b2ddd144adc0b3cc4449e7ab6974f0ebab258b89797b8955ef19ed59d680e235

Analysis

max time kernel
145s
max time network
154s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
02/12/2024, 05:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b6f2fbdd5df903874ae719224bf759f3_JaffaCakes118.apk
Size

254KB
MD5

b6f2fbdd5df903874ae719224bf759f3
SHA1

cba65e30830ee3f4693180bd74c3d6521e73f8ea
SHA256

b2ddd144adc0b3cc4449e7ab6974f0ebab258b89797b8955ef19ed59d680e235
SHA512

f1a8ae2534d7e96b944402d93baf2f81e0f365558e3e5fcf7f92990283ed82217f7e0bada2fc36dc83fdf6ff6abddfa64e9975ca9c96f0857cba671a71979cfe
SSDEEP

6144:LlySS49NM6mrITccV88vwYF34p0mfFROjfIaTSOvN:LU0I6mrQVDw434JFROjfTRl

Score

8^/10

discovery evasion persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4965	net.droidjack.server

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	net.droidjack.server

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	net.droidjack.server

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	net.droidjack.server

net.droidjack.server
1⤵
- Removes its main activity from the application launcher
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4965

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
ab9b76032f3671e636504f620ed4d205

SHA1
21e1e3ef5f95af48acdd224ef1f40ff12467521d

SHA256
4da0f7c511a540be366bd92014b6279194cf5da3c47ddb8acb48526f1ad967ab

SHA512
9e133dfb122855076eec7967f0e73fef6f8cdd655b32f9ee5d8cc7de1114212d10764839359b38b63e73772517910662109d87336a8507a99ca1085758841725

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
ac37bc0c0467f39e567facf5de62cb67

SHA1
f350c55c81fc1fe24e26695a6756ac9e7679dd4b

SHA256
985921f7fe07e4ab4368e70a2d671c2d8d265f40047a740337f675ba29ba220c

SHA512
5c17ba1c28dde2cc1a2e6199ddab5552d66bb6d2b688a8e02e1260ebadaa94e97d7a8e443653d91e0185a164000a96053662610cfdcb7a07a3f27bc4624da14b

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
f69c6661a519a8c664d6486757155151

SHA1
9a412ee3ff9f6c9a736628269bf342e97197ad75

SHA256
cbf603aba97350fe137f526188d45a54b2fdd295d33066ee4e021b4669785ac1

SHA512
d08f1e739aebd86c204c13e426bc6830b10e886c7b902f8479200ec799cef0c71a263fdf3cb86ff08372c632e85eda610b696a747614b552bd1edaa5a8fa0812

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
512B

MD5
7369a365aa7404a6f9793b4e1b90a1d7

SHA1
a3965b77b381803b11114e6c0844aa58917b86b6

SHA256
0826613135e95ed454186f272c9ed5d0dabd9c55f6aa23e4e7c366562da73a4a

SHA512
a2a1bcc5dffe9cb7d5df77d38cda3f232f8ed448d897e9442b05a2b4d937614b535a93d8d0819b796148fe1554152ae1fb02583b688f0c80ff464a730ca3ced9

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
8KB

MD5
eb9a6e228f5a700be9fb90e23f993995

SHA1
a27f0d5495aa06771c7033f91d6d12788cb0ee7e

SHA256
cff51647928775f3368627c7a737457a4513de5ceb4334aa05cbfc4f595932cd

SHA512
61f60bda2e7f29dc89a4048074d70fcb8b3a98c662ca5b14dc800c0712e15cd4f6a64df9f033fb3d05620e095b6aa9ca40b62300124dd74a3cac74708575fe04

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
8KB

MD5
9944e24ece0389f1803830f00bb38d63

SHA1
32bffff05e7eb320c6809ce8abd4970883c69eaa

SHA256
5b0eb7ceb055d4fa399999bb599a5745753caef464eb8dfca778ee018b45f703

SHA512
ab17552f330db1395b716aec63e790994367d2c45809abdd9f753bf2413677ddeedee6fec080c36086b14bc72334d3ef01f8bb6d1dfd33458ff781bae7947a64

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
8KB

MD5
abf8216e0f012f9467a5285dc2b2902b

SHA1
f9a6d42195f53bc6d22c7e3a79910302233e5b08

SHA256
a516a4ee6a63ed8296d998c91762c85b501a39c4993e7d2bc1869638798bc9dd

SHA512
907a2fa3991e1949792b0da52db1e802405e0ed3ede41341c3063f97504ed877e9e5192d46f9677a8e120650ec4742b07f35d04d82aa9ffd2615884667346734

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
8KB

MD5
8d66748db2f26c08e5836c2c7695b7fa

SHA1
93b2c9389d328272d4899eed84e17255558c2ac0

SHA256
9daf063429ccaa3c64dc49e5dcc34c058ddb08bbb199fe1b170d1e7f4d7a2c3e

SHA512
a41c584a6e077f64050e653fed7715beab2d2ba97450ee563df3b0c70a3455f54c9b9874ece78217f11541ddf44d1af13ef74decf0d2955dd044cfc64a7f6a3c

Download Submit