f09db31ef6d4a6c18681d1785ae7b32a82afe818c44d7d5a338d454603f57ef8

Analysis

max time kernel
145s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
18/10/2024, 04:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

558eaf7244e256612fd7234403ee9717_JaffaCakes118.apk
Size

254KB
MD5

558eaf7244e256612fd7234403ee9717
SHA1

e5e08aa1d0d3218f1b71aa01d323408340fcb99e
SHA256

f09db31ef6d4a6c18681d1785ae7b32a82afe818c44d7d5a338d454603f57ef8
SHA512

b5e1ab26c1f12e237d71b9aafe44d25881b697591b35a78ba2dfccc28fc010133ba14b5858bca53fe6b353c6c1893a6702fb671bce63534af8de33609d42035f
SSDEEP

6144:RyMz4eyONlSg9go5uLMlixWkRaG8CxUyI/svj2zB7VM3l6:IXeyONll9HuwkEksG81pzB766

Score

8^/10

discovery evasion persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4313	net.droidjack.server

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	net.droidjack.server

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	net.droidjack.server

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	net.droidjack.server

net.droidjack.server
1⤵
- Removes its main activity from the application launcher
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4313

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
f553d76d0e3fd64242b0834f349ef2fe

SHA1
26ebf0fbe2ee1bc0e6ee3b3f3381a2bf4b90144d

SHA256
2e41ce5542acec52b8e568ffb9bbce1dbc00ef5c3d2acddf2a316072fca59985

SHA512
af168732def9efd1c5323cb8b8fb869ef90f5718bced01f04c9bf86d581f06880d5ffb4d89c26092f3c250aeb81ac3dc6c60a445e6bbc7215160da2d30088f58

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
187bbf215acab96a1d111b486815cbd8

SHA1
5287c44501815c7558fec9f5a102476a1d01b85f

SHA256
790210746595dfacb24d301124b1a82aab788d05696763b06d3da5d33832619a

SHA512
44d16ed7762dbab42f800f59d06aabf5ea479ba3041700936f021433ec50d18aad6342f54e09e72bcc74c8d3e2bddfa71cfbdb158679a851f8727e8426df4eea

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
615fb167553201de276d16a3cb04f100

SHA1
44b792bce1f8f54bd69cafec845692378f2f224e

SHA256
21c94f09e1cadbe9f610a9f56a5ba382c069ca0665a7b5135577000b34c98067

SHA512
8bf3ed7745b1f59c79e2c290967d8b361e5c8bb83b3dc6dd0c79c773cb3c1e0f68e1eb52178df7a203f15c9271ce2ee5aac95ec4d8f9fd1e77dba8e4751a871d

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
512B

MD5
cda282f97eacf766e183cedc0595b3ab

SHA1
b2c770cca12abed941311ceb4cc1a736814c67a4

SHA256
05811aeba915982c8c0d0a16f7d4cc78cbecc7b5ac63286954b4dc6c5c0f396d

SHA512
f0ca057153c0542687578a0bfcab6be6c018ac7cb2ac2fdb83df5f4b3c91e1bcd9971f8f8059395443e94582daf3db3a527cf836f463c7034d0875aca7ece3fe

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-wal

Filesize
28KB

MD5
a8eef25be7cdbcd0142145a90f5c99ff

SHA1
0e35736d84ddc1ad965d49f1c3759f214f768342

SHA256
94cc47ffa807a950482fbd4a46a277e76702de6745709306f5fa0558c02a7ec1

SHA512
f73f23833490c7f541b5bed72a902cd6095216c666a8a8928b9ac9521b41e55017cbb43b54af8df9dac850a08b1fed056d1a5b0da9f59c2bcc6869ddbeb9b2d8

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-wal

Filesize
4KB

MD5
29acf0201d9cebab0272336c05f660f6

SHA1
1384e2eb169c52c5aa5ba4425b1ced0c4c0c75e7

SHA256
7e32ebcea1d3c207ef6c38e4b160ac78f09948dd8bafdba704a9fd5d52eb4955

SHA512
760457e6cb054e7a5d50636074ca9cd2898edb9ea84372103b4d1eb32752852865ac98d378e711d5682365bb29d530b1dbd5f8bd562026bc3ec39359dfe9be32

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-wal

Filesize
4KB

MD5
37b0e4875f473f447e167a67e515254c

SHA1
8507bc37bcd543b5e5de9854145afcedcc67eac0

SHA256
ae87ba0b93f1b81929eef7c0ac54049247deef78e9c2b6c91d43a397a2038e91

SHA512
a73d94be411b619578e2536894d25190936434e45dd527521ee138f223ba84cce9cd086c987eae99bc011affc7291b2d7431e7d348d65f5446b70af68b20ecec

Download Submit