fb0159537eebb1881c1c0345f981c5e06635bb0ae7b29b72ae54af9d80859227

Analysis

max time kernel
13s
max time network
155s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
23-10-2024 15:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6fa5c105275750a6d9b68276f9ee4b1d_JaffaCakes118.apk
Size

432KB
MD5

6fa5c105275750a6d9b68276f9ee4b1d
SHA1

6c931d479bf4c2a81984d518523d20b2940c748f
SHA256

fb0159537eebb1881c1c0345f981c5e06635bb0ae7b29b72ae54af9d80859227
SHA512

7da968cad60e17fa3499d9a18c2c545f8d484e800069eddd2fff176634b3c3fa4431de93e8c48cde3ea12e3b6c6e2d106575dda6c2a0e32ae1457b95e5b01d26
SSDEEP

6144:r4YzyyEoB0k1bV8cCq6Pe/H1i99ZMukJFHGNxN0h4Pz+8tReS4RhXNSWeLFevLcQ:s+/tXbV8cCRMH1iPZXk/FhwGvRhXBDBP

Score

8^/10

discovery evasion persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

Suppress Application Icon
T1628.001

Processes:

com.android.services

pid process

4970 com.android.services
Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Acquires the wake lock 1 IoCs

Processes:

com.android.services

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.android.services
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.android.services

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.android.services

pid	process
4970	com.android.services

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.android.services

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.android.services

com.android.services
1⤵
- Removes its main activity from the application launcher
- Acquires the wake lock
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4970

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.android.services/databases/bot_starsds

Filesize
16KB

MD5
151aacaf8512219a143286a5c87be281

SHA1
e242f46c8c2f4b97ffae717dcdc7b8d7b3e40ae1

SHA256
8783eb49588dd85b2f5c31f2d70739fe7215c1fbea84ccfaedd59a34afb49359

SHA512
0f2bca249777243f39ee57b7b6937215fa9ff69d7d53cd671b4ad97132f1b332da010f1a6965b60a14631087897fd527db77e9e4d96881f41d7047df53fa32f3

Download Submit
/data/data/com.android.services/databases/bot_starsds

Filesize
16KB

MD5
d5d82149128efeb8a890c50888a57e40

SHA1
4354544dbe82bf53566a974944bed219e9fb0e51

SHA256
853919b1ebe9e9174ce82bef6b6eeb63897b9e3fec171b19f0851ee4a2e8f208

SHA512
873aaf7f5b5b40a2e60aff2efb95da4c6c1f809ac8f48201f68aa6653899353407e084b91ce395ffeb8048d35c213ed9561a1003cf98a1683ce41f5689067398

Download Submit
/data/data/com.android.services/databases/bot_starsds-journal

Filesize
512B

MD5
47c9f0fb5064bde440d6ab648d9a84e7

SHA1
5c953f3ab1aa93fca09cf5dc4dda1ce7fd365ec2

SHA256
aa67527beb76898fb367d2739583f78381eac5126096f205b5b23a42e78939e4

SHA512
df9cf198d3573555c6a32f6d9880352465b262ddfffa3830cf8c1039950efa827d43b9b25b8ae43eba9d91d5aa3f00a70159202fea7083655692f12e70ad70ca

Download Submit
/data/data/com.android.services/databases/bot_starsds-journal

Filesize
8KB

MD5
5f39042d3b5a71560e0766f59d785b7f

SHA1
c8cfc21df1663f434a7c6da4d95df10d23c48efc

SHA256
2a4d876caa56f0c2dd7e748db02b85e0835c34e628007347a340b50a90787ea1

SHA512
0db6236841bf0fe5b3acdf737e74695e5fd5c91efc3b254a41ec1dfe8ffd027623259f3cb11626e5fb9512eda9bdae6961ad290b823c1a69f270e4d1891e4688

Download Submit
/data/data/com.android.services/databases/bot_starsds-journal

Filesize
8KB

MD5
9c5eef353c153e8db2a1013387139fff

SHA1
762e9de5518c3b582c66fdb8e22023d672f057da

SHA256
af6348f28a829b1ef57d3fd8104ebc9073591a3ecd8dfe8bf2ea69e689141997

SHA512
411976086f673c9ff02e21ba769cadc12f28d997bb322cf143f764e862f57064d4239d1d57f702ce8be72e9c10ea0b72c2afbee01e805a42f360e460c9e29e28

Download Submit
/data/data/com.android.services/databases/bot_starsds-journal

Filesize
8KB

MD5
7f34be96aed2560725bce8697b69f8fa

SHA1
09abe486b3877f6dfcc33f63bc6718a0053e31af

SHA256
21cc5f778b8ffc282df6963ed51bf90e4d93f1f5843c46ea4f6db2dcead91477

SHA512
b1df6384bfdb452b0e2fa395c93c5c56eb9c0efc1e0c3dd65b5a3b6ea834d92f8d32ddc2cf8fc8ae412e8382203c85e01ffdc489aaae13ea519eed3c559165dc

Download Submit