84c1e16cd5b0282e9babf43e55f25177ee3b53e8acf0400cb36bdf6753fbaf09

Analysis

max time kernel
13s
max time network
139s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
15/06/2024, 06:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ad1f0f49e97c110039e9e7e081cb9156_JaffaCakes118.apk
Size

9.1MB
MD5

ad1f0f49e97c110039e9e7e081cb9156
SHA1

1b9131a1039bef2ad70e40dce502132d954c1c76
SHA256

84c1e16cd5b0282e9babf43e55f25177ee3b53e8acf0400cb36bdf6753fbaf09
SHA512

59e08a8b6ea6e4711a090f46c3c5c8313d26874668fcf63a79bb571140ff19dea12f09f5fea2f4f51e596041cfe417451d64819f506152c7db505294bfcda146
SSDEEP

196608:sPPRREpzKNB5QQdoCk6UUr+r/dO6mo21tbLeNs1VZDKx:sP7Epz25V1kur+rU6/21hx8

Score

8^/10

evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/xbin/su	com.fourhorsemen.musicvault
/system/app/Superuser.apk	com.fourhorsemen.musicvault

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.fourhorsemen.musicvault

Checks the presence of a debugger
evasion

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.fourhorsemen.musicvault

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.fourhorsemen.musicvault

com.fourhorsemen.musicvault
1⤵
- Checks if the Android device is rooted.
- Acquires the wake lock
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:4301

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.fourhorsemen.musicvault/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f563d39a30812b9fbba6ef4161f27059

SHA1
4f97f70734c123e90daff498caeb8ed5fadde3b3

SHA256
cf532773328f9b6d63e5ab79ab36558c0dbc746f2ef307d6ea0ee30230c81e7a

SHA512
4e0d8dc8b6d5c08f6d6f9738f8c10f6a00f5dd99d355ca96263cc4eae3839be232f0a64a89ddc56c63ffffe20e1aac6225f2c8824ae3704cecdf2b69e90a4cc6

Download Submit
/data/data/com.fourhorsemen.musicvault/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d23d1dae4596ba9f00fe4052971b0d34

SHA1
45335ed2ee8561f31243cd2d764ab6a698337815

SHA256
75f97d92ef71b5af8f7799bb228ecafcb46f9e873e12cf5c3ca7eacfa3860209

SHA512
bb33d43b16a8f2d173ddd9e98d63187efa69766505ec7d721b94adfadab7b1c65c6b9037d18cf5f1876d476e9c3b7bb49c921506030352e4e6ab83b98eecc4e9

Download Submit
/data/data/com.fourhorsemen.musicvault/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
0d6f5cb19c01e0abf968590242a45074

SHA1
a51ff35dd47d896d52101819fe2ed3e1223d61ca

SHA256
18a0f0885bd7c1c0ebcab6d4b0e1b97473b6eaf36bf2505fb78d448bf63bff30

SHA512
da00ee06e2aaf4e1de903ee42e181492850f3507bd0e29aa030088c7053dec9544ae8fcc4da247d18cbae5d1aa8fe6ebce031fd47f4b3e5e7cab50412cc8116d

Download Submit
/data/data/com.fourhorsemen.musicvault/databases/google_app_measurement_local.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.fourhorsemen.musicvault/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
9011df6fab4e5950f2baad7b466e7200

SHA1
223fd16870942664196a98754893acf7ac12b550

SHA256
c8727fad55526099ce498d2d17460f945b5a74da661056b9c1d9ab305e8efbc4

SHA512
8adb65c26cdfba98bf3ead686b551568d7df336daf187ef66cc8b86a7594468c8b4d43df08701bc13ec5d49b4497aaada1cb471e2bd6da7ae07fbcb7fe4f9363

Download Submit
/data/data/com.fourhorsemen.musicvault/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
3bbd39dcf931b020f2c10945ca504453

SHA1
50b73261a1c3a2e8395848162031b3022a4dd95f

SHA256
afba92af610821af8af37479d5951396def6d9a1bf0034fbcd4317a7800d1171

SHA512
59d9c0cc0ee81d76aabf59f2350729b91ed4573e5ecc40811c7fbb2033c1140c635d19717a459b7683c0dc70ec0d133dde10f4ee7832f72e66e944ca6a784e30

Download Submit
/data/data/com.fourhorsemen.musicvault/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666D308700D5-0001-10CD-4B34CF717D70BeginSession.cls_temp

Filesize
77B

MD5
f4a2bf6a2e0ba81e20b8f28aa664f2ac

SHA1
1f6fed8cf889e3b336ce153c6212a13c7f421f44

SHA256
19efe98189a0e6dc4aedb6330bfa6331f47282a4856f1ec077f5abd1e5d80c60

SHA512
119f4b9e05077f082ac34a44dd5dd72e849f0f8353dcbd7b1e2f569afd7794fd504dfa2acd6327bc3c4607952f8d80235d416c9e10288cd729748d67079a44bf

Download Submit
/data/data/com.fourhorsemen.musicvault/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666D308700D5-0001-10CD-4B34CF717D70BeginSession.json

Filesize
132B

MD5
289edb8764c081c5178fe32f73ac5e59

SHA1
60115560c5f7c865a286c308ffea9a3a98fae354

SHA256
b7c222316142d42df4a4352ff7f425d2373e124fc3e57e05817ed9c9b3f24f5a

SHA512
926d01b8de0649523fb32eda46e6e529aa6613bfb88427c9a5a0c406cad9cd654754eabbbc0a63a3b261005b767da8f27f40e1790be70a30efdde9b57bbb35c4

Download Submit
/data/data/com.fourhorsemen.musicvault/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666D308700D5-0001-10CD-4B34CF717D70SessionApp.cls_temp

Filesize
126B

MD5
1c89cbeaad890d6143c19f7af08a8014

SHA1
594df40e66aedc8317aee49d811d079ed3785cd6

SHA256
ad85f6148be25578f263a887ae512fc067d9185438eab152e72d2a87da2fe258

SHA512
c45ade8fa508b92ec9e3a0c0f17244f6b80c0be06bdcb739e9293d7fc58c54f10098c52bb308b1221c080abfdf08566075ff5d0b0d43189a1bbf64dd4d9ed950

Download Submit
/data/data/com.fourhorsemen.musicvault/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666D308700D5-0001-10CD-4B34CF717D70SessionApp.json

Filesize
240B

MD5
349211b6e5a51fca0f9f499ec4dc4f01

SHA1
88f3fa9ebcc94c0d65477f7bab6b0f557482d9ae

SHA256
f0ea14b38ebfd0da831e265d9ef59b76e8d353cc7256b1e7e3cf54fb4dbd140f

SHA512
1a56af5a17b3cf1581bd734afef235c70dccc12fe3bec0d3f068dbace781e3efa3e101ac84cbfb625623c2553e4a4b590ae239a4e1a08b0a835693c5796691a6

Download Submit
/data/data/com.fourhorsemen.musicvault/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666D308700D5-0001-10CD-4B34CF717D70SessionDevice.cls_temp

Filesize
48B

MD5
cf9cb0612d588a1f71b63084cea67316

SHA1
3d035bb92fd3f8997160cf8025c40239af74d3ca

SHA256
0d37c5a64baf86735501f9044eeb926b3d46548cdcf67c2cd1f773df36624ac9

SHA512
70f000233e181e3b7c6fcf07aa04fdb570f970335837f8d1c4680a9f78af9f9e17c73a0a5646770f7a8787e338899edc4a5197b023865a4da894b1aca12bf600

Download Submit
/data/data/com.fourhorsemen.musicvault/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666D308700D5-0001-10CD-4B34CF717D70SessionDevice.json

Filesize
202B

MD5
75db92d50c80a89e068550028c62acec

SHA1
d78ea55f5dc682e4da456d26383249f608fe894f

SHA256
1dfc488309883b61beb3462567a9befeaf36bb475a07a7ecef2be60bedb4b5a2

SHA512
dbb81daa5fab357f087dc295e7861444f945eb4c3883a09926b47312ce526bc069266a8a24b2a5b4921fb13e797696c5824195f0a79317e279ccf7855ca2ee13

Download Submit
/data/data/com.fourhorsemen.musicvault/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666D308700D5-0001-10CD-4B34CF717D70SessionOS.cls_temp

Filesize
14B

MD5
9b3d4522944ce6396563812bfdb92fa9

SHA1
6d2a6133c8f01938a48ccc77ef86ad8ca335c020

SHA256
d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9

SHA512
091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

Download Submit
/data/data/com.fourhorsemen.musicvault/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666D308700D5-0001-10CD-4B34CF717D70SessionOS.json

Filesize
54B

MD5
93023624eb8dff5c20050da136aaae0a

SHA1
acfd1ffed752c28fb135ba83c0c6345ddf2f6995

SHA256
968bcd7c4f1abed89a09cc0e6dadd238a81e8655e64196b39a86be49ceecd39c

SHA512
bb25dfa144d3f0e17203936c503c5fedec5f9ca710e177f99e273010ba4a682199d4bda5684151d65f3cb1549f4611b3a645ce39646d3db9a1b2c17d6b160579

Download Submit
/data/data/com.fourhorsemen.musicvault/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
881B

MD5
1b7606024125160dd61768efddcdf6a4

SHA1
5cf203a338cee5b76a6bfb6c6e187e8ff76a7d43

SHA256
21be0448ab0475579a0bc69ddd1158000a83d7b654a3900b28d852f7621fe72f

SHA512
149e78c183bbab45a2c405c37d88d9899f3ca6e64f3529846986970c44182f0b36c1c064969002e125b6fff8220ed9ef466ab18f9e35caaded8e1317d86e8e98

Download Submit
/data/data/com.fourhorsemen.musicvault/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
412B

MD5
5f3793ac599d46c95508db31b181df70

SHA1
13a2953b4ac2482b5beab62333c6f733b6e08e02

SHA256
47e3563a9667df1adb12ea19f550ca1506351a2134af2aa6301fbb89c19f8a68

SHA512
7d1276e1a94d39d419ef75d56cf9d2a23866f339f6ec018f32d761f7a4386cad1b13889d2c8f1ebf3f97200e24509c8f2bfa7253dee9f09892ef6fac533b05d4

Download Submit
/data/data/com.fourhorsemen.musicvault/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/com.fourhorsemen.musicvault/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_9e8b4b1e-9731-4a33-8b08-45c32a0c1cee_1718431880626.tap

Filesize
331B

MD5
4bc1b1c2e16f46feb076e9fa0944c433

SHA1
2cff62e3fbb36cb77f730f9bab33bf496c3810d7

SHA256
4cfbfb73ec42e031d00ee216b87b9e81a4455bdf243483928752c4bf3890ddd4

SHA512
69678e9e358ad4a9d658f0bc8e78d7043a6862f56739ebd11e91f53106e2d863fd986eeab41aa6ba0b746317f7b6f71f93954b4b328aab5539960ada98f8cea3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads