1b3e4f327c14b4f02cf5233c4139f3fce3df9274aaf9cfb3d53ea2b67736ff0e

Analysis

max time kernel
146s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
29/11/2024, 16:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b29e94d40a950a4ba478e1a69d0c2e97_JaffaCakes118.apk
Size

254KB
MD5

b29e94d40a950a4ba478e1a69d0c2e97
SHA1

3b4adc879186dfd78570cfb5c0f3302973bc59dd
SHA256

1b3e4f327c14b4f02cf5233c4139f3fce3df9274aaf9cfb3d53ea2b67736ff0e
SHA512

8724ef073e4cafd5b251e59b7f56e79f7a1bb69d16b4c939bf93112234f1c4781cdfe4e70a5eeae1b5b57786fec6d35cd7e514a10cf60da6360f09d90aa94565
SSDEEP

6144:SyrVVcQ61BCWSgQ1ihXD9+kDI8y0T6cMRu45:fUjXSt0hXD9+kSv5

Score

8^/10

discovery evasion stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4460	net.droidjack.server

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	net.droidjack.server

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	net.droidjack.server

net.droidjack.server
1⤵
- Removes its main activity from the application launcher
- Acquires the wake lock
- Queries information about active data network
PID:4460

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
70ab0184149f2a2235ce82b245bb5c3a

SHA1
ee3b0fbc494cf364705fddb1f3ff3503e4f70ffa

SHA256
27df39c9b9de413f6bc5ccd57272857ef5500c20ffc8b4e90e35088b3f4af80f

SHA512
52d291e398d4b4c5d754d02aa2afbce0b8f87c71b60ba5f29f2d6adc6f72318b97d7fc252fbb77a6cc721b6a7c0cf052c58ddd0648069bbeb5ab259089a22cd2

Download Submit
/data/user/0/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
75e48731ea051e4cb3b46bcb40b8f14d

SHA1
46cbb7611253c965d98cd8f58819f1ebab174a61

SHA256
5ada6cf11f8e86d48e4bec215047c90667c2723fd6b47d5714274c270c846aa5

SHA512
e1cf30b99aa372896d6fc8ab0cacc836e17598034f7a24549deaf708eb17ad0eebe0ca0c5fc7c98a86dce2ffc2ab856ba06398367013a505ef7a00025ebfdf9b

Download Submit
/data/user/0/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
cebcf889a1b53bb9f323d145c33b3876

SHA1
4a7824bffd45ca6a9f0ddfd6f404329258f157d5

SHA256
9003853152c94fee104e69c0e87a022917e2e8196240d818fe12849db9ebdc08

SHA512
ac4054bf04ea8f55e2555c6275f72808b9909ada6e1064f69901239fe61efea2fe43921d8ac7d4576dccf062ec56b297584dfdb30f718783159d74abd7489bed

Download Submit
/data/user/0/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
512B

MD5
5dcab9ee5efdd484f46ff4c31ee86aeb

SHA1
ad687f34288a0883bc5bc9094747cb2b5c89192c

SHA256
758454a4f3bf77d2d848592ee935beded762949183768858e4ab4fabe6fcd905

SHA512
dc74a2df0910f2f448168807a0f8d29e40e22cf48b11590cb4f2499cf9cbad243d6fa25c62d29097dc56b54251f73e6531b0c8121310fef20f32a7f0d19d2a43

Download Submit
/data/user/0/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
8KB

MD5
c5676fbf413158538844ce4069757266

SHA1
91734b722ce15ae82dd66cc877645a753d0311d7

SHA256
f5ff34e37531bae9c6085616ddd251008a4b5f7818c89746f96a6f1b4d335004

SHA512
236739bc0c5da22ed8e73b018e2f9d35963afe0d396f1aab96591a52b772b695179f4d9b375003d0192a7390d65f195a645ce7994afc68ba6f017707ba2ad08b

Download Submit
/data/user/0/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
8KB

MD5
979b225c9d58594ac9ef7d8a309da3fb

SHA1
5c9a105635b59c6fa12846515ed16f99d42eb49d

SHA256
a42de2cece6e5baebf88aa32be6d297394520e3d36d2199bad91876d28bf10b8

SHA512
5247ddcc0c0c936fd0437c67d1171a838f7fde70d87df4203234cbbae9434582081ffccec33dc34b4aadac83a6806fdeba2ef9452e72736400fd1d30820792db

Download Submit
/data/user/0/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
8KB

MD5
dc7666010bc626d2535fd667df81b99b

SHA1
24478dfb37e3f30e963f8e11527cceafc403f769

SHA256
98bb66b2a74af436b16b758788763a0862e36e91f92475ca2530e49e7044ae4a

SHA512
afc175fbc1f8d34faaf9b0165dc09d4d6f3930f4d49c0d77011b49e1f235629d1add73e385c52372c81acfc5c79da4b500cb15339570a5d24356e364e3f9b335

Download Submit
/data/user/0/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
8KB

MD5
74765b2666138eda71cbd0a05133810d

SHA1
7a68c1fe80cac79b7dc29601bdedfae7cf0eb4d1

SHA256
a088204506234f77563d6349b288f830b94b6ee33742527ddf738f305cd56be0

SHA512
b267ee8c7bb018e3f6121dca732acc5bdfa257ef26ea92a51b6032fecd6d5b9b98347a3d6d3dd1b62f4c1325b02800062aa1272924d33a21b52af65b5b0583f6

Download Submit