fbd62f0273f0f4f7f9937bdc8a2d9d3cb0ce0687ede74a4a8c34e9c601688db1

Analysis

max time kernel
22s
max time network
136s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
13-07-2024 01:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3fb2c2368484295cc33db07dda7be124_JaffaCakes118.apk
Size

8.5MB
MD5

3fb2c2368484295cc33db07dda7be124
SHA1

23eb40d927ed79e225e78354c4af7d47f0f93e82
SHA256

fbd62f0273f0f4f7f9937bdc8a2d9d3cb0ce0687ede74a4a8c34e9c601688db1
SHA512

66a3def5c70398bbef54db97f6a8f567e8fdef1a9dc76c2f7a73656e8cae709b7fd05588f67a1b983c59e04ebf527f0faa99de9fb8cccf20b9bc2dfabb89f1dd
SSDEEP

98304:CcGgiTW5I9PDSn7wyngcfjDZLjBRTso56FSm8mvaThSDlD:Cc3+W5I9bccMg+ZHTso5038mvaTh8D

Score

8^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/xbin/su	net.dinglisch.android.taskerm
/system/app/Superuser.apk	net.dinglisch.android.taskerm

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	net.dinglisch.android.taskerm

Checks the presence of a debugger
evasion

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	net.dinglisch.android.taskerm

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	net.dinglisch.android.taskerm

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	net.dinglisch.android.taskerm

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	net.dinglisch.android.taskerm

net.dinglisch.android.taskerm
1⤵
- Checks if the Android device is rooted.
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4222
- sh
  2⤵
  PID:4303

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6691DB780355-0001-107E-8E4FB6BD4328BeginSession.cls_temp

Filesize
77B

MD5
9241f85e8a2cfe006c6e210bc5c90d00

SHA1
f4e288ebc918cbee0c0d18910e636324e6b9abdb

SHA256
7d6337cfbda9e5be7d7420df3c2450bc75bab7853fccc1fbdf437ad9a99225cb

SHA512
3095d3fb3ff7745718e5d429612d84f1573140d47b92cd4af78cf38cc69f0ceb5fcc6a0fa23334b94b8dc95bda328b2dc54a84deeb49811b7f7e684a9d92c15d

Download Submit
/data/data/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6691DB780355-0001-107E-8E4FB6BD4328BeginSession.json

Filesize
132B

MD5
3ac9bfedd76bf05dd3fb388e5f522712

SHA1
ca23ed2ae249d75c3ca9add1672261fe7c682075

SHA256
bb922938744698f460e87eb588e682c0ff8768ea1d838a59702f1763fe289da8

SHA512
0296c3666916787e9251b9626865901a4092529225922d3c43f7f929b060d1777e8461fe348a9d7c974f91052ed93a60f434440558a60092456aaacf8f5ab02a

Download Submit
/data/data/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6691DB780355-0001-107E-8E4FB6BD4328SessionApp.cls_temp

Filesize
132B

MD5
4bbb44012e2b1ec76f00005ed2b6a870

SHA1
53b21d364490a3f1105059f8f65e055e9b6034a7

SHA256
48a8544eab7334bd3e890f02ab5ca203269c0f2a60b3a5d9ac353b9d27c6d348

SHA512
9586500a750b459bc6d328225d7be1d7aae40e163cd6557bc050599d2f4ea00ab6a1c0e66fdade00a66f1ee3059f5810b4dd298d4bc85cf564d15abbeb3fc622

Download Submit
/data/data/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6691DB780355-0001-107E-8E4FB6BD4328SessionApp.json

Filesize
245B

MD5
cc13d437f98532478fa67cb889982e54

SHA1
b242242914a9c32407711531cc48093e83e6b183

SHA256
00431d4c96f4e6c0bb2a8a2cc672882204addc9b093820e01973fb5aca9ddab3

SHA512
16f35419baee0cc1594c9b5666aa06b860fc5c7d655d156e3fe548ddec0c87b6630e7d465f762cd0eb40bbb99163f59e82b8b42870f28b7f7cde937533fe161d

Download Submit
/data/data/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6691DB780355-0001-107E-8E4FB6BD4328SessionDevice.cls_temp

Filesize
48B

MD5
cf9cb0612d588a1f71b63084cea67316

SHA1
3d035bb92fd3f8997160cf8025c40239af74d3ca

SHA256
0d37c5a64baf86735501f9044eeb926b3d46548cdcf67c2cd1f773df36624ac9

SHA512
70f000233e181e3b7c6fcf07aa04fdb570f970335837f8d1c4680a9f78af9f9e17c73a0a5646770f7a8787e338899edc4a5197b023865a4da894b1aca12bf600

Download Submit
/data/data/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6691DB780355-0001-107E-8E4FB6BD4328SessionDevice.json

Filesize
202B

MD5
75db92d50c80a89e068550028c62acec

SHA1
d78ea55f5dc682e4da456d26383249f608fe894f

SHA256
1dfc488309883b61beb3462567a9befeaf36bb475a07a7ecef2be60bedb4b5a2

SHA512
dbb81daa5fab357f087dc295e7861444f945eb4c3883a09926b47312ce526bc069266a8a24b2a5b4921fb13e797696c5824195f0a79317e279ccf7855ca2ee13

Download Submit
/data/data/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6691DB780355-0001-107E-8E4FB6BD4328SessionOS.cls_temp

Filesize
14B

MD5
9b3d4522944ce6396563812bfdb92fa9

SHA1
6d2a6133c8f01938a48ccc77ef86ad8ca335c020

SHA256
d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9

SHA512
091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

Download Submit
/data/data/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6691DB780355-0001-107E-8E4FB6BD4328SessionOS.json

Filesize
54B

MD5
93023624eb8dff5c20050da136aaae0a

SHA1
acfd1ffed752c28fb135ba83c0c6345ddf2f6995

SHA256
968bcd7c4f1abed89a09cc0e6dadd238a81e8655e64196b39a86be49ceecd39c

SHA512
bb25dfa144d3f0e17203936c503c5fedec5f9ca710e177f99e273010ba4a682199d4bda5684151d65f3cb1549f4611b3a645ce39646d3db9a1b2c17d6b160579

Download Submit
/data/data/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
4KB

MD5
9cf6454f4677fe3c3aadfa031f5af701

SHA1
d03f235441ea99612b20f9164a4e445dadf4e6a0

SHA256
0bdda48bb4984a15396c8565b1f1d85aad14e01bab250f6bd75d8a6a0562ca2e

SHA512
eeea9896c25ba1e9dc2a24fb5c4a7a68cb69234c564d20ef6d9cb761de7f5ba92da7f7758737b542bfb430846d69bad9e1ea72239ebd8bb0048be2c2df2f1d30

Download Submit
/data/data/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
448B

MD5
aef0c6ddf89aede7e1ed8aa1c449157d

SHA1
38bd703de34827e1d071f4a4f40a5421e3b7840b

SHA256
b2026f6fdcd49a351502a82737fdef27b96e3368cc98f6e5c8a18a2b9b687a6d

SHA512
7146df37de9e1c166ed266ed4551dac5d23b5ad373e144a631ec8676b7533caa17ae9decadda70b2707905976e6857d913ea52970bf0d05ff634983d19834473

Download Submit
/data/data/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_8e28228c-8a1e-4e16-aabd-627aefd43ba2_1720834937500.tap

Filesize
357B

MD5
6d6fcc97ef163aa37d6b6cf87f8f8b44

SHA1
897d85b6f2321666e1b86470260072dc6aaec7e6

SHA256
dcc5b6703e1a99ff42033f6b0a47a12bde045ebac651da134fe0defcee82f2a3

SHA512
ca3412a751f4e4cbc3eb38155391f656e9f2cb00b4b90eecc9d7b73c8bd7ba99caf0bc1c438913c04f1da739a90e9322080d09cd34ecd544901c683d8aaaf78f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads