fbd62f0273f0f4f7f9937bdc8a2d9d3cb0ce0687ede74a4a8c34e9c601688db1

Analysis

max time kernel
22s
max time network
156s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
13/07/2024, 01:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3fb2c2368484295cc33db07dda7be124_JaffaCakes118.apk
Size

8.5MB
MD5

3fb2c2368484295cc33db07dda7be124
SHA1

23eb40d927ed79e225e78354c4af7d47f0f93e82
SHA256

fbd62f0273f0f4f7f9937bdc8a2d9d3cb0ce0687ede74a4a8c34e9c601688db1
SHA512

66a3def5c70398bbef54db97f6a8f567e8fdef1a9dc76c2f7a73656e8cae709b7fd05588f67a1b983c59e04ebf527f0faa99de9fb8cccf20b9bc2dfabb89f1dd
SSDEEP

98304:CcGgiTW5I9PDSn7wyngcfjDZLjBRTso56FSm8mvaThSDlD:Cc3+W5I9bccMg+ZHTso5038mvaTh8D

Score

8^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	net.dinglisch.android.taskerm
/system/xbin/su	net.dinglisch.android.taskerm

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	net.dinglisch.android.taskerm

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	net.dinglisch.android.taskerm

Checks the presence of a debugger
evasion

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	net.dinglisch.android.taskerm

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	net.dinglisch.android.taskerm

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	net.dinglisch.android.taskerm

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	net.dinglisch.android.taskerm

net.dinglisch.android.taskerm
1⤵
- Checks if the Android device is rooted.
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4970

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6691DB7C0375-0001-136A-29C08961211BBeginSession.cls_temp

Filesize
77B

MD5
dddfbe56ce2dc68521695a1e4466b463

SHA1
60f0a42f620ce0bacc661e2524bb5df73aa24dde

SHA256
2ad7e65c715b0d7e6e7e768842c9bd4eb03efceb36a4df10628de7c51f3b3974

SHA512
18b60df97cf4668950fb21feb00cbb684e9ec8d8a0f87bade09103e7fe48b34167378dd2e70ee6eea355fb6aa751cd7fa2a20f00dad4bf2119bfbcbf1e8ef7a9

Download Submit
/data/data/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6691DB7C0375-0001-136A-29C08961211BBeginSession.json

Filesize
132B

MD5
4165b4b4e7db4dc70fea1140aa0a5dd1

SHA1
6dc59a5e9c09491ed6d68149234a410573425f1e

SHA256
20cc17ee703915e6930e6d80ab3dba570998d3deda2f8c1fc8a84f1ff3e347b3

SHA512
270605e3b46b665398bff4dec1ec50ba96e2d989badb829cefdcf7e8dae73e8bfc9bd39304f5f35f432a65a0960b75433d8154fb77782e198167beeb298f8ff2

Download Submit
/data/data/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6691DB7C0375-0001-136A-29C08961211BSessionApp.cls_temp

Filesize
132B

MD5
8ac2fcd2f11c28896dc75f3ae4726ef0

SHA1
12267c435b93d3f3ffbfe56831adf17666201618

SHA256
647009e9be2a9c7ad4f0f10e8b1d5d5a4b16bfcb8e01cb08cc42933d9735848b

SHA512
c5902323ec8736817f6698d1451cfdc79c9f30e374110068a21070b789cb5ebef611a80edfd1c69fdade77bc45d025a497870344faad7429e79f70253a634128

Download Submit
/data/data/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6691DB7C0375-0001-136A-29C08961211BSessionApp.json

Filesize
245B

MD5
936e68c1ec303a8dc7ce35f47118c085

SHA1
9437b9f8475216b2da00c979071896a9eb67a12e

SHA256
ed66b1a3c84fe6f41a2703fd22b9cd7f81699cb6a4fdf00b816075b0a1075526

SHA512
92f75a6bcfc30ee6c6b0693d2b698748ad4dd0129ffe100c6cb6ef6546fd3cc6a4e7e55a05a6ca9dbbfa84231a22aeaf4494d789f6a17fe57f7d6bfa502fd3e3

Download Submit
/data/data/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6691DB7C0375-0001-136A-29C08961211BSessionDevice.cls_temp

Filesize
48B

MD5
2390c1f21db00b20c07107e3ec7275fe

SHA1
e663a646460acc071aebee942cc1776c23d77655

SHA256
d348072a01496839cfcde3a18866423aee74aefd613fa3bf1ff4a203ef46a699

SHA512
43ff60754eb60795ca1c318f44dcfe49194add26cc3d92c2eac7bef538fd65b6290f2e5953b8f1693b9425ebbcdd022ab16a18280146ee0b0c2eefe27bc0bd63

Download Submit
/data/data/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6691DB7C0375-0001-136A-29C08961211BSessionDevice.json

Filesize
202B

MD5
afa07370d07ed0a8ac9554ee7001bb72

SHA1
d1e9de22fda1295087525ff3a377f7d7dd410ac7

SHA256
8d4b99fc4968c9cdff4626ff6c1467cdb427f7a597b153f03b4bfb62dde6c07d

SHA512
a7a974b1c4ca3d7ca92e1449dc9718d5ea2af7f8e4c605d25c731fb4bbe891fdf340835e2a4e3a363558744e5ee30aec22542f377eb5bffc0097c70d24f241d1

Download Submit
/data/data/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6691DB7C0375-0001-136A-29C08961211BSessionOS.cls_temp

Filesize
15B

MD5
2566d27ce8c28d8961f082c375d7535e

SHA1
92fe585b1a2c9c523d2fa1f65ab5c1b6a1a6edaf

SHA256
5acdb54ddba2e264f6822fbdbc4e9b5158f57d43785c2f01d981956b18f7a90a

SHA512
1c70679bbd25a57f9ac02083d5af0fe72b1417cf3070a195497f03d6f492e87b1ed3f570de7ea7c814c995a1530e32610d9570f31a480648f4062e8d3287be8f

Download Submit
/data/data/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6691DB7C0375-0001-136A-29C08961211BSessionOS.json

Filesize
55B

MD5
5caea4b68c57072f7f52a5a41720566c

SHA1
4d9712f1702c7238949da43f7d8ae6efb233a666

SHA256
3223857b618b924c2b0fbc7bfb373a1aacf300a7b5ab585e18fffcf19039f363

SHA512
fe1455d21c521aeae3292bdcc386f6d2005dc253930c03e44dbcb972f96b849670d2aba039ea59e1a5ebc0350e6315151d17bcda55c161a62987d4bb01e91f9f

Download Submit
/data/data/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
4KB

MD5
459f585e357bb40ffa20d7ee60569fc5

SHA1
e3ebb44ee6dea99362c395e3f22f7acbda041aea

SHA256
e94d454e33f47fab0e3470fdf20bdeb16989dd314f87dceacfe132105c4b1fe7

SHA512
1203f61329c3e44abf407eb2268f7660cd2f9d368dff5cadb66d85246ba6c5a0c763e9680b28384dd2ce145bb3ec6e57561ebbee8ee26ed974f9f63fe35f8380

Download Submit
/data/data/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
449B

MD5
92758adf2600b0029e82de77f44659cb

SHA1
66ad143de7f56bd84090079e2cfd6ec6cb7a65cc

SHA256
4258d6b1273bcdfd9677f8326e0fa59dba8e94532d9987b9b64747ccf3a55ccd

SHA512
f0bf1c921ecae1b2dc362b8f51eb9ff7f069858e881064c005fc04a1bea212b483261bd5b478dfdc518f7113ef13bd6512408346d11c4acc15b1e4805117a4a5

Download Submit
/data/data/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_dc6d9ff9-fa03-46ab-82c6-214aefedd067_1720834941349.tap

Filesize
359B

MD5
b70af28c6ad80a3b7f6373585b14b50c

SHA1
8d4296c3fdd2361b389468f6add681cc24503759

SHA256
5288f64242d37f35875c4516b879a37107fb5117f221a37d1f9300bc13f5f0bf

SHA512
093bf53276874ee61c781f46be5236142b33d840e217d4883ef6d68e4de2d3775f683f246b482d0899b9ee8c067f093dd912b38cfce4db8f01d9a3fef00c4995

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads