a0c6f248f02967a02094f937f82571ffb69de97b76fb663229715966fb675ff4

Analysis

max time kernel
145s
max time network
135s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
25/11/2024, 19:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9d7c6db36b65909e13a87e497bd495df_JaffaCakes118.apk
Size

244KB
MD5

9d7c6db36b65909e13a87e497bd495df
SHA1

20e7902b318c92dc39f609b3bb0c0bcc0612eb13
SHA256

a0c6f248f02967a02094f937f82571ffb69de97b76fb663229715966fb675ff4
SHA512

c2e12e256f7a801bc9b4c4ee0814d017b6a9dcf5456bbb25ef91094ace7b80563b61616c88980b0ae3a7dd4d20823dcab2fdb46e15db1733258327f89b77d59b
SSDEEP

6144:5+jNdpp1fKdky1GCFlYc5ecKLjU7upREu3vnR3HiCJAu0CaIIc:5+XzZKdV1Oc5vaj8uYu/9HuVml

Score

8^/10

discovery evasion persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4962	net.droidjack.server

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	net.droidjack.server

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	net.droidjack.server

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	net.droidjack.server

net.droidjack.server
1⤵
- Removes its main activity from the application launcher
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4962

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
ab9b76032f3671e636504f620ed4d205

SHA1
21e1e3ef5f95af48acdd224ef1f40ff12467521d

SHA256
4da0f7c511a540be366bd92014b6279194cf5da3c47ddb8acb48526f1ad967ab

SHA512
9e133dfb122855076eec7967f0e73fef6f8cdd655b32f9ee5d8cc7de1114212d10764839359b38b63e73772517910662109d87336a8507a99ca1085758841725

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
7d604c3d2060cb62c61d5f51dbc5bcdf

SHA1
f954b290d57c0e3afb7bf9735ef8aa63b000e548

SHA256
c715c6812e8c30628c9f626aa5d4a3b48806f4fc80d3f7308e562e40398bed1e

SHA512
e2fbf5ecc7ab557b2ca91ca5fe24039cd6178561de8d8fb6cf371fad96312b828a1110ebc1ebc5988d1b7e9f723032dc9355f8330d68e1e33a4326c1ef249290

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
86f455f8aa3b0729812a4fdd0ee757b1

SHA1
b96ad9fb95d995ff1c3aae8698b9fc874b69fe98

SHA256
5d9924c188d6f99cd6474b15781314b0830c0e09cebac859f9707a7a1a02e7f3

SHA512
27b4ded9532c94194fcb0d82947afb16a06e3b9b4779a4db59037b8daa5162dde7a2d4e0aeedc19aa33c5cb04c0d93a75cc58a9502f14c97d81d7d435f35cbd4

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
512B

MD5
3c82b726ecb25f3b4d2c4a46570a61e0

SHA1
44144a6b2a46d31be54ae1c8132a3e005c5aa5c8

SHA256
f46200a09d9cd5c0cd07b3508b0982f4b9cf5b62da6b318e10a4863a687d69e5

SHA512
05f1441dc5756e502cba0d43979c5d851743c26c480ab7380e6bb9e1adf769076d76af2afe602ea8eed1248d2758a45ff03ae9ad82faed1a3abf18685ae6e2f7

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
8KB

MD5
44b20fe3b74e98e07751552cd9869b8a

SHA1
4b19d9c8e2a24a982d19fee418429500a8be84d3

SHA256
2f7c282f9190836e0777d6eb080329a37150982e1f5ace1bc46fe30a35123b64

SHA512
f3f4621786d90c6c4938e1e648cb131cd34dc974b48c2d1f8d689f78f2c5b1e074bb32fb4e182fd101f4fd0b34618532aa76e34977c8ee4b3f72afcf034c4391

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
8KB

MD5
af817cba48795cd84b7e438b723e7c41

SHA1
677fec1db0e52af4505d0870a10c1448cdbc2e47

SHA256
029eb588cb91b6c80ecf009c02410570ff3f98768f89d690531bc258d203372a

SHA512
9e099e219e7584327358c6a18c79018905b9d228de5d1327c176751bb62a697fc019f9de688d2a542bcc80857675f1a069612a5b79d328c8ff920b01e6a154fc

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
8KB

MD5
25b8d9527ef13bf86b953629c63b15a0

SHA1
293c90cc268b106b91c9e518e36c42bb39757079

SHA256
f32cb3d25965c0e956b5bae93c3f58eebe510d7c94ffd5ef17204dd85cfe36ee

SHA512
3455b4e5461a312058b9c1526944a1e5a7fe42a4fcd76127de9ea311a6f4f4f96453c601a7d91ceea5e36e3f066f85770999114f412b6c13b45e4602b3d1ecab

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
8KB

MD5
d9274a63f06770161850936e690d9f0f

SHA1
f498fe3aad8c1b273a464ded2f005395c56b4bb7

SHA256
778500a166bde89461df4fe7ce819b53c475fc7ff95f3c3f149ec38736460e85

SHA512
df5c5978713c8df079176de4b93896c7eae974ef635ba7359bcaa8150efd908365dd867fbd7c770c4b3517019bfb3ace90d4f994a2b3fd0aea3f0442132a5fea

Download Submit