f5b654396e690cdef07318b705974c35a155e7a528d48c97e0b1aff0efcc1916

Analysis

max time kernel
145s
max time network
156s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
10/12/2024, 06:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dd60c8f63996d8ed23bcd8c0cdd4ad6b_JaffaCakes118.apk
Size

254KB
MD5

dd60c8f63996d8ed23bcd8c0cdd4ad6b
SHA1

16b74de31df6514e6f1e0143ceeae8731ea3beed
SHA256

f5b654396e690cdef07318b705974c35a155e7a528d48c97e0b1aff0efcc1916
SHA512

eb234200d08ba70176f8cbd7e81322528bd21fd9a7cc89d77235fd862371decde26fbaa27d7e3de9080f643f3f8af2a201f886b3208b49ca4ebd53742fc3b547
SSDEEP

6144:Yy+X4MXJU8eMK+AUR3nZ+cHoBH8MVz6RQjPJS6xv:Zt18sk9nZpIBzgelSQv

Score

8^/10

discovery evasion persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4923	net.droidjack.server

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	net.droidjack.server

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	net.droidjack.server

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	net.droidjack.server

net.droidjack.server
1⤵
- Removes its main activity from the application launcher
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4923

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
ab9b76032f3671e636504f620ed4d205

SHA1
21e1e3ef5f95af48acdd224ef1f40ff12467521d

SHA256
4da0f7c511a540be366bd92014b6279194cf5da3c47ddb8acb48526f1ad967ab

SHA512
9e133dfb122855076eec7967f0e73fef6f8cdd655b32f9ee5d8cc7de1114212d10764839359b38b63e73772517910662109d87336a8507a99ca1085758841725

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
082b8716690ad270af67a5c4080ba906

SHA1
c59c100859cb1cbec88090a6761e21fa2b1d1d61

SHA256
fd328026458df071fad14262182a27716edc40d97a6a9ff54f8c222000e9ef88

SHA512
45cfd74fdb9c92fb464dd550daf4ebfe694a73570d38af0eb8598efb72372d46e3a89df9697af89373235fbd7a2dc562fc5097967e46942ca8950ed3019c90f8

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database

Filesize
16KB

MD5
8db0260aff66ac158f6a03a9df4bcf98

SHA1
3cfaa29fe0c64a2f0e438b53ad71a1c378375881

SHA256
6cc97abd8170682e2785295094714b36adb932c8ff2020b0e5daefadb2a4ca14

SHA512
c4ed53f28b900a995d78ac252c6800c1b5de9adb129fa7405a36520844f429878baef09704db1d9afdb7ea53855bfa0c16f03d572b5855a93c06a1fb3c4a48e0

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
512B

MD5
1dc5ae49a9a9a24282a0c0fc311cf1cb

SHA1
1409b09d91bfb4565dd9b89d31727edda5343779

SHA256
9ae9eeaa65d1faef86e5501ecd7ce03d463d11220284bd724efe281d403905e7

SHA512
b9234ffc15cd17195098fde9a9c68650be832dbeb5c89bdb83418fb62550ae0b9d8d826e3c82ca40fb02f8d3d6f4b295a029fc3256e1a66477ac55a358d06edd

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
8KB

MD5
1978fa4982b534f0be50843d154b72a9

SHA1
7a7f59ade87614e9d36dcaf3f242b8e731af761d

SHA256
f1d491c23cfebc9b0029dedc6f6ad2a0c8c3745307971d061e4e3fad92af28bb

SHA512
b03720d6babc658415ed4b80910c39d4ea885ed9a09e871985f81baefa984b3c66dc336e950fef086fc10e2844140e50777ec62a4adeaf72272520f87db472ee

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
8KB

MD5
517ad2a7be14a394487019a7fae97af4

SHA1
0dcf83cc480edcf5ffc4c802d485002bfdb65aa4

SHA256
b12ed79b6e3a3f21bb7ef298d4b88078644f32b0e786a3aa8de09556a2e85ded

SHA512
fb5c3dbce5c4515ac1cb64d5acaf930e2c62f7dc2d2490cdce0b4c9b3a248a03545415580fa85453bf67dcd78784d5580b16cfd8603a35da331a7a05f5510c62

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
8KB

MD5
040d4a572e6e390b9b368ef28b65eaf0

SHA1
408091502ea204d886ca8dcdfcc37b2bc177bd2c

SHA256
2a02e2d3298a1a31f88a6eb7938aa238c28092134099f26914cee56c9ba46293

SHA512
4cd2ea2d3d4ecd6f2755054da181562fc1653d631ba0afb39cc1ababbd229e1daed86efbb6ff530e5a46a322325b92acee4dc5e6d2aabbab9d1d1262fdb8e092

Download Submit
/data/data/net.droidjack.server/databases/SandroRat_Configuration_Database-journal

Filesize
8KB

MD5
bbdf9f319d5bc849f0e1fe0474cb725a

SHA1
228880342b967bba259ff71c700f92d5019659aa

SHA256
034b05e8ba6e78516b5a9b734c7276dc4797013d8e8f79e72de2892692eef796

SHA512
e86fad7c8f0a1d92caffafaaf20f0d217b01218e72389f2f9db65afc14bf1a610dd4063bf2d7d578c0d1f358afbde4ac9333232c0110d4675327589e4cd83edb

Download Submit