Analysis

  • max time kernel
    179s
  • max time network
    132s
  • platform
    android_x86
  • resource
    android-x86-arm-20240603-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240603-enlocale:en-usos:android-9-x86system
  • submitted
    05-06-2024 17:06

General

  • Target

    98b6ebbf3c5a77ac4ec01134f7f28d57_JaffaCakes118.apk

  • Size

    209KB

  • MD5

    98b6ebbf3c5a77ac4ec01134f7f28d57

  • SHA1

    ba4f2c1ebdc64ae238f04f6ceac67bdf2f5e6dd2

  • SHA256

    b152a6b442b4551b85a132eefe204c323d9e0d1a55808b4cf3f1bd757948e744

  • SHA512

    a63b8f68859d4e7dd8b9847afe5757f6e676d72f9cc63ef109e754453619ce2d1850b2cdfe85872009bfa15dcac9347ca477f828e9a948fbfad1e6b61a9a5c64

  • SSDEEP

    6144:8F7tuHt51hKzjc/vBu6BLxLgufI/6NEJMz2Cdt:guZhKOukLBguf0ZJMjt

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • com.beacon.drill
    1⤵
    • Removes its main activity from the application launcher
    • Makes use of the framework's foreground persistence service
    • Queries information about active data network
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4282

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.beacon.drill/files/aa8fd1cf-a6b2-4c5d-9885-da4f1f19e7cb.dat
    Filesize

    404B

    MD5

    0dc88ea33c2fe4bbc7f6a9ec838fcc1d

    SHA1

    4702fa447a158766267ca274d0b6901cce61270f

    SHA256

    7692d697c8f01ef847c9949edcae82d0f87089ba9a7c5abc13ba6fbd462bc0c3

    SHA512

    b029e252966baa244053dfb6d464d1dfe2a59896172ad950d58405c715b3feab9c0bfc63e4b8b23e1177a351cc269c1ced5507ef633a3779487cd42f4360e225