56e7c2820c59cc26dbfb9cab1ed13452b3a3c86c97d8ab40fe508ff30b27a134

Analysis

max time kernel
179s
max time network
134s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
28-05-2024 15:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7d80c05e312c1da79656ecba225790f4_JaffaCakes118.apk
Size

213KB
MD5

7d80c05e312c1da79656ecba225790f4
SHA1

32c3da435adaf7a3bf010668e6ae401cc0521696
SHA256

56e7c2820c59cc26dbfb9cab1ed13452b3a3c86c97d8ab40fe508ff30b27a134
SHA512

7f77de367c0fba94c9aa050a39a1d621eb4178322a79bcbb7ab5aae68959ddc0d295def9e13644d52ef3b7875966254ea3467e52d58bf82f53233d633a00e2db
SSDEEP

6144:fIb/0szi6yig4a8dHtVIFXhYoBKSTrfI/+NE3MRB7:wz0K99xa8dHb0XioBlTrf0F3Mj

Score

8^/10

discovery evasion impact persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

Suppress Application Icon
T1628.001

Processes:

com.cold.toothbrush

pid process

4288 com.cold.toothbrush
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

Foreground Persistence
T1541

Processes:

com.cold.toothbrush

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground com.cold.toothbrush
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.cold.toothbrush

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.cold.toothbrush
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.cold.toothbrush

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.cold.toothbrush

pid	process
4288	com.cold.toothbrush

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	com.cold.toothbrush

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.cold.toothbrush

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.cold.toothbrush

com.cold.toothbrush
1⤵
- Removes its main activity from the application launcher
- Makes use of the framework's foreground persistence service
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4288

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.cold.toothbrush/files/506a4cb0-f661-4d2f-bea7-fae2c708754b.dat

Filesize
380B

MD5
77e14a07e73465d5260b85327820374b

SHA1
a8cf1ed45459ce00591e9139d0cfd565cf516fec

SHA256
cce2f90483ac000b477b7348e480f3ac161590fdecfc680ece5d860d0c86d91a

SHA512
6d1ae68fa3c96ca4310f50934adacfcd42ccaf923f466a5d219960cb109ca95449eefe47d22ab8e58545ea3b2aa464e38aa156cf72a779f3b9d96c2c152599ea

Download Submit