77417aae6d66a86cec1584f22031c96d76ac7b695b96578fed2c70bba8410ac6

Analysis

max time kernel
145s
max time network
132s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
19/10/2024, 21:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5ebdd95b2dcd8ffa3f4bd05bbb928ed8_JaffaCakes118.apk
Size

254KB
MD5

5ebdd95b2dcd8ffa3f4bd05bbb928ed8
SHA1

70e9a82e0b669038d0fbfbb87a4c8b099ae3b492
SHA256

77417aae6d66a86cec1584f22031c96d76ac7b695b96578fed2c70bba8410ac6
SHA512

bee83a7872654665063f564d1074a933948e158568cf4590023bc108c47f11bf85d5fc83d5a197fea164bddadb119d35467a3d7861591d0ea8ba5f3b0c0fae36
SSDEEP

6144:HyCp4k3/JC6AsY8/AUR3gJvBc+FFFpen7EYU:SncCf8l90RI7EF

Score

8^/10

discovery evasion persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4272	net.droidjack.server

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	net.droidjack.server

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	net.droidjack.server

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	net.droidjack.server

net.droidjack.server
1⤵
- Removes its main activity from the application launcher
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4272

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
f553d76d0e3fd64242b0834f349ef2fe

SHA1
26ebf0fbe2ee1bc0e6ee3b3f3381a2bf4b90144d

SHA256
2e41ce5542acec52b8e568ffb9bbce1dbc00ef5c3d2acddf2a316072fca59985

SHA512
af168732def9efd1c5323cb8b8fb869ef90f5718bced01f04c9bf86d581f06880d5ffb4d89c26092f3c250aeb81ac3dc6c60a445e6bbc7215160da2d30088f58

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
22cf2ae11fd2b73defbbc1815451b10b

SHA1
6883677e96f0484db8a23d00249ddd18bdf2c1d3

SHA256
8448ebbc26262671d699a94c5b9736db8628b68615506b11c3092cebbbb97ddb

SHA512
6ff7df8481ace234300d1f8b938843476e79e713ee542bf388e334291beb1653338a020300537148c7a2943bdb739dfe1d5c3fb52e5438b456415eb2df90fbf4

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
844b57898bc5fcb474cfc72bd7b4c681

SHA1
77cba5db5c85052bbb58a2a8aa15419858e5947c

SHA256
0afc8f1f4f1b81ccba5f8db37b18ad9399693703ea133a63b57407a983ce76a4

SHA512
102d07851bd6380bf4fac5b0d77ba1796b710526cb14ac3fea343c44cb09265da3bee8a1e62e076f295dba93e7a457af9abe002a626453cd1b96f572e5864151

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
512B

MD5
a4dd35403e106ddfd2b7fe19da259c21

SHA1
0b9764cb3a6f97dc587d834470586a21a4adae0d

SHA256
d8c8fa3cec72d36c1c30f34aa32cda4d6d4d429ecf2765271e6f4c2b4c98cc9d

SHA512
4f7f2971e33d280e01bb10ffe1da4523c0ac114495cc90386179d01f949fad20d6b7508b59ddae1ffab3bcdaf5865be114ad98298fba1d6263db7c11ae22c808

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-wal

Filesize
28KB

MD5
cacdddeee839f9e1e3e32839fb8fb8d3

SHA1
bbb7c9b8e2cd9e87aa61c7aeabf558e54fa4899a

SHA256
54cc3dbb4409a06bf8686fa5df5961e94b6b98d318e124d4e9fb34765cc62aaa

SHA512
7fed87f5631aec1ef455bb0a28df8818992ce062017434b908a6e57c4830492e72d8fb6b9d1e5179f8fe13b8b1139df7913d622b6e24044f7090bae2658ac766

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-wal

Filesize
4KB

MD5
4a1549dad5e1bccfa7c679cd21c81370

SHA1
09d2728cf5835dacebd09ede24300ed382b895ad

SHA256
81d9b86184325ec25a9edccd01cd276a5505967051bf51e30f62f567ece798b5

SHA512
a925218e1521640dd02b052acf0023e62f270ddbcf84cf810bfd1489f61c8d4c6b920a1d9e4dafbb7e4a8ecef939fc119989e08aca93d7f04687a34e348a278e

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-wal

Filesize
4KB

MD5
1f5e9b294df9df92bb34561296a76dd1

SHA1
629287ab230ac4ddc813fb92807da8e9286bed92

SHA256
9176941390cdb580bd526eef8fd233631d1085352088b5ecc26e06c75bf5dc34

SHA512
92f63d7330a366f638b8e4366fd4692e32619e45033f7920521d1c8a61d9004ff75f08b21d5135acd52f84e41abdb67a910acfabb5db1d1c434b65f9674d8ec7

Download Submit