sandrorat | ef76f412df4275fbeac3e98b7c1661c9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

Reason

zip: not a valid zip file

Reason

zip: not a valid zip file

General

Target

ef76f412df4275fbeac3e98b7c1661c9_JaffaCakes118
Size

18.1MB
MD5

ef76f412df4275fbeac3e98b7c1661c9
SHA1

c6ee1a0e5e5ff3a95cf6684ea4d3dfa86753cbb7
SHA256

b6d88c1b604301462d0eeaa97ca9a114b61e1d66eecb60636906ccf90644446c
SHA512

ae45323a7d96f284c194eeceb179e6f5a40a3b7189b9305f0f9bfcafa55f18e37ce8e3e146ae15019fb67c2df839f54dbcc7935692ae54ad437a56b28fa8b8fc
SSDEEP

393216:s+ZJZFcRoUoMiob1eO3tC1WIU0s7400L2DvoW9UW:suJZKqUj/tC1s7Su3R

Score

10^/10

sandrorat

Malware Config

Extracted

Family

sandrorat

192.168.1.5:1337

Signatures

Sandrorat family
sandrorat

Requests dangerous framework permissions 14 IoCs

description	ioc
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to record audio.	android.permission.RECORD_AUDIO
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Required to be able to access the camera device.	android.permission.CAMERA
Allows an application to write the user's contacts data.	android.permission.WRITE_CONTACTS
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to read the user's call log.	android.permission.READ_CALL_LOG
Allows an application to write and read the user's call log data.	android.permission.WRITE_CALL_LOG
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/aapt.exe

Files

ef76f412df4275fbeac3e98b7c1661c9_JaffaCakes118
.zip
DroidJack.4.4.Cracked.2.02.2016/DroidJack/.DS_Store
DroidJack.4.4.Cracked.2.02.2016/DroidJack/Apktool/.DS_Store
DroidJack.4.4.Cracked.2.02.2016/DroidJack/Apktool/SandroRat.apk
.apk android

net.droidjack.server

net.droidjack.server.MainActivity

Activities

net.droidjack.server.MainActivity

android.intent.action.MAIN

net.droidjack.server.CamSnapDJ

android.intent.action.CAMSNAPDJ

net.droidjack.server.VideoCapDJ

android.intent.action.VIDEOCAPDJ

Permissions

android.permission.READ_SMS
android.permission.RECEIVE_SMS
android.permission.RECORD_AUDIO
android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.ACCESS_WIFI_STATE
android.permission.READ_PHONE_STATE
android.permission.WRITE_SMS
android.permission.ACCESS_FINE_LOCATION
android.permission.ACCESS_NETWORK_STATE
android.permission.CAMERA
android.permission.WRITE_CONTACTS
android.permission.READ_CONTACTS
android.permission.SEND_SMS
android.permission.READ_CALL_LOG
android.permission.WRITE_CALL_LOG
com.android.browser.permission.READ_HISTORY_BOOKMARKS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.WAKE_LOCK
android.permission.CALL_PHONE
android.permission.GET_TASKS
android.permission.CHANGE_NETWORK_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.INTERNET

Receivers

net.droidjack.server.Connector

android.net.conn.CONNECTIVITY_CHANGE
android.intent.action.BOOT_COMPLETED

net.droidjack.server.CallListener

android.intent.action.PHONE_STATE

Services
DroidJack.4.4.Cracked.2.02.2016/DroidJack/Apktool/aapts.zip
.zip
aapt
.macho macos arch:x86
aapt.exe
.exe windows:4 windows x86 arch:x86

6cae795410282b03a8c84b120ba75b69

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CloseHandle
CreateEventA
CreateFileMappingA
CreateMutexA
CreateSemaphoreA
CreateThread
DeleteCriticalSection
EnterCriticalSection
ExitProcess
GetCurrentThreadId
GetFileAttributesA
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemInfo
GetSystemTimeAsFileTime
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsDBCSLeadByteEx
LeaveCriticalSection
MapViewOfFile
MultiByteToWideChar
ReleaseMutex
ReleaseSemaphore
SetLastError
SetUnhandledExceptionFilter
SignalObjectAndWait
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnmapViewOfFile
WaitForSingleObject
WideCharToMultiByte

msvcrt

_access
_close
_dup
_fdopen
_fstat
_getpid
_lseek
_open
_read
_stat
_strdup
_unlink
_write
__getmainargs
__lc_codepage
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_cexit
_chsize
_errno
_filbuf
_findclose
_findfirst
_findnext
_fullpath
_get_osfhandle
_iob
_isctype
_lseeki64
_mkdir
_onexit
_pctype
_setjmp
_setmode
_stricmp
_strnicmp
abort
atexit
atoi
calloc
exit
fclose
fflush
fopen
fprintf
fputc
fputs
fread
free
fseek
ftell
fwrite
getenv
gmtime
localeconv
localtime
longjmp
malloc
memchr
memcpy
memmove
memset
mktime
pow
printf
putchar
puts
qsort
rand
realloc
remove
rewind
signal
sprintf
srand
strcat
strchr
strcmp
strcpy
strerror
strftime
strlen
strncmp
strncpy
strrchr
strstr
strtok
strtol
time
tolower
toupper
wcslen

Sections

.text
Size: 682KB - Virtual size: 682KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
DroidJack.4.4.Cracked.2.02.2016/DroidJack/Apktool/apktool.jar
.jar
DroidJack.4.4.Cracked.2.02.2016/DroidJack/Apktool/certificate.pem
DroidJack.4.4.Cracked.2.02.2016/DroidJack/Apktool/efm.jar
DroidJack.4.4.Cracked.2.02.2016/DroidJack/Apktool/key.pk8
DroidJack.4.4.Cracked.2.02.2016/DroidJack/Apktool/signapk.jar
.jar
DroidJack.4.4.Cracked.2.02.2016/DroidJack/DroidJack_lib/commons-codec-1.6.jar
.jar
DroidJack.4.4.Cracked.2.02.2016/DroidJack/DroidJack_lib/commons-io-2.4.jar
.jar
DroidJack.4.4.Cracked.2.02.2016/DroidJack/DroidJack_lib/commons-lang3-3.3.2.jar
.jar
DroidJack.4.4.Cracked.2.02.2016/DroidJack/DroidJack_lib/commons-logging-1.1.1.jar
.jar
DroidJack.4.4.Cracked.2.02.2016/DroidJack/DroidJack_lib/fluent-hc-4.2.5.jar
.jar
DroidJack.4.4.Cracked.2.02.2016/DroidJack/DroidJack_lib/httpclient-4.2.5.jar
.jar
DroidJack.4.4.Cracked.2.02.2016/DroidJack/DroidJack_lib/httpclient-cache-4.2.5.jar
.jar
DroidJack.4.4.Cracked.2.02.2016/DroidJack/DroidJack_lib/httpcore-4.2.4.jar
.jar
DroidJack.4.4.Cracked.2.02.2016/DroidJack/DroidJack_lib/httpmime-4.2.5.jar
.jar
DroidJack.4.4.Cracked.2.02.2016/DroidJack/DroidJack_lib/jaad-0.8.4.jar
.jar
DroidJack.4.4.Cracked.2.02.2016/DroidJack/DroidJack_lib/json.jar
.jar
DroidJack.4.4.Cracked.2.02.2016/DroidJack/DroidJack_lib/kryonet-2.21-all.jar
.jar
DroidJack.4.4.Cracked.2.02.2016/DroidJack/DroidJack_lib/quaqua.jar
.jar
DroidJack.4.4.Cracked.2.02.2016/DroidJack/DroidJack_lib/sqlite-jdbc-3.8.11.2.jar
.jar
DroidJack.4.4.Cracked.2.02.2016/DroidJack/DroidJack_lib/sqljet-1.1.10.jar
.jar
DroidJack.4.4.Cracked.2.02.2016/DroidJack/DroidJack_lib/zip4j_1.3.2.jar
.jar
DroidJack.4.4.Cracked.2.02.2016/DroidJack/Droidjack.jar
.jar
DroidJack.4.4.Cracked.2.02.2016/DroidJack/Readme.txt
DroidJack.4.4.Cracked.2.02.2016/__MACOSX/DroidJack/._.DS_Store
DroidJack.4.4.Cracked.2.02.2016/__MACOSX/DroidJack/._Readme.txt
DroidJack.4.4.Cracked.2.02.2016/__MACOSX/DroidJack/Apktool/._.DS_Store
DroidJack.4.4.Cracked.2.02.2016/__MACOSX/DroidJack/Apktool/._apktool.jar

Sharing

Errors

General

Malware Config

Extracted

Signatures

Files

net.droidjack.server

net.droidjack.server.MainActivity

Activities

net.droidjack.server.MainActivity

net.droidjack.server.CamSnapDJ

net.droidjack.server.VideoCapDJ

Permissions

Receivers

net.droidjack.server.Connector

net.droidjack.server.CallListener

Services

6cae795410282b03a8c84b120ba75b69

Headers

File Characteristics

Imports

kernel32

msvcrt

Sections

.text Size: 682KB - Virtual size: 682KB

.data Size: 19KB - Virtual size: 19KB

.rdata Size: 126KB - Virtual size: 126KB

.bss Size: - Virtual size: 3KB

.idata Size: 3KB - Virtual size: 3KB

.text
Size: 682KB - Virtual size: 682KB

.data
Size: 19KB - Virtual size: 19KB

.rdata
Size: 126KB - Virtual size: 126KB

.bss
Size: - Virtual size: 3KB

.idata
Size: 3KB - Virtual size: 3KB