c4126f476a6c3221b53ac4ff3072f735b8d5140045ae2bb74cfca80add82d2ef

Analysis

max time kernel
150s
max time network
137s
platform
android_x86
resource
android-x86-arm-20240506-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
submitted
09/05/2024, 20:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2b9d994a3271d520842938947b68e169_JaffaCakes118.apk
Size

7.9MB
MD5

2b9d994a3271d520842938947b68e169
SHA1

c28e14165e1c14eb0b586a2c78f7f8dd04dd2fda
SHA256

c4126f476a6c3221b53ac4ff3072f735b8d5140045ae2bb74cfca80add82d2ef
SHA512

13c290c32c746828293ff15e7c6529ebe67e33aaec437831fc931ef7e1012cc5e8f6d07804993e259e2eb5fc9450c95c2b82dd9f8ba5bc145fb3ea8a6cc465bf
SSDEEP

196608:HM8mGgAH9jWEjl7pS8BndRrmYdAdaoj5lNCXxG/UWyM:iAH9jWEBRnzJ6pF3Cs/UWN

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	ir.salehinasab.bokhorhalbebar

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	ir.salehinasab.bokhorhalbebar

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	ir.salehinasab.bokhorhalbebar

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	ir.salehinasab.bokhorhalbebar

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

ir.salehinasab.bokhorhalbebar
1⤵
- Checks CPU information
- Checks memory information
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4258

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ir.salehinasab.bokhorhalbebar/files/fonts/bkoodb.ttf

Filesize
3KB

MD5
42ed81df7776b8b0ce4272a0928a2565

SHA1
51d7d6847c17547d17f5e658341022f0c1566ca8

SHA256
25d3f3d41f695978a1920935a09c2839ea1cc221191aab12dbb03560156a72a4

SHA512
76a9bf954af4cf14e909ead307ff46bd978b01bc25aa7b30a565cf7128b55166c8381e5cabf05705d271dbf8301e2f6834cf4dc3285dc2d17a05ba76da3ea33c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads