5882aeba41ce45bcc23b49378baa5d0e28c774c3716cc89982492fe3075e0234

Analysis

max time kernel
37s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240221-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
submitted
02-05-2024 07:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0ddac187bcec564906043e70ca2b6096_JaffaCakes118.apk
Size

1.4MB
MD5

0ddac187bcec564906043e70ca2b6096
SHA1

9f017f4cb0d420a0a717a298d2416e4060f0c531
SHA256

5882aeba41ce45bcc23b49378baa5d0e28c774c3716cc89982492fe3075e0234
SHA512

3d1f3ab5c887729a5668a097c22090e3977cf4efcdbe2ce50a405a2e73dfb31486df07a978c58aa1b43bee02d99d00c7c997358acae2cd2284f8f1eb453795cd
SSDEEP

24576:BaVUcbzzKtd+b3V/nbGmc1+g/wQIQPlQVslGOEeRRWpbR92VNqZ7VJKC/hNzVxBc:BaVPKAMx+ywHe/0b72VNg7VJKCpNm

Score

8^/10

banker collection discovery evasion stealth trojan

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

Processes:

ir.noname.pop

pid	Process
4432	ir.noname.pop

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

Processes:

ir.noname.pop

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	ir.noname.pop

Acquires the wake lock 1 IoCs

Processes:

ir.noname.pop

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	ir.noname.pop

Looks up external IP address via web service 4 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow	ioc
41	wtfismyip.com
42	wtfismyip.com
43	wtfismyip.com
45	ipinfo.io

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Requests cell location 1 TTPs 1 IoCs

Uses Android APIs to to get current cell information.

collection discovery

Location Tracking

T1430

Processes:

ir.noname.pop

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	ir.noname.pop

ir.noname.pop
1⤵
- Removes its main activity from the application launcher
- Queries information about the current nearby Wi-Fi networks
- Acquires the wake lock
- Requests cell location
PID:4432

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

Location Tracking

T1430

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/ir.noname.pop/databases/__pushe_base_lib_db

Filesize
24KB

MD5
b3d94eff6ad12e57bd9d9f01487a0353

SHA1
affc05f1ade7ddd47a4ace95c4bcb432d24cd368

SHA256
7c219928da675707c8cd192a8e47ba3da061e87fa92b99b1f39636e95516cd91

SHA512
7bd56e3fb663690575e71d1b48781f35dd13b2e0a5e9746b451f49aad3eea51179f0509d7b984997bb78c405401bc2677767bc522e0ac7396581beb866d8a27b

Download Submit
/data/user/0/ir.noname.pop/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
ec36021ae7e995ccb83e6d91e314a5bc

SHA1
0414606cdd056adb1e8de0518350a57a980b49f9

SHA256
a5a31eb42a4770b4d7bfbb2cbb1007068b51a58c11014263bac76492284b8883

SHA512
5c9a6ba229205fc0d533ba34b5c0cca3c0681291354ecdfc3b870e76fbdd8ce4ac50bec2a3cddd0edafae6f10075ca4a9006dc1a5131666888e6e1fb2c1b200c

Download Submit
/data/user/0/ir.noname.pop/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
7d394c3b1083e197530a2fd905ae4dfc

SHA1
5b847c92065e641afc42b8f7f42bd6f5111b32fd

SHA256
9e2b57f6d3b3b6f3017c0f5342794dc897020cf488e6b378f4b1d78f29debd5c

SHA512
84233a93f733cc28a607ee9a1940e9d588eef3da18e97ba023534c7f20b4d81021baf75c630f069692eb9b11db9a339eb8d0734fbf742ceadd644620b1eb5678

Download Submit
/data/user/0/ir.noname.pop/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
c70f9c9dcf36a8cb6ce12721b4dd00d1

SHA1
b83d05a6262455ceb2c7b6912ae6f1d7d2378841

SHA256
9e79a9d6482192ccd3fb9fb3312030166fd2a824812db5a2869eb9691995eedc

SHA512
16e192071bf9dec33065079f5fc0e4726a7cac4ba6b7bfc3e6518bbd7b611b5e6d26b38b9e97158312da006a3159ad2c68183260beb93865f04b22f39eb5c431

Download Submit
/data/user/0/ir.noname.pop/databases/__pushe_base_lib_db-journal

Filesize
24KB

MD5
7bc3ebe00b5ac00169e06a45785c6ad0

SHA1
5d17b404b884f9b510c2709133c4ca44f11399e8

SHA256
f5a0262b189ae5573be0ec1ab102d33eb7c24e708407a7c6f632f8e5cbe27f4b

SHA512
f807b15b93f3ecd621743432bd04d0d170b30bcfe538d63f2cc22c397005ca9cd161c4575c4f36ddd54c618b7cecc06a0accd43f42535dd40e18cee9f51f529c

