2dbcdaa517464d2a1865a412dcaa7d6d87c165c2582ca024c164004af15b41bb

Analysis

max time kernel
20s
max time network
141s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
26-08-2024 00:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c1f5a50625b0cd10266f1dc5413c810b_JaffaCakes118.apk
Size

16.4MB
MD5

c1f5a50625b0cd10266f1dc5413c810b
SHA1

2e627391016ddab7de61dbadc7728550ce6c9f8d
SHA256

2dbcdaa517464d2a1865a412dcaa7d6d87c165c2582ca024c164004af15b41bb
SHA512

59a58cea4887d758042cbe51cac39ab96aaa6836a20671440f6b3c32feb1212f5147a3ddc89986cdf992474396674126783ea7dce4c60cba0911ab0b43fc9ba7
SSDEEP

393216:AUskaRlwiD5y2fZQPWp5HVqZ3OdGGfyoVCwqaMgU:AUPaRlwidy6mPk51qAewCw7MgU

Score

7^/10

discovery evasion

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/www.sagital.pknight/files/stares/updates/sta.jar --output-vdex-fd=68 --oat-fd=70 --oat-location=/data/user/0/www.sagital.pknight/files/stares/updates/oat/x86/sta.odex --compiler-filter=quicken --class-loader-context=&www.sagital.pknight

ioc	pid	process
/data/user/0/www.sagital.pknight/files/stares/updates/sta.jar	4441	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/www.sagital.pknight/files/stares/updates/sta.jar --output-vdex-fd=68 --oat-fd=70 --oat-location=/data/user/0/www.sagital.pknight/files/stares/updates/oat/x86/sta.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/www.sagital.pknight/files/stares/updates/sta.jar	4309	www.sagital.pknight

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Acquires the wake lock 1 IoCs

Processes:

www.sagital.pknight

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock www.sagital.pknight

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	www.sagital.pknight

www.sagital.pknight
1⤵
- Loads dropped Dex/Jar
- Acquires the wake lock
PID:4309
- getprop ro.board.platform
  2⤵
  PID:4356
- getprop ro.mediatek.platform
  2⤵
  PID:4379
- getprop ro.board.platform
  2⤵
  PID:4398
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/www.sagital.pknight/files/stares/updates/sta.jar --output-vdex-fd=68 --oat-fd=70 --oat-location=/data/user/0/www.sagital.pknight/files/stares/updates/oat/x86/sta.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4441

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/www.sagital.pknight/app_plugin_lib/libabcdefgh.so

Filesize
61KB

MD5
042246eb7c48a8cda97de99465e6a177

SHA1
f71816c4a80fbb7b63bfd6425d98db513aecb00a

SHA256
9a712cb778e9d43f8f4ea9fa2b9f4b8cc29daf74984d04f0c938dff21c118342

SHA512
2d201619998113c5d2990c92c28c973d557872bc4bbde153b5fca39bfe0b799ef0e9bf8c29d1304847f8e6691d55649d04c6a82fe8f03e621c9e8da50c50faa8

Download Submit
/data/data/www.sagital.pknight/files/stares/updates/sta.jar

Filesize
2.1MB

MD5
e1dd5bacfa75b9cf6abf6eaa1635e3c7

SHA1
96a86954d989f634798c91523712c34eab06da3d

SHA256
8dc8a08cb4af889317d11fec26e2c1058f2af5056a4dbc25deaec8707073947f

SHA512
e62c106f91d7a7202411a6938ed721fa695257f205e93772a87c59804a899a1bafd4887d48f2c9f33e5fe3ab6965227beb3fee007515ceb926e83d0e990fcc37

Download Submit
/data/user/0/www.sagital.pknight/files/stares/updates/sta.jar

Filesize
3.4MB

MD5
ce124386c7b2ae625849c583f83967c6

SHA1
ddafd6802992f51f0409839453ef9fc611ca735c

SHA256
44d11f57ecd7596d3e762da32bdb8ed4ba94a53c585c5d9de47007f1a20d5eb2

SHA512
38f68a23c35e34ad857146b2a42866225f7588697e1887a854a03613565785f1d2cddc512b21a37889db00ec9bc57f061cb2b4578c5a5b24bb53012b0efad553

Download Submit
/data/user/0/www.sagital.pknight/files/stares/updates/sta.jar

Filesize
3.4MB

MD5
387e3984e552f9a4f47309dfc453f82a

SHA1
0e629acc985bb3565f33339ff04e9e1b73675cfe

SHA256
245b99a86572d6736a00b18cdd507b865df688f14bf2fe232be26ef5a6171330

SHA512
3d81d00d68b5ce7c5f91ad5086793b592d6f8658d67f74cdbdb9418c726dfb4f491a50a94030358927d8fd60c2a72534a11c13602424968e3bb99551b493dcd6

Download Submit
/storage/emulated/0/data/.systemid

Filesize
36B

MD5
200675d70568a5790b1df5db363c9caa

SHA1
b89e2d653e1238278fa1d470ca2635d17f4d6048

SHA256
091e78f995fe42a4fd9c1e35048fd1fd80503f6b8672e871c3f69d5259c06e29

SHA512
fe52c190444dfddf5dbdd003774e5f9200515bc1edb6a2d2073f8c4a8b3bba673815b5650e6a1f27d4e45fa35fbd5ce6208999e5eb7d53d7e1bd663c924acec2

Download Submit