acb28440297159a9d34c908e3c3912742df9de19a044ef0618fab3bdd9a7438b

Analysis

max time kernel
111s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240506-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
submitted
07-05-2024 14:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

20d11715ce2a65dfb5d9e05620433f14_JaffaCakes118.apk
Size

3.7MB
MD5

20d11715ce2a65dfb5d9e05620433f14
SHA1

6800d4072258116db537e08ba0b228498c5978f3
SHA256

acb28440297159a9d34c908e3c3912742df9de19a044ef0618fab3bdd9a7438b
SHA512

4775f7cd2d347ccaa83423b0c546f1aa3acd115b4721581b2686c05a4ecb6b284180c462937fd77f78eef5a59504b71f615630bd7fe84970528ea159ca311a89
SSDEEP

98304:NDQmZN9AS0EZkJ7rR/0sJpqc18+7UVT4nG/QpVfeGZ+3uEB:NDQMlkB0Pcv7UVJIako

Score

8^/10

collection discovery evasion execution persistence

Malware Config

Signatures

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	ir.mostafakeshvaree.iran2018.anvaekhorak

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	ir.mostafakeshvaree.iran2018.anvaekhorak

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	ir.mostafakeshvaree.iran2018.anvaekhorak

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	ir.mostafakeshvaree.iran2018.anvaekhorak

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	ir.mostafakeshvaree.iran2018.anvaekhorak

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	ir.mostafakeshvaree.iran2018.anvaekhorak

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	ir.mostafakeshvaree.iran2018.anvaekhorak

ir.mostafakeshvaree.iran2018.anvaekhorak
1⤵
- Requests cell location
- Checks CPU information
- Checks memory information
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Schedules tasks to execute at a specified time
PID:4493

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/__pushe_base_lib_db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/__pushe_base_lib_db-journal

Filesize
512B

MD5
102dcfadd4b07c98d6a90fe05b8806d1

SHA1
7e9b905f8951b607250fb1c63d9f744de6ee3081

SHA256
a73dfde8c8d479edf4530c9d285720a5dbe0ed01898f4d9596d886a62789c595

SHA512
04c00bf0a8b5358d1a356e6f24595963ed97bc53c81f19c0954472ed803a1caff8ae07d2cabc4fe184aae342bef8c23a89e8c194a555000a1570d1bc69fc70a5

Download Submit
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/__pushe_base_lib_db-wal

Filesize
52KB

MD5
f7b486b15d6734dccd9d890cffe90fb0

SHA1
7754c2dc58a9b192a5eb6226c2014c991c564970

SHA256
4ee571fb35d2c7e08d9af2a1a11efc7954ff560580227ce3f94e18866f08ae92

SHA512
bf3cfd575a175f943f2b7a0b7b3dbff8529a31378ef1d3188cf8dd493ec54d7304f672ee2be74b3d0df83cc820325a3cbcf730f1d1479c8180676c6bef68da1e

Download Submit
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db

Filesize
16KB

MD5
5477741cb2cf8f43d493e24d6d86a1ce

SHA1
718276af3a64254a38863bdb35752068ea3abd58

SHA256
a683658c94a2f8b7041e92d53ef675c95da831092ddc9c16a7980fab5991ed05

SHA512
16e0f9f01d9942a523031cdefd31d6d1e9f9b0c05b6268976815be937a27f27e14f2c2cc23b079a0052798d1d3aa0e677fa43550db41d85c80a6971148c60cef

Download Submit
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db

Filesize
16KB

MD5
6c4e46d11c6165c687dc3a365f0cc477

SHA1
85d585cc3289e9b8d429e31405bf0992270eeaf2

SHA256
3fbb7706afb0c94cc3d58a477533ea27c6a9655fac9f9891045778a956ce36af

SHA512
f6445a531913ca59aa5512400ae629feffc352a22969b79947e4377214b8985ae0d180fe582487a3e07ddb8ee67589cfbcafd78d55d4a24c10fd2cb922b8f99e

Download Submit
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db

Filesize
16KB

MD5
978fdf85b8448e3a7c9015e51477eb49

SHA1
793bb88398dc9457935a4416638d5ed3974baf19

SHA256
8f72919eebbe45ed6d33b7b763d7e45d76a880128aee9aa5c29d28ab79689a92

SHA512
852b2d3e2607c96625e9bcd454c702ccec6a0f07aba3410976d6400ecd2d48ccc92d93c8ce7fcc87a622d04357bd6805a996f11d339ca7fc3eab99c0e991fe38

Download Submit
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db

Filesize
16KB

MD5
9e31af293018fd81138d89dead81bd2d

SHA1
1d2fcb28c3b1ae13a5ae9c762e87996f1cca8887

SHA256
279c84375e7b5d601dba6ccc45213facb6b9596a91a2e984766481705f1cd797

SHA512
b8974f48d3734c5ef747dd4caab5f3f639629782147afb36e1dbe329d06d37e00a13d3c2d155a58d8f88e19cde9dd6abf6e358bb194fc2403dd26053c2ae3826

Download Submit
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db

Filesize
16KB

MD5
08dc4d22a6fdd518b728e5490a5f18ff

SHA1
db0a94064e00b7808e23fd770de3e54279c37da3

SHA256
289d210863934860b2757f7ee8ad0ae1f8fd1281c935695233d656c7757b6d38

SHA512
e2a4043720e4d733948aa6a79f74d5d4248fbc5da0b653ce6090c7c28e4cceefc2ffb541637f0543d2602351a0dfbe51f777a5b870d990e8832886c7ac645250

