85625f93ce3a9cfc3af32b0af9c9981349898e7c6d2140187c000ebb91514e76

Analysis

max time kernel
47s
max time network
164s
platform
android_x64
resource
android-x64-20240221-en
resource tags

androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
submitted
02-05-2024 04:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0d80fd995c8960f6caae96903fb04c12_JaffaCakes118.apk
Size

7.3MB
MD5

0d80fd995c8960f6caae96903fb04c12
SHA1

80239deff9e5b030b629898b0df88e20606e44cd
SHA256

85625f93ce3a9cfc3af32b0af9c9981349898e7c6d2140187c000ebb91514e76
SHA512

ac54c4378d066f49cbb8ff5d45ee225e99b86c5d13f0bed8273b88d69354c91ed33343754ba08d5f7ec61588de90737274f37b6b996b7091d56e224f96ca8163
SSDEEP

196608:LJdcDXXdLVeLkD9cadR7maWFe7417as9zT9VsEiw0+:LJdoXeVadoaWFe741Ws9z5VsEiwX

Score

8^/10

banker discovery persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.rayhan.soft.kabab

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.rayhan.soft.kabab

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
24	wtfismyip.com
25	wtfismyip.com

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422

com.rayhan.soft.kabab
1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
PID:5112

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.rayhan.soft.kabab/databases/__pushe_base_lib_db

Filesize
24KB

MD5
12fd13af37a95d22ae87c3768b2cc765

SHA1
42af721446425bafa078551e9d48125d9819c33f

SHA256
9f4681bd024597554aebe0a015c0a82d44c7228c24db17ff8cb4cb2e7f936375

SHA512
3636987eed56e86cefe31e39d2f934b833b2357c2e2762424e54485e41c60e749b15e3c2db63722ff00931342632799ffbb65a94ce6a3f1ee8d4b41e9dd0dc55

Download Submit
/data/data/com.rayhan.soft.kabab/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
1e593a5c58f5865ab0586a576043ae51

SHA1
8ec4b8aa8dac129e5151a416a2d3fdd0eeede390

SHA256
dca02b2195323bd5a6ae448c24ac6aa0f4ffd7cebf124423ee23b81f30a84f8c

SHA512
8e64e9b6d6879666c77a8af1aa1fda29626c1533c08ab2c232e3f1cc2d42a96df4e05bb896e7b14a8b619751c733478832d27a778518e2147fa0cde0c1d2eee1

Download Submit
/data/data/com.rayhan.soft.kabab/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
babf3aa3b46255fdaeef369c1cd3262a

SHA1
4215f9b7c14748330b8deed4390f5c18803eb69b

SHA256
05bf4c624efa188219a9bdfce9f447f5372c95ed3affdd59d43362c52858cbc7

SHA512
82c73dc93bf7e64896f67fc90b35b0e6d44c0822678280b247b3bc7ca7ecb69e6c2e5674231ebc632997f4fd19302fb032ddf90b26c51ddbcefdc668feeaf16a

Download Submit
/data/data/com.rayhan.soft.kabab/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
0bd3bafde47601764ecdcb80471d13db

SHA1
42577c057c1092b95d22efb583c2e7b69dfe1d85

SHA256
e1b29b5aede8e0d95aa0403d2bbabfe2c25e63a5934dadd763dc8d516aded28b

SHA512
b87eac88997d7cbf104f3470bd9b709654d61f890fcd8a9aba39ba3e0a97f9d733d7441979ec60233b99b1afb4d47df83226ee5bb28e6d78e49c1ba7b921fa2d

Download Submit
/data/data/com.rayhan.soft.kabab/databases/__pushe_base_lib_db-journal

Filesize
512B

MD5
7590b958aa40f4f86a17fd88622e845c

SHA1
8f7b5f126bb384a04d33478b9b357124600f9ff6

SHA256
d1b3817da593c1a0680ce054aac48c2d74a3bb6ccf30ac4f5a1208fb30f75bc5

SHA512
6c8ed65be9b046833320a9e47514228170f58b0cd1c5cce15c17f4a83d62bcb53af3f435317565cd8e133c08e69f16bcb7151ca7f6a6efa1fc95d86a4724d4ad

Download Submit
/data/data/com.rayhan.soft.kabab/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
4b61fc3690869c436141424e79bb6507

SHA1
2b591fb2231c0072b9a8e22d4a739ff71f1f2da4

SHA256
f234fee1d2bcd33bf6f437a1c65fe4a807b8d7c17d8d66946c7c650a83c64434

SHA512
6e2e026eb5ce67c2fcf835e33420b488b0a49b424ede538ecdeb15c3de4a673b024912cbe64b26cc5c0d259124e59579189bcc5af68e4bdaffd41331e9b05129

Download Submit
/data/data/com.rayhan.soft.kabab/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
36785a85bc1678488bc26e04b3a44b97

SHA1
62a98b02ba31aeecf0df31d7158b298f66798aa0

SHA256
a0a6235cbaf703cd97549eb7866d3d6848f7baf20cc10cc1d95fca516f1c6c84

SHA512
46c90cf54180c241d59a95481f123b20435903b489fe7de41a87b4d49137d5d5fd6a5e2635d87ed4256830732b775192e234b63d7c72ba80e6ae23914fc00e95

Download Submit
/data/data/com.rayhan.soft.kabab/databases/evernote_jobs.db

Filesize
16KB

MD5
d32445201d618c005ee9bd26f92a69f0

SHA1
15d23734a270e18630500545d7ffacb4b12cdd1b

SHA256
55bf08d633b01deffc18c5426dd6ed203ec5857e2b6bed4c5de1d4252448bdd3

SHA512
5d0a07e4f49a0f16aaad0106c80083307c8cee51b0e3f2ef2e4fcb11112972def59037328b823ec50b0369e3da4a82bb2b184dc8798f9951c93c48c7b2cfe1ad

Download Submit
/data/data/com.rayhan.soft.kabab/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
23b1d2eef343c67a7c533982befc8cb7

SHA1
532d6cd64e5b6695733f70295f7fdfece6ed224b

SHA256
5a7157c84c7a489b233ad4e6c3831b5e976b732781c5bc414de059a5a6121580

SHA512
61063ffc9aed6ddc43046c04aa8bbea283b3bc07d2c688fb8b1940719bc52f76d7d492824bf62a81c2da2857638691221680c81723c7067bfb6f8de9f71d2200

Download Submit
/data/data/com.rayhan.soft.kabab/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
75c3ee0c42b583a59a25583b60c14f0f

SHA1
19966dfbb8ea9047767bd8ad4fcaa04d06fcc03e

SHA256
0bfbbed8e25611c3aafcd540421081fc66e8c8572c804a6cfcc469d6b864200c

SHA512
6b94539e85260894778595eea0cc1e1a03f9bfda3607f7a78e2641085f8d423b5d8f6b93bec53bd2548d4cfd0adaa2d6b67b7df14498efe0c2c3d80cc99c7667

Download Submit
/data/data/com.rayhan.soft.kabab/databases/evernote_jobs.db-journal

Filesize
512B

MD5
df99b0e628348e4b78d10ace05c6fdec

SHA1
199c8ba199cc0ebf477aeb4c716738dbdf2dac50

SHA256
e5c31c526271270a4fff7d8d586fc18254e95902e86472c8633e9f1ac74838bb

SHA512
076e5807d26ff8346573ab79c334c97789dff786ee40474a0e3c0927487147ca8d7939d30dcdaacafab5a71895505c12692ba8f06949838f1539ab5e45211081

Download Submit
/data/data/com.rayhan.soft.kabab/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
94deeda4dcb22fa8d3b6adb81f527219

SHA1
e12e8c19702ce9193b6447c4e8291f22602e2b1e

SHA256
27bbc8ef4071072855f4447528999ab014a79c5a27f1f5020ead66a958d78c44

SHA512
be850cfe71e3dc952dfcbd4cf66b6025eaccb53e2db64fba337291fdf80e82a6edc71165ebd14105c9088598c67a04a971f05accf45d7173fddb6cd5af5bd92a

Download Submit
/data/data/com.rayhan.soft.kabab/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
91c197215b92e593aa12d01bdccdb24c

SHA1
722b09c1897064cd574ff40aca8c010dce04a21e

SHA256
8bb479e2e5888446cc0a5ccabd830aded4eedaacf32c1a9caa6003fcc4cb9cf4

SHA512
558d7a9530f9416f98832dd72e63aa5e8836d29b9f21ff8f5267c8f49ad50b40732c1a9fd4006e34b50226358e2ab17c947d90ad44c1d1627a09d3f8386262c3

Download Submit
/data/data/com.rayhan.soft.kabab/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
12dba78efd7c03f60c352c41ff9bc51c

SHA1
ca15f0d34977422dc53bef3e1bb0f582e327ef94

SHA256
1a6e0862331ac07829e21aff20f3206edc58f4fc00742058f1b2615e45a3eb0b

SHA512
9821cbabafb887b51d990e54561e0535b1e914b2fa2bed375561a1e556a8d128975225fbf1fa5e1759106c5288d9bed06b6d5e200ae05bdc7582dcda5bdb9839

Download Submit
/data/data/com.rayhan.soft.kabab/files/dbamam.db

Filesize
8.3MB

MD5
1e26bff96297f548c471c202081c0bca

SHA1
215bed7383e107052fbe1498f1421c27e6fb2458

SHA256
781efb1b1db04214c5df30422ecebd4def6b92d5f3a546ff9806629608086cb2

SHA512
5b20ac673065fb7c6896815e439f9f3baf43505562eabd2bd828317a1a40e0c711a7c2a27e32b7bcc65a17140e17275908e7c80d17b716ee204de9b80ba74aa8

Download Submit