62046d00f380726ff37cd9d715a21c6f87532bc

SHA256
ebf51a2c5e57f6131c7021dfa78a58696430b8a96a434ac255ddb5f8cad5fba9

SHA512
42b6ab1d7b2586969e5af8f37e0feb6fb80151d6de29ae546d5591278ff6ec7dc757e9dc38a798dd476d9119a5ac5d8c9cba24d70635cb6a847676943e5a4490

Download Submit
/data/user/0/com.badmanners.murglar/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
1e826c07defab5d7a228f903365d5e54

SHA1
5834651fea3260492fd8d8250e6af57a7424738d

SHA256
027445dc5459114488827abba337f0b0427c03cd2c4a2ae83bea8d25438fe6b2

SHA512
03e51c9599abf58a8fa2721fa2abbe50004d981bc88ef1f0efb0cedf908be3f1cc5f1802d07540917686ce80bff06dc53b865aa5e2e7fb4b3ac3cb0f7722d32f

Download Submit
/data/user/0/com.badmanners.murglar/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6655A324014E-0001-1223-1DF54F7665D8BeginSession.cls_temp

Filesize
77B

MD5
c41f6a505971b2b3da7ed8c7345e7c4f

SHA1
bf16541e893bafcfe3dc4e080af8dbbf65c874be

SHA256
07ba52cc1ab61f92dccab18f6cedc624692acaafe034befcf9d5d12d64ffb0b9

SHA512
92498138cae59f7833a6cfafe9b193274aacd6137067a25a822c62d6fea1ffed0f47033047964efdeb0ac58b271381674cecd2c6f5a6c48f7a5758db2da0e5d3

Download Submit
/data/user/0/com.badmanners.murglar/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6655A324014E-0001-1223-1DF54F7665D8BeginSession.json

Filesize
132B

MD5
a05e2b3c9c9efb7ef170f07b4003aa4d

SHA1
96b4221216f82f8790a47dd56f15c64af0db82f5

SHA256
8c547c354ca06387515a949ae04602fd01b6330c9113ea6aae5fa3f1b25c6ce5

SHA512
af141087be74d396e2b1494de39f14fd32465e93c8c4b3734419bdfd45455f5c238feeab6de459a5d0f582226d89c7e08eb7fd66cb3a191cd8b38c705a15ed77

Download Submit
/data/user/0/com.badmanners.murglar/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6655A324014E-0001-1223-1DF54F7665D8SessionApp.cls_temp

Filesize
127B

MD5
de42574285d15d0233d02e1f26d178d7

SHA1
dac76ab78b55da74cc92842fb1824537b9de8c46

SHA256
6268758fc902c352645ed0a96e51d5e38818e55fcce1a2e4d1a50709cfe55009

SHA512
6b5edd9c44a550c61e579b5829f9208bd118dc0a3ad0b4f2fbabec1b029450341dfefffa42514c6144750b3208dd68abdd0fdbb15a7758e4e870714832631309

Download Submit
/data/user/0/com.badmanners.murglar/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6655A324014E-0001-1223-1DF54F7665D8SessionApp.json

Filesize
241B

MD5
e896d0b650f8e0b0f1654a1ba1d1c015

SHA1
baf8d8399e1d885d623de7d0e8e7774e7a8f822c

SHA256
ecb668c0165d615131231cb3fbeb472e72e56591a6ec24c605d39bf68a3a410e

SHA512
d64ea3d9a0db94661c8e0eedef9565b2b0df3edd6b8c7f25885993c4dc552d0bbaf538430bcad0b95b522ea00226d55bf8ef115779eefb02e7975205b3dee97a

Download Submit
/data/user/0/com.badmanners.murglar/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6655A324014E-0001-1223-1DF54F7665D8SessionDevice.cls_temp

Filesize
48B

MD5
fd6372364a5c5c9cf8945ac3ea7a5d94

SHA1
3c798cab71f6ae7a81e71e58712368231230588a

SHA256
7400bf714ca32b64dd89440c9d5ace4e0115ddce44d169839e465df0e1638641

SHA512
a18b18d061dfd979bce1e0b769009668c322300e7174f51d2532e86dc6018769194507a106dd30b97317f8c1a7539d13a7baeab2900c1e00da7c74e899dab276

Download Submit
/data/user/0/com.badmanners.murglar/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6655A324014E-0001-1223-1DF54F7665D8SessionDevice.json

Filesize
202B

MD5
eeeb942571fa704cf8ae49731fbe9789

SHA1
b5989c4cb932ffc779ee25bb3f7bfb79cf720427

SHA256
78809f7ae96de01e3922b6d3a134c3f7e9a0cbdacef313f70e8d9345bf5fbd71

SHA512
71e55c16f9f8fc936f8607448916bbfa1ba233b7120b8676fe11552916ac4dd3e3a7b0f9c31e14048933c8bb9c9d6d630ab7d28389f31749640cc965b2636565

Download Submit
/data/user/0/com.badmanners.murglar/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6655A324014E-0001-1223-1DF54F7665D8SessionOS.cls_temp

Filesize
15B

MD5
b3d9541cc92a9153d14e5160f8d8c008

SHA1
2e1ac80eb381dd82a03795b682f92020348c0113

SHA256
1ead5b213c87f182ffce484c34f7d9f140ad3425c0f303f460492efe8a26c56d

SHA512
78074409135a210ba4e1407ad9b3f784f5683e83aac4ce3482d4e8135425cf2b30db1ff5dd0041901c490a551a477237c6d255671c7b1fad74090980dcf3334f

Download Submit
/data/user/0/com.badmanners.murglar/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6655A324014E-0001-1223-1DF54F7665D8SessionOS.json

Filesize
55B

MD5
fc1dcee4e422d77e7fab7c08c8a41344

SHA1
d5340127e9d5f735b9d33b9dc61c772fb0e2dc15

SHA256
b843f05ed78cd137c272ba7f0ce8ede3aa853098a856863e51d5c223b58f21c7

SHA512
3ec07617e3e1008572f6f2528de9d4b827050cc5a7cf19a1604c961f9ec370ede6f5fd83bfcc252c0ee286fe244ee6734046ef1aa638dcfc689cd4407a6a8f61

Download Submit
/data/user/0/com.badmanners.murglar/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
414B

MD5
f963a533eaed0b4d24f26772b878bffd

SHA1
c5c3ce4389295f395cd55c77ec9342d6b2747bb3

SHA256
34ab33140b952ac653995bc066ce55b84984eab18a3c5baaf5d7563a308f5f94

SHA512
0b739280d4f68097679fa0792cd32b192e67c11d6060c3446d47b4f1be370b5805b83aab3445689f6d2e688c932a6d14f392f5064b1e8ff7757523271f5425f8

Download Submit
/data/user/0/com.badmanners.murglar/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
883B

MD5
e151a704cad4480e1c83adb53672848a

SHA1
bfe1d66bc26f232b3e22d2453fa341e6f583acc5

SHA256
6d1e12354d8af71c3a96ae0f7f4a5f9a2319d35cbe34c09c762109bbe3275361

SHA512
d835d712e4c5554f4bba01d4dafd1fcba295bf3393c62090e40e594eb700119a2fdf1126ef761974a0be8791d433288dd3ad60055bbd84556025d87d0e0cef49

Download Submit
/data/user/0/com.badmanners.murglar/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/user/0/com.badmanners.murglar/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_7a482911-81a7-4765-9d17-73eb33befc52_1716888358607.tap

Filesize
333B

MD5
f5591b82cfc7eb195b969ea1759e4d6a

SHA1
ab05a6563c1f0296be8563f1cbd6b6c5d54c0b4c

SHA256
3aa13f946ac898d9ea3617ee37db6894e904bd748f6712d12beef2c5c585d6ea

SHA512
528d466e2099e2091cb54a447b3eb6b98eb3398d0adaf7fd67cda80225b1dd87d57a9ccce016a05f1cfddc100347d63efc7908afe53651f700b332d373e9cf01

Download Submit
/data/user/0/com.badmanners.murglar/no_backup/com.google.InstanceId.properties

Filesize
2KB

MD5
a8733135f2e8666e1c539734a9b3b156

SHA1
44a1c8db9846a5f776a288c230f4497b3d50c460

SHA256
25f1579747908e27a68696efc7f4de310e834cecca861ab2e3aeb8b8091f7a4e

SHA512
f3ef99e2881f8f582efaa046e71f30e9bf1a26ae4491e871e3350450a996a61055265fb970b593c6772bb213ffa60e1f05c579a67f728d170e17092da990d5b1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads