b2ddd144adc0b3cc4449e7ab6974f0ebab258b89797b8955ef19ed59d680e235

Analysis

max time kernel
146s
max time network
156s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
02/12/2024, 05:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b6f2fbdd5df903874ae719224bf759f3_JaffaCakes118.apk
Size

254KB
MD5

b6f2fbdd5df903874ae719224bf759f3
SHA1

cba65e30830ee3f4693180bd74c3d6521e73f8ea
SHA256

b2ddd144adc0b3cc4449e7ab6974f0ebab258b89797b8955ef19ed59d680e235
SHA512

f1a8ae2534d7e96b944402d93baf2f81e0f365558e3e5fcf7f92990283ed82217f7e0bada2fc36dc83fdf6ff6abddfa64e9975ca9c96f0857cba671a71979cfe
SSDEEP

6144:LlySS49NM6mrITccV88vwYF34p0mfFROjfIaTSOvN:LU0I6mrQVDw434JFROjfTRl

Score

8^/10

discovery evasion stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4489	net.droidjack.server

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	net.droidjack.server

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	net.droidjack.server

net.droidjack.server
1⤵
- Removes its main activity from the application launcher
- Acquires the wake lock
- Queries information about active data network
PID:4489

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
70ab0184149f2a2235ce82b245bb5c3a

SHA1
ee3b0fbc494cf364705fddb1f3ff3503e4f70ffa

SHA256
27df39c9b9de413f6bc5ccd57272857ef5500c20ffc8b4e90e35088b3f4af80f

SHA512
52d291e398d4b4c5d754d02aa2afbce0b8f87c71b60ba5f29f2d6adc6f72318b97d7fc252fbb77a6cc721b6a7c0cf052c58ddd0648069bbeb5ab259089a22cd2

Download Submit
/data/user/0/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
a68769918a7ba328cf38658db779d3fe

SHA1
986e82f08a0ff8bc3bcace2211353f3db942a137

SHA256
27cbe33c6527c74fcdfb9d25319c0bf841b7396bb95fa3adb76c4ba10b6359ad

SHA512
1e0a7861b9a1249a7f612f2f34aa06f684d4264309d3ab97a76f7ff1570c2ba6a77376cd679cf87b4bb557bab6cfedc115199f6b75ee8112c2eff7d9ab31b15a

Download Submit
/data/user/0/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
dd7f87fc9030b0b8ee220251a6f47e93

SHA1
3aa03b07e8be31b171235469dd2002d721de7c9e

SHA256
a4b0d9c19edeeeff4013fe247525a4c6967fceacb5996c86efff29f17858cb48

SHA512
1cc6a82da6abd66f96c8d30d1e51163c6a1ed5c52604b72dfe71c6b280330d10d37e8816008fd767e8ab6a8993727ce23141fc84e1a06cf443a77a2064d4329f

Download Submit
/data/user/0/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
512B

MD5
f54e3e30711b905d4f96bb79c401e50b

SHA1
5e4e86948b3edcbe4ad6aff1cbf0195b30ace69b

SHA256
854b4ffd59bb3f71394f7ed7df1a09d6ba565ad0b0ddc242d36f18098b31d262

SHA512
0ec3b4482a849e37b561611cfe91ae1c97f0f6bdbb1c3437fa0407bf6f8f134b840617a5a2cebe6ef4eafbd3f3160fd1ef6fd34769d8932860f4c447871c639c

Download Submit
/data/user/0/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
8KB

MD5
37f767a4abe83218b6df1444c43068de

SHA1
6268d1757b2084c7e554b186d9ae9e23e479dcf6

SHA256
70d1525835f09ab6c2e274d1e441b852d3a98f3ad11722eb66e3cb802143a648

SHA512
05f7a247fef0e81ed63e2db31c7c50605661ab3fbab8f41a60ab5882ec0546d918d313253119dd299f1478e34268642d9a345b6c2eb54fd30feb2386146fc034

Download Submit
/data/user/0/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
8KB

MD5
3a39cf925b78435b59d302bd0a46775f

SHA1
d254466957ca5760e0a523fac5b2c3ed16946d51

SHA256
56d8915133857cf495fdba8ffc8fbb99b0600ac2000b0ba0575b9b38966558a3

SHA512
82a0460589ddef8838f29225892007bb876655ac2df557cc23885c0d1805850183e8fc769217924de76a5b63e15133c3d2e153ec3d9b6a706e63f900f3f2a47b

Download Submit
/data/user/0/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
8KB

MD5
a4b10c04f4ac19a5da745c92f26aae74

SHA1
be35b226ffe8b68e1fe9a07cb12a7690c1ab6738

SHA256
e147fe6925e5acbb90d6480238f616e479d2f0756fb3998589eeef25b1fce816

SHA512
7a76a11fd6c768a8942ee53176ad4712944d27dbc058ecf003044820c3683027d330f7dd1a9968001a41896f44a65dec81862a65de43643a4828001d9852fc9b

Download Submit
/data/user/0/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
8KB

MD5
c517442265789e36c3a2a274df7b24ba

SHA1
2ae6c7f3c5d1bd210ec77696800985cd82d145ff

SHA256
d97323ebd16672f18c36b6af17147f60487a3a5f1e7dda09e9b58c220de09d85

SHA512
517800fcd092170cc9a32ee7db5c7391999c98a90d117e5cf01ac05aa6e2d8880e3f6b8bde2e23f9aa13179c8df5966ee93a2dd97e753c86ef8262b9f3993bc7

Download Submit