56e7c2820c59cc26dbfb9cab1ed13452b3a3c86c97d8ab40fe508ff30b27a134

Analysis

max time kernel
179s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
28-05-2024 15:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7d80c05e312c1da79656ecba225790f4_JaffaCakes118.apk
Size

213KB
MD5

7d80c05e312c1da79656ecba225790f4
SHA1

32c3da435adaf7a3bf010668e6ae401cc0521696
SHA256

56e7c2820c59cc26dbfb9cab1ed13452b3a3c86c97d8ab40fe508ff30b27a134
SHA512

7f77de367c0fba94c9aa050a39a1d621eb4178322a79bcbb7ab5aae68959ddc0d295def9e13644d52ef3b7875966254ea3467e52d58bf82f53233d633a00e2db
SSDEEP

6144:fIb/0szi6yig4a8dHtVIFXhYoBKSTrfI/+NE3MRB7:wz0K99xa8dHb0XioBlTrf0F3Mj

Score

8^/10

discovery evasion impact persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

Suppress Application Icon
T1628.001

Processes:

com.cold.toothbrush

pid process

4582 com.cold.toothbrush
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

Foreground Persistence
T1541

Processes:

com.cold.toothbrush

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground com.cold.toothbrush
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.cold.toothbrush

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.cold.toothbrush
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.cold.toothbrush

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.cold.toothbrush

pid	process
4582	com.cold.toothbrush

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	com.cold.toothbrush

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.cold.toothbrush

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.cold.toothbrush

com.cold.toothbrush
1⤵
- Removes its main activity from the application launcher
- Makes use of the framework's foreground persistence service
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4582

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.cold.toothbrush/files/506a4cb0-f661-4d2f-bea7-fae2c708754b.dat

Filesize
380B

MD5
93844e66c927ce407dc76891dbd00409

SHA1
dc119ab70b5d71d1e06667738e62df25897f9bf9

SHA256
d2e426f276e54de176f3b072aa7a7d0116a962e9932ef2b2abd5ce814e6cc9a1

SHA512
359096db5e35cb9d0f6e0eca126a4b9a51cae7def029cfb3d0bcff12c65f2d9091cebd8be54c615545328bdea75a3847bee80bd1d3cc7b60bba1f2f144573b58

Download Submit