1b3e4f327c14b4f02cf5233c4139f3fce3df9274aaf9cfb3d53ea2b67736ff0e

Analysis

max time kernel
146s
max time network
136s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
29/11/2024, 16:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b29e94d40a950a4ba478e1a69d0c2e97_JaffaCakes118.apk
Size

254KB
MD5

b29e94d40a950a4ba478e1a69d0c2e97
SHA1

3b4adc879186dfd78570cfb5c0f3302973bc59dd
SHA256

1b3e4f327c14b4f02cf5233c4139f3fce3df9274aaf9cfb3d53ea2b67736ff0e
SHA512

8724ef073e4cafd5b251e59b7f56e79f7a1bb69d16b4c939bf93112234f1c4781cdfe4e70a5eeae1b5b57786fec6d35cd7e514a10cf60da6360f09d90aa94565
SSDEEP

6144:SyrVVcQ61BCWSgQ1ihXD9+kDI8y0T6cMRu45:fUjXSt0hXD9+kSv5

Score

8^/10

discovery evasion persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4964	net.droidjack.server

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	net.droidjack.server

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	net.droidjack.server

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	net.droidjack.server

net.droidjack.server
1⤵
- Removes its main activity from the application launcher
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4964

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
ab9b76032f3671e636504f620ed4d205

SHA1
21e1e3ef5f95af48acdd224ef1f40ff12467521d

SHA256
4da0f7c511a540be366bd92014b6279194cf5da3c47ddb8acb48526f1ad967ab

SHA512
9e133dfb122855076eec7967f0e73fef6f8cdd655b32f9ee5d8cc7de1114212d10764839359b38b63e73772517910662109d87336a8507a99ca1085758841725

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
af816abcfd8836f1b0421f594b16c9d4

SHA1
4012d08c13c725edc1c33c62531f383ae6bf9d32

SHA256
9a2754e319f0f4b6946bff6f312e8e1c22a641c03bbd765124648058a757281c

SHA512
6c40b32537a64564cab9eb769cbf21f5af470386a84be187ee79ac66b4c8ce3976044d977a77de75170916dae2c22fe72c3705492e29f2e0ba53f470fad2fbc9

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
a1e9697b9a17337c6ae8c3549d1e04aa

SHA1
53fdefec2f2990df6c9ed0fe5915e8e5256c45da

SHA256
839526591512688be05d63811c8ef8388d8af595f89c1dbc27287ce91dada9e8

SHA512
36c2b15f0a8d13796331dd180ecc3e8dc68e68948a0a8f5961bb3b6f13ebddfe8b70ef03a71707f3b27f65c38e173eb1b23853b14c5edf0c37c5a03c6527e381

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
512B

MD5
9990f02460701a0b019c32f9e7b72f8e

SHA1
48b4a693ff0d06f125d583476f5cc9d84489cc29

SHA256
ed77c0f1eb02071d8a9b3b654a1d6e0fcdec5771acb17db4125eec185527fb8e

SHA512
09b3e8e54ea0f53f6df2a5074ced704e34a06107beaaa2b034b40add294dbc12c03c869604b821ef2ce7560d687cf0ee6823219983fd2cf6decc3bb8568b3d8c

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
8KB

MD5
844204c1c975123da24e20d6696ba556

SHA1
692968d1792824ed14001598d218822b456fb836

SHA256
0cc102b4055193d563d95b0f6cedcadd69ac9764243348f1153778ffad54573b

SHA512
6a230204a54eaeb505bf9ee1636300df5e2b8733209567c399d2f578ca12ffcd3e34625adce8175261af55599a853a2c1245fb7aa5d793d818c5c1197a8a3065

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
8KB

MD5
b4c5253f686c591a215ff588fbfa2589

SHA1
9c690eea495150914526fe65fd36a008958c0fe7

SHA256
895c8d4e15b24d897b4db1de33ae44658200d8495fae210416048dc03b6a4189

SHA512
5750e726fdbe47551fb255ed563262180c22af4aa43603b8ba5dcdd578fdd32f6e39b70acef4103bcf796a47521d9e56f9dd9aff3662b3d6dd80bc8f2954b4bc

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
8KB

MD5
034795353a0927673ba95b5faaa4a827

SHA1
3d0cba0eb5f1096aec227f4e340a655eb21d4273

SHA256
ad81474c3a7dffb6c6471d02e57ce255dce949092480a3e2f550b26cc8c29ed5

SHA512
038327215f9c259d3385333cf0c27b172766ca04d5d79441c3dcdf4b7c6bc52f1fa24c392536ea7472576207aa08a249ce1268bba5ce6f3b491114a4ee7ff3fa

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
8KB

MD5
3be14d830043273dc2681f0f9018a1a9

SHA1
8c49f49e898706fe1c068e08ab362129184f4a2f

SHA256
191ee3f9fa9600163c462434d6b809ca1e7dd87009902912c8432026f5e0ad91

SHA512
9ee8d29ba1b83e66a6c576882a8270e6819660ed608a8ee18e812e5f26f0a33e27b21dc9f4c49f0801f5561bb71ebbcb4939feace5b3ba13af3ae55c40836716

Download Submit