Download Submit
/data/user/0/ir.noname.pop/databases/__pushe_base_lib_db-journal

Filesize
512B

MD5
8d615c6f324e68b65f50ac2a5c8cef6e

SHA1
be69f74be0d1326b3f259677249967d1b1421588

SHA256
4889f369c50931f3d33204851d31410dd393d1a4d317e02f618ad1a0cd76ae77

SHA512
6dde568a43ce29812be559876040a1cf3c4f0e199909ec2021c66904005348b684e9ce830fa872d3039cde35615fbfaa8554cbc2a2f03ebfb976fa3cdc76ba76

Download Submit
/data/user/0/ir.noname.pop/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
c6fc88a17e05d13e7fe3d9576461d24a

SHA1
9b1a1a3f49c239cb2855447bce6b35f28cbf22c2

SHA256
d52a529bbb9bfa1eaf29d24077a1abe4b88056ee521297ba7546942323b4ad1c

SHA512
7a33b5a366268d48bb2619849e5178a874f0c110ab4ffef4308b5c253cd640367cac0595d8323bafe9ffd32f2e3d61c9e6b45ab4a53f3f2fc1dc64fe889278a6

Download Submit
/data/user/0/ir.noname.pop/databases/evernote_jobs.db

Filesize
16KB

MD5
e6c8813663a78092b2cf49b9356827c5

SHA1
462b5f91ba4f3e288f4ceaca553a918f688134e6

SHA256
8574f425340799ee11407a74aff7fbf88dcf91c57ec1d272cbcb721d0365524f

SHA512
1468519363cd2aadda6150259615667dd4310ba69122e5484cc48ea4169a4ceba309ea89e3a502504afdafcf931b9b5dd2d718e3a6e8b6ce2ae8f97fbf05929b

Download Submit
/data/user/0/ir.noname.pop/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
b9a842df935c5f563e5c9d875b14306c

SHA1
411133d76c2b266803d9bc108f2680959c76c39a

SHA256
c8136f09bdb47207af0403f1c14989e7c30cf456dfe75316f4d67417cf0b2818

SHA512
99f8028e4633efad7506288ef61fc0f6a37978bd089a4de568bea60381fd32405465d243b923d22c47bec6f845b029d85cec56aba4e118dc72cf34b05b628917

Download Submit
/data/user/0/ir.noname.pop/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
d24b77f208965d75ad217103f22a9909

SHA1
7fd75c20fc6e8bef7196060c9a799aae7b5dc2a5

SHA256
d44f1bba19e05313ace15691f53f1d6441b0125e65da5ffed3ae1c31e232bf71

SHA512
3a263fcf2d17b169ccf333a4f7a775211e1a2d814e9f4a8c41aa0482d90d91c047aef21a704bbc309fddc174325788575ffafb01d3f890abf459578c1e954eba

Download Submit
/data/user/0/ir.noname.pop/databases/evernote_jobs.db-journal

Filesize
512B

MD5
9412d35ca4533cbd4118ead4f8c8fdd0

SHA1
0503d2ad2097875a6998fb91ef26118f4e515742

SHA256
68183cf777b9273b0e1eb951185207dff9ce25b003202f6a1e8d398fd9b216b8

SHA512
bc4aadae8e4d9e4357fe24bbcc8017e380abf84367d9874ec1e998023bf2e10bfd591edec188eedf0e5e4bcd8dcfd6c2d0364021f103cb9a8b46514581ea853c

Download Submit
/data/user/0/ir.noname.pop/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
86d77e32aa13b5a3cc8badc5f5450219

SHA1
d55c3d45961323b251b599116c793a2ec8ed8210

SHA256
936db60157faa1fd53fadce2ab17b644d4b3d196a304c847859ab5450fc685d4

SHA512
6097b0fec58298faac99e174a78aa47100f37fa4bbcd1f2b003f778a05534e5e654bade69cafcdc56d0b9843af4612388cb942f11877322122ebb9c6dc16f054

Download Submit
/data/user/0/ir.noname.pop/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
d02b275774171e07a86f926a3ef803c3

SHA1
569e988a21c98f1d76241b8af501937e1131c9ed

SHA256
0cf6c418167b07bbf8dabdc8bdb1c75f6c44f0e8dd23d3fae056a1025bbbb5e0

SHA512
51c1e92622683658169e14c1aa304b9b292abef166d5b60022760a2b566605c9114a46517552efacd0b9174bab69ad830edd8c4b0c6c88da95d477ae11dea913

Download Submit
/data/user/0/ir.noname.pop/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
b7e87a392e36ccf70e0b446070b9a7b1

SHA1
8c97bb561988cafd50b0cae281dbb6a0e5ab8a78

SHA256
95e335d77c3214411761fa64b20938efaf4c8ad5b65ff293683637e766fed7ea

SHA512
b6f10b60890267f56bd9d790b5abb85bb3a9b06afa52977828683e79b22e90e77551a625d75dd8b4280114e602232650e24204461ff2ced899a4d8b1d7bba1b4

Download Submit
/data/user/0/ir.noname.pop/files/unsent_requests

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit