2dbcdaa517464d2a1865a412dcaa7d6d87c165c2582ca024c164004af15b41bb

Analysis

max time kernel
9s
max time network
164s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
26-08-2024 00:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c1f5a50625b0cd10266f1dc5413c810b_JaffaCakes118.apk
Size

16.4MB
MD5

c1f5a50625b0cd10266f1dc5413c810b
SHA1

2e627391016ddab7de61dbadc7728550ce6c9f8d
SHA256

2dbcdaa517464d2a1865a412dcaa7d6d87c165c2582ca024c164004af15b41bb
SHA512

59a58cea4887d758042cbe51cac39ab96aaa6836a20671440f6b3c32feb1212f5147a3ddc89986cdf992474396674126783ea7dce4c60cba0911ab0b43fc9ba7
SSDEEP

393216:AUskaRlwiD5y2fZQPWp5HVqZ3OdGGfyoVCwqaMgU:AUPaRlwidy6mPk51qAewCw7MgU

Score

7^/10

discovery evasion

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
evasion

Download New Code at Runtime
T1407

Processes:

www.sagital.pknight

ioc pid process

/data/user/0/www.sagital.pknight/files/stares/updates/sta.jar 5063 www.sagital.pknight
Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Acquires the wake lock 1 IoCs

Processes:

www.sagital.pknight

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock www.sagital.pknight
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

ioc	pid	process
/data/user/0/www.sagital.pknight/files/stares/updates/sta.jar	5063	www.sagital.pknight

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	www.sagital.pknight

www.sagital.pknight
1⤵
- Loads dropped Dex/Jar
- Acquires the wake lock
PID:5063

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/www.sagital.pknight/files/stares/updates/sta.jar

Filesize
2.1MB

MD5
e1dd5bacfa75b9cf6abf6eaa1635e3c7

SHA1
96a86954d989f634798c91523712c34eab06da3d

SHA256
8dc8a08cb4af889317d11fec26e2c1058f2af5056a4dbc25deaec8707073947f

SHA512
e62c106f91d7a7202411a6938ed721fa695257f205e93772a87c59804a899a1bafd4887d48f2c9f33e5fe3ab6965227beb3fee007515ceb926e83d0e990fcc37

Download Submit
/data/user/0/www.sagital.pknight/files/stares/updates/sta.jar

Filesize
3.4MB

MD5
387e3984e552f9a4f47309dfc453f82a

SHA1
0e629acc985bb3565f33339ff04e9e1b73675cfe

SHA256
245b99a86572d6736a00b18cdd507b865df688f14bf2fe232be26ef5a6171330

SHA512
3d81d00d68b5ce7c5f91ad5086793b592d6f8658d67f74cdbdb9418c726dfb4f491a50a94030358927d8fd60c2a72534a11c13602424968e3bb99551b493dcd6

Download Submit
/storage/emulated/0/data/.systemid

Filesize
36B

MD5
6bebefc6d9f5f5e326d52a61ed49b7d4

SHA1
2154c2ccbbeb1fb4b8d13cce27207ee3807c6025

SHA256
f40e7c7328873ec67edaaf2641037a429b435c5da937a0f54610f8ac25069545

SHA512
0133ccf30b684886c19a0f498574872273480650ecc78fea0267391e6554da0f8ca3a2eb950db894dd4fb4d59cfa07ecc6facfa9a270b7a474ba1fb187d03943

Download Submit