21ae5b6a8730955799eaa8d52b67f55574f0b96e5a99d8885ff0745a058fd424

Analysis

max time kernel
123s
max time network
149s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
05-10-2024 09:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

170f385db48d8b3b3a5be1817dab80b5_JaffaCakes118.apk
Size

1.9MB
MD5

170f385db48d8b3b3a5be1817dab80b5
SHA1

ae865638ce0a64db91a762626409b33fd3bee768
SHA256

21ae5b6a8730955799eaa8d52b67f55574f0b96e5a99d8885ff0745a058fd424
SHA512

42f9bea47e9afceefa2cdd527fb5239f38793e10c98b0fd4048980b3e6a7799b656ea25bb42d9004a215abd004176c2061cf761e7e7230578d3eacc044ef98a8
SSDEEP

24576:+WZij88tD1w3QIkDwnnDkbOKT7dX7DHWnnuwHYPHk1D1G/Yno6+wm4c1lOc94MHg:+WpsajJ/KFXH8vYPHe1iD/b4J6lsRj

Score

6^/10

discovery persistence ransomware

Malware Config

Signatures

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	android.process.dhome

Changes the wallpaper (common with ransomware activity) 1 IoCs

ransomware

description	ioc	Process
Framework service call	android.app.IWallpaperManager.setWallpaper	android.process.dhome

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	android.process.dhome

android.process.dhome
1⤵
- Queries information about active data network
- Changes the wallpaper (common with ransomware activity)
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4212

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.guiji.launcher/databases/Ddesktop.db

Filesize
20KB

MD5
165d7426d5aed6087d823926bcb1aca2

SHA1
4e2df0811e8dc848e0a34e590f7c9d0f2326618a

SHA256
4633b82425e8a5391a9242a1def7c9e52100f076442bd320d6abc4541db72d78

SHA512
ed458bcf05d37513383e479dccec0ac7f035fe8b5ef56f3b35cab58ec98370be8329cfb79571ea9d151bccf1dfbda5b563794c6b6167a057970eaed586002481

Download Submit
/data/data/com.guiji.launcher/databases/Ddesktop.db-journal

Filesize
512B

MD5
5a8bf6b7f69266ecd3cb5a82baa14e4a

SHA1
994c3d409c20652b20e074ddb3c76521005e6fd6

SHA256
8a5720e84f3ab82ea5ef13ad3d9d3bcf895c84f6060b7a82dc018eeee6e05326

SHA512
c97d98563fe5ed93847d946468b1c3eed9303650b8615dd83ca901beb10735f8d411327b12d55330daf9a81ee79b2d9d478c905cce29ec75795d825b6f844010

Download Submit
/data/data/com.guiji.launcher/databases/Ddesktop.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.guiji.launcher/databases/Ddesktop.db-wal

Filesize
32KB

MD5
477a5afce9dcc8d3a3d8cf468964f5e6

SHA1
0ebd020bb50ac1802b19e3fd6459980d7e9db4b7

SHA256
62fee6d9387a1da57fe10453ecb00fc26955c7d0af980f79d96eb24b555f5795

SHA512
001a57e24fe9a4480f006e8a17c356b23e2769609e731f5956a8888dfd04955f9139a0eb32f3636add638041790c41490c8bae22eb1c16c5f986f0655d7d484d

Download Submit
/data/data/com.guiji.launcher/databases/launcher.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.guiji.launcher/databases/launcher.db-journal

Filesize
512B

MD5
43b7433455a59ae75c1261288204742f

SHA1
44584587ecc48946a57ca0023f9d391dfd3b22fd

SHA256
21962af61bebeaf347a250a6cf8097ad0009ea41ee4a281c2d519f0bce69ffcc

SHA512
e8f022a65a2c897d4167db653ae2eee76021ca59972e607ef75fa6071845c05efe8132c81d3735eaa440008ceec0649d8928b0af3ce1d2d82364af5593edadf8

Download Submit
/data/data/com.guiji.launcher/databases/launcher.db-wal

Filesize
32KB

MD5
e70927e70a4cf78d1a48cf275955851f

SHA1
dc4fbed697560aea6d033858b9370b1449c2f766

SHA256
39a438148f22b1bb8d8d699e689322c2bd702918f51df7bd80096f06517739c8

SHA512
78b50d7a723ae566ae22497edd00518faf91e8c3b7a3dd0f20db5f1383a51abcc4ff65d19fc7324e8619a4d27969cf632360a7b05d1bbcca286e1b53a283393e

Download Submit
/data/data/com.guiji.launcher/files/launcher.preferences

Filesize
15B

MD5
8045cecd3d5a4c893e3a75d47b17121e

SHA1
61f08d6c53ae857cfd4be1bf607a6c80e5e78b23

SHA256
9bd54ce2fe34faa03d173df22621b5c747e544ed354e521889b692c031ba99b3

SHA512
70d34c24ccb3f90cdf930f0e24d67441e2aafc5baa5ae95c5e288b788cf25df394254f9bf55d45a5893b78457873b6169b8868a4fd45364c2b485f90bd4c0099

Download Submit
/data/system/users/0/wallpaper_orig

Filesize
94KB

MD5
0033067381c4c1db4d8868f1792f3245

SHA1
3a998be22767138a12e84f2eb4493eb0bcb24d2d

SHA256
8a1fe51a1055f3ba13bfa2cdb20f7a3b798659784f9a4144b49d4a76d9d87c55

SHA512
f75961239bb8f1a36aad84047d59547ac9e256d9b96ed0856c8e929ac82f9454c0e3de42532880c286867c5ff092c9339c904f6d1ee9c58b37571468d6b8182b

Download Submit
/storage/emulated/0/Ddesktop/assets/08080747555353874553.dd

Filesize
518KB

MD5
803e7dd4f259ef126d3cf0ee650c5a53

SHA1
67afbf9272d26540726d257ea1e95559f3f48fec

SHA256
749a0feb7a95954f788435d8822af317e84200f975ce94d265e788b4c9784269

SHA512
0e9b29d9294b6a1b6c1d9cc75ae95a00603f6b47c9164984f2f314036ce3b25c6c25c9e588333188da03c28870984dbcef7d60acde3b10dd20de7a9b0e182975

Download Submit