77417aae6d66a86cec1584f22031c96d76ac7b695b96578fed2c70bba8410ac6

Analysis

max time kernel
146s
max time network
134s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
19/10/2024, 21:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5ebdd95b2dcd8ffa3f4bd05bbb928ed8_JaffaCakes118.apk
Size

254KB
MD5

5ebdd95b2dcd8ffa3f4bd05bbb928ed8
SHA1

70e9a82e0b669038d0fbfbb87a4c8b099ae3b492
SHA256

77417aae6d66a86cec1584f22031c96d76ac7b695b96578fed2c70bba8410ac6
SHA512

bee83a7872654665063f564d1074a933948e158568cf4590023bc108c47f11bf85d5fc83d5a197fea164bddadb119d35467a3d7861591d0ea8ba5f3b0c0fae36
SSDEEP

6144:HyCp4k3/JC6AsY8/AUR3gJvBc+FFFpen7EYU:SncCf8l90RI7EF

Score

8^/10

discovery evasion stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4472	net.droidjack.server

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	net.droidjack.server

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	net.droidjack.server

net.droidjack.server
1⤵
- Removes its main activity from the application launcher
- Acquires the wake lock
- Queries information about active data network
PID:4472

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
70ab0184149f2a2235ce82b245bb5c3a

SHA1
ee3b0fbc494cf364705fddb1f3ff3503e4f70ffa

SHA256
27df39c9b9de413f6bc5ccd57272857ef5500c20ffc8b4e90e35088b3f4af80f

SHA512
52d291e398d4b4c5d754d02aa2afbce0b8f87c71b60ba5f29f2d6adc6f72318b97d7fc252fbb77a6cc721b6a7c0cf052c58ddd0648069bbeb5ab259089a22cd2

Download Submit
/data/user/0/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
1c74e91f4a80fe56cb0efc1392d54a0f

SHA1
c2a48cc97319c931d9f8d937137d5fe319d162da

SHA256
4a09d5b1f59c915c383324034fe79a5f634c3e0ed94ce580552ebb9d48df7d2c

SHA512
49c38bb7602236b468e00c6fff3c1db00b6a02cf607f93069ceaf5225ef1aa3e0cb60b59884fdb160ae92b37efd180d81cc6fe8b5970aed6062e4ac60946b136

Download Submit
/data/user/0/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
1aa7be2c6fdc7bae7f47cf58590be699

SHA1
45f7c13193b7ab38c5140900de14721a627a7864

SHA256
67c8a986e87e622440f53a0a4b6a32cb6e9a64e8d0891cbc34f1c80da626fd01

SHA512
dedab490eda23c84e3788384337b3a2adcb4c50e1aa159a0b39314c6e863c8d1f3a9bbc862baeaa94459b57a76f7201559b008983de63eea366d46db2603a567

Download Submit
/data/user/0/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
512B

MD5
00c9c175f9409427ddfc98ff2963d1b0

SHA1
8f3e00b3fbef925c04bf45a067e7459f14f8102d

SHA256
0adbd98cb82d2564f16d06ee7e7651896642164b0cb9b20a2e7367cc3110b45d

SHA512
c31f3f503970032566bbfbde41d7bc3c8af1e99bff30227de848366823429c31e0c1e047b7dc7973fa3fc0d34f633f0b5f50b115e22a1e279c00fc375f330df1

Download Submit
/data/user/0/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
8KB

MD5
94e153bb04f0af7e44d53fbd0794df55

SHA1
94a776b12eccfef23227de09029bab39f2eb7b5f

SHA256
a82fbaff3de27cb3b512b2850aab40b5d9cfb4a7aa1d17adfef64bbeb012e756

SHA512
2aca716a98edde6fb851946ca93fdd9d0d1857df788cfce49d6ea1a12c7ed0020c81603081998606444480e1367a5434bf596b1ad7271801e25e0d9829cf8021

Download Submit
/data/user/0/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
8KB

MD5
f229d280ba3216c4d0c7712433188719

SHA1
85200740a21ce2e89bb05248e913e2f977e05c0c

SHA256
1ce29803a3b276bc105e7a83e096b978dddf619e98c2f1860cefe68625a7ede9

SHA512
3278896725cfb4f0caa94efcf0c6ae0442aa64b459dce3b7aef8ca4297b7960d40185b739e2d8335c59e7275708e8e54964b7d0f85d81444be65a8e9264d31d9

Download Submit
/data/user/0/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
8KB

MD5
59961c2a8ca97fc583fc2e2f4103b67b

SHA1
93a665d9fa7d8832f1a1ae5c9db97347b1237d00

SHA256
1c62fed48ba94ef0cb9193da5051d0cf25db184890350294c887df2e49c2c305

SHA512
52b8dfb4182eb1974fdfee3285828018acf3057cdba2a68586ef3df39b9c09764f851af0ed9cbda69c8444643f62852379763d4a748ceea35713853755bf8735

Download Submit
/data/user/0/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
8KB

MD5
316a56ca637dcde86962c399f970ce8f

SHA1
083036d35dfe26193a83a8810c83f44d0524d443

SHA256
686d0f26581fcd5922bc7b5e88dc73824d37a3274e6d104f3d41ab9ec32da937

SHA512
a1d11ffc152b12636776c39943008b0d20c1190fa208d5de2e1c98844dae915fa15d80ef2c2d4030e4d7ea5bf614b6dde8304ecc37c12c8ec9356bb0e53dacdb

Download Submit