cf5bad95a299fb3c3f29ef77cd33ac9b3da0fa0afbb8b13346d55f2f69506ca1

Analysis

max time kernel
43s
max time network
146s
platform
android_x64
resource
android-x64-20240611.1-en
resource tags

androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
submitted
12-06-2024 14:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a0f6c199b4919a55123d405290b6a7d9_JaffaCakes118.apk
Size

6.0MB
MD5

a0f6c199b4919a55123d405290b6a7d9
SHA1

07a1e752e2967125bca6c5b10585c967b71dac2c
SHA256

cf5bad95a299fb3c3f29ef77cd33ac9b3da0fa0afbb8b13346d55f2f69506ca1
SHA512

68015b530e88db5b728b2befb27ab2d8817a0ea0d265f3b85ebbdd7f37e2bba38e08e4983881fc0537d6650b4e8335d79d0699612dc3c3577ec0e64ad9933566
SSDEEP

196608:hPhozeGsQVA6aBL1nnFuFdIGA/4VjDhf0K6:hmJSB1nnAFa7Q9Dhf56

Score

8^/10

collection credential_access discovery evasion execution impact persistence stealth trojan

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 4 IoCs

evasion

T1426

Processes:

com.abtnprojects.ambatana.hack

ioc	process
/data/local/xbin/su	com.abtnprojects.ambatana.hack
/sbin/su	com.abtnprojects.ambatana.hack
/data/local/su	com.abtnprojects.ambatana.hack
/data/local/bin/su	com.abtnprojects.ambatana.hack

Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

T1628.001

Processes:

com.abtnprojects.ambatana.hack

pid process

5037 com.abtnprojects.ambatana.hack
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

T1414

T1641.001

Processes:

com.abtnprojects.ambatana.hack

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.abtnprojects.ambatana.hack
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.abtnprojects.ambatana.hack

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.abtnprojects.ambatana.hack
Acquires the wake lock 1 IoCs

Processes:

com.abtnprojects.ambatana.hack

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.abtnprojects.ambatana.hack
Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.abtnprojects.ambatana.hack

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.abtnprojects.ambatana.hack
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

com.abtnprojects.ambatana.hack

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.abtnprojects.ambatana.hack
Reads information about phone network operator. 1 TTPs
discovery

T1422
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.abtnprojects.ambatana.hack

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.abtnprojects.ambatana.hack
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

T1603

Processes:

com.abtnprojects.ambatana.hack

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.abtnprojects.ambatana.hack
Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.abtnprojects.ambatana.hack

description ioc process

File opened for read /proc/cpuinfo com.abtnprojects.ambatana.hack
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.abtnprojects.ambatana.hack

description ioc process

File opened for read /proc/meminfo com.abtnprojects.ambatana.hack

pid	process
5037	com.abtnprojects.ambatana.hack

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.abtnprojects.ambatana.hack

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.abtnprojects.ambatana.hack

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.abtnprojects.ambatana.hack

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.abtnprojects.ambatana.hack

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.abtnprojects.ambatana.hack

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.abtnprojects.ambatana.hack

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.abtnprojects.ambatana.hack

description	ioc	process
File opened for read	/proc/cpuinfo	com.abtnprojects.ambatana.hack

description	ioc	process
File opened for read	/proc/meminfo	com.abtnprojects.ambatana.hack

com.abtnprojects.ambatana.hack
1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:5037

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.abtnprojects.ambatana.hack/databases/OneSignal.db
Filesize
40KB

MD5
6ea5817dfb71687d648b0e4763152545

SHA1
b5a1a2a1fb579520ddeb9861c0eba5f7109d0d74

SHA256
be512b097518bdaba39e6106c143a267f56e98d8f980ed6295773c4082149824

SHA512
cafff4c86b710428753e528aed212096fef264a36cd6d6ff48af487ce1d5cf90065b4be0ad6460e4e7631040f7a28657f31811be1a5cb417c4b2725c51fb5186

Download Submit
/data/data/com.abtnprojects.ambatana.hack/databases/OneSignal.db-journal
Filesize
512B

MD5
60946541ea94b49cee6d61fffc372670

SHA1
1ecb8ae5723536def1e4f660754c9a34d43cac61

SHA256
1b3b4a005abb4613a4b8a472a329a449fb61e3fdaae04be13c0c199eb72bc658

SHA512
f4adb0b4a84564a2cfa6cd0cd2b0da911a406f3512d9bda6f2ea6cb1f5cb3169a5b888e906b51b857ed0c2c1ab50592670d9f1c43d3bc42d9c1e420f408b23ec

Download Submit
/data/data/com.abtnprojects.ambatana.hack/databases/OneSignal.db-journal
Filesize
8KB

MD5
e54f2a6b478be4959d6079cfbcee32f6

SHA1
5c176e30e4cfefdc79b49874b9428935d6169f14

SHA256
ab752402611316c8b30f7fb08c31cbf4c1a0a5b943f2058ba990949e85d9f029

SHA512
2eff6ced0879070c2e91da7be54483057f0395aaeaac46ba0fdfff07cb495339cd34b13135b20f72da0f012bed0e2fa327167162cc6dc7a43700c37076825f66

Download Submit
/data/data/com.abtnprojects.ambatana.hack/databases/OneSignal.db-journal
Filesize
8KB

MD5
fd28d95ab5b5af3c20240b9761c793e8

SHA1
9ca34de39d8b0a856bd74bcda0e0524b7add81b3

SHA256
2b4e3aca13ac7b4f66944d48e94ea411393bf2a9f47a288d20be71c6f1233e6b

SHA512
98fd7293c037068b6b4fe3c68415a9f64ad682b993058b420d22954cf2bfc1a22fb8d00b4221d41c0e11da18b6407f7c5790abec935a32f7b7dc9c2a27e42bed

Download Submit
/data/data/com.abtnprojects.ambatana.hack/databases/evernote_jobs.db
Filesize
16KB

MD5
a4ebdd523acab6b3e8095fe131b1903b

SHA1
0746e2b41b28c13f9ef6c1adb8bf5acdeabc0f08

SHA256
4e838211e254a79602b643872f2bcd5881d6a46e9b2cf06b92e3a583085bf9d1

SHA512
624f5fc472c777bed807930fde35efb6c0d82439d0fb7da96edb7855b94ce5c3229d15d00ded1d2007ff35a67d968faea1f656ac092a1696cfef82d495fc6c8c

Download Submit
/data/data/com.abtnprojects.ambatana.hack/databases/evernote_jobs.db-journal
Filesize
512B

MD5
b30e3b0bb9262a2510c1287199c50621

SHA1
cea6790610f866e95e287d91e96c74cf88d274ae

SHA256
cf6893e230eda1b49b2162a26e2ee9b77e0484d5bc6b51c13eb2b898289c4c7f

SHA512
34469fe000d440c9dd7324650538d97d8ad015b64499460196f1a135de88a6b71201d2e74eef2d53118ad5267705b2d78cd7441a4f0150bcaadcd1af3e829bf6

Download Submit
/data/data/com.abtnprojects.ambatana.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
1a14668da9ccce5839732d630c1704b6

SHA1
86344c30e8b70c3d2d58282b2935389911738565

SHA256
e7b087e0c76c2bd51ca0bf135395530c95616784acc69c991b2accdf0e30377b

SHA512
bb67e44763882c506d14909fc2148795c867697501af4bd9ade667329712a68c554706ae57fb0f150aecfa68411a4706bda78ea81925f017684d5e21969fb62e

Download Submit
/data/data/com.abtnprojects.ambatana.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
4bf5cbfe1289e5da1b913a0c0e65f1a0

SHA1
34e3d48c191b7f1137160b202b8335c239627f82

SHA256
5378a20b4ab8f555510e50733da4ea4b3f39fa5468e159292e7d440fab960d33

SHA512
7840968c605924aad675873f31fa7cb3a6640be1e6523f16c48d6c95e247863a5c7a4ca22acae9292dacfaf04d0bfd0a40d6cb8212591800e6b962dcf5838866

Download Submit
/data/data/com.abtnprojects.ambatana.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
76cc3897363fa92d52d6a3397deccfce

SHA1
fa6c1917cb76dd54d6721b02c1a5113b8cd26a8e

SHA256
598d00b53e5a29530b57ecc9569633773937af38f00e551606b3a5b9efd21de8

SHA512
ecb3def69c3e7ec8f95af966019005510e89cc2a8bca1487a83f52c84d8fd4dc7a5f52829801bff7ad07398ee2096206eb710330fa7a0fe36af06d51effd0c38

Download Submit
/data/data/com.abtnprojects.ambatana.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
0f07d433d15317b38ef33029bd033198

SHA1
4fc20e5286357c024c63dad401325d3f32b61620

SHA256
dcc13f6702cf8d688fd8b61fbee99644196d3f7a25bb9d385a5eefce591497e8

SHA512
14812089e3f27a391568d4f9cc12f1f2798dd20be741235106d61fcd7f11d066a643a5d95ffd9edd061a929e4cf9c979a32064b7c56b16e116453fa8c4b8e038

Download Submit
/data/data/com.abtnprojects.ambatana.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
57cd6ab3333a7ad49b73b065622594e3

SHA1
e14d3f8d3fa9eb713fd4f832199a894ca5ecc516

SHA256
a6ea822b8a7f26bf4c3966a3e96c65dbbc11e65015b6ec7839ceab3f35dc8352

SHA512
f599fd9ffd2a04480354a188824eb07fc225b6a03f2c176966465f9f6bbd939113287cef254eaf1a7e190166bebde9aa2b225685bbd8ba4aff70bf008ded4f83

Download Submit
/data/data/com.abtnprojects.ambatana.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
b79603f814cbd2ac8f368fb62e7ec2d1

SHA1
01935f35dde108d3ac33e8ec76c755b4a1f7504f

SHA256
68449b381e46d572d21e3b6ec55b62c73a4f34fb520590a7d9c9b5672a333901

SHA512
03fce0b3990a6a87284e1c1e0bc895e708af3a03f587006c8a17b13edd4a3f05ba6c6b8c9f5e3ba424d4db15e746c2d8e6f516da2d3b262f75e81eae25ca4d44

Download Submit
/data/data/com.abtnprojects.ambatana.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
e6e91fdb5dd0d2cd12010270ef9be385

SHA1
01b4fad62d4372a57cb631768a03ae4c35ffea43

SHA256
27f1fa2b2e05a45cd60315bf85e88537e69692042dee6a0e325b5380969e845d

SHA512
0f8cf7ba6d0c3e86cff2656579234e910e7e3e8a36cfa88e2c861c3a5c77c9d51d8ee8a3b58a4da6920a85042b0fa9e9a711946366891572a70ac49e27ac398a

Download Submit
/data/data/com.abtnprojects.ambatana.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
2f1eeee3602c828b8e9f81f6fbd20d41

SHA1
d240b568bb6929702815b9a5edd05ad635671caa

SHA256
458aa953a9e0adbf5b8765ebcf6b51bc5b5a48b7664e85d25c7a8ce9781a2d5c

SHA512
a8642cc12cb9af0cd9d3fdc4bb1fe3b246d02af6b36714d80cdd2809def699b0b93eb585187c17f0a8e19801879e2e9edef7963ee416ae9e8cc35fd9cede2859

Download Submit
/data/data/com.abtnprojects.ambatana.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/com.abtnprojects.ambatana.hack/databases/google_app_measurement_local.db-journal
Filesize
512B

MD5
d04bebd19ec423d784560bb8a693b0cc

SHA1
5901fb3095c6a276a6d0dc23051700a370af1134

SHA256
2c132f1d9862aa8f979d53a0355287beb8ce634fb42adc5d868b802ee10b380f

SHA512
2503a1e49102f1a709bf7cbbb9c6192cad898a0020bfbdf8c08131b361e57399c6361dbecde5bfd94427223fffd937119be7f6f91dd1b7100dd7ad5e001746e5

Download Submit
/data/data/com.abtnprojects.ambatana.hack/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
bcd2a056a2d908ffaaa3454d633497e4

SHA1
262f6be619528e011dc2cbc85ecd7731782e6bb6

SHA256
85cb56370557d255391027add687adb7a5e544c83d892130adc202f37897b334

SHA512
48d3a4f799ce9fb032f9f583b2a4fe23cbf10f31846798c142d67874e4a4bc0c688b9c976f3897af81b28813daf106d04e9617fc6ebd3d6ac884e44f17028468

Download Submit
/data/data/com.abtnprojects.ambatana.hack/databases/google_app_measurement_local.db-journal
Filesize
4KB

MD5
c5e98e98cabb47fe4e8c7040c191738d

SHA1
58eb059cd8b0fa95b02919bfef9c20ae644756e2

SHA256
208157d10fa77fd18297f8a54319023810319db9002ffdbfb687775b8e29ae57

SHA512
fe4955499130220591017c671f72c5283674f27bd47bef64a4b0f995b51a58f5470971bec99fed1445d1577667fa8c863256a3b8aacaeb3e7c1e8219a8502bd6

Download Submit
/data/data/com.abtnprojects.ambatana.hack/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
2afbccb2d79404f06ae5b1f2b852974e

SHA1
f076e72fde9a1ca260c9a1227dc12b3173a84dd3

SHA256
0f3dabbbdf447eea1c4433c3819da39099196648808f8a28231e73cda809f0aa

SHA512
94a5a2724cfd94ef80866385bac445bb7b3d89bc3d19eed8bda09746c8782948bab345a72c6053f88cf467b88638d09258fe631c2903a4e6b03158d142aec483

Download Submit
/data/data/com.abtnprojects.ambatana.hack/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
981ef4d58d3c03791ca715e546e542e0

SHA1
d0cc0a42ebd9508b7ea534c013fee153a33b4cb5

SHA256
92fd779a31b393dbd3a5a105629e368830078671917d630283a99ba9da8413d1

SHA512
d36785cd27d5d2226c2b58db71138c0a7a6389800286755bcefb4e095d8cb51c2755e2e0f9ceb4a11e093c849f3be6a3d160da08b6b1e1908d1f42aa38a7604a

Download Submit
/data/data/com.abtnprojects.ambatana.hack/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
fb359f87094ce2bda0e3425ea4116d63

SHA1
18d6612548cfdd33245d908a9ce2932ea512585d

SHA256
b0ec5008d5d0d25c52100507f62b4df150d5ff8eb7fcd02d5853a72e82b130b5

SHA512
f61a2c5099621224acfc86c1c41cad869d95d867f86858182f9918ccfaeb8d0a1978d28f875f16beb7fb1ac3a6792fc00b6bd2ab64424a035c1814db517b2430

Download Submit
/data/data/com.abtnprojects.ambatana.hack/no_backup/com.google.InstanceId.properties
Filesize
2KB

MD5
faf7f6470cef2e246b6e61aad03f874c

SHA1
3379527d05cb65ecae6c1bc0defda6b1a19ec38e

SHA256
c56e1c331bc820b726a02f41786711ebb27d5a88c17828aa0d30ae52dab54c0d

SHA512
a695fac9b22e7f82c9f0d88c1a674329c77cce9545197da40bbfbca76ee6a2a64161c289b46856a2e535a951f297ff1219681fd440ee826caa4434d5e0d3aa23

Download Submit