f5b654396e690cdef07318b705974c35a155e7a528d48c97e0b1aff0efcc1916

Analysis

max time kernel
145s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
10/12/2024, 06:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dd60c8f63996d8ed23bcd8c0cdd4ad6b_JaffaCakes118.apk
Size

254KB
MD5

dd60c8f63996d8ed23bcd8c0cdd4ad6b
SHA1

16b74de31df6514e6f1e0143ceeae8731ea3beed
SHA256

f5b654396e690cdef07318b705974c35a155e7a528d48c97e0b1aff0efcc1916
SHA512

eb234200d08ba70176f8cbd7e81322528bd21fd9a7cc89d77235fd862371decde26fbaa27d7e3de9080f643f3f8af2a201f886b3208b49ca4ebd53742fc3b547
SSDEEP

6144:Yy+X4MXJU8eMK+AUR3nZ+cHoBH8MVz6RQjPJS6xv:Zt18sk9nZpIBzgelSQv

Score

8^/10

discovery evasion persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4253	net.droidjack.server

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	net.droidjack.server

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	net.droidjack.server

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	net.droidjack.server

net.droidjack.server
1⤵
- Removes its main activity from the application launcher
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4253

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
f553d76d0e3fd64242b0834f349ef2fe

SHA1
26ebf0fbe2ee1bc0e6ee3b3f3381a2bf4b90144d

SHA256
2e41ce5542acec52b8e568ffb9bbce1dbc00ef5c3d2acddf2a316072fca59985

SHA512
af168732def9efd1c5323cb8b8fb869ef90f5718bced01f04c9bf86d581f06880d5ffb4d89c26092f3c250aeb81ac3dc6c60a445e6bbc7215160da2d30088f58

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
b81922ba50099d9686dee687db8777a9

SHA1
43a63d814b150becd22b570b8e05ae018602d228

SHA256
54ab7b97f3ab6f3f3c4e6c98a2460ae40b8655c9b5c4a0885bf8ca57e9de662f

SHA512
c537809d24fd902aa73a862db62037f7d84ac4446256d9650978764e3b98c7fb06affdb6ed0fe280ebd8ac1ce448d594b01438dba1840771f5375e9fadf235d8

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
7db71be13eedca1d8dd235a273821e2e

SHA1
9ecfddcec6d0e2b12944787f8cb53ef45734775f

SHA256
2fe86a75ecd90d173db82b300d94a1cfb0698d3ccfd93ab2efda0eb7fa682041

SHA512
bc3c0ac6b0afd798658f63566a0bfd99b157055cbe42f859b38d73ecca2bd38dcc2f018f9fa50d512743dce9f0b9a9c5c7645034bf5d3bb3bf06ff7106ceeecd

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
512B

MD5
5559a5a290d1989aaad6c209a3110413

SHA1
bd0face973d6246e8e1fd69eccad76b1c5cfd984

SHA256
b5da2539fdfdaf47d87cf946d6f0f689e48d733068eb1eb3a34af1f45ebc5d84

SHA512
62aae46b21a87cd605afd78f9fa4c04999ca91b4f5aa9434d309f85db62f70a53f152602d0456923961cbd0fbd17887db24562edcaa36eccb1fb2b484d4f71b7

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-wal

Filesize
28KB

MD5
2c563488af3067162da9614ecbed7ae0

SHA1
b1c0d10d10625a0204f1d4c299c0d35f74b6be9e

SHA256
f223f7968b8fc56eb0fe91687276e5d364f5b4b5fafa4fde145812f86baefc22

SHA512
6075c5b9d9ef35c730d91a66a22d1a31cdcf5c6d05f7f69ae82b82412060b049f82dd9f4038bab8a1165e29d31698a802cb29fe7e199440a277ce43b8e50b83e

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-wal

Filesize
4KB

MD5
74f2295e7dfe8fbb2f192931f063a711

SHA1
86a495813a263b837ec536b827928b97c4750a8e

SHA256
000040bf58dfd14da3431587251c63ba89ecee0e39fb33529510b8440eb60b0f

SHA512
39125b67513402a333d94523c927c78ed51776cd367cab1f0e51ed8f679acef3c1bb010da3a7c86ca9eef34f8abc47c1e958a78b525e4ce547c236186652f57a

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-wal

Filesize
4KB

MD5
f863a2a49ea10e4d38091520372e87f1

SHA1
18c8c5fbb7169ba4989876bc6371b916fdf2aba2

SHA256
73d965104d544f674db23020bf141471fdfc2ee9b5a3c55da369b826c1f1d93f

SHA512
791df5a773b1847a51faac62b5cda9ef2a8919a0b53aea528610acb46371b25695418243245d7556ff2ecd75e1ac980949b384c91c3913047319418243bf4c76

Download Submit