acb28440297159a9d34c908e3c3912742df9de19a044ef0618fab3bdd9a7438b

Analysis

max time kernel
121s
max time network
154s
platform
android_x64
resource
android-x64-arm64-20240506-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240506-enlocale:en-usos:android-11-x64system
submitted
07-05-2024 14:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

20d11715ce2a65dfb5d9e05620433f14_JaffaCakes118.apk
Size

3.7MB
MD5

20d11715ce2a65dfb5d9e05620433f14
SHA1

6800d4072258116db537e08ba0b228498c5978f3
SHA256

acb28440297159a9d34c908e3c3912742df9de19a044ef0618fab3bdd9a7438b
SHA512

4775f7cd2d347ccaa83423b0c546f1aa3acd115b4721581b2686c05a4ecb6b284180c462937fd77f78eef5a59504b71f615630bd7fe84970528ea159ca311a89
SSDEEP

98304:NDQmZN9AS0EZkJ7rR/0sJpqc18+7UVT4nG/QpVfeGZ+3uEB:NDQMlkB0Pcv7UVJIako

Score

8^/10

collection credential_access discovery evasion execution impact persistence

Malware Config

Signatures

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	ir.mostafakeshvaree.iran2018.anvaekhorak

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	ir.mostafakeshvaree.iran2018.anvaekhorak

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	ir.mostafakeshvaree.iran2018.anvaekhorak

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	ir.mostafakeshvaree.iran2018.anvaekhorak

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	ir.mostafakeshvaree.iran2018.anvaekhorak

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	ir.mostafakeshvaree.iran2018.anvaekhorak

ir.mostafakeshvaree.iran2018.anvaekhorak
1⤵
- Requests cell location
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Schedules tasks to execute at a specified time
PID:4926

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Location Tracking

T1430

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/__pushe_base_lib_db

Filesize
24KB

MD5
05596d5a2335f6271140c81dfd7ec18d

SHA1
9ada41f394119f10f741ce4cac9b41a6955f1154

SHA256
fa8dca2e63bdef9482c80c7a52e6bc541186651743557947347c5b83031905bf

SHA512
c8111545eb3c4251e2de38eefb7976e80c9baa9b97737b47f5079a9a1a4c8ed7f6116329c95f51c80244d375a2acac831db935aa32dc54ed55d643f579811f71

Download Submit
/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
f2daf37f861db572c348f23781542242

SHA1
933269d053f4f43f45de150804dfdb085f46c708

SHA256
32add9a9c3169bae0e7f088dcf69fcbd1d2b17b252b8713ec386c1b7d669a911

SHA512
8bd0e3db41c3af96e90a95e9ff6519642cd5983390a6f9f563ee883f5fcc48de95eb23231bdda086aa5295dfd88960a70a654fe54a7aa5a4288da4a13a99c513

Download Submit
/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
29baa2d7dae07ba3e95dedd5ac1a7c99

SHA1
fb6644254f08a3ae22326e223c81a2984702e397

SHA256
d457513c2775b6afcdb6dca757426d678f40e97e8bd8d797263209719c2502d9

SHA512
f8f0814c8556e739685b1aa386953dcf056b1853fcbf4d9ea7133dc87860bfcf0c5ad7bf465a9704be5dc087efa25e8501d4f18bee8f54181e84b6587f8644d7

Download Submit
/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
d8f472f4597d258810292e392d3bca66

SHA1
339d7db9d271705f06c136df0ba43fc316e93af9

SHA256
f3204ed87fb22854fae69be8a5696915902f7dce19412616bbccc1d62c1b9eca

SHA512
87b7c69a330892828437ea0326bd6a90354e1a25968076074772920805837d11b092e0586e0e45961d7877d4ceadbfdacbbb0073f4deaaa9724af17d93f2746a

Download Submit
/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
472d311021e1cbbde3cdf2112775bd28

SHA1
db37a504e66d79dceddbce8ce2dcca002536b520

SHA256
8cc387a374a11bfab15a3379f5ac40f07aaba3c88048f2a5be499842adaef5cd

SHA512
08d07f4c66796d4fb810145e94673351d31839a166d6e68dc5b4e1e2eab17a6203b04532f1aca75eaf7be91254f61ee59c6f7e1a77c5eb634f31363b73699836

Download Submit
/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
e064e3bc56bacbf85c00f2c50092d207

SHA1
a725237dfa87b44617b642040493e569ffd9e04a

SHA256
95773f05c459c3b2160b583d298f0be52a872094f8d5208f4d159f52baabb7f2

SHA512
f004133eb79b6266423d2d993ca290fef16ab2fe12e2f993596c0631b8bf92ed4a0fb4f53e3021dbc6aa8c544efe165457b6ac94cefecabb1c72d09947e49a49

Download Submit
/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/__pushe_base_lib_db-journal

Filesize
512B

MD5
c198537bdca6a49b34858746e78a6484

SHA1
0c81038069514e9544d2833c2b8ecd4346d8b122

SHA256
a43f42cb4b278cfceeacce38c545ff43554b41adeda0086781ef12fac1aa8a83

SHA512
c159fee2775281915bd83a30b00590d5ef4fdab6fdd9a98978b6c2b29c96678771a5566b4f7ead3e2c7acf01fb1ebb133915388077b723aca16eaacf2ec6c430

Download Submit
/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db

Filesize
16KB

MD5
f4e5fca3b10a612f708f08f4ce772ddb

SHA1
702e3bad39b7ee2df3dfbe8d63821f1180404dcb

SHA256
fe7b6d12a8683ec2fc2203f959bca12ff3282ebf42b70720bde22755842ba424

SHA512
9e0720fd964622ae98c256359ac6853f0256a17b8c165f2133401c5d71597d1089a4e930489a3d7e62f088f44ae741d1e5fb5f177cc95d7d720781644fb74b97

Download Submit
/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db

Filesize
16KB

MD5
44b806538146e3dd243a870823706284

SHA1
2bdf5b342214105afc9005dc6e4d74b3cf6dc456

SHA256
33672fb82cfd0f2dbc812306d0293a5268eb0cdb9b8074bf853af94b9e7d3791

SHA512
e53077100fb00390f4eb8c3757f6d620c142c6e27f8861bf65b4faa88a8c2edcfbc157ff9429a03898f27290298fc9150112d7d87aa40ec08aeef15328af9859

Download Submit
/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db

Filesize
16KB

MD5
539e03841940115f75316f4b3dc570e2

SHA1
d49ef19c43cd2b03236155228073192371db0e25

SHA256
2444df64bb688c246176ee8dcd8fa8f4ede703cea46f997d27618faaf42876be

SHA512
d27286261b99b279f2cc4be1cdb869aa8b67be87bcf6a737f1350f3a3ad9b41cc2d797151b3dfbfdf9a5cca1658cad15b0326d3c6b0d3b42602cb641b6cc1533

Download Submit
/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db

Filesize
16KB

MD5
75e4643ab311a1cf3411e24d7fec124e

SHA1
c43fa8f964015c7382e07c1157839e555d948d96

SHA256
74275814813831afcc2c4d8d536f9ec682900c5bac23338bfa1090c9b9fe5951

SHA512
b8cf3c8d0fe40aaf7488c8d88cb7d6a6b17c01a3ec7ddfe8548e318658d23a40012a93d59b498ba2661df29ed83baf63c22383025453b49c7d0b9a9d214a7c24

Download Submit
/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db

Filesize
16KB

MD5
47080e3bfcf2db9b8620f2faf6c5857a

SHA1
6f63c1851255e0fa99567f047382074b086d38bc

SHA256
dc4f8a73f49d2a6b41ff425fd08b85c1eba5280c438a1a1ff9832e91dfa56cbb

SHA512
e757043d82798926a5ddd716457accf6616894ad1ad79ec832293a1f662910b663239f899bf05a5c8d90fed5bcb093c5529e5bc842fe9003c1d5902f9ed84473

Download Submit
/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db

Filesize
16KB

MD5
92562cd5d25a08160cb67adbcd744f85

SHA1
9833df0cf1ddf731c897544cb521a39233465820

SHA256
c894c58c152c96b4a769aa35e0ad627778f31721572a9228ca3e7bb6d3fb5799

SHA512
6507e4979aad1e742622ba8cd8d2f2c1b6854aa671a84161b77fb7e92d0e67e67eff7fd0c3c55ce5fbcf16aec6183df17cb80c0c8114032452a3a9bf9fed013f

Download Submit
/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
ef8a18eea0c1a498dd3440ea25601ea0

SHA1
df53303ab3afe758bf1398f5d808572484d26cb1

SHA256
fd435b8b5be56dfcf9a15e2be2b4ed8e02a113b24d6d3a7e108f62adfd888c64

SHA512
a925e9cb04147016439ca48ecf786dc40cbf1eb848c40ca716a80ee69c098907bc1b745109d0020f6c27471b3cc9f1d6e19b44d93c9230fd1b11c0b8b9cffbaa

Download Submit
/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
9e217fdc7d4daf8f19e7f2785d7d59f6

SHA1
90faa13f0372d6c542904190a2572293188a04b7

SHA256
2ef9f6babb45bc81eeb5e83bb14c38ee0d1d2dd2a815d73238f1364ad5cc67c5

SHA512
f94cbb96619f20c767d65d92992600098be804064280482f572b6a75d5a39166c45e60386ca83982accbeff7b9974bc3a328257cb50fcc2187d99cdaffe4ae9a

Download Submit
/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-journal

Filesize
512B

MD5
e14b2ec54f7f25fd7459d548ffc1cc6b

SHA1
4853026141d509e872cb22c91ab6e06d2b7921d1

SHA256
42ef8f5aca0c43939b5a482a0be43c4d7353b4881b3ba4c47c220af3b7196012

SHA512
2065a0db3acf8229b2168293b3eb30f506e98eb942787fb43445552790e9bc4ecf2f69030a355238f22dd6f98ef5ec51f581801764e587050f2c25c426fea3af

Download Submit
/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
c2a755d9c9c1d918241cbc016c8b5f4a

SHA1
1d302323b87c595f117252eb31b867879cffcdea

SHA256
a2776dc34aa977e4f7faa8b43d3f7767f99dccb02153b4efd4bef6f2c6853790

SHA512
2fe5ad1c00dce65abb8bd3a550e256be51ee18966b1d33837abef578ed30bc5863abec2e0cf7eb8a3f8c9efcdfa9a88d64fac89bed647be6b509a78cc7698656

Download Submit
/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
c430a93b26e74e925d16c4149e74762f

SHA1
94d8c943b38ea6a7747660ff02aec3d10984bb7c

SHA256
fe6c0d781ba9fa913d50341953dfa9607fa6d68522133e59e114e453e2579a6e

SHA512
3a80a2b87693ce66f99a93ca466f62213292a98d32f58120864689e9caa7cde03af2cb075ebc2ddbd06b72a7775277c1714f5837d533ab841b27073c42182129

Download Submit
/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
4088f321336aa7d180dcb95aa6f376fe

SHA1
c0face84ca62953422bc9f278415b304699a9d04

SHA256
c9e7718a9f6fccbbda6bfedc02923e3478f29f284cac4e03688b4d5b3d6cc66c

SHA512
9bed25fbc8fd7cb1ebb03cb5094504df065de1cbe035346701c57e928f1b56d9246b0c9c0fff458a6ed218292b1719f026e3b2c538fbaf992819fd0997cff7f0

Download Submit
/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/files/khorak.db

Filesize
186KB

MD5
b3de6a1b33fe8379e95e32e182f658fd

SHA1
84ade4c2496de093d023c4d010460613db4d5a9d

SHA256
de476dd031779fb969b038c4796d62902dce929f0e993fb16084dea385ef8b93

SHA512
d97609a058f041d2ffe800fc9bd35bac955489308728621675ef02a9ef5b834e2292536dc8b378c55364ee3f1a52e11c6d790bf9496d6e0cf3d63692f2a12757

Download Submit
/data/user/0/ir.mostafakeshvaree.iran2018.anvaekhorak/files/unsent_requests

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads