Resubmissions

14-10-2024 23:16

241014-28974svgjl 10

02-06-2024 00:34

240602-awqt6acd8w 10

Analysis

  • max time kernel
    418s
  • max time network
    423s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    14-10-2024 23:16

General

  • Target

    8c543bfa2f35df239b307fc3694bf9f1_JaffaCakes118.apk

  • Size

    8.0MB

  • MD5

    8c543bfa2f35df239b307fc3694bf9f1

  • SHA1

    f00112f980c6d8925ca7a31257f20185fff4f5e8

  • SHA256

    52dc47b0a8dbfd8517d5f7b58def83d386b10e49e6fd95a32cb79fc0127e0e4b

  • SHA512

    a7ef7de2f5efcc2d9bf12af48ced4eb83b52c98f233e9dbcea6bfc1c7c43ffa19343b6bd8ab99d6bce74e320fb747cf8cd7bcaba1daf3ecd7137c67929622ac4

  • SSDEEP

    196608:NhHvDIhu0Shvlaew0f9gGcbz3fLVH02dICDI/EIT6aJ:HrIhchNae3fUHjV0c1DI/EhaJ

Malware Config

Signatures

  • 888RAT

    888RAT is an Android remote administration tool.

  • Android SMSWorm payload 1 IoCs
  • SMSWorm

    SMSWorm is an Android malware that can spread itself to a victim's contact list via SMS first seen in May 2021.

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Requests dangerous framework permissions 2 IoCs

Processes

  • com.example.dat.a8andoserverx
    1⤵
    • Removes its main activity from the application launcher
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about active data network
    PID:4216

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/.app.apk

    Filesize

    6.2MB

    MD5

    17d5fad7f7c8b13749d0c6a2946c4262

    SHA1

    8c3510246c20a657466de84b74e0632aaddc3b26

    SHA256

    7c4a3d9738d16f699b2ecbb6eacadc87b2053ca09208b007661f35128483f271

    SHA512

    0ffd0e4f88631b33fbd2f622b5733de9d61e5dc98ad90d709be481e6af59540820984c8a192ad3a387fcc831fe6c9062f6d98e0b35646ed75eb40eff0c47bd59