f09db31ef6d4a6c18681d1785ae7b32a82afe818c44d7d5a338d454603f57ef8

Analysis

max time kernel
145s
max time network
148s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
18/10/2024, 04:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

558eaf7244e256612fd7234403ee9717_JaffaCakes118.apk
Size

254KB
MD5

558eaf7244e256612fd7234403ee9717
SHA1

e5e08aa1d0d3218f1b71aa01d323408340fcb99e
SHA256

f09db31ef6d4a6c18681d1785ae7b32a82afe818c44d7d5a338d454603f57ef8
SHA512

b5e1ab26c1f12e237d71b9aafe44d25881b697591b35a78ba2dfccc28fc010133ba14b5858bca53fe6b353c6c1893a6702fb671bce63534af8de33609d42035f
SSDEEP

6144:RyMz4eyONlSg9go5uLMlixWkRaG8CxUyI/svj2zB7VM3l6:IXeyONll9HuwkEksG81pzB766

Score

8^/10

discovery evasion persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4918	net.droidjack.server

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	net.droidjack.server

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	net.droidjack.server

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	net.droidjack.server

net.droidjack.server
1⤵
- Removes its main activity from the application launcher
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4918

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
ab9b76032f3671e636504f620ed4d205

SHA1
21e1e3ef5f95af48acdd224ef1f40ff12467521d

SHA256
4da0f7c511a540be366bd92014b6279194cf5da3c47ddb8acb48526f1ad967ab

SHA512
9e133dfb122855076eec7967f0e73fef6f8cdd655b32f9ee5d8cc7de1114212d10764839359b38b63e73772517910662109d87336a8507a99ca1085758841725

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
6fcf8bde665d6516b741aba0555e6dd8

SHA1
ceb84cfe5ef8eda669b80d9849adfcd1dadcdf68

SHA256
e06808d0f26d3f7c078373caf37b1fcb15fd7262d7cc9ad3057a130858e69fb2

SHA512
94286235442797ac9531fb81e8d62a966def625a1792dbac8528a9409fe2bbb67099614b1f487253eca3c4bc1733e77df44cb81d605f0586cf32d715f7527718

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
205286149bf6310628db2062dd6eea38

SHA1
42e0d3cc8a9eee4a7301d9ccd35466488a8b7b92

SHA256
94caa6d0d72974422eb22d54997bd748cc73b824d45d7413e00b0c6310395b04

SHA512
ea1525557b1699c82c4db2e958ef79c90ba0e58b2fafb0ce79fdfb20e5b17afacbf423207750895210345a99d9952c29bea0e99f6fb850f6505cb76088b8e917

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
512B

MD5
95bf6a1f675eceb44bfd152179c382ae

SHA1
70cbf02e0216fed1a26ede0abb40f0309ac0431a

SHA256
d384a3009ce66dcbe6c17553e73832675f1fcc60bc0894e8f731ba92d1fd5bd6

SHA512
5b0d2d8673f9e500d6d522397c3a1cde47905974aa12da7e60e3580c1a35d3aaa222b1c64e78f378f12d37f026fa1d2edc4119c5d06c51f9878ef2df77f80aae

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
8KB

MD5
09f411c9c7278a02e10debcc5a251505

SHA1
f2a7c33a53d5c88e461ca8fc27a3b42cf237a25d

SHA256
0c415ec1063ec4469c97621e4da038ab84e3ccbe43763e3fdd99702cfa8a7570

SHA512
d7cffc064a0f6e81cc12a74bfded46e07e5442ed332d68ddac742576787c5e814939c927ec64b3a7ba1a8263fc36193995206b2b00c0e13996bc9bb7a5c24f80

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
8KB

MD5
4c3c4e821f5621ff8e0cb821a16ebf73

SHA1
ee5f3bcc15be0462e732bc032b904319e9de4179

SHA256
92e3047946551857a664596e6705fe2444f1ce41b3b99b35512b8d3117455c3b

SHA512
0017afe384d09b7483e130660838fe52c4a8fbf37f2ca7eacc67f9b80408d2ec020723e46d8d006f93ecee3c078b65e7cec9220d000440b87de46e6e15ed20dc

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
8KB

MD5
6da727f4eb176462a98a016026615604

SHA1
07457653b455ca0a0155602d9ba7f9359dfbea3e

SHA256
b0bee6149ecb6e613b50db320bac67dc07fd632a359ab75835bdbdb4cbe750e7

SHA512
192f80d635fb23def58c87f76388cb9b273c7fa32f3e482fcad47c1fd0bd7f548e6e726baa894f3062e4c29d4eca29457622639179e5f1922449bb71acbfb2b4

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
8KB

MD5
ec022cff670c99c85c35251ccc27918a

SHA1
5388d1def093fa4b15fa990bf235a942cd6e0e22

SHA256
e5171bdeedd503d99713ca04d653ce5ad3c240dc6c8c80a49575352c07f16de2

SHA512
25f5dc74987960a7d88076f637a321cbb00ae288f83eda4aa650aa31f03c9b656416c342514e74adae9b5bbd50fdb9ec932405474db0c4e082a812393161d5f3

Download Submit