4efa10bdd1450f6080670aa6d55da132621f330319139f90d17ac772e16dc3d6

Analysis

max time kernel
24s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
08-04-2024 18:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e81941f8c7b921acfc6196d6529d336f_JaffaCakes118.apk
Size

29.4MB
MD5

e81941f8c7b921acfc6196d6529d336f
SHA1

dcf0ec7d59b469812d323966ccb094d1494cc7cc
SHA256

4efa10bdd1450f6080670aa6d55da132621f330319139f90d17ac772e16dc3d6
SHA512

d7cecf0196f4c218e09f203ff89e77068bff4978ab32eede5603624fcaa21e02762921cd1eec3c8ac184e316068adf5bf1bdc627e6fa63e6d714819174cbd4f3
SSDEEP

786432:a3jn82NQ03VhzaRLfRBJICNrSJS9h6s56hznhagTf:a3jnzbalL2cOc76C4

Score

7^/10

discovery evasion

Malware Config

Signatures

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.siber.roboform

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.siber.roboform

Checks the presence of a debugger
evasion

com.siber.roboform
1⤵
- Checks memory information
- Acquires the wake lock
PID:4267

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.siber.roboform/app_google_tagmanager/resource_GTM-5D29B7D

Filesize
7KB

MD5
110efbffd394476a35d2ecc74ee094a7

SHA1
cdb530f23c9b57928451fd6b98e4825d120ab8e9

SHA256
ea47bd03511cce6bda4a4a6dc5f421bdd9573444298dbae9c19dda89e8132b73

SHA512
b712beb14ecc637e312a63ea343919f7f87d50498528e937897868a904fcedd2eff327e5c22e776b8cb5ad61b0e9e5f41a542af83eb6cd2c6c7946998f1aeb4b

Download Submit
/data/data/com.siber.roboform/databases/google_app_measurement_local.db

Filesize
16KB

MD5
696d3e34e2d8ecec30d2271677654803

SHA1
3166b6a8f59075541935a01ef229331035139c80

SHA256
b7051c522d37ba2288a91599d067d75d327bdb7cc593792f69ac3e16f11eb698

SHA512
e9bae36bdeb12e7183f3f8e2e43292aa386b7220590cc5cc7784f7ed7dc3dfd31ca5dcbb628170ce57485a6dcb8e48a772efa21201f5e41d9f88ab73c157746b

Download Submit
/data/data/com.siber.roboform/databases/google_app_measurement_local.db

Filesize
16KB

MD5
6c801b5a0fbbf80136f560dc3f5455bf

SHA1
610c10ab22235709b7946ff3f7bca9e4d0e50014

SHA256
2711f9bbadcd46bf76da5a97f5d4b7c52b70dd1ea0b47e9a1fc04873e9b3219d

SHA512
4a1a281e2f7ef7a06e85cf13230a05f52b5c1a30c59b85d1f6be2fc97fcb7cd41a40696a777af401d1bcecae01cca4c2842f71302d62e18eec7083599577f9e8

Download Submit
/data/data/com.siber.roboform/databases/google_app_measurement_local.db

Filesize
16KB

MD5
be6351fbaeddc32c24fb30fdec0e665b

SHA1
ae0a1462bb24f79849fcca4c9d23df9299396f96

SHA256
a51ab4c7547af7ac3c85e525cd720fda1f5a6c66832385de8846e4cce1150846

SHA512
59c17c24d236b1b5ab9a488fda6ed37a9cf2724459e0ee553e662c1b4cd8c7abee41744e1eae4a385bda581fb6b21c7d2855e5618b04301123bff0cc126eb44d

Download Submit
/data/data/com.siber.roboform/databases/google_app_measurement_local.db

Filesize
16KB

MD5
0375d6bc47c198a4ad3d0554293f8589

SHA1
8cf098731d62c8590d89d4e85cbe8d76dd36a2a1

SHA256
68a5ab067d806448bc45b2c69a239b3b8f567beaa4489366e3e1e9958000b573

SHA512
818aecbd4ce1f06a07d9d082e498018bc2b5f5163d8f68a6fc3a3c010e570b8f76889cd0e3fb2b1b4a63f4f26bed4204f5f966d3454d1afee985da41a00bdfc4

Download Submit
/data/data/com.siber.roboform/databases/google_app_measurement_local.db

Filesize
16KB

MD5
0d05b4627eeaf885dbd1f078a3d416a4

SHA1
c95ae48afcc635309e8aae4f3e75a9c6b84b7169

SHA256
bfedfb6c73addc2bc970b4f66d1662d62efeaf4ec1828a998744f577c1626bd3

SHA512
ac5bb62f8f9a9268770a7fedcdb476eabac06087f2a2d42e1ccffff2fe8d593c6e0cf48f144be4df41ed06f4fe274ff1f461c1f63885ccaf9780154ca9c31b9a

Download Submit
/data/data/com.siber.roboform/databases/google_app_measurement_local.db

Filesize
16KB

MD5
37898c7d98223f4085634789d5d00752

SHA1
a2a5a5819fe1521552b2bcbb0ca06281094879c1

SHA256
606af46d799690dbbea7b01de511d9cbaef329a72e96529bdc4df4eaae2da922

SHA512
9589f9dc55764af6ee0c924ee50a7b133734987cf0835983c1f08c559a64468aa417471537def7458755e789d532b7c9f6118993eb8390c95fdfd979e1240310

Download Submit
/data/data/com.siber.roboform/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
3cba5c7829691f2d23c4d51c18cd4b7b

SHA1
db316977d4258954d9b55ca690463898f44503d1

SHA256
fefbf3dc711f1809e996f2878cc62ba13b4c5a8ae4cac78971b6a56755494b0b

SHA512
8def0ec05b9d3028994472709ee0c87eef2baddb8ef2d66221a08115b61c44df4fe1396a252f68dfae001157f9a672b7f016e5d35ad187d914f4aafe5f0a965b

Download Submit
/data/data/com.siber.roboform/databases/google_app_measurement_local.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.siber.roboform/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
fa9f977777fa60916df286994e0d80e5

SHA1
c9cc0098aee6493bf6660d8fcff5ee82e12ade9c

SHA256
fbfaa69591b709c782a39c1c0f367f0aaaefa592ad685fd1fcaa420d6c9fc6c2

SHA512
ea3bb7115019e0d308c41f6da81ebbf50759915e742f9f90bcdad62b16795d2dd0ea1d49924e63a7ae8c35af5ac103a0a2862756b069abd46ccbcdbf476c9d9c

Download Submit
/data/data/com.siber.roboform/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
d0b1e685e46bcaadb8bc9f26d9e41ffe

SHA1
09b14696a9729993cf750982512323ed48dc6873

SHA256
4f94e98fe1dbde441f8980af9e3d08ca01819889ce9779ebc043c18bb2914cb8

SHA512
29f8a71890d4b1f78f8d73bee65ab19c72bb306b5685292ca1b31a5f395f0e63b2b74ed8658be2ab4ff41021190200c4e6dd8733f8344e52de5569bfc600a173

Download Submit
/data/data/com.siber.roboform/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
789f07f9aecaa18cc3bc4d516699981c

SHA1
b93e9735b86628400acb5b7706031d30c17dd388

SHA256
5c5810e5d66edfbe8c1f2571274031b80f47c3216d3a8062908eea52ff2607bd

SHA512
ebf5abddf17135c12ed7d10bc1a4fbadbf27ab36f3a7dc05ec53e03d8be6b3adcd1728b66f0b478170f535f3d49316e820ba300b172e32efb257c6bb1d60f1ac

Download Submit
/data/data/com.siber.roboform/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
a9fb11f596e209fd8c758a83b72b9699

SHA1
7c0df99be2c25e570e0aabab01c138e73049c98d

SHA256
2b42aed3caccec558998e2393667b48e84a47ef6654cae571c939862a41cba5a

SHA512
620d11c2a2f0ff58806424e97d02a794cb114c4777f253cbcfb264c8ced2573660301d63475686e82d563fb5a5d983031537b47a1a17566489dd4db88d5b0ac1

Download Submit
/data/data/com.siber.roboform/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
7551e57061bb66f44d18e98778935bb0

SHA1
1db727fd3655d116c3272bbd689795b56d58d061

SHA256
b7185704c74cc56202bb9f19a41f91063a3082737eb428dbb5428b8572296e28

SHA512
69098a25e9504a30472cf4a4ce1e058a84e8476b4acc70670f35651d51ddfe1c0657752ec37fdfd113dfdf98ca94d47fce1fa51f3f99904e1f1c36476ecf647d

Download Submit
/data/data/com.siber.roboform/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
e049a4c03429b6019eaa684ec62ccf96

SHA1
a0ab56bc7793e11e7640fa58c5e28738030b2aca

SHA256
3bb281c348a854f20aec23304b5d4920b312b90f33dc85828cae846063521f20

SHA512
bf1868a8e5e35756d4b0f66ec824ea3a56be0cef6f8bb030097cab59309bb94a7e8b3bf5fa4c0aed9b1862d18907b41af2b35255ed136a7daf9cdfc1b9c7c549

Download Submit
/data/data/com.siber.roboform/default.rfs

Filesize
447KB

MD5
21d02b742194315a8585fa2509a314a5

SHA1
0500efff733d19276f4a203a9b44cf876afa2970

SHA256
a1c3a1a891790ea42225a385afca640c5d38ae6865dec1ff808e850d21854a0b

SHA512
b02dc6df8221d9d7205d20ae7b680d06ef39268dfef268e87e4a0393033b2fa0c12179de1788d917ffcd444a2666b95060ddd58a05ff5b9d5fc5ffe627304aba

Download Submit
/data/data/com.siber.roboform/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66143A080265-0001-10AB-75E64932D412BeginSession.cls_temp

Filesize
77B

MD5
8c102ddd9986f6cfa1637f9eec86d302

SHA1
9e7bdccdd8ca50da09740c7ad05043c40ddafed1

SHA256
620c9aa9df76a54ef0cfd1047bdd80be305d9fbf80443b0b592bc6d35f8be9c6

SHA512
d3fca133be6fa6e94983e30c08744c1521047098a39ba9cde75372366bd336ff1b18a2fc742d92146625f4c16895e41d8bcaf684cf1412e85bcb14119bccf9ea

Download Submit
/data/data/com.siber.roboform/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66143A080265-0001-10AB-75E64932D412BeginSession.json

Filesize
132B

MD5
cacdc2c1d899ed33f80296d3921fec73

SHA1
ba7e20928927dbf6897a961880d59b13f3f338ac

SHA256
e8cd6b62bc6f741bc31d40886fc4b71553565f4384e55008499c2e336c168841

SHA512
4203d2923375b949f77210de47246107b128fabe52b8f23e19d85c725811627f7e35d85c67831dcee9ed3228ed4bd2bedcc9d302cb2d2a9eebf52eca7e31d041

Download Submit
/data/data/com.siber.roboform/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66143A080265-0001-10AB-75E64932D412SessionApp.cls_temp

Filesize
116B

MD5
649b334548e30aa3cc7c3dfb4ec26d6b

SHA1
26b99b77c01ae0b62e46fe5291db2f216961fe8e

SHA256
d3521222a2f11303dcb80048b42bfd7079baaaa65532c6047492082d240dbdde

SHA512
a5026b1bece227dd474e29110aaac8ff012ed1b90c32918d67d747c45906a2261020441f670d865ea383040dc6fd9359a40fd286ce5f194b9a76e7147e39b380

Download Submit
/data/data/com.siber.roboform/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66143A080265-0001-10AB-75E64932D412SessionApp.json

Filesize
230B

MD5
3da063e1d3f95171e0c926db03b47317

SHA1
327123889d4359dafb1a3a032ce82a7424238f3c

SHA256
6e5292efff585b94abe1ee7c6c72a92ebe679669c26daedf6be8584721aa74cf

SHA512
978c5bc8dea1d530403328f39994d40e3afb177c6071b0cdebc15ed3cd19ccf6f85f91a46cd68f57fe41aec5de4282b6912523042c4e3432695ec91a4dfda6bf

Download Submit
/data/data/com.siber.roboform/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66143A080265-0001-10AB-75E64932D412SessionDevice.cls_temp

Filesize
48B

MD5
630aaf4621d940e95530e8a8b0d39283

SHA1
d06c5d18de58b6abb5890a83b6fb3c3aa4a2139e

SHA256
2f752007f6c33aaba282800edfe3d52da2ea954e3eceddf08efb0bfdc989cb93

SHA512
98c301f0188ced6036a863ba790e03ba22f88ec55a884fdf808711147228e97ee0571abad094ad68d758b2482db6ee3f2950d43d56c875bfeda7f0a58cd1a86a

Download Submit
/data/data/com.siber.roboform/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66143A080265-0001-10AB-75E64932D412SessionDevice.json

Filesize
202B

MD5
8c1412ceb8c8543650bed0f85dcf4c99

SHA1
e2ea16a5e4f49d8f4fc661f127bc8ce6f5d2e485

SHA256
b33eddddb3bd84b5d5975b074dd2fccb335c715b8506862cfaf451ec1f8398bc

SHA512
8d067a69ce521a0e004215bf6b746279e4c32e0bb8ba90de9e3e7e519e421997aafe1a3b8d636cdd4da578ee3c538cb1b84fa60c368c0dac9307d4064fd33687

Download Submit
/data/data/com.siber.roboform/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66143A080265-0001-10AB-75E64932D412SessionOS.cls_temp

Filesize
14B

MD5
9b3d4522944ce6396563812bfdb92fa9

SHA1
6d2a6133c8f01938a48ccc77ef86ad8ca335c020

SHA256
d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9

SHA512
091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

Download Submit
/data/data/com.siber.roboform/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66143A080265-0001-10AB-75E64932D412SessionOS.json

Filesize
54B

MD5
93023624eb8dff5c20050da136aaae0a

SHA1
acfd1ffed752c28fb135ba83c0c6345ddf2f6995

SHA256
968bcd7c4f1abed89a09cc0e6dadd238a81e8655e64196b39a86be49ceecd39c

SHA512
bb25dfa144d3f0e17203936c503c5fedec5f9ca710e177f99e273010ba4a682199d4bda5684151d65f3cb1549f4611b3a645ce39646d3db9a1b2c17d6b160579

Download Submit
/data/data/com.siber.roboform/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/log-files/crashlytics-userlog-66143A080265-0001-10AB-75E64932D412.temp

Filesize
3KB

MD5
565780ebf345d29fbeb0f540daae7ab2

SHA1
ec94a368a70a7dac62f835009abe1af25ee5d8f3

SHA256
3f406d19762037c88a2e4ea63322b98522a12b77c74187ce9637b80fb181cf2b

SHA512
4287b60c2004e393b040e821c7da0d093947b8e1d9a00eed98fb2a40dcd8d8c8c070cfaee3aa8a7ef5306fc79a39e2e22aa11d46deb5d7f4ed0cada977c48371

Download Submit
/data/data/com.siber.roboform/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
3KB

MD5
ee71627982b8a43d4f7964761648bcdd

SHA1
d210f9884bedf9f13eb71f1d7a395007e16d8f1e

SHA256
83796df6d1b0a0cbcf6f50687747519829106d07db80197708ca69a7b2a6c47d

SHA512
deaa6139815bd1133befa218bfa711e94041e8c07b375852361f1e76b225fd94248891c6bb826921682218ca706ba281aea9e26d122e733be96bc29da5e4e1b3

Download Submit
/data/data/com.siber.roboform/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

Filesize
433B

MD5
eaa1b1eb110dfaece78b350165a3aaec

SHA1
9a2a78d5731657ec06d40376d75dd159a2c1a2de

SHA256
f42fcc76ae4abccd59fcba9a2c85f343157e16c2bebc3eac94d4c11de9a42c69

SHA512
0473d0937dfc53578290003efbc4d3595ddaacbc794f12361f20490c425019e4655f57457da8b88eb2bb9b40058ae57ed5f013221f14ad492228733068e23780

Download Submit
/data/data/com.siber.roboform/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/com.siber.roboform/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_ad29bfd1-faf4-4026-a0c2-fc034fe97f38_1712601609508.tap

Filesize
349B

MD5
f65fb8e25218c764b62e1ea74a74be0d

SHA1
699fd393f58513330a9b3322618c874139511a25

SHA256
e7d9d9596d4b0d92a90b2fd1a8594137f7f5e915cfe7cab5e515d7f8fa1423b6

SHA512
dd7febf536b1e180ae492cbf6e4ff3a84324b6574ed597ab16215588cb00306ef8c7170c68c8b0c2c337c399ed19ed2726eb0d39d26e9d4de0b8825d233a8690

