File name:

Droid_Jack_Rat 4.4 [breachthesecurity.com].zip

Full analysis: https://app.any.run/tasks/a55cb67f-39b9-4e4d-89e2-cc8f6096a81b
Verdict: No threats detected
Analysis date: December 09, 2019, 16:25:47
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

9008AE2EDFB3FA5BADBFE8AB034503F0

SHA1:

67E0F7A8040973676249F7E2F2AC06A42A1FC31A

SHA256:

ACD8FBE3A856A9CB6DF2781F4EF3864E0503A7C87FF80B3425423FBC47ABFAAB

SSDEEP:

196608:eeh4W3dHjgq++lrv0YgquwqHxJ0bRronk9Jv3y7sPbARZeG09WB8OiV+dOf:vhpdJ+THxJGokjyCAGkBVLdO

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads dropped or rewritten executable

      • javaw.exe (PID: 3700)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • javaw.exe (PID: 3700)

    • Creates files in the user directory

      • javaw.exe (PID: 3700)

    • Executes JAVA applets

      • javaw.exe (PID: 3700)

  • INFO

    • Manual execution by user

      • javaw.exe (PID: 3700)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: 0x0808
ZipCompression: Deflated
ZipModifyDate: 2019:12:10 00:25:05
ZipCRC: 0x00000000
ZipCompressedSize: 2
ZipUncompressedSize: -
ZipFileName: Droid_Jack_Rat 4.4 [breachthesecurity.com]/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
40
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs javaw.exe java.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
956"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Droid_Jack_Rat 4.4 [breachthesecurity.com].zip"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
3320java -jar Apktool/apktool.jar d Apktool/SandroRat.apk -o Apktool/SandroRatC:\Program Files\Java\jre1.8.0_92\bin\java.exejavaw.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Platform SE binary
Exit code:
1
Version:
8.0.920.14
Modules
Images
c:\program files\java\jre1.8.0_92\bin\java.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3700"C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe" -jar "C:\Users\admin\Desktop\Droid_Jack_Rat 4.4 [breachthesecurity.com]\DroidJack.4.4.Cracked\DroidJack\Droidjack.jar" C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe
explorer.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Platform SE binary
Exit code:
0
Version:
8.0.920.14
Modules
Images
c:\program files\java\jre1.8.0_92\bin\javaw.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
Total events
477
Read events
455
Write events
22
Delete events
0

Modification events

(PID) Process:(956) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(956) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(956) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(956) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Droid_Jack_Rat 4.4 [breachthesecurity.com].zip
(PID) Process:(956) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(956) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(956) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(956) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(956) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\DialogEditHistory\ExtrPath
Operation:writeName:0
Value:
C:\Users\admin\Desktop
(PID) Process:(956) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000420000000204000037020000
Executable files
6
Suspicious files
15
Text files
4
Unknown types
12

Dropped files

PID
Process
Filename
Type
956WinRAR.exeC:\Users\admin\Desktop\Droid_Jack_Rat 4.4 [breachthesecurity.com]\DroidJack.4.4.Cracked\DroidJack\DroidJack_lib\commons-codec-1.6.jarcompressed
MD5:5970F54883B4831B24B97F1125BA27E6
SHA256:54B34E941B8E1414BD3E40D736EFD3481772DC26DB3296F6AA45CEC9F6203D86
956WinRAR.exeC:\Users\admin\Desktop\Droid_Jack_Rat 4.4 [breachthesecurity.com]\DroidJack.4.4.Cracked\DroidJack\Apktool\.DS_Storeds_store
MD5:010C44C7918725F07BC33DDA1FE1938B
SHA256:8C7D7C53AF7189A9235E4A43ED2694F874C20CE061CE23B1F271436E8404A64D
956WinRAR.exeC:\Users\admin\Desktop\Droid_Jack_Rat 4.4 [breachthesecurity.com]\DroidJack.4.4.Cracked\DroidJack\Apktool\signapk.jarjava
MD5:AEC6985FE2314E4D032BA6D192AC4163
SHA256:B17534E89A5B58D5E343BA54A49DA579CF9213988F4BEEAE24FE4582A0C226BB
956WinRAR.exeC:\Users\admin\Desktop\Droid_Jack_Rat 4.4 [breachthesecurity.com]\DroidJack.4.4.Cracked\DroidJack\DroidJack_lib\commons-lang3-3.3.2.jarcompressed
MD5:18BB67AFA15354843EBFB7640CBB9C5F
SHA256:46D24EA8D0771655AEC5FDF203CA4BFAB4CC1A4587B8A15901D385F80263DD36
956WinRAR.exeC:\Users\admin\Desktop\Droid_Jack_Rat 4.4 [breachthesecurity.com]\DroidJack.4.4.Cracked\DroidJack\DroidJack_lib\httpcore-4.2.4.jarcompressed
MD5:6CCB86231D8A8B99C551B4DDF926DDD1
SHA256:BDA2B9E0464F7A0E122D5E9BFF7B384F3BC3A91AF18AD51E029DEAAA599E5DB3
956WinRAR.exeC:\Users\admin\Desktop\Droid_Jack_Rat 4.4 [breachthesecurity.com]\DroidJack.4.4.Cracked\DroidJack\DroidJack_lib\jaad-0.8.4.jarcompressed
MD5:4C09AA32E036530D42319AEC289928A7
SHA256:BE6BA7919A20F602703536E343860C2AE74AD18DA195FD845743B877DBB379F7
956WinRAR.exeC:\Users\admin\Desktop\Droid_Jack_Rat 4.4 [breachthesecurity.com]\DroidJack.4.4.Cracked\DroidJack\.DS_Storeds_store
MD5:5EFC66C86F9EE056C23448A95D827D1C
SHA256:923211913F3C80FB88E966BE6301E7965C28785E911372ABA7CB4ADFFAC305A2
956WinRAR.exeC:\Users\admin\Desktop\Droid_Jack_Rat 4.4 [breachthesecurity.com]\DroidJack.4.4.Cracked\DroidJack\DroidJack_lib\httpclient-cache-4.2.5.jarcompressed
MD5:1C3611C6B424D2AC7945AB7E6243B942
SHA256:A67C50B74286766BDBB397088C4A78F1008D2AB17DF7562DB76439778C90430A
956WinRAR.exeC:\Users\admin\Desktop\Droid_Jack_Rat 4.4 [breachthesecurity.com]\DroidJack.4.4.Cracked\DroidJack\DroidJack_lib\json.jarcompressed
MD5:092F12BCF4E448262CEBDA81C032950B
SHA256:38C21B9C3D6D24919CD15D027D20AFAB0A019AC9205F7ED9083B32BDD42A2353
956WinRAR.exeC:\Users\admin\Desktop\Droid_Jack_Rat 4.4 [breachthesecurity.com]\DroidJack.4.4.Cracked\DroidJack\DroidJack_lib\httpmime-4.2.5.jarcompressed
MD5:8DF1654C39F4116C9F1FCD04F8505BC2
SHA256:2EF409C599C532CA1E692013582695231BDB9F3956D4EC9BA3AC71300728B382
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1
TCP/UDP connections
1
DNS requests
1
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3700
javaw.exe
GET
200
162.251.80.24:80
http://www.droidjack.net/Terms.html
US
html
3.37 Kb
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3700
javaw.exe
162.251.80.24:80
www.droidjack.net
PDR
US
malicious

DNS requests

Domain
IP
Reputation
www.droidjack.net
  • 162.251.80.24
malicious

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Droid_Jack_Rat 4.4 [breachthesecurity.com].zip