21ae5b6a8730955799eaa8d52b67f55574f0b96e5a99d8885ff0745a058fd424

Analysis

max time kernel
123s
max time network
156s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
05/10/2024, 09:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

170f385db48d8b3b3a5be1817dab80b5_JaffaCakes118.apk
Size

1.9MB
MD5

170f385db48d8b3b3a5be1817dab80b5
SHA1

ae865638ce0a64db91a762626409b33fd3bee768
SHA256

21ae5b6a8730955799eaa8d52b67f55574f0b96e5a99d8885ff0745a058fd424
SHA512

42f9bea47e9afceefa2cdd527fb5239f38793e10c98b0fd4048980b3e6a7799b656ea25bb42d9004a215abd004176c2061cf761e7e7230578d3eacc044ef98a8
SSDEEP

24576:+WZij88tD1w3QIkDwnnDkbOKT7dX7DHWnnuwHYPHk1D1G/Yno6+wm4c1lOc94MHg:+WpsajJ/KFXH8vYPHe1iD/b4J6lsRj

Score

6^/10

discovery persistence ransomware

Malware Config

Signatures

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	android.process.dhome

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	android.process.dhome

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Changes the wallpaper (common with ransomware activity) 1 IoCs

ransomware

description	ioc	Process
Framework service call	android.app.IWallpaperManager.setWallpaper	android.process.dhome

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	android.process.dhome

android.process.dhome
1⤵
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Changes the wallpaper (common with ransomware activity)
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4981

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.guiji.launcher/databases/Ddesktop.db

Filesize
20KB

MD5
cc5fc5e7ab8d8b23faa7a92084088be3

SHA1
d347c8eed74e50af03ac1990ec54c960709e8120

SHA256
cfc0ddb5f435ac4dbbb1f3225730869428698d3865c4fc3f57bd4680bf872b8d

SHA512
9485e50297003f6435ebbe5ce7e52936874aba0abb6f50dac45d994121ae2aaef4e02d00e413e97e971165590651274251bb4efa1a0e1559fbeb31678adbda17

Download Submit
/data/data/com.guiji.launcher/databases/Ddesktop.db-journal

Filesize
512B

MD5
539faeb9e687f4602aa6658885acd88f

SHA1
92aeb9c378d15f89f1dd0957601fccab927f770a

SHA256
dc5bcd15e39f6a42647b70fdcc223585f125a737c2407af4fe360021d0839379

SHA512
d1d30bd5dcb94f7d63b07abf95a89814019b31a7ccb28dd3d4097514e7ac54db168bb85c17ce3878c7ad65f3de9e65f9efce2f38c85986f9d883bf53632fd6ad

Download Submit
/data/data/com.guiji.launcher/databases/Ddesktop.db-journal

Filesize
8KB

MD5
21ef2495d3b13bdcedb55d47f13adf39

SHA1
3bfc5f53ebb927e066f75a805f9e9e850a3b3604

SHA256
dca02eb2655720353ce95c96920bc0698e097a433bc6cf8e3502d556ca5aa1ff

SHA512
71b538c8360abe8c3026afcd5bf2d29548c18b5f6803922e78ba1436be616ae155b0ada2314e8a543be9e2cd269f7156ff3072f7c116d1c37c0d0901fdf328f3

Download Submit
/data/data/com.guiji.launcher/databases/Ddesktop.db-journal

Filesize
8KB

MD5
255f2235aa2bbe85130823aa3156783e

SHA1
4c22cfe1fc425266921777cf4124596f4b0a19bb

SHA256
d2312083366f57237a069d3360faf59652ecd25dc7b9a596f0a3a0dc011051a0

SHA512
2efcd73a3193acbe2519dceb3067685b1f962822228b18a46bb63b51ad6f079d36ff1cefef19e9ba0f22808fbd3d30b41a9a8c38591ab94676ea075119e9e2bd

Download Submit
/data/data/com.guiji.launcher/databases/launcher.db

Filesize
20KB

MD5
e00e8880bae5c0fbb47bd0d8c3bab900

SHA1
ddd225db8bb4900603aad0bab84fa054379e90f4

SHA256
30236de92a84955098bf66425a0f38d7d7af559346a7627d4e8338231d90625d

SHA512
b13958dd3da0c76d094f6a30ee5a46b894bcb1224f12d60c7b56336a84df63de85319bf408c2858c61e26f25755959ac56076b5e5e73374c4bcdc76bea90f5ac

Download Submit
/data/data/com.guiji.launcher/databases/launcher.db-journal

Filesize
512B

MD5
994e31c9d5d0acce89fdb9faf90f93d3

SHA1
e5318489246c8dee99c2b3e9b6bb2c7943fb0693

SHA256
bb01e26a5a6bcf3fb48aec65890addf6a3e17cc184e5244c0fa7fcd7951df987

SHA512
40ba9dea1e771da2c0757eb7f016cbc9f6d4ca5226e3c9128e0d29e2f6612153a58dd8cf00a3de3b96278422216d273fa8cd3892c1226d8b85acd16e5cc807a7

Download Submit
/data/data/com.guiji.launcher/databases/launcher.db-journal

Filesize
8KB

MD5
754b80ac227534d1ebddad69459aa410

SHA1
98d8072fad505017970f5a326d0d08f9529dc877

SHA256
df3fadec4d73dbe3f3929792bc675326d1477de7ed355774d32ddfb157d67c61

SHA512
671046d1743c191430cde48ac611f99c28b23ed822209aeac8ad90d75f0c5560d5cfa0e95cb23e7181c26c88c9676dc22ad095749493542d396967eefc47de82

Download Submit
/data/data/com.guiji.launcher/databases/launcher.db-journal

Filesize
8KB

MD5
0909357540416011c25a8f8a06c02571

SHA1
8262802ec4c9bf69845861962db15c26d29cfb15

SHA256
2d7ed2125a0f797cf5dab5b6b5235c9dd89ac55af7f289cd7b1a70bcdf3c7fc2

SHA512
082c3e31efb1105b3807c3554804ce250c4fce4acf522d9236c262228c1ac3b56852248e2757081bd567736030d3bf32a328b8c8eaf67338f8ebea39c6054273

Download Submit
/data/data/com.guiji.launcher/files/launcher.preferences

Filesize
15B

MD5
8045cecd3d5a4c893e3a75d47b17121e

SHA1
61f08d6c53ae857cfd4be1bf607a6c80e5e78b23

SHA256
9bd54ce2fe34faa03d173df22621b5c747e544ed354e521889b692c031ba99b3

SHA512
70d34c24ccb3f90cdf930f0e24d67441e2aafc5baa5ae95c5e288b788cf25df394254f9bf55d45a5893b78457873b6169b8868a4fd45364c2b485f90bd4c0099

Download Submit
/data/system/users/0/wallpaper_orig

Filesize
93KB

MD5
1700fc73c93f1e0ae41f1fb55a5d8bb0

SHA1
28011f05229be5ef13feadb266310486f4315a1e

SHA256
381e4b6ee30671bfc014f3474ce141a986ce1511f4706a7d9026196707b090fa

SHA512
b00774e6083134a54dc2007cc8eb7bfa8438e1efeaa48194e41fdcaa5c574afbbda90e7117cc084a9154008404c54140d1418c4b5b9e0256942160fe6538adf4

Download Submit
/storage/emulated/0/Ddesktop/assets/08080747555353874553.dd

Filesize
518KB

MD5
803e7dd4f259ef126d3cf0ee650c5a53

SHA1
67afbf9272d26540726d257ea1e95559f3f48fec

SHA256
749a0feb7a95954f788435d8822af317e84200f975ce94d265e788b4c9784269

SHA512
0e9b29d9294b6a1b6c1d9cc75ae95a00603f6b47c9164984f2f314036ce3b25c6c25c9e588333188da03c28870984dbcef7d60acde3b10dd20de7a9b0e182975

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads