b2b73732f1737d6e104e834abb23cfef194036580046a474b8a844e4a5a05fc8

Analysis

max time kernel
179s
max time network
153s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
02/06/2024, 08:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8d73415e8d06e5fc2f8909834df85fae_JaffaCakes118.apk
Size

18.1MB
MD5

8d73415e8d06e5fc2f8909834df85fae
SHA1

d981d16bc4cf9052f3e32e60e65332e7771685c2
SHA256

b2b73732f1737d6e104e834abb23cfef194036580046a474b8a844e4a5a05fc8
SHA512

55d792398826e919b9c7cdee1c2618fcc82d261f7f7d65c78070384d5a5da4c0c0ac608119468bf8c038846e5b789a21f613034adbc53b80c9afb2f8b186b193
SSDEEP

393216:aMPj/xoiOKyoGMdodf/MErk/IKYKbK7KDK0KohTtKEV/VxO40w3OZTE:aMPj/xoiOKyo3dWHBjDAIkzzJVxfGE

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.rickclephas.fingersecurity

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.rickclephas.fingersecurity

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.rickclephas.fingersecurity

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

com.rickclephas.fingersecurity
1⤵
- Makes use of the framework's foreground persistence service
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5122

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Credential Access

Discovery

Process Discovery

T1424

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.rickclephas.fingersecurity/databases/FingerSecurity.SQLite

Filesize
32KB

MD5
25fca6ffcf47f5503d6dda4111221a35

SHA1
a51170623953c6fc2581e7e1d7b0a9ca7bcfcf64

SHA256
409ef552a767c03bec6edba6dec35404e7bee43a529be894860c17643e2de602

SHA512
a5a3191fa7052393fe18f8c9ffb7961086d0ea47a4f7630362abee4e0074744cd5d6c997386be783f029a4a4bc187879172d3d39b56a0ce0addf910eee29f7ac

Download Submit
/data/data/com.rickclephas.fingersecurity/databases/FingerSecurity.SQLite-journal

Filesize
512B

MD5
b83dcf660cabae2ec15b1eb45dcefdcf

SHA1
2cb43ec08af58592f2cbaeb57675b794145131ff

SHA256
18efdd939f55197f2117931e213dd6da589fa8f95ab32dd2a59fa9a25cadbbd1

SHA512
a58d0a76a21039e66b2ac6ad6b0017ef0132f4bf2bfe27636943cc29fcaf998a7296295e82732d44004c3ede8258e935ac729d3a7b8eaa3aa1468bb54eea3a41

Download Submit
/data/data/com.rickclephas.fingersecurity/databases/FingerSecurity.SQLite-journal

Filesize
8KB

MD5
fd01ef5a6c6a7dcbbd50e8df168b781e

SHA1
666b3206d7e7e6233c5f377995bc9cf0dd84c409

SHA256
a338e4a9647e95fc991c5e88ba10ac3c531ea2abc541a5688b817e09ce962876

SHA512
989d19fbd90d46498ce77d4210e6ab27866889fa6db0aa50b41239046f4fe5aaf154640be18075786581cd233f749f6ec723cde2393f1252b16cbc497bbc32f5

Download Submit
/data/data/com.rickclephas.fingersecurity/databases/FingerSecurity.SQLite-journal

Filesize
8KB

MD5
9ebd819ab27a40270fee2e4d3c1fd49b

SHA1
be8f379b84b88b9aca2a490eefb0982018683dbc

SHA256
74984d845247fdd42ab8b3005c14202fe36d4f124242ed082420c37299cc7024

SHA512
b773ff5eaf02a1a7fcaf7dc89a8f3926876b4b3eeb5539823a7bf44398cd4f7d6bcb1751442624ec66db9df16f998d13a63b875f820b153da1a20a4d01229b99

Download Submit
/data/data/com.rickclephas.fingersecurity/databases/google_analytics_v4.db

Filesize
28KB

MD5
b32b4b84aaaf8922a012f14cd9f5dca8

SHA1
da079b37cef7ada0e3602392298a54d561d79e3b

SHA256
ac5b08a33a7199d6bc8f6c8a497f4d6a7856babcf833f9c89479ec711a2b8f65

SHA512
d8ef96321ccc0e98d7b0e716b540d895fa089eb9bb945d49f7fdd612d3f30fb318c98ac6cc0ad94d4e2ecb177e01fb687549e2d5cc27335700b17cae53364bfe

Download Submit
/data/data/com.rickclephas.fingersecurity/databases/google_analytics_v4.db-journal

Filesize
8KB

MD5
9b5d8b7809452ddf65d7a006d045eb40

SHA1
31480760f713456ad3946ef992a72f9ddf371c2c

SHA256
1e1714952074106a773487f156e748682cbe5b64b9c06b182a2f83471fe978e2

SHA512
aabe78145136f9e7eb051ad525e1604c21f6fcf16ba8cbd19e3edcaf6aad90f034475deb8bd1d75843c17bee84b68281d1bd0888feda3c8e977e61c33a2ca37f

Download Submit
/data/data/com.rickclephas.fingersecurity/databases/google_analytics_v4.db-journal

Filesize
512B

MD5
8c244131d9ab870deee1f12564e87156

SHA1
d6352b48c607c41f8e7d30c36599de2bf89efd16

SHA256
49c9228a9577cc87d65c2748b3a291c5fc9a7f694f9c43edc57cc605d5a8bc86

SHA512
a256813a03f56491ab36c9bdbea4feb28d91629c5e7d520471ead75a261f5619beaf8aac82887af6ddc0709e3444ebd5012cca0145a1919e40f6ca0cb0e1e38c

Download Submit
/data/data/com.rickclephas.fingersecurity/databases/google_analytics_v4.db-journal

Filesize
8KB

MD5
7780683c2ab7e80e7c72b170de9cfd11

SHA1
5c5633ff3db20b4719742307f0cf35cef43689fa

SHA256
172f1ce3104baa93a93861d225cb0597897d04e8cd54cbccf00a1889fb6ed237

SHA512
ee02acb0e38f0070adf8c33d202c6206482ccb554fa0cfc356d324a956fb37302cabbbdfc713aafbe5fc8dbd6fc661a84d130b184d8f1e724d9627f8c4dbefdf

Download Submit
/data/data/com.rickclephas.fingersecurity/databases/google_analytics_v4.db-journal

Filesize
4KB

MD5
891514ed5d8615ca9c2808a6f3ef51a1

SHA1
0eccd64f639a282eb1c5241e4444da9eb009c7e5

SHA256
cd246af411a8f19a58c6543d041a370a4ee6a4b2f5ed9c26f58e623d38172f3c

SHA512
74560bcf07f119927d7202a9e2c89cf8335fdd1c7e53b7d26308c6ee792fb98be62b77d87bf5ce73696a53b7e4b1291cb9454ad4b452cd91f142c8f01cf59c75

Download Submit
/data/data/com.rickclephas.fingersecurity/databases/google_analytics_v4.db-journal

Filesize
8KB

MD5
02a23d652f81176e2594eb5a8c63d5f3

SHA1
fbac0bada32fe2b68fc1911043b2071da0b6d15c

SHA256
163b29c284851cabcaa16c0f2ddf0696992f5e4d313114a3449833d2df53257e

SHA512
b5b8a41d7a92d9c7ef571f3565774edc61f19760f80f5f18820f9bf3bf8b08a4644b5774aec54fca607115646dfc0daa422fc8c9ecbaaa11d49c6062af842130

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads