acb28440297159a9d34c908e3c3912742df9de19a044ef0618fab3bdd9a7438b

Analysis

max time kernel
107s
max time network
131s
platform
android_x64
resource
android-x64-20240506-en
resource tags

androidarch:x64arch:x86image:android-x64-20240506-enlocale:en-usos:android-10-x64system
submitted
07-05-2024 14:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

20d11715ce2a65dfb5d9e05620433f14_JaffaCakes118.apk
Size

3.7MB
MD5

20d11715ce2a65dfb5d9e05620433f14
SHA1

6800d4072258116db537e08ba0b228498c5978f3
SHA256

acb28440297159a9d34c908e3c3912742df9de19a044ef0618fab3bdd9a7438b
SHA512

4775f7cd2d347ccaa83423b0c546f1aa3acd115b4721581b2686c05a4ecb6b284180c462937fd77f78eef5a59504b71f615630bd7fe84970528ea159ca311a89
SSDEEP

98304:NDQmZN9AS0EZkJ7rR/0sJpqc18+7UVT4nG/QpVfeGZ+3uEB:NDQMlkB0Pcv7UVJIako

Score

8^/10

collection credential_access discovery evasion execution impact persistence

Malware Config

Signatures

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	ir.mostafakeshvaree.iran2018.anvaekhorak

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	ir.mostafakeshvaree.iran2018.anvaekhorak

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	ir.mostafakeshvaree.iran2018.anvaekhorak

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	ir.mostafakeshvaree.iran2018.anvaekhorak

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	ir.mostafakeshvaree.iran2018.anvaekhorak

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	ir.mostafakeshvaree.iran2018.anvaekhorak

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	ir.mostafakeshvaree.iran2018.anvaekhorak

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	ir.mostafakeshvaree.iran2018.anvaekhorak

ir.mostafakeshvaree.iran2018.anvaekhorak
1⤵
- Requests cell location
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Schedules tasks to execute at a specified time
PID:5099

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Location Tracking

T1430

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Clipboard Data

T1414

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/__pushe_base_lib_db

Filesize
24KB

MD5
f26e729d47db53e311d3fca0b69a34db

SHA1
cf4b7a9bbc7b81042be32397990b982fdd259c9e

SHA256
274d60957662a09729b2a8a4e1af2891f11b87a0ed2a470d18aa4c170ecd6711

SHA512
c20a6526e7f3bb17f48c34d4c6e23cce674a0c86445e4ff2db353410c80db0b4ae0aea9e629cc980588cfaee6fdd3bfc71bb7689a39c87d7bbabcbfd542541b7

Download Submit
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
e08f1ff48a53ff76b50cd7c71d02b751

SHA1
78ee84455b186a271dc620a0579895a301d4870a

SHA256
13cef1b56a7555d9c6ae534253643f0c58603d655e560cbc1b19355e91be1833

SHA512
8942cbe1cfaf5ba1a26d6b41ba4c5d8920699d60b94d4b86b2469e03605ac6860f1fd4516d6c084611fa4e2c6760460d710d6f4ddc793cfcd95d57b5446aa85e

Download Submit
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
9ecb354c895f979d9c008c20a0ead4d8

SHA1
0ac81d2b18f42a058dd8be0a7abf28fb14aeec60

SHA256
cdb51c8077dd53ca8b15e8d1419f310d31891426f943c165af512a1566010673

SHA512
ace1d6b7b0f5fda1d088a863a8496308d18a9375c6a1a062eb445a25d6ebb081d383d159d32964649dd7ad0ffd2ea8dc77646ad4caab834971bc7c2146d59dd2

Download Submit
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
e2941c77b7c9f593bc0d8b23dffc0900

SHA1
9f04ee0d7bb23692d68f72df8c1300e08272f4e6

SHA256
c58d44f09ac0cd17d2b85ea9c081bc4ac3dfc984e1b7ece07182bcdc8118af37

SHA512
e9ed46386418b1ff20fe9d08e6984f375f011f20173474c67f5fc0b2f106d3f2bfa1d644381dbfdddf94913b99d98acce68a0f431f65bdf2b13d69b3dbdb4338

Download Submit
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
4482a5aaac215c98e4bfa02a71614e9e

SHA1
8bfbe9e13aaae20089c866bea72694d5779e9d71

SHA256
a63756af2401c9ea3699f39e8c4c096042ef69e056a8bb2eae9e8742ff9f83ed

SHA512
f57e1011fe96b19b21089e40613c505de9d2e821e510fd62ee3f4d93a30e8d0439d96c3dd915bb7d82742e29c0ec0402dce9833942b842ae6ecd5d3ea781e89c

Download Submit
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
1132d0624319e6875630c73b291e3768

SHA1
91ad3683b7e5e0c15a40e0c6a17e4214f90a869f

SHA256
e3df7207027cb17f1c146510c422f1c669dec4ad93c42f9fc760dbe63585227b

SHA512
01d262d6d2f73eeca44fe487afaf3a1f3a2016ed5a33a8fb6bc465da49c74c4f8f138b626f0d7088c778f76eedbde4b7ddba0299198dc83c667d98e60393174e

Download Submit
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/__pushe_base_lib_db-journal

Filesize
512B

MD5
66c4853ef56ea3f7416ba7545cdad665

SHA1
911f659caeb86d120eac317e320b916ce9fa8419

SHA256
8959acac4ebc26f4a1b246e1ed6271912e3e97ee9019c657422de038ec2fe812

SHA512
b4abdc9bc64264e8b982e02cebdb535b1929568fa4ea30ef87364dd73eb178949045bdf3e8945d130e026b93e03feb1cb77631ad5406bc7c82c5144f878eb01f

Download Submit
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db

Filesize
16KB

MD5
f23d95016d924b1b9d302ea578fdcc2e

SHA1
2c0574ff1185af5c6696bd60b789effa5cda384c

SHA256
ca4a88aa0c863560b3e16f6885ee92e68c2e7959dfba6e69c1ccdebce48b8fd7

SHA512
db9de28b9291a02017e5f169c075a98c26c6280c660e549b639578fc6d9b32446316da9cc4e5f6f3a58ca6ac417f8234957554d7b690ddf00db78c058f0cb4ad

Download Submit
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db

Filesize
16KB

MD5
a0d93056078f02a24a1ba8c4ed9f5785

SHA1
e5036145314bf3a6e6b67be394e7ddacfc969169

SHA256
eebabc69e8813fa898abcc8592d9fdeaf21b22c50c9c38b3f2f6520cebd29b87

SHA512
b60f1faee2a1ff76b98fdbe6c9ae5eb837254d7c09d9da09110b260860b582384630ec17c821bb3a486c9a00558f074cee5fc9cad461bdd9827cfac92d5104de

Download Submit
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db

Filesize
16KB

MD5
30fa5f7c6f5f814e3c05f89bc16997ce

SHA1
7f864573b361b9cff1eb18ed53763c1b3a9866fc

SHA256
a8893467eb25f9561da79022c36d0ef40022a8498b7d46069e8ba631f1839bd3

SHA512
6168aeb2a46eedafe88fa5c0c57a3b1276be8970f12b3d40bb43923a205fa8cd3df346a0ab395a4cc470c4fce202f60027cf9db0ba05c97b1ad4b4492bcc36a4

Download Submit
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db

Filesize
16KB

MD5
b3a0295c72b2c56e89127c5bb1f8f778

SHA1
5b7b8345c70b9cfc61c155a7fe3d5df3d2b581c5

SHA256
b177997e7ac1e748b24232044f4dc671bc31358c952e339d0d097c91d423009b

SHA512
1ed4e71e9327964992e979aa20e54df13e5808ba051f6a0e47e72fe7162fc7f4c41bfe9b44e7fcf36bbbc7e32f08877f49d029af3535d59fc2874203c6d29afb

Download Submit
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db

Filesize
16KB

MD5
00e829076f54c72b50b63fd6de296a03

SHA1
fbeb1b8be863931f98a7c29224a03b89f9616ab2

SHA256
c479f839c0bc15e9a9749cb5a5a3eef4e09c0163160073477f72fa78b2e300df

SHA512
1c6b0bfe980050072927f8d407ca86353098d03502f7194f141d43c045a3f35103261811281f023262f4823a4fd70659d6802b76e126e991120dc14cdf74bbcc

Download Submit
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db

Filesize
16KB

MD5
1c321a682803669b3c92264007c55374

SHA1
de600b91593e8e2fd384a735d784903e48f7f4f6

SHA256
4e83d886a9f377113842c645887836ed4e914155160dc6b03f57f701b7f1dcae

SHA512
9260b6754c35cbd3912eb0a56ee366aa66a68003cc056dad6ff0e4a71570ed19a571c48f8604763be7e42d6035d612f0c3872163ee76618f861799b7227171cd

Download Submit
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
8a407e1f706b9e55367ed8dd86722411

SHA1
5bf7ccfd814c6986a1d9c5cea797db06329cfad4

SHA256
5d0ff7ca4df8f3460fa1bb6c59d855673546ec35606095889eb24bd0fac5fbf0

SHA512
ae56d7d4f99976c673214f547c936e8ccfec4a02936f628227381ec4b3d10082f227fbcbdf5cb3418b0143974d1489774ca8d29a8c340be0cfe9a32dc05aca13

Download Submit
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
f7f452989654529db0ed279d0932e0f2

SHA1
80ea0e5c4ebf5bf8ad43dffe1cca489fb8654113

SHA256
8f231052c3da4cc8baf4a993e87151fa39c67c9e70d3a5f1220c8f2c7117bf8f

SHA512
3a3bec92d7158c3a125b7c5a316cf23a9c9277a117e57e31ea57fdeb56aee356d1c2be00e346c0a21aaa3e689f73c919b526d81bce5a80ed5988444e5b192d0e

Download Submit
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-journal

Filesize
512B

MD5
f6f161a09e4d3b80ad6afe343ce2336c

SHA1
7382a11b78c7650c6e4839e51ab38fb9a36e5c57

SHA256
31dbf9538601c4bacceaf26f274b213acfc960604b92e0387a2c46903f55d956

SHA512
7e367c1607ffcca4c11fd64a040c462db58404838738bddf7768f238864f421b45ad024b0a884c79ece558bc04e5afff6a7b1191fd9422b747f63e4ba7f72009

Download Submit
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
14f3c40ce6d8734e24e77ec37428e8f6

SHA1
084727243f8e2d49406acc7c5192193881b1cc67

SHA256
cae9182ff52eb0c96a2bb3d194a23a4bd0a2271897a2ab36a81e1d327488456c

SHA512
f4ed2f72fef089677829db2aeec126e88c718d1e8ab76db9e8a447f8567d10c921f2aa568cdb3d5406286160817cbbb072f47d67f32a55936c30d91750a2c2a3

Download Submit
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
6ff0ba05c2b75a3d7df030823a300e6b

SHA1
db97d35bfd081ed0547c5e603049aa2de456aa11

SHA256
41b01f1188cab0da7d936818087338146462b2694768e2c56c536af1613a973a

SHA512
bc224f0466c6d132a946ae9ec81417e35dbacd20933f8e6390cac3d6353ed9399f422c4c201d29e89481035ba47aef0d88fae7dcf4f4d278cc0e425525d68e55

Download Submit
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
74e39bbe8409a3a3858678f02989df24

SHA1
64152f8537bdb0761b058d55d8e2dfb74d5dca05

SHA256
132f561d7fa9e33eefd67656d113e17d91f377110085bb4e6935d59e7c19ad3f

SHA512
a0441fddb42135310967c6ff9e1de1d805bc11889f9428d8312c472398e74e83d2334473e2f4fa560b83a8e2637372a1436520e1ce9a0b451e8bf30632be47f9

Download Submit
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/files/khorak.db

Filesize
186KB

MD5
b3de6a1b33fe8379e95e32e182f658fd

SHA1
84ade4c2496de093d023c4d010460613db4d5a9d

SHA256
de476dd031779fb969b038c4796d62902dce929f0e993fb16084dea385ef8b93

SHA512
d97609a058f041d2ffe800fc9bd35bac955489308728621675ef02a9ef5b834e2292536dc8b378c55364ee3f1a52e11c6d790bf9496d6e0cf3d63692f2a12757

Download Submit
/data/data/ir.mostafakeshvaree.iran2018.anvaekhorak/files/unsent_requests

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads