1b3e4f327c14b4f02cf5233c4139f3fce3df9274aaf9cfb3d53ea2b67736ff0e

Analysis

max time kernel
145s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
29/11/2024, 16:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b29e94d40a950a4ba478e1a69d0c2e97_JaffaCakes118.apk
Size

254KB
MD5

b29e94d40a950a4ba478e1a69d0c2e97
SHA1

3b4adc879186dfd78570cfb5c0f3302973bc59dd
SHA256

1b3e4f327c14b4f02cf5233c4139f3fce3df9274aaf9cfb3d53ea2b67736ff0e
SHA512

8724ef073e4cafd5b251e59b7f56e79f7a1bb69d16b4c939bf93112234f1c4781cdfe4e70a5eeae1b5b57786fec6d35cd7e514a10cf60da6360f09d90aa94565
SSDEEP

6144:SyrVVcQ61BCWSgQ1ihXD9+kDI8y0T6cMRu45:fUjXSt0hXD9+kSv5

Score

8^/10

discovery evasion persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4252	net.droidjack.server

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	net.droidjack.server

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	net.droidjack.server

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	net.droidjack.server

net.droidjack.server
1⤵
- Removes its main activity from the application launcher
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4252

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
f553d76d0e3fd64242b0834f349ef2fe

SHA1
26ebf0fbe2ee1bc0e6ee3b3f3381a2bf4b90144d

SHA256
2e41ce5542acec52b8e568ffb9bbce1dbc00ef5c3d2acddf2a316072fca59985

SHA512
af168732def9efd1c5323cb8b8fb869ef90f5718bced01f04c9bf86d581f06880d5ffb4d89c26092f3c250aeb81ac3dc6c60a445e6bbc7215160da2d30088f58

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
c1bca0a76ae0a0d2d6b96974223aea8c

SHA1
30a22c425e7bbed079b4a1fbd56bc8c6dd74c86e

SHA256
9743530e191b56cc44f1f1c544b0fccd1c70e63af12be6270d8a5cd1f55a5e8c

SHA512
79f8431aacf81b84e1672134a8df0f23ba40e5fcb9b21aec402491ee26516b01894842e1a1b8fa58532cd97bcfdca5c701f48742f2493bd5850f164e1b618493

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
35f352196432eda24a7e626200535bc5

SHA1
e505f8668f79ac280f3195d46df27b830504cf2c

SHA256
62b8e35920351d7c677845cc38f7766ee54498ff0d4056b92c299fe33333ac18

SHA512
79af1f5e6d7e976ed6886bce6779ba2e26b3781dfe91a36cf40c065d69846a4b866224cacd2d5ed569c39936598a61b7d40c74f946c49ee0b6a5b4d220baa3b1

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
512B

MD5
7191b5cbc67a21768cb7b2a93854e2c8

SHA1
019e513d60ae6f0ed3350ce3210c1ccfda0aed47

SHA256
3a535a897cc7a81c10b246c15a8af1e0e5f124dc2d959be0d9445b5bc6cf451a

SHA512
9178becda533f02475e212784bd73416ed5fcb507d441c02a8b2cafe08bc9efa12abf6eab59edab7ab7a422b06e08529e0c03902efb9bb4a0d40e91f5bc359b4

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-wal

Filesize
28KB

MD5
ad13bca389d48b927d057ff712a5d223

SHA1
57ea66a6e071295e494ae47998363ea207539117

SHA256
60d6e6e6bfc9ef0e9af509d29196b9e2127f9412b13c45b7f5c7df175cefb4bc

SHA512
507a9a4cb7c183c117b255fc36d859266289a07b010733294a57deee4fe662db84cc9892680dfad912897ff4a99c02841167134231a91f11e09deb516c25a830

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-wal

Filesize
4KB

MD5
2e4c73273dd33a84eeb3f02faed465b4

SHA1
bfa82267cdbed893a6aed7923722176f3b3ca867

SHA256
bb0a8eb80c6e0a4694e983f24cab99ed841cf6f4da9fa3b587ff629922ed225c

SHA512
e85293355fbf5ba59101b2e128e47627dcd480112006eaaffa63681b7c8a528498457a615dcba554da1db2c3fc87fbaaf7293953a9a663d253ebd5570d0c584a

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-wal

Filesize
4KB

MD5
4ca72e1980c73682fa782a16208af1dc

SHA1
d05c1b967bea1916e2152869391cf9ec768ea28e

SHA256
757c804040a785ab0d084e1c2857af9513fd9930c007b9ebc057c21979f1d662

SHA512
f0f5b48e769d66e863e1509ec1db328e042c2683d75eed7aaf7f4a7afc3a6a58c21698db517f0d87b67d46e0b07987d41526b8adf9b94aadad8b6b47531f8182

Download Submit