273fedd80466c2181e0eab966ed28271feec4e1dd10d4d54b19a1c888034305c

Analysis

max time kernel
3s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
28/09/2024, 11:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fc2c7b4352902bd5f01c9548b3dba36e_JaffaCakes118.apk
Size

2.7MB
MD5

fc2c7b4352902bd5f01c9548b3dba36e
SHA1

0aac91278f4f6d50d8eae9ef198fa0bf898ef8e1
SHA256

273fedd80466c2181e0eab966ed28271feec4e1dd10d4d54b19a1c888034305c
SHA512

db8f17db95b560e271108be8c875bc90128e4bde626aca8f5b181e9e3a68553dabdbb2c4e018ab98934b85acdb05c2219cc1cadacb464b6187a5db757ff6b67d
SSDEEP

49152:bA9TM+PKi89+QqxjhdHIfwi3E99TPFK1RtDagwzHcbB3C5qEJzcuB4eRNU3nVMMP:ETM889TqxldH6wiUPF2POgwzQw5qEhBY

Score

7^/10

evasion

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/net.nurik.roman.dashclock/app_app_apk/dashclock.dat.jar	4276	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/net.nurik.roman.dashclock/app_app_apk/dashclock.dat.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/net.nurik.roman.dashclock/app_app_apk/oat/x86/dashclock.dat.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/net.nurik.roman.dashclock/app_app_apk/dashclock.dat.jar	4251	net.nurik.roman.dashclock

net.nurik.roman.dashclock
1⤵
- Loads dropped Dex/Jar
PID:4251
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/net.nurik.roman.dashclock/app_app_apk/dashclock.dat.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/net.nurik.roman.dashclock/app_app_apk/oat/x86/dashclock.dat.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4276

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/net.nurik.roman.dashclock/app_app_apk/dashclock.dat.jar

Filesize
237KB

MD5
8286a4f46e22b74905323e7abff0eb5a

SHA1
49e201add8377b9f55cee9b84813abbb552d021d

SHA256
caf23065c5a1843d273add377f4538676207317a3bf5446a62f75a1f1bee71b2

SHA512
74f36b98820d826cb225062fe95700002010f62c1a6550bf1123f5137c4d79f24cb5141390cc7bc612a7d176ff9c71c4f61ccbe10a6519cae85d7bd5229092d3

Download Submit
/data/user/0/net.nurik.roman.dashclock/app_app_apk/dashclock.dat.jar

Filesize
237KB

MD5
9b69a4082aecc6e3c026e468b42e81b6

SHA1
c3e583c4c00ce744fd9cb37fd29fc10619b4b077

SHA256
4bb4fb00da52ebd5f2f46d7e85e0656e4ab0800a3e11b85d70c0be16a5292979

SHA512
1fcbf5a47dc6536ab3fe654603e70b5859e13d07f389a686ca65cd074f09e6179be2c865549064b387dfd2be0560fb187bdd5899b0aa994c83de93637bc112f2

Download Submit