Download Submit
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db

Filesize
16KB

MD5
e3a35ac248b3be9e8e2c1888aaebbc8f

SHA1
b99421a4303b300078ea9f1dd612d131882d1d03

SHA256
19c57fb7eccc576dfd5f8eb0e4554ada67a13a8a12d61590a10171bcf4107fd9

SHA512
dee12336211d1e7049eaac073f9cdb272fca4f20837f039f5647c8d3f53cdc764ece6bcfd0e8f783f84fa773ffaa68357724f97b5f94de583ebfecad72ee15bf

Download Submit
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-journal

Filesize
512B

MD5
603e4f621b7142261bc819bd2a98bac7

SHA1
0740566702e288c94710e392178d2410081ae666

SHA256
74778cd3c065f9497975e6e2b31825261083e68931b27138f4e5fca7f7bcab5d

SHA512
9b27a37d76c555314b30855f52d14690e2e3b9d1b8addfa0279eae5c58f6c800c76a0a965df25f3fff5561dd059ffb1b391950e2cf4de217bab8686d7282b400

Download Submit
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-wal

Filesize
4KB

MD5
e085eee449359bf08ce7639e631b9693

SHA1
dfd201180acf792bd2355e44538ffd404b103495

SHA256
e1b86156c17b0f4d067a653f8d4906ee319e51138c38c2942d0110fd7dcbf8dc

SHA512
21259505fd57c419044b0a7303551ac7576ebd0a6057a3e4a053f6d49172857398389c9aa9f49d93185a6f9cbd0d3f196b750aded44cfbac7aef739024cfcf7b

Download Submit
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-wal

Filesize
4KB

MD5
5769caa53c495f414dffdae3c280bb81

SHA1
5f480ef144981794a7870587da1770f6fcf0a23a

SHA256
b44310b1c2aeadf195c9cfd63b2250353566cf3b4a76a63091f0b517f1034a34

SHA512
acf1557dae935064e2ea0f864efc38288a6198fde5c7908124e445bbe4d7e7e3bfc54679d89f68b7a213d4583b1c8cab70e724423af6fb539d74d77ff1f1f341

Download Submit
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-wal

Filesize
4KB

MD5
9654d90d5c2adb65aa1bcf78b62e27d8

SHA1
4cfb6aab71a50c0959c89e779ccbd6dfeb814058

SHA256
461aeadbba29d757005eb7e0f250c7f4ea1fcf516c1525d8bb62629b7eb46bec

SHA512
1d915cdd5452012a1276f79c874a5bbe18e907c8287b610b63539f52d3831bba98efc1196f4ebcffcb05a8315df7b95da2c060b596f92d774a2cf3b9be4d9ca3

Download Submit
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-wal

Filesize
4KB

MD5
d91135b6d561b713da516b12af22309e

SHA1
d568033fb915e470b4c5720c1c1a4760727bc6c0

SHA256
2c32a3677d18dc4bec3efbf434211a6cf6a8edeef5dd422766e94c65f5b7d809

SHA512
7f3f7e137cf832b4bd8bf2a5e985bd0f8fdc4162f2a3d55f356e53afe847b4ae7a3ef5bb7c36688cc29c62eaf05ce5d4e11001dab3fb7043397df5e48105ade0

Download Submit
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-wal

Filesize
28KB

MD5
334d8d625ffd3558b0b83f82581ca211

SHA1
47ec09eb343d9a8e2325087ab8dfb92227c55916

SHA256
afee31c23507ae73c908efa01f3d21ac776d9fbba54c356c10e25d8393cee146

SHA512
f8f40f8f9bf94138c0b3d361be46b99d178dee4dcd078f7f58db8f330da571652c4f1239d63d8674dea0016629060cd5689e21f74dda7b8642ea04fcb4093481

Download Submit
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-wal

Filesize
4KB

MD5
b170e435a909de769447392d2df646c2

SHA1
be72bd30ed7086856497c3df94e2a89a8a4f77ff

SHA256
90962b08e11d3d9a48522e03da8480a73f558fb29ae81f4efdff3631d9c05150

SHA512
6f8579f7a4941ef3cafac2ea902a5ee730e67e92cae2f8c09fd0007b06e3df112d7765d7e2a2e69afdf45a54d8fe340a8c1edb0cca840abef26ea7ae16b3db9a

Download Submit
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/files/khorak.db

Filesize
186KB

MD5
b3de6a1b33fe8379e95e32e182f658fd

SHA1
84ade4c2496de093d023c4d010460613db4d5a9d

SHA256
de476dd031779fb969b038c4796d62902dce929f0e993fb16084dea385ef8b93

SHA512
d97609a058f041d2ffe800fc9bd35bac955489308728621675ef02a9ef5b834e2292536dc8b378c55364ee3f1a52e11c6d790bf9496d6e0cf3d63692f2a12757

Download Submit
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/files/khorak.db

Filesize
1024B

MD5
8a7caf3447a48d78e82bc14263130486

SHA1
ffaf270da1445b8361cd4b81c9f29ace0e673a84

SHA256
7630b3abcf85b4a71a0d9af51118fbaf3441fe4e34f86206c6135bf021ea6f57

SHA512
dbb3bd819776ca010b2f0000d0e3d3bbd5a6f1bf363076fe99112847439a917a784c382a08480c14ba1f4b19fd7cb52646b1590f119c3ba1f6e17a9357381c0d

Download Submit
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/files/khorak.db-journal

Filesize
1KB

MD5
b955512135e0b05dde8c62d65f74b269

SHA1
0e99946457118e23f2f0b83614453f37f5177cc4

SHA256
856954b20de3d9df370048b2db34d7b143bff6bfeaeaaace2107f73b24603c9d

SHA512
f0ee1ae705edd697311a88c0880b51ba54d204b0ddd681c5cde632e472e280eefc636df913bd05c8347d85bb77aae0b78090d9fe892b3f5e5f78fcbdbcc2b85b

Download Submit
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/files/unsent_requests

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads