fbd62f0273f0f4f7f9937bdc8a2d9d3cb0ce0687ede74a4a8c34e9c601688db1

Analysis

max time kernel
107s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
13-07-2024 01:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3fb2c2368484295cc33db07dda7be124_JaffaCakes118.apk
Size

8.5MB
MD5

3fb2c2368484295cc33db07dda7be124
SHA1

23eb40d927ed79e225e78354c4af7d47f0f93e82
SHA256

fbd62f0273f0f4f7f9937bdc8a2d9d3cb0ce0687ede74a4a8c34e9c601688db1
SHA512

66a3def5c70398bbef54db97f6a8f567e8fdef1a9dc76c2f7a73656e8cae709b7fd05588f67a1b983c59e04ebf527f0faa99de9fb8cccf20b9bc2dfabb89f1dd
SSDEEP

98304:CcGgiTW5I9PDSn7wyngcfjDZLjBRTso56FSm8mvaThSDlD:Cc3+W5I9bccMg+ZHTso5038mvaTh8D

Score

8^/10

collection credential_access evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	net.dinglisch.android.taskerm
/system/xbin/su	net.dinglisch.android.taskerm

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	net.dinglisch.android.taskerm

Checks the presence of a debugger
evasion

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	net.dinglisch.android.taskerm

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	net.dinglisch.android.taskerm

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	net.dinglisch.android.taskerm

net.dinglisch.android.taskerm
1⤵
- Checks if the Android device is rooted.
- Obtains sensitive information copied to the device clipboard
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4656

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6691DB7A01BD-0001-1230-7321BF27980BBeginSession.cls_temp

Filesize
77B

MD5
44a42006a749b7de40c3a4fcf3dfec79

SHA1
6bdaad09c47a85266c26ff073d160fba1207d1ae

SHA256
a0e13bc54c9b6172e634459f3bbe6976febd8b590c78fedc2bb40274c60085a1

SHA512
bb229cfd02258289ea461c980dc4c2dec3bf8dbfa578823052947c484d98df32109d9abcd845584614992c7a75f8fae424e2dbb1eef321ff8ed2017b35b1b55b

Download Submit
/data/user/0/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6691DB7A01BD-0001-1230-7321BF27980BBeginSession.json

Filesize
132B

MD5
b448ca6454ea1c1b867d353048de3f09

SHA1
7406361ed8f682371d97a5d96eddec33410f090a

SHA256
9445679e5c9fa1028d0d2fc8e5a62e730d129c151860d67e44138e160db6bcbb

SHA512
61df2078a540e8b5d63775a409dc2584cf88f54bff2dde6cea77c0cd3483144b48c3eb7918e5fa5f6e1d26bce211d4dce9f12db44c95d4afa2706be5c49aed0c

Download Submit
/data/user/0/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6691DB7A01BD-0001-1230-7321BF27980BSessionApp.cls_temp

Filesize
132B

MD5
fdf0b744d34f7bd246b36ca5e40a8fe8

SHA1
cc02b806de21928998502fcc1519506d73ea5fea

SHA256
e266d4455e8fea9938a33816ebc4d9b32a3bd47bcba3e0663a268b6375ce8767

SHA512
4f770274817f3575e5fbc39084a7258d724c28f4018f7ff7b4cc682b60a5cb8c275782d0f052affafc332ef757218321458c5f14babd737e97d5ad8056733231

Download Submit
/data/user/0/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6691DB7A01BD-0001-1230-7321BF27980BSessionApp.json

Filesize
245B

MD5
2a08ae2b94b51d44bdff1c43ea04736d

SHA1
d46562aa9792aec974ea3341dff87a65486b9228

SHA256
6228d1717e038575cddc47bc4ab5fbfca2d8ae53830be9a262fddf78f82b8a83

SHA512
df3498b266d1866162394627bf27aceb7099959ca7d13b570bab726bc0e280038fb0effdff133d62ec63188184b1778f3932562cc7ed7870010b48aa913e0c73

Download Submit
/data/user/0/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6691DB7A01BD-0001-1230-7321BF27980BSessionDevice.cls_temp

Filesize
48B

MD5
fd6372364a5c5c9cf8945ac3ea7a5d94

SHA1
3c798cab71f6ae7a81e71e58712368231230588a

SHA256
7400bf714ca32b64dd89440c9d5ace4e0115ddce44d169839e465df0e1638641

SHA512
a18b18d061dfd979bce1e0b769009668c322300e7174f51d2532e86dc6018769194507a106dd30b97317f8c1a7539d13a7baeab2900c1e00da7c74e899dab276

Download Submit
/data/user/0/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6691DB7A01BD-0001-1230-7321BF27980BSessionDevice.json

Filesize
202B

MD5
eeeb942571fa704cf8ae49731fbe9789

SHA1
b5989c4cb932ffc779ee25bb3f7bfb79cf720427

SHA256
78809f7ae96de01e3922b6d3a134c3f7e9a0cbdacef313f70e8d9345bf5fbd71

SHA512
71e55c16f9f8fc936f8607448916bbfa1ba233b7120b8676fe11552916ac4dd3e3a7b0f9c31e14048933c8bb9c9d6d630ab7d28389f31749640cc965b2636565

Download Submit
/data/user/0/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6691DB7A01BD-0001-1230-7321BF27980BSessionOS.cls_temp

Filesize
15B

MD5
b3d9541cc92a9153d14e5160f8d8c008

SHA1
2e1ac80eb381dd82a03795b682f92020348c0113

SHA256
1ead5b213c87f182ffce484c34f7d9f140ad3425c0f303f460492efe8a26c56d

SHA512
78074409135a210ba4e1407ad9b3f784f5683e83aac4ce3482d4e8135425cf2b30db1ff5dd0041901c490a551a477237c6d255671c7b1fad74090980dcf3334f

Download Submit
/data/user/0/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6691DB7A01BD-0001-1230-7321BF27980BSessionOS.json

Filesize
55B

MD5
fc1dcee4e422d77e7fab7c08c8a41344

SHA1
d5340127e9d5f735b9d33b9dc61c772fb0e2dc15

SHA256
b843f05ed78cd137c272ba7f0ce8ede3aa853098a856863e51d5c223b58f21c7

SHA512
3ec07617e3e1008572f6f2528de9d4b827050cc5a7cf19a1604c961f9ec370ede6f5fd83bfcc252c0ee286fe244ee6734046ef1aa638dcfc689cd4407a6a8f61

Download Submit
/data/user/0/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
449B

MD5
743a9adc66771b66691a3f559cd70eb9

SHA1
1bbdb4e082926f74ca4446a00b6f3916d2e03900

SHA256
476a4356396b9a6a88e8914d900d841836aee270abdc9d3f5c530a6a29393939

SHA512
e53bf1e2d58a47f8b3bfc2951a39c6c1e0f28f3e0ac8fc413ca473e3d5b7c1743e62aef5e96c837ae76e8eee15c14a118f61be220d63e34f1c940e7386bd857d

Download Submit
/data/user/0/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
4KB

MD5
d67c20bf8f694e491c2da569ce1e3baa

SHA1
1787c19fbaa5a96577ff1b247c14d40eebc78809

SHA256
36cffba1a3a3bd174f408f9f330f1d92821adead40663ffe488a2e23affcde26

SHA512
5756b0d9989dda7e7e94838d06dd7c47182f16793f4566265b1d456135452011173aa1c6ddd101d6cc5731de76d7812a1e9f6ff14f32123580fe5c0f806acc62

Download Submit
/data/user/0/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/user/0/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_63d3c517-b1c5-47d4-b23f-7046dd4a4cce_1720834938891.tap

Filesize
360B

MD5
8ade4d0a999d470196e58245287ec383

SHA1
69f402e9435faa8af15db2432157b2d106e79e41

SHA256
da48e4c0337a2b71e3c2c17f495e44016bd487beb99bc8611464d16dc7099723

SHA512
027d298534d4e6e9b8a9f96e0b1f074fc424a66b0736adf9a2b515119457ea02777344a106bdf187441566944dc4e80c79215df45725478796755b02c84dc7c2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads