77417aae6d66a86cec1584f22031c96d76ac7b695b96578fed2c70bba8410ac6

Analysis

max time kernel
145s
max time network
136s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
19/10/2024, 21:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5ebdd95b2dcd8ffa3f4bd05bbb928ed8_JaffaCakes118.apk
Size

254KB
MD5

5ebdd95b2dcd8ffa3f4bd05bbb928ed8
SHA1

70e9a82e0b669038d0fbfbb87a4c8b099ae3b492
SHA256

77417aae6d66a86cec1584f22031c96d76ac7b695b96578fed2c70bba8410ac6
SHA512

bee83a7872654665063f564d1074a933948e158568cf4590023bc108c47f11bf85d5fc83d5a197fea164bddadb119d35467a3d7861591d0ea8ba5f3b0c0fae36
SSDEEP

6144:HyCp4k3/JC6AsY8/AUR3gJvBc+FFFpen7EYU:SncCf8l90RI7EF

Score

8^/10

discovery evasion persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4960	net.droidjack.server

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	net.droidjack.server

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	net.droidjack.server

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	net.droidjack.server

net.droidjack.server
1⤵
- Removes its main activity from the application launcher
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4960

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
ab9b76032f3671e636504f620ed4d205

SHA1
21e1e3ef5f95af48acdd224ef1f40ff12467521d

SHA256
4da0f7c511a540be366bd92014b6279194cf5da3c47ddb8acb48526f1ad967ab

SHA512
9e133dfb122855076eec7967f0e73fef6f8cdd655b32f9ee5d8cc7de1114212d10764839359b38b63e73772517910662109d87336a8507a99ca1085758841725

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
a3c975c45ad8993e658408ef09b38cfd

SHA1
c4e067cfa8de1a1338b2949333bd750e43561bf6

SHA256
b2ec8df341fb21c2482fbc1713dfd1f0158a6f1216464020b12feceb398a0944

SHA512
fed69e35694ef63282f6c0a21fee56819e1b75afd3e6bb3e17c5ac27552fd57628ec52b2aed61464ef926174069092adbccddec812ff8477e1fd91cd1a65a847

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
d11b4b6ea6b5bb9490fe6f8dad2c1426

SHA1
0e12b79905279d1136217f9c7507d998fe2bfd68

SHA256
bf08658fde48720720c7afdae54cb06ad786055ed84ebf19d9be516b9a6e26e4

SHA512
0475f2a92875c0b140f36528df8a96720384cb53bf82c79da68fcccd729da6f7a5c49d93909614162fbb9452775fc6c151969908cfc1479bd978ccd35fd8d1f4

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
512B

MD5
4fd3a4e51bd7e1621554a9633b92c8f9

SHA1
82af2b7a3965cb0268b263959faf9ab0aa424877

SHA256
96a4d155de6abbbd42e39f6dbea765759523a93e6933b8b25b23ac4a1f123269

SHA512
45c4f82bddf6ea24a3ec8d4271a31668894ec26b84a16f6084e1540836f5d009237e41902b284eb46445553dbcb93eb4f4afca185dc1d3b627da3e23cb182286

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
8KB

MD5
a6199e16f4b3c350c1001bcf356daf33

SHA1
02550d9a0a9a57f7f5e8ebbeae2b16be39f077d6

SHA256
eb84f1a15e7739b251f0a3cff9c2021bebbc22a795d18b232e59c62c2fa5b502

SHA512
77781f82fb51026ac021fc0296c757444def40e367e9af8a276c0927379ee47852790afda5774778617ccf3a16d60c55bc0c975e5aa827348d33d8af305f581c

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
8KB

MD5
3338de534389f38c270e76e24b59049b

SHA1
afec9d1a4bbf8a6862838e26451bcc689d93736b

SHA256
4de45ee4e8b7e6ef29dd31846486fb1157c8e42a2c41c8e9067d525a6bef4cb3

SHA512
ee5fa31b812bbab7c47f0b184b0eb85f3f2916c0b6778f07a9a6ed7591429111e406541d37ed7f7e75b4edb4bea554f49e8ac6ea767cb1cc054edb65430161cc

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
8KB

MD5
d4383384bcc393a862489cdbff5fed7b

SHA1
e2fa1f6fa02a36f7a9d76f3499fb32e88b574d81

SHA256
1778441cc36816370a7fbaa6d46d4192242f0144a654ed3d58f2e3110ac1a6d3

SHA512
648c31dc9f07aae4c55324929d5db518489799bd17cad6a7e467a4e20b96b1a6efd0d0e4edfb344ae31007c60127fd840812b7bc94287ed4f1b1d44324f86a42

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
8KB

MD5
fa0c46bebb3fe7d9e9a64c1ab70decc6

SHA1
2cba7cd83c56f8842981559a19d404b4fa1256ea

SHA256
f4cf870c344073bc985d518147498af2ed220f9bbfd740da9bc6528e7065704a

SHA512
05c95a4ae40c1c00a8bfe6341d44cd10804d5d485c62190da6a5ab399094e73b1bb95c10b4f4a348fb00594763b879aaf15d1d3adcaaeff45b42bed264e0fe26

Download Submit