Download Submit
/data/data/com.siber.roboform/no_backup/com.google.InstanceId.properties

Filesize
2KB

MD5
04908193da97a31e791f26dc6cb6bcb8

SHA1
3d42342a4cb60a6bf65a70016448a86a8ad9bdab

SHA256
3c17220aaa0f4720fa7c26870e1cddba91166e468d2e86dd999f1c3b447e1220

SHA512
36394d2213698da9c0bb5e9eba00a36530a0eb6cb40f8d45af03407df24365db3990c198d4a0cb021ae137335037ec007c51494d535cd755a7fb7e6ea119b978

Download Submit
/storage/emulated/0/Roboform/_gs_test_4267_1.tmp

Filesize
36B

MD5
9192245fefd51dacf95664ed7ac08f01

SHA1
15e12b3d4d5fd40ad7e845e0487bf130e7b19ee3

SHA256
5a5cf953bd8110799ff1033db5dd15eefd5080cd80a30e38a8b3f8299aa47a77

SHA512
ea8110cf44546b920ac5fc49cb239aeffcc88ff668a2d1d8d6393dad6fb846863a38c4081ee0813d16bdb030047708230822c62c309f2ed73ede3421209602fb

Download Submit
/storage/emulated/0/Roboform/options.rfo

Filesize
27B

MD5
3d038519d03508210531f97e05bf6c7e

SHA1
045827c23933d7bb6c7305a243c4c3e9a2f33256

SHA256
32fcba4f865a41eb3f0f4f1c12deb06e46fa3c598903d43a287df4e182072f25

SHA512
e77e80cba14c13c868c7799113b15e2ee38815bc77b2a1a33f042a108f8f8166c343e60c8383050b2f1e1a2c9fb724509d7fa69c0ccc3370a670ec43e806ab3e

Download Submit
/storage/emulated/0/Roboform/options.rfo

Filesize
67B

MD5
499995e4ca376545d8a60630292cd8c9

SHA1
bbf2331f10cb92655cd77a211a192a85c45aed6b

SHA256
d1ccd81cf8ee0fb6cc69550b5ab28040836ce95f63215482f08963b63d9462aa

SHA512
14d50eeef183cb2ce659e2352ba845e06c49106ea642420a933acb6f3d195a97e56ff33d0b965e5c913c878495b6c60e9fc0c2f5db5c8c1edb9922c3a83ac92d

Download Submit
/storage/emulated/0/Roboform/options.rfo

Filesize
86B

MD5
7adec505310001d6ea3834bda76f39ce

SHA1
186ea92a7df4276debcb2763d8626cc3360cccf9

SHA256
cb7b574fc388ade65f7c7613a1de7c6873a11521820d87375d505d89a969f0e0

SHA512
142aad0b954bf974f6e26358b8b750b417a1f53dfb8f970534b116a112a6265bebad24785f1520a2ab8ab88370e33352b12c5abbbb99a170af10e8739f2525f7

Download Submit
/storage/emulated/0/Roboform/options.rfo

Filesize
133B

MD5
5719183d50dffaff416cc70e7e5a2744

SHA1
f636d3a57ff4520a64cbf001ca7808b8db5b8baa

SHA256
74fc280891af92600a7ae2846934a1de09ec403ff51ca2b59f4fd81e79297e36

SHA512
e88ab7d432f56e2f99670c3b75fc42fcc470ca9de3e8c5165739db949378ac992f909841f7cb31b250249a1fa1eca94c0b3daab6ecb441ceb9c553b92114fc52

Download Submit
/storage/emulated/0/Roboform/options.rfo

Filesize
167B

MD5
47e77daa49ac47fe4e55bf84bb813932

SHA1
4464cf4645f69a9aef6c20c184051ea226b7fb88

SHA256
e53cee08dc39e6ea6afc31cb9ce58906e8ce09abf78dd6442c90806d57ac7bad

SHA512
6623a20b22b5a6f031a676931d656cc095889b118a848d2751c5a3163ebdaabd841c79af5c91cbb8f5387dee79a78782ba496faa999944bcb1cd75835600d95a

Download Submit