8ea2632826410b0d651358afffed67fe_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8ea2632826410b0d651358afffed67fe_JaffaCakes118
Size

16.9MB
MD5

8ea2632826410b0d651358afffed67fe
SHA1

eb3b31b5888beaee1efe54e2a71caed64c79e84d
SHA256

bfe0ebe9b41a67d6780ed4e744354f7df03bedaf39dd9a8c24a6ba8b1106b4ac
SHA512

ec3e91ef43935fc9e3247106a7c2f7ee765fd86f4391de13ffc794692cd92397c11aac2caa54cac63f39a03e6e8d7f8821a9a0b79bb5499416ea99769356c7b2
SSDEEP

393216:PcVLDUom8L/XVUNyqUd1UYMzg+9AZmNwu8Zj3xisCCVyjIzCRcS:Px8T+NyqUd2Y+gEA4qZj37RVy6Wx

Score

6^/10

Malware Config

Signatures

Requests dangerous framework permissions 16 IoCs

description	ioc
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to record audio.	android.permission.RECORD_AUDIO
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Required to be able to access the camera device.	android.permission.CAMERA
Allows an application to write the user's contacts data.	android.permission.WRITE_CONTACTS
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to read the user's call log.	android.permission.READ_CALL_LOG
Allows an application to write and read the user's call log data.	android.permission.WRITE_CALL_LOG
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/aapt.exe

Files

8ea2632826410b0d651358afffed67fe_JaffaCakes118
.rar
DroidJack/Apktool/SandroRat.apk
.apk android

net.droidjack.server

net.droidjack.server.MainActivity

Activities

net.droidjack.server.MainActivity

android.intent.action.MAIN

net.droidjack.server.CamSnap

android.intent.action.CAMSNAP

net.droidjack.server.VideoCap

android.intent.action.VIDEOCAP

Permissions

android.permission.READ_SMS
android.permission.RECEIVE_SMS
android.permission.INTERNET
android.permission.RECORD_AUDIO
android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.ACCESS_WIFI_STATE
android.permission.READ_PHONE_STATE
android.permission.WRITE_SMS
android.permission.ACCESS_FINE_LOCATION
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_NETWORK_STATE
android.permission.CAMERA
android.permission.WRITE_CONTACTS
android.permission.READ_CONTACTS
android.permission.SEND_SMS
android.permission.READ_CALL_LOG
android.permission.WRITE_CALL_LOG
android.permission.GET_ACCOUNTS
com.android.browser.permission.READ_HISTORY_BOOKMARKS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.WAKE_LOCK
android.permission.CALL_PHONE
android.permission.GET_TASKS
android.permission.CHANGE_NETWORK_STATE
android.permission.CHANGE_NETWORK_STATE
android.permission.CHANGE_WIFI_STATE

Receivers

net.droidjack.server.Connector

android.net.conn.CONNECTIVITY_CHANGE
android.intent.action.BOOT_COMPLETED

net.droidjack.server.CallListener

android.intent.action.PHONE_STATE

Services
DroidJack/Apktool/aapts.zip
.zip
aapt
.macho macos arch:x86
aapt.exe
.exe windows:4 windows x86 arch:x86

6cae795410282b03a8c84b120ba75b69

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CloseHandle
CreateEventA
CreateFileMappingA
CreateMutexA
CreateSemaphoreA
CreateThread
DeleteCriticalSection
EnterCriticalSection
ExitProcess
GetCurrentThreadId
GetFileAttributesA
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemInfo
GetSystemTimeAsFileTime
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsDBCSLeadByteEx
LeaveCriticalSection
MapViewOfFile
MultiByteToWideChar
ReleaseMutex
ReleaseSemaphore
SetLastError
SetUnhandledExceptionFilter
SignalObjectAndWait
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnmapViewOfFile
WaitForSingleObject
WideCharToMultiByte

msvcrt

_access
_close
_dup
_fdopen
_fstat
_getpid
_lseek
_open
_read
_stat
_strdup
_unlink
_write
__getmainargs
__lc_codepage
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_cexit
_chsize
_errno
_filbuf
_findclose
_findfirst
_findnext
_fullpath
_get_osfhandle
_iob
_isctype
_lseeki64
_mkdir
_onexit
_pctype
_setjmp
_setmode
_stricmp
_strnicmp
abort
atexit
atoi
calloc
exit
fclose
fflush
fopen
fprintf
fputc
fputs
fread
free
fseek
ftell
fwrite
getenv
gmtime
localeconv
localtime
longjmp
malloc
memchr
memcpy
memmove
memset
mktime
pow
printf
putchar
puts
qsort
rand
realloc
remove
rewind
signal
sprintf
srand
strcat
strchr
strcmp
strcpy
strerror
strftime
strlen
strncmp
strncpy
strrchr
strstr
strtok
strtol
time
tolower
toupper
wcslen

Sections

.text
Size: 682KB - Virtual size: 682KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
DroidJack/Apktool/apktool.jar
.jar
DroidJack/Apktool/certificate.pem
DroidJack/Apktool/key.pk8
DroidJack/Apktool/signapk.jar
.jar
DroidJack/DroidJack.jar
.jar
DroidJack/DroidJack_lib/commons-codec-1.6.jar
.jar
DroidJack/DroidJack_lib/commons-io-2.4.jar
.jar
DroidJack/DroidJack_lib/commons-logging-1.1.1.jar
.jar
DroidJack/DroidJack_lib/fluent-hc-4.2.5.jar
.jar
DroidJack/DroidJack_lib/httpclient-4.2.5.jar
.jar
DroidJack/DroidJack_lib/httpclient-cache-4.2.5.jar
.jar
DroidJack/DroidJack_lib/httpcore-4.2.4.jar
.jar
DroidJack/DroidJack_lib/httpmime-4.2.5.jar
.jar
DroidJack/DroidJack_lib/jaad-0.8.4.jar
.jar
DroidJack/DroidJack_lib/kryonet-2.21-all.jar
.jar
DroidJack/DroidJack_lib/quaqua.jar
.jar
DroidJack/DroidJack_lib/sqlite-jdbc-3.7.2.jar
.jar
DroidJack/DroidJack_lib/sqljet-1.1.8.jar
.jar
DroidJack/DroidJack_lib/zip4j_1.3.2.jar
.jar
DroidJack/Readme.txt
DroidJack/Settings.conf

Sharing

General

Malware Config

Signatures

Files

net.droidjack.server

net.droidjack.server.MainActivity

Activities

net.droidjack.server.MainActivity

net.droidjack.server.CamSnap

net.droidjack.server.VideoCap

Permissions

Receivers

net.droidjack.server.Connector

net.droidjack.server.CallListener

Services

6cae795410282b03a8c84b120ba75b69

Headers

File Characteristics

Imports

kernel32

msvcrt

Sections

.text Size: 682KB - Virtual size: 682KB

.data Size: 19KB - Virtual size: 19KB

.rdata Size: 126KB - Virtual size: 126KB

.bss Size: - Virtual size: 3KB

.idata Size: 3KB - Virtual size: 3KB

.text
Size: 682KB - Virtual size: 682KB

.data
Size: 19KB - Virtual size: 19KB

.rdata
Size: 126KB - Virtual size: 126KB

.bss
Size: - Virtual size: 3KB

.idata
Size: 3KB - Virtual size: 3KB