84c1e16cd5b0282e9babf43e55f25177ee3b53e8acf0400cb36bdf6753fbaf09

Analysis

max time kernel
14s
max time network
151s
platform
android_x64
resource
android-x64-20240611.1-en
resource tags

androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
submitted
15/06/2024, 06:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ad1f0f49e97c110039e9e7e081cb9156_JaffaCakes118.apk
Size

9.1MB
MD5

ad1f0f49e97c110039e9e7e081cb9156
SHA1

1b9131a1039bef2ad70e40dce502132d954c1c76
SHA256

84c1e16cd5b0282e9babf43e55f25177ee3b53e8acf0400cb36bdf6753fbaf09
SHA512

59e08a8b6ea6e4711a090f46c3c5c8313d26874668fcf63a79bb571140ff19dea12f09f5fea2f4f51e596041cfe417451d64819f506152c7db505294bfcda146
SSDEEP

196608:sPPRREpzKNB5QQdoCk6UUr+r/dO6mo21tbLeNs1VZDKx:sP7Epz25V1kur+rU6/21hx8

Score

8^/10

evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.fourhorsemen.musicvault
/system/xbin/su	com.fourhorsemen.musicvault

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.fourhorsemen.musicvault

Checks the presence of a debugger
evasion

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.fourhorsemen.musicvault

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.fourhorsemen.musicvault

com.fourhorsemen.musicvault
1⤵
- Checks if the Android device is rooted.
- Acquires the wake lock
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:5201

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.fourhorsemen.musicvault/databases/google_app_measurement_local.db

Filesize
16KB

MD5
a7816eab3cc8f942898336bd5b618238

SHA1
dcd9ad0a1da22bb030dfa11e886940dc80d1334a

SHA256
9ff4fe01f5d7eae1e819ba2a7fadcafb7ae503574fbc788823a29d6f6a758468

SHA512
dd168e5ada6abc60fbf88917d3b895d9cc8bc1f7e1e134f08da8e81855f1a55c591c5baa8beff4ae25e8213cdef80769f01fe80a16169278afd1660fd02c1813

Download Submit
/data/data/com.fourhorsemen.musicvault/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d76831bd0c831e545679baf40394eb52

SHA1
4e86cd833d2909657800af1ea195d6b5ecf4c4df

SHA256
1c382f5803b31bcacb2ff5c613e9091e9a0f6f5affd078121cbd7f10d18968c4

SHA512
ae61678f41b1522bd104140c0ea0422d9979d3dab0f34d974ffdee5e383a27b343ed09105a029db6e95bb171d9f0d8cd42095b1000d05bc7102ba072a1ec2b1c

Download Submit
/data/data/com.fourhorsemen.musicvault/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
62d7020258e5146e56327b04b05181eb

SHA1
444b971db64f30f3941cd0c7bc25e3aa5f65cd9c

SHA256
23a614d9730293ef7d091dabad853425634f0d884d2976dd6d20fd303c1e5d25

SHA512
89606f8e88f2cbef2840804ad039cbab23746bf4f2392a166acb6091189ee11c271571a6f589bb5cd1e880a3e88f474f8b8a025effbc4a163b0ed5619e67a589

Download Submit
/data/data/com.fourhorsemen.musicvault/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
b23539c5294d5fb47a88404c4004727c

SHA1
2715ad6d7b642bfda0cb403777e9aaf78ba15c09

SHA256
8f07552f2a4f035c4da299e409942eca60beac2622b29efb486aaabe68b90f9a

SHA512
c431dda33ac14eb7f859e5bf6617c2d6dec5d838fb1d05df408ac0dca8cf8b1e15ab49962f567d1871e5a70fc661fca06b6f9671aef9fb08734f73e184dcc9c1

Download Submit
/data/data/com.fourhorsemen.musicvault/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
8367bcc60810dc7486215c0d6f3511d8

SHA1
ffb5fe560b253f972de272ee218612b84b0da5e6

SHA256
dd093ab52d504118af926722d3153dc02807918dff76670ab21c5fa5db2a3835

SHA512
12116600755c2f7aafcee40f7c955580ee22e1c516692dcd0e1d698bd09c869fc593293943acf57a31ea6264fab917b3f5c5d902732eb896d8963cc7c430b70f

Download Submit
/data/data/com.fourhorsemen.musicvault/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
0a4cde12686b3c79334d4c234943bd79

SHA1
7f2a8ac68936537cc120e4001d8fa53ce4831e52

SHA256
e858a11ed8e5a0aae6689ceaedec6c54cafd46ddfd2166e75e6a9eb472d28dc7

SHA512
e8a4d8111769c12f763d6edbfc4685d9991b6a8ca6e728c041090590c56209ca8d52da65000ea544dcabab9750f5a41cb3b838ae6e7e25c54e19910d62a2a465

Download Submit
/data/data/com.fourhorsemen.musicvault/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
0bde4b0df390eaa7de2f547b9a3494cb

SHA1
4d6dd1635ef0b11260f2eabc2bcb5cf46c176c02

SHA256
d7252dc0f07a32a074f2c9693925d85349fd49b2f4287eab6e0603d8ecf53b4b

SHA512
bcaa3ab44eebdded07328865a547e6ca00268a9aa38bc52156a411c15d78a6a52376afbd689c13e824c11e3f12474ea7475a62c3e13f4306b2f8c12199cccdc8

Download Submit
/data/data/com.fourhorsemen.musicvault/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
14f31631905a35ad3f4e4e545037aba3

SHA1
dc5f3f443328f4b814330709ac18d9fdab3f6222

SHA256
4e890aa2358f47e6f04801fab818f235b888fb3f216dc3d080a0e775bb0411cd

SHA512
377e5defcc7392476c3e8722f20c7f36745921680728b0b2afa33c20c28f969d0a5a9f7e6c3b6f91a9e65b816ea5aec05f22b59db45a9ebc6f2dda46c2c2aa67

Download Submit
/data/data/com.fourhorsemen.musicvault/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666D308801BA-0001-1451-315AC4CE6D06BeginSession.cls_temp

Filesize
77B

MD5
db46ef420137127e87af57f2888adfb1

SHA1
ed1e6eb18681a6015c2e776df9b34cf324fe4621

SHA256
d41d3d2796b392dd748709264e48f5cf111d847d3cbe04ac01b1644e29184366

SHA512
40bdb54fc2c85711defb32ba974fbba466a1fef74e4b0a246a8f8053b9d3882d0d7652c454b4c4f90418a18d3bb6e610c31668f56914fbfff60d44b046f3d8cc

Download Submit
/data/data/com.fourhorsemen.musicvault/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666D308801BA-0001-1451-315AC4CE6D06BeginSession.json

Filesize
132B

MD5
f9a18cf0960ab6b54eb5438656691871

SHA1
bbd9a0ec331afbf1b821117d70e52e60d102cb8f

SHA256
91839e0d603b8b07fe608f82225fa1cc528e501b980d057ab97ec5e2a9417ced

SHA512
9a0920963e247eb66887afdef335639994f1f3ea79a6787171590233929bdb8eb1cad070da21a09aeb25955cf0af9e9b568d854fe71684db913aada31624544f

Download Submit
/data/data/com.fourhorsemen.musicvault/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666D308801BA-0001-1451-315AC4CE6D06SessionApp.cls_temp

Filesize
126B

MD5
ee4d4540fd93bca778e0680bdef6117a

SHA1
0e07fb3958feef7e8457bb5dc0e1ede10f1da678

SHA256
0b718989181d1474f20e8a87c6060adc361cb0a11b29d464eb96423187285a77

SHA512
a9002975887ee4e4302f6965bbfa306ef1baf16925140c74664066d12b2268b8be2d32ffd5324e79571d31dbae8e3e203a5b8a4b2d07cac3c95ac14a2372b059

Download Submit
/data/data/com.fourhorsemen.musicvault/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666D308801BA-0001-1451-315AC4CE6D06SessionApp.json

Filesize
240B

MD5
4c98da63805ed25ae897132d5924e010

SHA1
11cb2c9fc4bc127fa36c118cffcc1e5353bc113f

SHA256
e63580dbc51b6a766be11fe12d42ed0223b2b623d9cf0b113d5af4b7facdee2b

SHA512
da4d7c9a1388934e523369704c78a88f58ef0dac9c174e4987c46216b917299a094fe3c1e1fdb0eb54350472085fd7124f7635fd88db2d73fc8b4d0fef99ff70

Download Submit
/data/data/com.fourhorsemen.musicvault/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666D308801BA-0001-1451-315AC4CE6D06SessionDevice.cls_temp

Filesize
48B

MD5
2390c1f21db00b20c07107e3ec7275fe

SHA1
e663a646460acc071aebee942cc1776c23d77655

SHA256
d348072a01496839cfcde3a18866423aee74aefd613fa3bf1ff4a203ef46a699

SHA512
43ff60754eb60795ca1c318f44dcfe49194add26cc3d92c2eac7bef538fd65b6290f2e5953b8f1693b9425ebbcdd022ab16a18280146ee0b0c2eefe27bc0bd63

Download Submit
/data/data/com.fourhorsemen.musicvault/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666D308801BA-0001-1451-315AC4CE6D06SessionDevice.json

Filesize
202B

MD5
afa07370d07ed0a8ac9554ee7001bb72

SHA1
d1e9de22fda1295087525ff3a377f7d7dd410ac7

SHA256
8d4b99fc4968c9cdff4626ff6c1467cdb427f7a597b153f03b4bfb62dde6c07d

SHA512
a7a974b1c4ca3d7ca92e1449dc9718d5ea2af7f8e4c605d25c731fb4bbe891fdf340835e2a4e3a363558744e5ee30aec22542f377eb5bffc0097c70d24f241d1

Download Submit
/data/data/com.fourhorsemen.musicvault/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666D308801BA-0001-1451-315AC4CE6D06SessionOS.cls_temp

Filesize
15B

MD5
2566d27ce8c28d8961f082c375d7535e

SHA1
92fe585b1a2c9c523d2fa1f65ab5c1b6a1a6edaf

SHA256
5acdb54ddba2e264f6822fbdbc4e9b5158f57d43785c2f01d981956b18f7a90a

SHA512
1c70679bbd25a57f9ac02083d5af0fe72b1417cf3070a195497f03d6f492e87b1ed3f570de7ea7c814c995a1530e32610d9570f31a480648f4062e8d3287be8f

Download Submit
/data/data/com.fourhorsemen.musicvault/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666D308801BA-0001-1451-315AC4CE6D06SessionOS.json

Filesize
55B

MD5
5caea4b68c57072f7f52a5a41720566c

SHA1
4d9712f1702c7238949da43f7d8ae6efb233a666

SHA256
3223857b618b924c2b0fbc7bfb373a1aacf300a7b5ab585e18fffcf19039f363

SHA512
fe1455d21c521aeae3292bdcc386f6d2005dc253930c03e44dbcb972f96b849670d2aba039ea59e1a5ebc0350e6315151d17bcda55c161a62987d4bb01e91f9f

Download Submit
/data/data/com.fourhorsemen.musicvault/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
413B

MD5
4d0fcfecb99aef02a170fc7ed095ea92

SHA1
f58a67803ac5957422ff2bd6fa3954796792d16b

SHA256
d4b714d4fb25000e17b3f9a47a3d9283b384e8ca5dd0640b0a2e5853d3624c19

SHA512
4a9d4a760cb11fe2a48c38bceaac009e45af453d76de9952f286978ba264b11338b3217e33abc3ad74110b67e5cfbaa80964a97b3f52d8eee49d0eb0387b9c53

Download Submit
/data/data/com.fourhorsemen.musicvault/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
883B

MD5
31cacd44fcd184d816f115905936fc51

SHA1
7f3aac533ea9aa44b9f0a03588e20e73c8b31e8c

SHA256
aeb922c1cbe0ad0be613ae686f83743b54d4f88e09a6125fb672900e41eea01c

SHA512
700f3ad42072298646be0647797180a06410fa16ba682e493c71b0af26436f7fffdedcfabdef14fc6d717e7524a07e3cdf006fccafea27ec531a8d42864a8b45

Download Submit
/data/data/com.fourhorsemen.musicvault/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/com.fourhorsemen.musicvault/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_8feb051e-c0ec-400e-ab52-0a888637ec42_1718431881619.tap

Filesize
333B

MD5
3e2b7eaec7ac68434d2da211246feafc

SHA1
457f82e968bad5e978279d20f0546683ac1f9896

SHA256
0b5343ae5328abba1348cf44b64eef602bed40b4bceac05bc6ced963dfafd4a4

SHA512
2e3a32e63d90de40f00076b44c83052d24b073aa1ed6e32fafba69192694610d3ddc7c97856b9a1d21f353a6feb02c0c49862e86d0c982c39490fc3217629bf4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads