a0c6f248f02967a02094f937f82571ffb69de97b76fb663229715966fb675ff4

Analysis

max time kernel
145s
max time network
128s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
25/11/2024, 19:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9d7c6db36b65909e13a87e497bd495df_JaffaCakes118.apk
Size

244KB
MD5

9d7c6db36b65909e13a87e497bd495df
SHA1

20e7902b318c92dc39f609b3bb0c0bcc0612eb13
SHA256

a0c6f248f02967a02094f937f82571ffb69de97b76fb663229715966fb675ff4
SHA512

c2e12e256f7a801bc9b4c4ee0814d017b6a9dcf5456bbb25ef91094ace7b80563b61616c88980b0ae3a7dd4d20823dcab2fdb46e15db1733258327f89b77d59b
SSDEEP

6144:5+jNdpp1fKdky1GCFlYc5ecKLjU7upREu3vnR3HiCJAu0CaIIc:5+XzZKdV1Oc5vaj8uYu/9HuVml

Score

8^/10

discovery evasion persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4251	net.droidjack.server

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	net.droidjack.server

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	net.droidjack.server

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	net.droidjack.server

net.droidjack.server
1⤵
- Removes its main activity from the application launcher
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4251

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
f553d76d0e3fd64242b0834f349ef2fe

SHA1
26ebf0fbe2ee1bc0e6ee3b3f3381a2bf4b90144d

SHA256
2e41ce5542acec52b8e568ffb9bbce1dbc00ef5c3d2acddf2a316072fca59985

SHA512
af168732def9efd1c5323cb8b8fb869ef90f5718bced01f04c9bf86d581f06880d5ffb4d89c26092f3c250aeb81ac3dc6c60a445e6bbc7215160da2d30088f58

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
80693d5cc54f5ce18be80e4bd3829f94

SHA1
d630105a6fed94b7856880cc37b00ca1db0a4dce

SHA256
0dfab56791ccf35e88986c73bb48eba759f4bc65c57a1f2581a8f3be826ca82e

SHA512
3dcd74a774fe768392e450c787c080619291b23d908599623f5be5fed3c80044cf89bbabc843bb76b48e160a0ae7cef828632fbe3664856a5a2244ea5b018959

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
83e161bfec290135a2c04988a3fc8f58

SHA1
26da1bde1ad25b2f135ec88af20c5dd586e81c01

SHA256
520f088c1185cdb89cd9cefffcf3a58694a9d450d5bac9ca8d9b6f6339f8a097

SHA512
b97cc6bb29ce81f7b403dace81fe2f5ccec33a913f60f9ce5b1dbc3de5b9fe933cc6d3386e9f2657dc3f7b541e3f17cbec9e618d1a49e46bc170062c090d4ede

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
512B

MD5
c14aa27048d554af80044298883edfb5

SHA1
fdc05a4c69d90dcaa326cb2e1c6c83c61822115b

SHA256
7835a2c6ba3628f8518e8ae43a7075b5d80fe6a5bd23cc16c4da799c5e03df34

SHA512
dd0ae99714a28d45a0e9294f4de0042351db122e1661b6783c7c5a8d088df6241265279242df7e776887033d543a7f4a656321fa64c3c3ebefee11c39bba0f24

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-wal

Filesize
28KB

MD5
d91ef8a3ff2f4e01030dda67ff0a7f5d

SHA1
09b3d6604b258362fc2c7213151cf9dc3ec5269a

SHA256
88e05fa858cf61092bbb13db367645cbe51eed3c1363115224aa099387fb529e

SHA512
7c14ec739b57d15fd1485351d9e15f8936ff4cd9966cf951cd7939db0ae4148dd9642ea32444db4abfed1f3d74108c5ecddae3db03b4dd9624dbca9c16d838bd

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-wal

Filesize
4KB

MD5
3a94fdc0f29040efc9eebe9901037849

SHA1
ebbd7b8883f607c697b47adccc303f866580b481

SHA256
1cc75468e128f3112d98893775465d6d63315b756ea49325daf00ae70b2168aa

SHA512
9399244477c85da5288fcd10b8a972857a8e22ed9bfbb6dadf9687ae642db41a1af8194fb9f0d4c4a000a4fc6e7336105c29728c3e74e1871bfc93289d60c818

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-wal

Filesize
4KB

MD5
7ba9cf45775c02621d98af0acffd469b

SHA1
ecebf93c5fc77ad2bfa09cfcff548336057259c1

SHA256
4e268c2f201f3c360ae63c8a89c695ab16bfc951b24e760bd1ffb6401057b304

SHA512
56fef0114b1647df405a2daa696959f5dabf680a57d8bf9903ee26841c8c7498e5a40bb96d08a9b9253955d5ade985612385e1088ccc0597b492ace4ee31baac

Download Submit