a6e98c879516f96a8ce34e87676412458dbd0e76c8750834a78bfc4ff4cb88e5

Analysis

max time kernel
30s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
12/10/2024, 14:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3a6cbc33b046454227b0c866c29dec74_JaffaCakes118.apk
Size

1.1MB
MD5

3a6cbc33b046454227b0c866c29dec74
SHA1

9f7b94c831ee652755b535c411507946b2a9274c
SHA256

a6e98c879516f96a8ce34e87676412458dbd0e76c8750834a78bfc4ff4cb88e5
SHA512

62f2eb17ad91c5572f75d28c2a194ef80de77b97721b7bd63944873db99d1575af5b86b1c4b22d81a5d450c08fb1424f55f75271eb5b7699fe3026c6d7559abe
SSDEEP

24576:d9Bg/AKnp8gikde5zSak80sNpKDQTXczTuw:dHfse5zRracozTuw

Score

8^/10

discovery evasion stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4223	com.elfswipe

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.elfswipe

com.elfswipe
1⤵
- Removes its main activity from the application launcher
- Queries information about active data network
PID:4223

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.elfswipe/databases/du_ad_ts.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.elfswipe/databases/du_ad_ts.db-journal

Filesize
512B

MD5
e17e1c4e519329be6835d0e36759d47c

SHA1
a62c270fb6ea0f13b5940f92cba243ac958154bf

SHA256
7e382d812aed734d34f25985d1e78118b3c1ef45a00caf80c32cf7008c3b41da

SHA512
1b4f8bddbc699234c234214f045721e3c53e26c7fddd5a0f7c94fa54c36f396a48067d94f9af641c45b97d4e9c51370b5d949b4f5d77a9f016402017218d966e

Download Submit
/data/data/com.elfswipe/databases/du_ad_ts.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.elfswipe/databases/du_ad_ts.db-wal

Filesize
40KB

MD5
55ef3ded81e9b1dc420650ee1c707413

SHA1
838df1abf3105d8a7418db6ccbfe37bc3d755631

SHA256
8c3d9d690e31dfafcc1b533ae0e3dea7e7b2b4d8f917a9650e7ede9c54926a1d

SHA512
7f26a6fa0c614be45d952030591d7451f0b708c56d55101d064f6e36622bcd11ae424e0cc9c1b67bb1210210c332a8398c6085f8392ad9eb7550533dada6e0a7

Download Submit