5882aeba41ce45bcc23b49378baa5d0e28c774c3716cc89982492fe3075e0234

Analysis

max time kernel
37s
max time network
155s
platform
android_x64
resource
android-x64-20240221-en
resource tags

androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
submitted
02-05-2024 07:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0ddac187bcec564906043e70ca2b6096_JaffaCakes118.apk
Size

1.4MB
MD5

0ddac187bcec564906043e70ca2b6096
SHA1

9f017f4cb0d420a0a717a298d2416e4060f0c531
SHA256

5882aeba41ce45bcc23b49378baa5d0e28c774c3716cc89982492fe3075e0234
SHA512

3d1f3ab5c887729a5668a097c22090e3977cf4efcdbe2ce50a405a2e73dfb31486df07a978c58aa1b43bee02d99d00c7c997358acae2cd2284f8f1eb453795cd
SSDEEP

24576:BaVUcbzzKtd+b3V/nbGmc1+g/wQIQPlQVslGOEeRRWpbR92VNqZ7VJKC/hNzVxBc:BaVPKAMx+ywHe/0b72VNg7VJKCpNm

Score

8^/10

banker collection discovery evasion persistence stealth trojan

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

Processes:

ir.noname.pop

pid	Process
5020	ir.noname.pop

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

Processes:

ir.noname.pop

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	ir.noname.pop

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

ir.noname.pop

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	ir.noname.pop

Acquires the wake lock 1 IoCs

Processes:

ir.noname.pop

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	ir.noname.pop

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow	ioc
38	wtfismyip.com
40	wtfismyip.com

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Requests cell location 1 TTPs 1 IoCs

Uses Android APIs to to get current cell information.

collection discovery

Location Tracking

T1430

Processes:

ir.noname.pop

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	ir.noname.pop

ir.noname.pop
1⤵
- Removes its main activity from the application launcher
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Requests cell location
PID:5020

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

Location Tracking

T1430

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ir.noname.pop/databases/__pushe_base_lib_db

Filesize
24KB

MD5
8c817a98c7b73bb8954b1495540e4617

SHA1
943db3d9fb9d06946697fda7b4c73d063188f623

SHA256
3add23a7494aa9ed7d0d93250ecdc0369b0fa56b304f0f25c57ec21babbdeee1

SHA512
11d92006eef0edac8803e87a1bb845e3f03b9944e4193ea01e66ef11cbf82ddc344d19daae64007033e708b481ed452233ca9fe6aa8f0fc5f83dcac8fd82ccec

Download Submit
/data/data/ir.noname.pop/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
c8bd0b9de4d0166dd97bf83b632764d6

SHA1
b69fc8c1762e01f2a7605597f72024443a3b8a63

SHA256
a50a8a517467b6321950228f1c97770cc7abeaf3637bfbb7728177a1a4636ce2

SHA512
b6b52e2c0b69d014047980b3514aebd3a07fb38d3521254dcefb83b411a9b002df6fbf8276449e02851822b6dcf9911065920936d0a5c69d8bc9d5a7f8c5f158

Download Submit
/data/data/ir.noname.pop/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
d0f61a8bb71f52433118d0238747ad3a

SHA1
a401ad2311fe62b58845b6f95184d42699da3f85

SHA256
b44e52adc4ce0777669e8746ab627ae0d29195f3dc9f2780382d58b30d7d8258

SHA512
e99cf86669689af02d188310c3b1e0decc1f1572e0525d1f688a21afe7ae65189a0f76ff6231334d02a1ad833161bbd1b68ad76d4b619e164376dc1c5828f0f5

Download Submit
/data/data/ir.noname.pop/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
0b8e2b4d091f69eeccab9f614c5ea4f7

SHA1
a4bb849b0d2f8e4b7b77cde9ccf52bc64752f94d

SHA256
325f662f5823f480a9ea3dad1bf0a0abd57a144bb3d0e4341057ddfb8ee9fcd8

SHA512
8f49b83a4e1d76d0a87ea04187b5901aaabe10e1ce8f004c5073ea6274a1ff307dc044b9dbd2c468b129e888bbbaa8744f32940daebcc70eb80221a45da3d8f9

Download Submit
/data/data/ir.noname.pop/databases/__pushe_base_lib_db-journal

Filesize
24KB

MD5
a5a74f0552f1784f9a2f8df4883f1869

SHA1
151f84e07477d933673f6f9e9304288761106af9

SHA256
fab60e51b533b2da75c66efec8ca1914859ffb0928c79e1e398b7c778e7c214f

SHA512
9b99fe0cb682c9a6eb3a440608f647629c18ffbda3ed3cd112ced83d5bf87f0ce0991e81c5de117d2f452157527ba64cd3e3b743d44290e31b481a6319b461dc

Download Submit
/data/data/ir.noname.pop/databases/__pushe_base_lib_db-journal

Filesize
512B

MD5
29613c0053881a3a9938675d5d2e3a51

SHA1
e9077ca7455dd3fe948713704ea401d2ecd6bd78

SHA256
8c3a0bc5e7f9b80c70cbd408d53faafc8d7fef44185a55f52d9d9e14ec488b37

SHA512
1cf5469a3477e18ac0d05a940c1158e1c84ac5c68c2f8279dabb743a0c2f0ed9714c4cc3b8039afb07fdca722a2c82dabc2b44e901c95353b842fdda62aead3e

Download Submit
/data/data/ir.noname.pop/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
98668cae53933dfd8dc26167ec21f658

SHA1
21989640ae889b79892c9702f88848f2367945b2

SHA256
51a55f5372971fc684c9ab7657e7e899b0098245f87e87855b36cc1c2cfd0cf8

SHA512
bb28ca1e2139dc43ca519b36bc4a8f2dbe78ca23bb7cda6372db6672bc21124a310554e2255cc15b38967ffc0ddcaf8842ca17ab30522a2486dc2eada8842b78

Download Submit
/data/data/ir.noname.pop/databases/evernote_jobs.db

Filesize
16KB

MD5
955115494a0950651970addce7cfaece

SHA1
89f2868589e2bbcc6332c2d801b4fbbf34c0ac95

SHA256
22c6a756422427912603cce0f5a0a44964df2c1193266087731bfcfd01819087

SHA512
17090b9bd904f40bbbdd52c3c7754353d66f1ca80c6830d5d2f0585cb5f802ef681e2f245852076eb10a84100a4067ba673fce8da008438220f712285ac5ed8d

Download Submit
/data/data/ir.noname.pop/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
d04b3a5816afd888bc293ca2a9bdf05f

SHA1
9f083762c320a3115ed0fb39d8c0c0c29b6c83c2

SHA256
7e104bf8b29907026f6a468ac4894bb73a8c8a521cd094e584062fd9b014fca4

SHA512
9cf0cc9b876a93eff52c3b4633dfd8dd1f94460b6b136a5d749e4bc0f1f4ad0a1867da79a77215f433f818c2598600e65fd442e4e03b617c5119e3e36c401964

Download Submit
/data/data/ir.noname.pop/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
bcba851941867ddaac7746f71b397872

SHA1
700ce3583df444f1d2b91562516893cb93532129

SHA256
9f5e2cfa1a0b3b18297d967f136af4117d015fdf559a0ef7fb9756cebd8f1bd0

SHA512
769296b5a2c2dfe487ae99cfada16ccfff73421e494d55222eec38364c66db3f4a9de078ac786956272066dbb1fc06f6a21ae82893705c1ed847f3e94df36cd4

Download Submit
/data/data/ir.noname.pop/databases/evernote_jobs.db-journal

Filesize
512B

MD5
9bfb7d8ff5000f4eb0e4458aa359ad42

SHA1
798f795516843473b7e66522ea67d3cbb786f27d

SHA256
ca97e2e4c446e18341e0087c87b02ae3bde18465ca44e1948c4ddedf60e31783

SHA512
31133dde4358eadce2ad9701459c6ad496d86e5edb602033e280adf510fc577dbe8806a8f8f6ac664bbf72835aee07ec403e24316cfae15f5daccede8a1b4d63

Download Submit
/data/data/ir.noname.pop/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
156c32da623cdab850225a88bcb9ea82

SHA1
3bc6b12d323d26b961eb51ee6303cc3d6d226f9b

SHA256
4f110244fbe5f3e08e2f5062559ed4419a048b79aa61efa391015fb943691889

SHA512
0493c9e0c372e3ca7f8711190c27859d7c6b7d22e18151902b3f3ff557a657d84902c5ea984b608e42b2ba70e7a6262ff416b66dcc5159a5cc8b6a730e03ddb2

Download Submit
/data/data/ir.noname.pop/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
c481ef3faf852e3f50ed3427f3464345

SHA1
9e49dc8b93d1aa2f3e159b8db96465852ed686e4

SHA256
607ee62fe5f7bd80a6fbe7edc857ac49900b044724d7507e49990c0ab1e1ad71

SHA512
f70787d07b277057264dde3697e72e5dd8b4d35a0e826951cf07d33650a688d3aaed6d5dd844f851573df8377c70553f88227d5c80dffbf57761587cc31ea20e

Download Submit
/data/data/ir.noname.pop/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
d4f44478e433773364e00f0482a9e24d

SHA1
262d425da313c31bb7e7a611dab5d065e4b1916b

SHA256
5b5f3b221aa457b6e09081692f6a3026e2493098b461217dbfc0ddd9ae589148

SHA512
e7b7098734633a26e0fa1e7fb966416e50ba98444a71fe8c30f9892a89f2ce8245db12f13db5f209ea03d1b7e562dda5741b9dde2436f1481e93e51d3f3f89ed

Download Submit
/data/data/ir.noname.pop/files/unsent_requests

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit