96df7effc5e18bfefb8897a7edc76bfab907b58b15591ba16c29d2bf92e52b9c

Analysis

max time kernel
145s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
29-11-2024 20:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b35dc72b278271b0c003ef8c335c267d_JaffaCakes118.apk
Size

254KB
MD5

b35dc72b278271b0c003ef8c335c267d
SHA1

495b38e10dcf1a5a63f3f4e930c7815d226bd9c8
SHA256

96df7effc5e18bfefb8897a7edc76bfab907b58b15591ba16c29d2bf92e52b9c
SHA512

502c74dd86c0d57d1993c36368182501ab100056c1357ded7dd05e1182ba9d49a90565a82e0b340aec7ea48f799a64bac2c083698c48a6a175e3310b98708e70
SSDEEP

6144:ty+F4lXdj+rfJzrtGXPHjlvwIzwaivPhtMZSHjbeWlA/BNeH:8DJ6pYHjhH+v5t6SHjbZcBMH

Score

8^/10

discovery evasion persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4251	net.droidjack.server

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	net.droidjack.server

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	net.droidjack.server

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	net.droidjack.server

net.droidjack.server
1⤵
- Removes its main activity from the application launcher
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4251

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
f553d76d0e3fd64242b0834f349ef2fe

SHA1
26ebf0fbe2ee1bc0e6ee3b3f3381a2bf4b90144d

SHA256
2e41ce5542acec52b8e568ffb9bbce1dbc00ef5c3d2acddf2a316072fca59985

SHA512
af168732def9efd1c5323cb8b8fb869ef90f5718bced01f04c9bf86d581f06880d5ffb4d89c26092f3c250aeb81ac3dc6c60a445e6bbc7215160da2d30088f58

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
230a55dbe663234e54a343d5726aa1ac

SHA1
31a2985e6f784c945d3f520edb9b953364e5290d

SHA256
56dd2d28f6dafeaacd6bb9d2cc23ed03ac6bd571ffd17fa39846ef9310da116e

SHA512
258d2496305b0590b7d4cd99c89f0d725051663625a3faab118477e9bb26ffc0967fefe2d2bae71c248f63629f1b6e601ce38c2dcd76ae5b9836822b45f28556

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
02bbb1b2ac48f394c02c73f500ff0784

SHA1
be5e0b9f592fec64f3d5c2a7fe6c8ca552d154e1

SHA256
106db6bf9b58431e8a6b9ded3017b8c17ef1213432d5ac097d7e87f910c3df27

SHA512
e6b6b468db9de37e88c77331094c16ebd805af1602e2276b7f0e50702fc71f5b1b19ce9ad03cd3e0c4781e4a615b7a24c0e2f5eab2658d2c4fd4bedbc738f4f7

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
512B

MD5
5ba25a9dc91e78e18a202df678cfe739

SHA1
2d9c2b15f02a63eaed612aaaf61b21a7ff1515d6

SHA256
b05fa355fc3df7e7aee05b4fd412eef23989779c40d988378d2b1f6562902981

SHA512
b698d73c87bd1d1caaa4ce5ce7fe60655f9cee2ac4f20c6ad3a1cae7ec02611b1ca9cbbd034a459975d63367fcf6d3a6b8a49ce5f25e087d524610e9a16eef6c

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-wal

Filesize
28KB

MD5
a5368b35f7763dabc27a6189d99e7b38

SHA1
afd87d33ca2d7cd72737b2c72c776602e258501f

SHA256
61e56317d033014844ba6881017c10e68fa3e29bee0cb184b9d06220765c8321

SHA512
b0628b560daa6126b7653f2a31f403a1f1718e2d59dff7c89bd9e843dca344e74e7f50e30aa00b359a1f71821f802eea00c5d78a05a9bf30a1458744130e830c

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-wal

Filesize
4KB

MD5
f72ad9458b22aa98ec223ff3e0c54ede

SHA1
cd2380fbe17b87820bfadf5dd4617a50be5af50c

SHA256
18e56bba17e84d66f02083a73f278a49f543ad6c843f2ce470ae73d820ec6f9e

SHA512
736e1df2c25cda1e9781d2109bea0d270dc6b727bde34ef37efcfb13f12af5d9dfe2b07d711a55bfff4b01773f7e1d837b27e9dfe63613e501c5be39ec5ef888

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-wal

Filesize
4KB

MD5
657f29749a0690b778fdda11841b048f

SHA1
f1b6861556efe6270b709094e1b0d4a607c5ad81

SHA256
592b1a264c17e27bf8834dca116a7a8a9fcbefd3e5ad70b5793143b7266e5fb8

SHA512
27422cc52f5b13b18b64e56172f339292940f78f1422521acf17fd3506ae4dcc2886928b2d6cf4c3d73cc4b4ecf321c86d39f023b33203f28fadbfead9549d81

Download Submit