85625f93ce3a9cfc3af32b0af9c9981349898e7c6d2140187c000ebb91514e76

Analysis

max time kernel
37s
max time network
146s
platform
android_x64
resource
android-x64-arm64-20240221-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
submitted
02-05-2024 04:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0d80fd995c8960f6caae96903fb04c12_JaffaCakes118.apk
Size

7.3MB
MD5

0d80fd995c8960f6caae96903fb04c12
SHA1

80239deff9e5b030b629898b0df88e20606e44cd
SHA256

85625f93ce3a9cfc3af32b0af9c9981349898e7c6d2140187c000ebb91514e76
SHA512

ac54c4378d066f49cbb8ff5d45ee225e99b86c5d13f0bed8273b88d69354c91ed33343754ba08d5f7ec61588de90737274f37b6b996b7091d56e224f96ca8163
SSDEEP

196608:LJdcDXXdLVeLkD9cadR7maWFe7417as9zT9VsEiw0+:LJdoXeVadoaWFe741Ws9z5VsEiwX

Score

8^/10

banker discovery

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.rayhan.soft.kabab

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
35	wtfismyip.com
36	wtfismyip.com

com.rayhan.soft.kabab
1⤵
- Acquires the wake lock
PID:4593

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.rayhan.soft.kabab/databases/__pushe_base_lib_db

Filesize
24KB

MD5
4ec82b118eb765ea14ab55faaee0af59

SHA1
7151829a805b18331e9dfe24e9c925fb3fb151b9

SHA256
af03d420837c89f11d10d173807262a575f9541ebe733ef160de5ff044718412

SHA512
7380f1bfa3673b6428c3990dc60dc2071afebe2e1770af732751f4b630eb2e3a2dc761bd7977f04a78921d9a72c2ec5212ad61f045ddb3292123028e4aba5189

Download Submit
/data/user/0/com.rayhan.soft.kabab/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
3e7fa252d0cf5c61218e89e144c18ee9

SHA1
9d31f3306d784f78adfafeb336d1d11f2ba636b5

SHA256
bbfa06d54ea39d79705870706b5830dc7bf5d2829cf1f0f627dc97d55ccbc6a4

SHA512
32f9ef019f4bbfa32b5d695da98dce332804938932dea8f3e94ea267ed359b4a66a28bd3822b5dcf2305ed7ef192b34913446f28006f45847e062e8fb3377c43

Download Submit
/data/user/0/com.rayhan.soft.kabab/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
43a626245a3abbf26b1082bfd0d54315

SHA1
0f6dbaf35fb3a8fed47dbab6c8041d65c316a192

SHA256
f2045c93a1ec2b8326f598c6eabee54ac5c2d9beace2b8db3f976ef7a91c7f7e

SHA512
09fe5cc8d66bb4ee5c85b70deb08bae5407578e18bb6f1ca9a27d16519c5d19ce470b65b99a4544e56b7d65def767af1402d461e1225c6be5322d7f4bbe5be9d

Download Submit
/data/user/0/com.rayhan.soft.kabab/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
86413560889e33ef6e8adf3212bacd17

SHA1
c5db7f4fc9cf2eb03c18ea6f511d5c51fcb48955

SHA256
58b1316f81dab6cd02557fe11d28479f00d3a41c1a73ffd1b3eeb081b205237a

SHA512
3de091b4632155d7eda94d00637d34a2c7662b5535b903f9784fa970e916809908aae890b778241005751d1f09d6ef4a15fbfefd10a263a92b2bdeccb761d87e

Download Submit
/data/user/0/com.rayhan.soft.kabab/databases/__pushe_base_lib_db-journal

Filesize
512B

MD5
0c512c500a7f2235cfcda63c39e7c100

SHA1
ce1b239a76a458062b0bc4f2c3a641f2fa8fcf00

SHA256
f3b629a0f8bf1b6d7a623bb062a9fc48147e5da01e0a7ad71d3e19435d49b91f

SHA512
b799724fe715e2b58f9e28f89c6b6ead2840379323d138893706b34b07dd81179b3a56e44053e912753d98f3bd8e6647edd1aa93632268c10a1ad5f94eb10dbb

Download Submit
/data/user/0/com.rayhan.soft.kabab/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
b6275743c2e97db0982845541956e852

SHA1
25eee0d1f42174f8af38904da98824ed3bcbfde6

SHA256
a16179d5063ebe06c8bf240d43b5789aae78e8d005ba4f5a666352961a9dd891

SHA512
8bb5d4fc52c59f62db024afa1f33f182668df988b8c591a892299fb6cb59c7664fa6757e0642f36bd694916a95c0926507882eb6cebbd53ea2f1fcc1f65c8a57

Download Submit
/data/user/0/com.rayhan.soft.kabab/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
22c7aebd17a32bab99fb65fa9715ffb1

SHA1
267ccfa5e8690c9e5684addc3bb0e868962991db

SHA256
f9885b19754931b29b3171f0b5d8afab70d585348812ed06a4ed354e0f3afbed

SHA512
41287a95e3277dfbfbd111dce3b16c86b51ef11979063d2c0c8fcdcb3f252b1f6ded8bffb3d97cb044c68eabc9196b70b2adc146601344cfb19a06c98344bfde

Download Submit
/data/user/0/com.rayhan.soft.kabab/databases/evernote_jobs.db

Filesize
16KB

MD5
fc459fa4aad4fbea77bba555b6e28622

SHA1
ff730d791e764c1c4174f6fc7ede4a3a38e13481

SHA256
03e9e0caa90788f61b75d60a75deca21c479f1e1cd8e6e9297e468b147106500

SHA512
7523b953c64a767ae2a9ec76401be3601ee352511007dcb3ce55364d961ea086e0223fd5501bcfeee55806259e4f8a01b12c68d98686f8db39c281db4f8dee31

Download Submit
/data/user/0/com.rayhan.soft.kabab/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
dc4220d231d96fed27888adebe120acd

SHA1
b5386b6fab50c7dc106b7559d4d19f3903e59aee

SHA256
bc72a185f1d487dd1be73732e342f10e448a69e72a082cb605368d39877a3150

SHA512
8509d5d387664d26d83ff869ac3941c04a6ece55d5561b03cd8e4f51e63dd632d4a8b6493d168ceec9b6be51c0b202f53369397e741c4fae648e41d5de24758a

Download Submit
/data/user/0/com.rayhan.soft.kabab/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
edff1974c9e1f8cdcab6c6a0274655a9

SHA1
67f8f7f902d503df11ff96453ab5a105f3f6d197

SHA256
1fbf0d2b96b444977439830766a0e634fcabaa73348a30cbbb5c3e067722a2bd

SHA512
7462fa36389b635c5f731293d327ffca81c1484704c612e78725e492d6d08d22adece1ea2b08bac2fe5e630f0218dd7177295da33806a4f9e8a6032e0c77ddbe

Download Submit
/data/user/0/com.rayhan.soft.kabab/databases/evernote_jobs.db-journal

Filesize
512B

MD5
b1384930c0d3d4a4b2e469c7a0e89668

SHA1
aaba92378e4abe6bbcf14ba81154c61551fe117f

SHA256
19ecf9de645d2a18bfe6e58675d03e69fadd727631ab9e952e11139eec22c978

SHA512
7e18fde629f90cff0adc19671c1e463e58d23c571386db001c1b5eaa48b3610a5ffb378d2297a956a04aef69595fa5df23423a5e23f5b75c5d02ee588ba9eb60

Download Submit
/data/user/0/com.rayhan.soft.kabab/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
a20b8d4094282afe42d8d98f71227f68

SHA1
83a0111e4cc9c90f83bbe3131eab053eae0c13fc

SHA256
1901834240b2c2949cbfa71fb7ab36b15027105f8078dd604b06fc1dcb4df320

SHA512
2ff0fb85d703d8033cf081952a0b57d362690533ce8965583172ad2deb856796ab0e54a3019181b328d0e1c59637ba9df728e748cdc4d68c875169a66ff678e0

Download Submit
/data/user/0/com.rayhan.soft.kabab/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
93d1b949aa04ede8b3c64ebef7fb8f61

SHA1
08f4a574e6997dd9f6579d01fb7bb97ed0112b2b

SHA256
79efec5fdd81ca6d6c33fcc2b8e31e989a1827daa26ee2b6bed6d2252c04f631

SHA512
8080d83e90508865591ecb35504b7b4206b619c0f08fe25d910a49ffcb3c3f847a39eb7e9260c1788acd0cb209b2551b9c930d6430cda6f266a782c77faed8f4

Download Submit
/data/user/0/com.rayhan.soft.kabab/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
5719408b4d36746ac605639588eca0ac

SHA1
4a44951f0b4a0983abb704d6ea38e81d2de0ec06

SHA256
efd268415aab8672ee4645a60a3e6bfc8d29e25b8116b93b102f0c12b7fc700a

SHA512
157afe2a67353aeeda41e013f5982221f29a94e6a163ccb0df0f1d8d27c0df25aa571dda062c5bb1f248f09d845a3b18017f81e6c14f626422c2bc7f411e24c2

Download Submit
/data/user/0/com.rayhan.soft.kabab/files/dbamam.db

Filesize
8.3MB

MD5
1e26bff96297f548c471c202081c0bca

SHA1
215bed7383e107052fbe1498f1421c27e6fb2458

SHA256
781efb1b1db04214c5df30422ecebd4def6b92d5f3a546ff9806629608086cb2

SHA512
5b20ac673065fb7c6896815e439f9f3baf43505562eabd2bd828317a1a40e0c711a7c2a27e32b7bcc65a17140e17275908e7c80d17b716ee204de9b80ba74aa8

Download Submit