cf5bad95a299fb3c3f29ef77cd33ac9b3da0fa0afbb8b13346d55f2f69506ca1

Analysis

max time kernel
44s
max time network
137s
platform
android_x64
resource
android-x64-arm64-20240611.1-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
submitted
12-06-2024 14:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a0f6c199b4919a55123d405290b6a7d9_JaffaCakes118.apk
Size

6.0MB
MD5

a0f6c199b4919a55123d405290b6a7d9
SHA1

07a1e752e2967125bca6c5b10585c967b71dac2c
SHA256

cf5bad95a299fb3c3f29ef77cd33ac9b3da0fa0afbb8b13346d55f2f69506ca1
SHA512

68015b530e88db5b728b2befb27ab2d8817a0ea0d265f3b85ebbdd7f37e2bba38e08e4983881fc0537d6650b4e8335d79d0699612dc3c3577ec0e64ad9933566
SSDEEP

196608:hPhozeGsQVA6aBL1nnFuFdIGA/4VjDhf0K6:hmJSB1nnAFa7Q9Dhf56

Score

8^/10

collection credential_access discovery evasion execution impact persistence stealth trojan

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 5 IoCs

evasion

T1426

Processes:

com.abtnprojects.ambatana.hack

ioc	process
/system/bin/su	com.abtnprojects.ambatana.hack
/data/local/su	com.abtnprojects.ambatana.hack
/data/local/bin/su	com.abtnprojects.ambatana.hack
/data/local/xbin/su	com.abtnprojects.ambatana.hack
/sbin/su	com.abtnprojects.ambatana.hack

Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

T1628.001

Processes:

com.abtnprojects.ambatana.hack

pid process

4572 com.abtnprojects.ambatana.hack
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

T1414

T1641.001

Processes:

com.abtnprojects.ambatana.hack

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.abtnprojects.ambatana.hack
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.abtnprojects.ambatana.hack

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.abtnprojects.ambatana.hack
Acquires the wake lock 1 IoCs

Processes:

com.abtnprojects.ambatana.hack

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.abtnprojects.ambatana.hack
Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.abtnprojects.ambatana.hack

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.abtnprojects.ambatana.hack
Reads information about phone network operator. 1 TTPs
discovery

T1422
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

T1603

Processes:

com.abtnprojects.ambatana.hack

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.abtnprojects.ambatana.hack
Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.abtnprojects.ambatana.hack

description ioc process

File opened for read /proc/cpuinfo com.abtnprojects.ambatana.hack
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.abtnprojects.ambatana.hack

description ioc process

File opened for read /proc/meminfo com.abtnprojects.ambatana.hack

pid	process
4572	com.abtnprojects.ambatana.hack

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.abtnprojects.ambatana.hack

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.abtnprojects.ambatana.hack

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.abtnprojects.ambatana.hack

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.abtnprojects.ambatana.hack

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.abtnprojects.ambatana.hack

description	ioc	process
File opened for read	/proc/cpuinfo	com.abtnprojects.ambatana.hack

description	ioc	process
File opened for read	/proc/meminfo	com.abtnprojects.ambatana.hack

com.abtnprojects.ambatana.hack
1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4572

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.abtnprojects.ambatana.hack/databases/OneSignal.db
Filesize
40KB

MD5
2479ff01e32c1445266304f37e9e7b35

SHA1
63a2b50d03eff98a4b5e684f1f95996b78219e6c

SHA256
c276033016c0ae04c4e1a7128d443a01aab24d99c434696ee1b01fef2d3acf15

SHA512
14b24f8be6f9a88e31a2d74f3f13cf9e84817bfe445b8b8a873c1678f274714237b3f1a2fc9c5821c300fc72418e3229439107c2a2ff307007409dee6fdf16d3

Download Submit
/data/user/0/com.abtnprojects.ambatana.hack/databases/OneSignal.db-journal
Filesize
512B

MD5
d58a6639ab18daafdd9c31588b1981be

SHA1
a2a2bca9a90ba3f26a57fbcea10c4485cb2884d1

SHA256
a2cea8df025c1d34bbc525ad1afe47bb6f14633ba1b9078e34d82d8ffad0eb69

SHA512
534857dc4bce9a0ad768bbc75798db62df7bd0d3d9c09ea8314839360defafe4c4012aefb88e2f63804b99a3d51958ecb6f78d15f746a0caa8fc4dfdb6982580

Download Submit
/data/user/0/com.abtnprojects.ambatana.hack/databases/OneSignal.db-journal
Filesize
8KB

MD5
6adc4472f96adb174623e3438fb89fe8

SHA1
571849413a9c98ff2a8c199aed0a87f058dddaf4

SHA256
52dfde4e66011b4caf3b9a9432aba42ad4a6b324a8b8466c8ff16326c6486943

SHA512
59b65dac23973950624ee5e123729f9040dcd35f189241a328d01af9dcd7be37fd4a66f9311b3e62fbd6bdec8623dad0efd062af99a31ab6c56762bc77fc5173

Download Submit
/data/user/0/com.abtnprojects.ambatana.hack/databases/OneSignal.db-journal
Filesize
8KB

MD5
06d2c914a574490f3b1cf731786a9a80

SHA1
3767b3875bb6d62cab11aa1ea7a76dddddb80e1f

SHA256
ab0b4a2670c722681af3d2d30f9f8d83aff302783ae1f9e4c4c4e935b04a5d9f

SHA512
a3daf5ab451f92e3e31603a7b4b6123e947e620a4fa1bf477f27e062d09588f6d28838f7956b8fe9959d0522a34f00a62e65d265818c82965deebaf5c1852a79

Download Submit
/data/user/0/com.abtnprojects.ambatana.hack/databases/evernote_jobs.db
Filesize
16KB

MD5
ae98d97cb1caa99f66e4719f1f11306a

SHA1
5b09cf4025c674ad332f472449e996304c11116f

SHA256
0cf6a39f0a1e3de7adfbc3616914a4c24f2bda744524bf36ee05fae6311131a4

SHA512
dc6c12a95a424f8ae479ada1dcf08bea270dbad97717d67f2b01597b418091328b373ee8149a8f76972d04405b3c40c5827b670c97e980c77cf29af31a809bd7

Download Submit
/data/user/0/com.abtnprojects.ambatana.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
d43d82848194fef5224769654ed4ccfd

SHA1
8066af70cfd1fabfe54ce377caa3d13e4c4abcbd

SHA256
a4b809198c4bb4a33135e2dc20e78cfe72d4900dff6b6b11de03b4808e367193

SHA512
01c0f05a77cccead5a68d8165afbb32f45a2d3551ce575474759217e56fe844ddc33f658903acf90ad6357651972d38e2f31e9fc55d3182dc9e5422dafab1e3c

Download Submit
/data/user/0/com.abtnprojects.ambatana.hack/databases/evernote_jobs.db-journal
Filesize
512B

MD5
cba282caa25906eb9344ce53ec8fade5

SHA1
387ce3a1c3ee42350eaa9e69a496b766feca145c

SHA256
3f7451792278ea2c9740f6ed9eb1840b09337869644aaf7e8005d1cdf41841ee

SHA512
9dd4c78b18e4a307875bd26b4f8f8bcff922453177a3b7e990e51cb09ae55f0a4785879e1961d0793e514aab61bc14b3fc2dfe696bb816e27a549c60a80d58d2

Download Submit
/data/user/0/com.abtnprojects.ambatana.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
4e6a4bd85133359e0879d72f083347c2

SHA1
de0053250f416dc1fe0032974df706679cfb2509

SHA256
56b1414097a9c7f0faa84343c3588d9abaaba780d33215d3c9cf2b41fe276bc8

SHA512
0a5e56bf8704a19e99eff01555ea9b782c542fe12b87f72609240651313bb39b042349e0cf76bf8a40cd0e90f77d5aed911e18737193ad521bb350972a4e2b06

Download Submit
/data/user/0/com.abtnprojects.ambatana.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
2fd86864b3d4ef15e1d893ddd9e787ad

SHA1
89e76d1bd8d332ee7baccd37af17d72e3f4198cc

SHA256
2c03e4335f14afd48fbe1e7d580f79f3d9f5ee746557c4ec143993e42057b643

SHA512
8dbad0e5a5cb70d1f8a49058e1b19ee5412d396ca1bea15f1051a7ccff210ead0c073055a663c2ffe02dd798de0412f55157ce0f47271b83245ac3bf7e41d255

Download Submit
/data/user/0/com.abtnprojects.ambatana.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
94066f8464ad6757390afb313676f3a1

SHA1
0e8b83904c05674f9498c0e2da179adb70a0be20

SHA256
b9391f3e2d5d3c2d0a8fc32de132424d34eade7cbcd660b38bc04f91889a1ba6

SHA512
07c7d6b18e1572979e7d103729822768cf671f13dfe665b2e7c25e9a056447d6ae0eaef3d6878a1437ed9519082be2b3bb0b4d599c2156fb41d99cd2d6f16d75

Download Submit
/data/user/0/com.abtnprojects.ambatana.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
790f102cec1c347f21367407ee13a36b

SHA1
426cae165c4c943ad884046b68ecd53ee60a5a3a

SHA256
d20dd0f2bce8e8103a1eab9e0c8c1db4d471ba5941a4e35b5db3a256b56db1b8

SHA512
c3901746b5e0cf375c3b8dc6120bf3ede04af0536d8445d5e05a5070c74639feaac304e00f0c94767ad7878800971e3a708f6c5889d2949b28a4e024ccea4d21

Download Submit
/data/user/0/com.abtnprojects.ambatana.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
c73b2d473cc391dc18353fd74c88044c

SHA1
4d70cfea56f0b48fd4ece24d88b7874074504b3b

SHA256
2e332749d0b1ce31d2c7cb8cde352f9763b60e5be7f6282dcc919e3fc19e5d21

SHA512
d59f6a6fe98358948638f90fc23a771ec085070c86024df1bd2c53346892ec0d03fb8eb43a18f951e6fb7c18fa3394776b5a22ed6acd5654bab808fe0126ec50

Download Submit
/data/user/0/com.abtnprojects.ambatana.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
3d8f938a73c1499b96f3822ffc0d3777

SHA1
a1d1a946f82a13f74428d73f3b66a3dad86406a1

SHA256
00443b9698dbbec4e64f9f65bf8a066b39486b3c623a8a5dbfc68b24ec61c9b8

SHA512
008c0ce64923233c25d5ae5bb35776310e5f90d244892506377be99c23c36e91ca4196675b9cfc8cb987b66e917dae1d4317e739ac668112a9b3773abfe80db3

Download Submit
/data/user/0/com.abtnprojects.ambatana.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
818548be1885386cc995f564f36a8e8e

SHA1
008b0c602ed55b1122dadfb3a20db517d55c10b3

SHA256
b4765a86f69c122307448d0c6e81cebd52ffbc59b0d19da42971e2857f773e6d

SHA512
47840561a1eded73600b656576a7a9195bd1beddb79b08090b9e6bd9ab610de6cfb0a334310bfefe0b33ef157d420aaa17c6315fa2e689398da3328c4460a02f

Download Submit
/data/user/0/com.abtnprojects.ambatana.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/user/0/com.abtnprojects.ambatana.hack/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
8a68045aa7ece4be148962dee8223d18

SHA1
f02b5e93062f8bccfd2077433a703bf9438c4457

SHA256
1dad7a2716968094ffd34323b08bafdd98d7e512052ff7c350367574b440d49b

SHA512
8e00776935e687879e9ffc41bcb5fa9f9296b83622b17d7a043acb3ea7d110c430c77c8f0042d927133c492cfc061ae14c9b63822097e7413e48e984c63e28a0

Download Submit
/data/user/0/com.abtnprojects.ambatana.hack/databases/google_app_measurement_local.db-journal
Filesize
4KB

MD5
d46dd426ffd151449fbc1af2d4cf71fe

SHA1
7b674f8123c45c22956f10943d1ca17b22cf7228

SHA256
33c9cfac0820e80a39bfa99c00eec3b68a39fa7953c10b01fcdf5fdf84dc27d5

SHA512
6b12e82ac6e0bd091774eb7b617036c91071e9ae4be53dc482938ea3695b638d96d101e2b0ff35ef4b0ce362b0c682bb1b82e7f014aa77e09cb13b9ec12d67a5

Download Submit
/data/user/0/com.abtnprojects.ambatana.hack/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
f401ccfe00c1ddfbe63eb85a594d061b

SHA1
53d22e058c48ff59f04e8e07dd6943b2dc138485

SHA256
f30dfa8cecb45df33a2b076de832c1dda537d3d5f59370d14e1030feb3e74d62

SHA512
97475e9180e8a28e5a490324f123516462a96a64a8a6086bd8178136f3d5a1ce13e25f179096c845761c3aecc9b8454295c1ec725494cfaa36673aed088648be

Download Submit
/data/user/0/com.abtnprojects.ambatana.hack/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
11eb22ac1869698e95cbd6e092716e4b

SHA1
eb222e700e0a6b46933e32a70586243d55b93638

SHA256
f8c060d6ec5e3a1257f19e8ec326ed5de3741fc0ace62caaa85d4168b081e6be

SHA512
0fd0228aaf4f5eec74ee8939175f73be769849980d4a55efdfc078173cb709cde3935eb4a99635877cb12f121b56be36e69c5f7363f0e65ca927edce1ad513f1

Download Submit
/data/user/0/com.abtnprojects.ambatana.hack/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
fc26ceb0fac29cabb5494e96d257457e

SHA1
babd45d1024cf81c576f83afc8fedc66afca9999

SHA256
a3c3d698d1e6545ae2d6ee5560d2dca52eae99b6fe26e40c17de78927bad5ed8

SHA512
3152e0635afb4b77860d883c49cb4e1fcbb8f5a6bc78562f3daf9a7898b22544a0b52f3a0ea85cbaa9fe5b913064d119c0a8cf1ce270607d2b52a1a668a37fc6

Download Submit
/data/user/0/com.abtnprojects.ambatana.hack/databases/google_app_measurement_local.db-journal
Filesize
512B

MD5
d7f9f0ab7ace189344d978ac4dcd5505

SHA1
cd3ab2ef9232390d80e7248e515534a948408d65

SHA256
8f95dee9ce1a9e2c98214b9266c0783160a03e49786f619455d5ca1466cf3f72

SHA512
d0773f57c246e55f5a02b870c6dc564e82d303da6762db7c209ab5bd54f6abc03055f52268996456f87229a898dc8cb37794de75b62a8aeff4cf19a4f1e4578b

Download Submit
/data/user/0/com.abtnprojects.ambatana.hack/no_backup/com.google.InstanceId.properties
Filesize
2KB

MD5
505720872f195d868075d8b5d384375c

SHA1
f44e94172c3b8434a0a21e02e14ed0e545cdb6dd

SHA256
aec1433f1d1a4527d6246a6125713e71f2ce45a38ca14ce9c9067ea2b88558ec

SHA512
0c4184b3cdfd747f4a5ba710822f606d9677017d2090447e597f0bc45ebd05da619ce067d9802f65cee8caee5e116339b6292bc16b0aa93410a51afe2cf94542

Download Submit