85625f93ce3a9cfc3af32b0af9c9981349898e7c6d2140187c000ebb91514e76

Analysis

max time kernel
39s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
02-05-2024 04:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0d80fd995c8960f6caae96903fb04c12_JaffaCakes118.apk
Size

7.3MB
MD5

0d80fd995c8960f6caae96903fb04c12
SHA1

80239deff9e5b030b629898b0df88e20606e44cd
SHA256

85625f93ce3a9cfc3af32b0af9c9981349898e7c6d2140187c000ebb91514e76
SHA512

ac54c4378d066f49cbb8ff5d45ee225e99b86c5d13f0bed8273b88d69354c91ed33343754ba08d5f7ec61588de90737274f37b6b996b7091d56e224f96ca8163
SSDEEP

196608:LJdcDXXdLVeLkD9cadR7maWFe7417as9zT9VsEiw0+:LJdoXeVadoaWFe741Ws9z5VsEiwX

Score

8^/10

banker discovery persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.rayhan.soft.kabab

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.rayhan.soft.kabab

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
29	wtfismyip.com
30	wtfismyip.com

com.rayhan.soft.kabab
1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
PID:4226

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.rayhan.soft.kabab/databases/__pushe_base_lib_db-journal

Filesize
512B

MD5
322fbc7cf15600b2cac753a97bc684ce

SHA1
1ba0259a5e95642d045337766e27407d8a79a8df

SHA256
f5e241621c78a47ac4bd4cc0feaa27aca2289fa2555968df29a6a0f2a69ac11f

SHA512
34609683ae926743a8c212b2a18681d40a1fb759e5f5b7774fc356ad2ad70769538131c7896183607666ab7cf0f13583dc5dd41b6423e67d75ab20852d5ca2ed

Download Submit
/data/data/com.rayhan.soft.kabab/databases/__pushe_base_lib_db-wal

Filesize
72KB

MD5
6f9291b0ca9d6315b56a88c1572a5f53

SHA1
e54ea488481964780baab75e62e0cad6bfddd632

SHA256
f4ca09149e2d73d3fc3bb339b91c99f0c765a07f87f281d5d95543472cc5a9c6

SHA512
884db1402bfae34b258f5746ee8c2e87b8f339da914f9de07e91b80c627860584ba2b37f3beb44a251f9d24a452f628620a41dc39de2dc08b200647be2b588ba

Download Submit
/data/data/com.rayhan.soft.kabab/databases/evernote_jobs.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.rayhan.soft.kabab/databases/evernote_jobs.db-journal

Filesize
512B

MD5
34d56eefdc4903b8be6e0eb8d0318572

SHA1
d6262692e3da057dd20b8a48e1043a4f14d16d6f

SHA256
380c5c2eed155e55823bce3a18178c94f26296f12132727865f864a42d91cb61

SHA512
0a4f72db268a9963ee97f62ed2a58f75bc80147a45b132fcb24db3eb7f764bbe22b1d9af767c2ba7d6762a175a3d211f3ff15d1cfbd6ff03a4d8b76f28aa916f

Download Submit
/data/data/com.rayhan.soft.kabab/databases/evernote_jobs.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.rayhan.soft.kabab/databases/evernote_jobs.db-wal

Filesize
120KB

MD5
8b2bbe1f05ae959e246b86d31c4c2864

SHA1
ce85ec89d1319059ab0212fd0f00ebe745ca301e

SHA256
3ad2d6c5999e2de191b3ddd09724c393333b87c0a5e174fabdb26819c8edfef2

SHA512
925b4b93377aaa66e5a6b3142758e9b0c2f589706d44068c0292ec1b24bb340548fe8e5370fc6fa25a3aba4423bc62a17ceb4cba14243a05e23a8f08f4e82813

Download Submit
/data/data/com.rayhan.soft.kabab/files/dbamam.db

Filesize
8.3MB

MD5
1e26bff96297f548c471c202081c0bca

SHA1
215bed7383e107052fbe1498f1421c27e6fb2458

SHA256
781efb1b1db04214c5df30422ecebd4def6b92d5f3a546ff9806629608086cb2

SHA512
5b20ac673065fb7c6896815e439f9f3baf43505562eabd2bd828317a1a40e0c711a7c2a27e32b7bcc65a17140e17275908e7c80d17b716ee204de9b80ba74aa8

Download Submit
/data/data/com.rayhan.soft.kabab/files/dbamam.db

Filesize
1024B

MD5
a027046ed6487ce5e27f4c5d4ca93ca8

SHA1
dba1aed9c5f7d52fa50c7ecc85475faba2cc0153

SHA256
45abfb10d83507caf47f5f5345e95ccb999f123d7de881293ced98704feee5c4

SHA512
71c9132779cdce24c63b6fa6d5fdd2b383833f9387d39ae19f4d13d31a10ca2892d04f8a61516f226346ac9da1de166f6ebaa0c6fd396bcfcbd575849e53f8fc

Download Submit
/data/data/com.rayhan.soft.kabab/files/dbamam.db-journal

Filesize
1KB

MD5
5df4324b9e1eed4b37e31df35df44a69

SHA1
beb0ca4edb68a3d19d6dd6b821bd2a39658cf1bd

SHA256
5cf74b22f83d045ae30d91cd1523f71daf581099f93b4573a1a5e78ed9e0d41e

SHA512
0a2d0a9b31becc7358c32b6460da7befc8e572915e911cd5c81190edaf84cfe6152e7aa2e9541a291eca0c94aa987462d161c24664f28128948e36ae94bab7c1

Download Submit