fbc061df4aeb65383fad78890df1c464bd847db236068cda42a9e564ed945c46

Analysis

max time kernel
24s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240506-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
submitted
14-05-2024 05:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3e1d7bcf1d82b84925de1535a83fb825_JaffaCakes118.apk
Size

3.6MB
MD5

3e1d7bcf1d82b84925de1535a83fb825
SHA1

795937912e6260dc87c06841697f0605dac57945
SHA256

fbc061df4aeb65383fad78890df1c464bd847db236068cda42a9e564ed945c46
SHA512

bf51c8650edc994e599d5817cd4aa9a07a660854f578fe7ebb0d4e991da23c87932804883c9a4228c583f56081f1bf4134a343351d2fecf80ec81805b91f2531
SSDEEP

98304:7eO/VwL7Fqdp+H/3wJFsv3fj2NUn2pdLFsBGHT:Ptm8gf3tvPj2Nxdhsa

Score

8^/10

banker collection discovery evasion execution persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

Processes:

ir.pars.ash

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	ir.pars.ash

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

Processes:

ir.pars.ash

description	ioc	Process
File opened for read	/proc/cpuinfo	ir.pars.ash

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

Processes:

ir.pars.ash

description	ioc	Process
File opened for read	/proc/meminfo	ir.pars.ash

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

Processes:

ir.pars.ash

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	ir.pars.ash

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

ir.pars.ash

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	ir.pars.ash

Acquires the wake lock 1 IoCs

Processes:

ir.pars.ash

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	ir.pars.ash

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

Processes:

ir.pars.ash

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	ir.pars.ash

ir.pars.ash
1⤵
- Requests cell location
- Checks CPU information
- Checks memory information
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Schedules tasks to execute at a specified time
PID:4281

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ir.pars.ash/databases/__pushe_base_lib_db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/ir.pars.ash/databases/__pushe_base_lib_db-journal

Filesize
512B

MD5
dc57cdd2432aea304a923d820cee0227

SHA1
0368d27fe0c9662f8dcb062d6a65749a8bf4bbd0

SHA256
4fdb7bdba7ca1a450e79924687085b9ab3962b6d38e02e5d62e9c17415e4ea3a

SHA512
a99b0944581825f1cb9330612678483ef2f84f4b3ab890d875cd6c7e12cbcd2e45390d1141b44c854d8609165b3cae98944e6a6ab106424b4307cea19cc2ba9e

Download Submit
/data/data/ir.pars.ash/databases/__pushe_base_lib_db-wal

Filesize
92KB

MD5
655aaee7d689c267ffed4b08507fa54c

SHA1
0532fed8134bc788253b983b15517d0211a7555d

SHA256
fa686c4c3e81e4d387d777b4508ef944e66f3e7b282d18021529295dfc062202

SHA512
28d9e233edb53c22f8737d6ea5c7e6196080665dcd4c33546b921e43842c58360fd1863451ecbe24fbbd8c776183955288471584e9db23f3c39d08f5b3bf7378

Download Submit
/data/data/ir.pars.ash/databases/evernote_jobs.db

Filesize
16KB

MD5
a2d4a8738bb2ee9638e427687a802016

SHA1
5a672a3e9d2bc11317f0f51bd11454773496b2d0

SHA256
027694a6229d78ee1229aec66c1c4a73df0a3d255c6d4799e0d970fe5e8a0677

SHA512
bf7f9fb434db7e3458691204f42276255d28f932168a6d85323e56906137328b41f5d7fdbb1bc418371d51e3d00046459aa0e9781c205dc94dee6749dc9413b7

Download Submit
/data/data/ir.pars.ash/databases/evernote_jobs.db

Filesize
16KB

MD5
06fc17e4f6774adeff660ae2c6d5ab4d

SHA1
daf6a41df7a9ecd09885aaebf048ebfdcbfdb949

SHA256
51451affe95e3982163d9a6d5059de98f7d5686d3698b18bb0c32324cb351285

SHA512
0319944e72e5b49e8f0fe8e4c00b0ce6bb45e462a3011159781d8c4e1d7dad4e370b390bb3dd74c8d425bc93b03a7bcccd0762980a8533e0f16c89511494134c

Download Submit
/data/data/ir.pars.ash/databases/evernote_jobs.db

Filesize
16KB

MD5
978fdf85b8448e3a7c9015e51477eb49

SHA1
793bb88398dc9457935a4416638d5ed3974baf19

SHA256
8f72919eebbe45ed6d33b7b763d7e45d76a880128aee9aa5c29d28ab79689a92

SHA512
852b2d3e2607c96625e9bcd454c702ccec6a0f07aba3410976d6400ecd2d48ccc92d93c8ce7fcc87a622d04357bd6805a996f11d339ca7fc3eab99c0e991fe38

Download Submit
/data/data/ir.pars.ash/databases/evernote_jobs.db

Filesize
16KB

MD5
bb04efdc2e4784547654456c2d30b81d

SHA1
435eb488fc5efb07e34044ca1971641f0fb72e5b

SHA256
9a82e2b19a7f0d6c58359d43bdeb208992cae4e8c13c8cad7b9b2dc7facda3f0

SHA512
c183f4c5060db2c16debd3f4463c711310f2bf059a241cb07579fd454c7e813b02e0259bc8d273ec381e855608849793f8ad91dfa18d6d81588b11519721f9aa

