Analysis

  • max time kernel
    179s
  • max time network
    134s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    28-05-2024 15:44

General

  • Target

    7d80c05e312c1da79656ecba225790f4_JaffaCakes118.apk

  • Size

    213KB

  • MD5

    7d80c05e312c1da79656ecba225790f4

  • SHA1

    32c3da435adaf7a3bf010668e6ae401cc0521696

  • SHA256

    56e7c2820c59cc26dbfb9cab1ed13452b3a3c86c97d8ab40fe508ff30b27a134

  • SHA512

    7f77de367c0fba94c9aa050a39a1d621eb4178322a79bcbb7ab5aae68959ddc0d295def9e13644d52ef3b7875966254ea3467e52d58bf82f53233d633a00e2db

  • SSDEEP

    6144:fIb/0szi6yig4a8dHtVIFXhYoBKSTrfI/+NE3MRB7:wz0K99xa8dHb0XioBlTrf0F3Mj

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

  • Checks if the internet connection is available 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • com.cold.toothbrush
    1⤵
    • Removes its main activity from the application launcher
    • Makes use of the framework's foreground persistence service
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4288

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.cold.toothbrush/files/506a4cb0-f661-4d2f-bea7-fae2c708754b.dat

    Filesize

    380B

    MD5

    77e14a07e73465d5260b85327820374b

    SHA1

    a8cf1ed45459ce00591e9139d0cfd565cf516fec

    SHA256

    cce2f90483ac000b477b7348e480f3ac161590fdecfc680ece5d860d0c86d91a

    SHA512

    6d1ae68fa3c96ca4310f50934adacfcd42ccaf923f466a5d219960cb109ca95449eefe47d22ab8e58545ea3b2aa464e38aa156cf72a779f3b9d96c2c152599ea