Analysis
-
max time kernel
17s -
max time network
132s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system -
submitted
03-06-2024 04:50
Static task
static1
Behavioral task
behavioral1
Sample
90958f9c71c6ea2d620e38acca93f0d9_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
90958f9c71c6ea2d620e38acca93f0d9_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
90958f9c71c6ea2d620e38acca93f0d9_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral4
Sample
package.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral5
Sample
package.apk
Resource
android-x64-20240514-en
General
-
Target
90958f9c71c6ea2d620e38acca93f0d9_JaffaCakes118.apk
-
Size
28.3MB
-
MD5
90958f9c71c6ea2d620e38acca93f0d9
-
SHA1
e6e0e8918be00d8354679a34e79f0eedd98edf89
-
SHA256
ca56fa361c54addb8b8501bf48562750b88f43ce7b26d99ae6ab537cce1d31da
-
SHA512
08145a0593d415726d659e822b62a229b73c244bd70d384454d4d373f354020cc974b64918edc53b164619c26ac8080e6b476b4f3a17683f5c3df1425e549cea
-
SSDEEP
786432:dHWsNvp3xq0kYuPzNYGcl4UJRLcpcru5+yOvE+ALkiQ55:d2wxkNKTs5fiEbS
Malware Config
Signatures
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
fun.com.rexetstudio.deathrunportabledescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo fun.com.rexetstudio.deathrunportable -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
fun.com.rexetstudio.deathrunportabledescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo fun.com.rexetstudio.deathrunportable -
Reads information about phone network operator. 1 TTPs
-
Requests dangerous framework permissions 3 IoCs
Processes:
description ioc Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE Allows an application to record audio. android.permission.RECORD_AUDIO
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/fun.com.rexetstudio.deathrunportable/databases/adecoanalytics.dbFilesize
20KB
MD5c2509fa3a9ffcfadb9c6176ede2d1783
SHA168101be55ee0f4419925ed67acd9cea5e458f445
SHA256682f3020c1d3478f946f612f15dbf4fdd78f1124b828909e83f387273c5c6518
SHA51218968ffb41374ccb1af1b46a06c8ab210eebef39bca7863d1ff08c3150971f031a26cd78ae3e91ae20ff594809e4271888f3c06b06a0c6ea71dff07820c28d99
-
/data/user/0/fun.com.rexetstudio.deathrunportable/databases/adecoanalytics.db-journalFilesize
512B
MD5c54fe2fc9c3a20b6eece8e7311334dc1
SHA1c184b2a58f6d7dca98025d3e7b75d91934ccf1e9
SHA256edcc9ba64735a9cb6ba03045ca6eae0e224daedb8339b73bd2f9b6ee29c49897
SHA5120ffdb5de04a4c669bf7379c9a4aa068cb0bc639f0a67bb47ac536df4f1e3c425a6f8bc7ac1bb07cc695aece5a73850b883a2420ef223117af1642ab464472e65
-
/data/user/0/fun.com.rexetstudio.deathrunportable/databases/adecoanalytics.db-journalFilesize
8KB
MD51899e88c8520a49e18d68e28b8313a21
SHA19399aff3f3c8a6f28492f6f65c578a26abd77d91
SHA2565c796e09bf29197c55ba8c4ead87d480a33ed4c5ebf5ef9101f11a2de78dec5b
SHA51292000467c62aa98d8778e6e555d452411563c4ca7807d1d15406780f575f8c073e8a99ec2206da511bdcc1ae760ea732bebef570c13cddeedb019510c5ef7c39
-
/data/user/0/fun.com.rexetstudio.deathrunportable/databases/adecoanalytics.db-journalFilesize
8KB
MD5da197c00189d8cb8ce403f895f8d7906
SHA1107c2c621ddc0dc79898387d7b5d1a660d7ae75a
SHA256248dcfec0f45ca9dd5b94ceb838a62faefd739b15919053767c159e397f2e487
SHA5121cec952ab2f3b1eb4bf5ae65e52fd23b506feb0ca9f2103ba6c9820bd9207ddc77f63783f7be0e6689cc99389fdd6b73569225cb4012b83b4cdd30a7510a3f0d
-
/data/user/0/fun.com.rexetstudio.deathrunportable/databases/adecoanalytics.db-journalFilesize
12KB
MD5f3f849d6099cdfc6b77ae57878437606
SHA1de4e8353fb2b0916b066ba1f82382b5c4a1b8a99
SHA2560aa2eb88bb8fb66920445384493fb38f473bbfe29ab08e900ed6dfaf695ed040
SHA512df4225988fc9698185119167f04c5bcfc93cc4515ca4559da9ea8d52aedc2e922e0a3573a710baf92e5368bc8eedf7e7c9b0f53e1e30ad2322f859fe946d630e
-
/data/user/0/fun.com.rexetstudio.deathrunportable/databases/adecoanalytics.db-journalFilesize
12KB
MD53310b80ab5a303141c09d51a27b8c9fa
SHA1f612f9f7740c1ce47ab9279328f5126bcd467a8d
SHA256f08237d14efcab3ffc95069dd7881f50c3673e7b66bdeda8f35211d3882196c4
SHA5123b8d94be4c144729f016e45f92e9816e2c5a414624a556d73a4c5cc5bf5477e896d77ead40d639f293bd368a26a43cd822a793625da4bb5d1cdd5b21ebd2a210
-
/data/user/0/fun.com.rexetstudio.deathrunportable/files/package.apkFilesize
23.5MB
MD580940131f04d0ad8b646e676bd605354
SHA1e20444427ff3924da0382c73e93920ab6519202c
SHA25688491654c1973434c59c6f5096648976492758790ba88af7d39db3c6cd589d62
SHA5124221687cc69fdc2ba8475d5de42f77961b72109400c11a85ff63e18a418b5716ac928e10dcc25a26c4b3b98bcd766134ccfa8385179f9bed833516bca63ac033
-
/storage/emulated/0/Installer/log/1717390263423.stacktraceFilesize
2KB
MD5638800a305a3ef3328fc20df7f847875
SHA14fe82fa572d8834a36bc87680215f6874a84d817
SHA256c351633507a7976e52dbaa007ee0bf746e2ee954c5ffecc28b1cae3b12822a36
SHA5125efc2d3a51d1a98f3536b37b86669c9d2b500575014f9a4071f8b791c4269635588047e14a7c59ad941bf738d4be958ef531c0b5b8d87cb29cb2fe725938a106