96df7effc5e18bfefb8897a7edc76bfab907b58b15591ba16c29d2bf92e52b9c

Analysis

max time kernel
146s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
29-11-2024 20:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b35dc72b278271b0c003ef8c335c267d_JaffaCakes118.apk
Size

254KB
MD5

b35dc72b278271b0c003ef8c335c267d
SHA1

495b38e10dcf1a5a63f3f4e930c7815d226bd9c8
SHA256

96df7effc5e18bfefb8897a7edc76bfab907b58b15591ba16c29d2bf92e52b9c
SHA512

502c74dd86c0d57d1993c36368182501ab100056c1357ded7dd05e1182ba9d49a90565a82e0b340aec7ea48f799a64bac2c083698c48a6a175e3310b98708e70
SSDEEP

6144:ty+F4lXdj+rfJzrtGXPHjlvwIzwaivPhtMZSHjbeWlA/BNeH:8DJ6pYHjhH+v5t6SHjbZcBMH

Score

8^/10

discovery evasion stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4636	net.droidjack.server

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	net.droidjack.server

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	net.droidjack.server

net.droidjack.server
1⤵
- Removes its main activity from the application launcher
- Acquires the wake lock
- Queries information about active data network
PID:4636

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
70ab0184149f2a2235ce82b245bb5c3a

SHA1
ee3b0fbc494cf364705fddb1f3ff3503e4f70ffa

SHA256
27df39c9b9de413f6bc5ccd57272857ef5500c20ffc8b4e90e35088b3f4af80f

SHA512
52d291e398d4b4c5d754d02aa2afbce0b8f87c71b60ba5f29f2d6adc6f72318b97d7fc252fbb77a6cc721b6a7c0cf052c58ddd0648069bbeb5ab259089a22cd2

Download Submit
/data/user/0/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
79e6485392a463e36ec8edac44fe977f

SHA1
ae1c365a56b9f1d85a622e98d0996732fd6b7d74

SHA256
3109465995a38af8d5e3305cc83de71c311bd7d1afbe29f3e4b9a5562e120832

SHA512
3e26e610c70d2c9bfea5d337e4b919567904e3d65baa3e250460a86d721d555c185fbdc329e910a4f75308d959e41562af8fefb58ad7c64547a32974ca223d3b

Download Submit
/data/user/0/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
cdae56acc95ceeb76c94d79efcc96a41

SHA1
6a74f3c38ed525149e1a7d5ade80a19cf293e885

SHA256
683b72ddabaadc4c76444e5966c3a4e8e4c6bf3dd4972666696539c3fc19f232

SHA512
6a0e2c7aed11885596717ab138dbb0c696c7a4ddbb9dd7986842bb9adc0bc5346b1814fee5afad619a079de7a8aeeb23b6eb3d660d62c1f368b4abe205b33f34

Download Submit
/data/user/0/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
512B

MD5
718d2f2f83eda8c1aa2b3c4af8c3d967

SHA1
bcdeabccbf70e4405da8cb317a2f1c60f86658da

SHA256
df7ffe0a9c5d2f85bb285e70fc1785757bec9465399d6c1a090b11a588a4f244

SHA512
5700f8ed3b3c1109b817495587f32ea149f8e78946e088d1b8d0b9132ad5e7efff32c206543c9b7af12febba07c358327f0e1c69fb5b84cfc098246637a94453

Download Submit
/data/user/0/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
8KB

MD5
00a3a97fb332ca72b4a16b1e17fcc7fd

SHA1
a52283d0af0e08245c91d2d09bee21673d44ed88

SHA256
06c0d666e6fb5ae0910408f536142a541e5d82a2a669c01f63135d040e554594

SHA512
eb9ea2670d5a5062c1eb760d79b7ca8a69fe27cc3d00daf393213940201c9626e136b89f9d084849e5304b6901d85898278b9214125312dcf540e29896788d6d

Download Submit
/data/user/0/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
8KB

MD5
d7f4602976486dd1c324a5a531c5109e

SHA1
6f766aa4c1acf48d3cebb8efc67a29f8a1d4ad4d

SHA256
d02838fd8451f60e940cf19c377fddc4fce1d81c41abba84a820220f42ca34ce

SHA512
b2190f36643a9fc689549691c6c028a25555f27d10563f19495899860a86c01540b9d36bf0d2db6568bc2292be875554c5b33cfb15e149fd3a717328740ef5a8

Download Submit
/data/user/0/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
8KB

MD5
05656f304e8aaaea094afc0f50152f70

SHA1
3ac9184eb83fc8a07e745e2386abbc201d956b13

SHA256
68574e4f5fe7436b93c9af618270699225424863152a1fbc46f68b16b9192ff2

SHA512
8f9acb07cb47eb8771caf5ccb2cabc19aa8748b17b3d12ff36ed3ca37ae6be6e11e221036cdb4a4d2245905c8d6936d646464a693903534481434a81565c26a5

Download Submit
/data/user/0/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
8KB

MD5
2dd1b4e36610f78b9fb15fac948fc080

SHA1
cfcdc8a6129ebc1bb251ab446ce304956a9a184c

SHA256
b6301168e4d2ddc461f0c9ed8cf63afa431d01f6b2c9e95078320e6399c78330

SHA512
b91009d536c53c9c484f8ad830266fbd1f7ddf48f6bcecf311b20696d19f71a2dc9b86bf773548b3ec73538f2bf4c7158b545b018e91590e022be182fbddb21c

Download Submit