3b736a91dca7ae8608c2174ad589400d3fd5fae55a395920841a49eb10657a37

Analysis

max time kernel
7s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
01/10/2024, 19:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

071252efdf552ed657a1d6cbc62f52e5_JaffaCakes118.apk
Size

1.0MB
MD5

071252efdf552ed657a1d6cbc62f52e5
SHA1

b21f52062fd6805506edeb078e56812636ac4378
SHA256

3b736a91dca7ae8608c2174ad589400d3fd5fae55a395920841a49eb10657a37
SHA512

01b6e8485872bbfbb940db1d5679fb0667e9bfa6c29f9f48b3a47ba3bfcda7e7165017692fb29a806489146dcbb9295972ac7627f34d1e07e09a70c02129e478
SSDEEP

12288:oorhaww5VIK4IQqKJxRAGwG/MFf/pjP61n2jthi2iqL5sP32hn7LXCwAwuX3TgyM:oKhw5VfG0G/MptG2j832VLIDgyM

Score

8^/10

evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/xbin/su	com.tutusw.onekeyvpn
/system/bin/su	com.tutusw.onekeyvpn

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.tutusw.onekeyvpn

com.tutusw.onekeyvpn
1⤵
- Checks if the Android device is rooted.
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4252

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.tutusw.onekeyvpn/files/openvpn/02.pem

Filesize
3KB

MD5
2d1e4e3040f808a4349c57ed204401d0

SHA1
12f7927aec249a014f820a2231f1ee04aeedb6e9

SHA256
fa55e81ebcbf17c6b726fc9802585740c0cbce3e6771c5a6ca7ee6c166b6a6d2

SHA512
b3ef56759d8d40fe8f159f96be1293d6c13f0f3c94d86fcf93697a5e313fcaea640471532d072abcd5b662b14b24f7779d88a32ab8813a7bc37ea95cd82fbce6

Download Submit
/data/data/com.tutusw.onekeyvpn/files/openvpn/ca.crt

Filesize
1KB

MD5
45d1c013ab772af67d0b669a8f12eec2

SHA1
d892147a34dc0d04255bdb7201fade38c837589e

SHA256
f270aef66cc69fdac788049999e5cab2855ab6e89eef0aa1f70477d46cdff9b7

SHA512
e2f3c1ba719bbef7d38a19127b689bd5230856965eb30e12c9199a8b35044384dd0861499d10808353142bb8ba8f9a4f2f2973e6fff7743c5c08b2c9cb2bc4c8

Download Submit
/data/data/com.tutusw.onekeyvpn/files/openvpn/client.ovpn

Filesize
613B

MD5
845a13332ef421d367d303cdb0806cd5

SHA1
66cc614d08032c58781f0b6cad640381c76dc24c

SHA256
a7e559c89e904df6941673eaf3ebae45c291506a167233a8568f1497a8f8960a

SHA512
e71289d714d10adcd6cd55d06427614b9df377bb5c476decae933270dadcdc0fa30b86b36f8a25050a1e3dded28b8842b5c8f376debf242875f9a1259e967476

Download Submit
/data/data/com.tutusw.onekeyvpn/files/openvpn/client1.csr

Filesize
712B

MD5
b6c607eb585c7af8ab32fe1ac1e07711

SHA1
13fbc973ca86c5c35552e8442c5828d0417e0748

SHA256
10a51dad7a120b48ac196d59d7118ef0342c97d546a1796fdaf3dcee5cc9efc3

SHA512
1a2cce5f6bb3b8fa1f870d138bde0e45f5c7ac4b405bfffe0fde0ef379b18e10126da1de6986acd0232316ddfbec52cda338710a87ce878b0196b2e98691e0ef

Download Submit
/data/data/com.tutusw.onekeyvpn/files/openvpn/client1.key

Filesize
887B

MD5
1d1e700161e3bd953f3735c2b457a30f

SHA1
2465eb38c216e075d82979adfd419892bd4420bd

SHA256
0009de3e23aae8f04bf71d57ba5facef13c0543a903c3806fddd9ca866121a24

SHA512
4c26502d4da5c9b57b98b1e001900aefef7497837ae058eb00fc9f3fbb6b864e10a6bad65606a4ff0b176425c461fe5cf5175a66a5415b09e7dac03b9095079c

Download Submit
/data/data/com.tutusw.onekeyvpn/files/openvpn/ta.key

Filesize
636B

MD5
783b5be3bfab0e6ab734da7417b4375d

SHA1
46378b7ce0d8223a8eba6786369840a5ce64fa85

SHA256
c57c4b8f81fca1c6fcc87d635e15564b03679ff61643fbf6fccfbe0a555087d2

SHA512
36e0e80d1960917059fe6ff70e0bc405697688c984eb39dad129dbe625b11187f3ebdae3f97547bcceb32254dc906fbbadf362d8b0c7398a629a2056adb4da05

Download Submit