Download Submit
/data/data/ir.pars.ash/databases/evernote_jobs.db

Filesize
16KB

MD5
1980059ac17a7573db907a494855bf5d

SHA1
c35b3841ba0f3a1227376ef277a7c36d8e78414d

SHA256
ec2fa2b43c9f20ed0923b7f8d31c9d485f29b73bbe201db0f062427442b644d6

SHA512
2aaf59509ed70e0e024ef3c12e2f780ffb705892a31a3dad303420a5b63452eb0b9267c71a3cbde1cdf55a0294420ad28f9fb87236d51e6b1c7fe723e98e8fb2

Download Submit
/data/data/ir.pars.ash/databases/evernote_jobs.db

Filesize
16KB

MD5
48d6159eecf2ae99b199dcfa8eb4c158

SHA1
98035fc4585fbefca191b19bbcf464258132b55d

SHA256
3600cd39d40e5945a9dad5c39556a0e5b504e4cd2501c4347201da15cc0464f6

SHA512
4efc8edf7e2dd3e04b27ca947a237c666ba9624c7527d7818cd5edf6ef2ec58ce1342187f78b11ed198f1ef7863897bdf9ac72c580adedce0b11e26e9d4ee927

Download Submit
/data/data/ir.pars.ash/databases/evernote_jobs.db-journal

Filesize
512B

MD5
674bb94ac4deb23f3838dd3128e303c9

SHA1
ff2e064a77dd5ecdc42e238766da02b95e556c42

SHA256
90cc9353dea376d136afcf7759e7bdb895e5182d4fda7951ff17658fadcad507

SHA512
f53e28f0cdbbbee9aac1b599a59d076572b30184033a22664eeee5d5584d127e0fc95488afc5df28a38dc6ce3bfad7e285d232adce3506f6f22012d928b8f2d6

Download Submit
/data/data/ir.pars.ash/databases/evernote_jobs.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/ir.pars.ash/databases/evernote_jobs.db-wal

Filesize
4KB

MD5
4451028663f0aa16e4d925c9c27c7c8c

SHA1
497e172d02001c0bb6f4d4c0325e2d4590262c09

SHA256
ed49f77520bae80a6717615705242832983216b25bec2d6f3a6baee4d31a8192

SHA512
b95b434c19fbc279df5ea78aba65487ece8c72d02b009ac72388c6b783f8fcede699bbddce872c6aa7ae5a195da492165137d9a5aee9e4355f0ca88b9d5216d1

Download Submit
/data/data/ir.pars.ash/databases/evernote_jobs.db-wal

Filesize
4KB

MD5
eb7ed2ca18eb31f68fb726ab23bf1583

SHA1
faf4e48be7ba19dfa3693c45546b9a09aa223119

SHA256
c7de936d909c0e67b6db51660e24a81f5db02a02b829ba4394afa11a3b9179da

SHA512
cfc534b807505c1ea8caafa8c041e89a50f4a64181306053fd9a8f557a6e8317668a0c368848e43342b20cc664152efaa4b6603e579401685e9398561a68e914

Download Submit
/data/data/ir.pars.ash/databases/evernote_jobs.db-wal

Filesize
4KB

MD5
2b477d060536147867c0e3bf82bfd747

SHA1
a00b4907f25bc400713c2da127155642df414a6d

SHA256
162b13a1f4a501ed21e00e57b1dfeb538bb07864f51fa73deb0ded1a7bf51fab

SHA512
edb943d0a09e2a05b15764064da356ec7de7faccf551cdc13ae4ec030cd40180eccea3ffba5f73ff3cdc07e71e17550a20598513473a24ee653e641e05cd5398

Download Submit
/data/data/ir.pars.ash/databases/evernote_jobs.db-wal

Filesize
4KB

MD5
c8f7dd6d8b6c0e603cabc0d506a251b3

SHA1
8daec0e6b6838d4b1a794f9a04b71fa69f882acf

SHA256
ce4ed54ec7ff1cad3ebcdf39576d73e162a2016ac7c544216e63cf7bcf24822c

SHA512
4b7b90389c413714eb7224dc4651cc47608f37aef58a1d300c0cdabba2331b5d02544c764ced876c8ae09323f9a71848a1c8af48fa37c576a3d2f272f861350a

Download Submit
/data/data/ir.pars.ash/databases/evernote_jobs.db-wal

Filesize
28KB

MD5
c137ee7227ae0562c9d1fb263e359d25

SHA1
2744800d4e6c11430049863020776a7eda6747a8

SHA256
d35fb75c20097b0a4333823d34270aa24e030b4c23a619f0aec4b1560c792541

SHA512
ff6791420651ee02f55d4e251cb07303d7b245283851b1f4f1c7ffd9a11da7dd0eaab2215258891f6d40aa4db048b530f76097875f636e620f02b02c37d1f8f2

Download Submit
/data/data/ir.pars.ash/databases/evernote_jobs.db-wal

Filesize
4KB

MD5
1b10b4cc43aed0e2acf1c2310caa9297

SHA1
a08fa0f784c16f626ee02766a8d35984bfe1b324

SHA256
d1bd71bb1486e5904721391ffd5e542b8cb22ca1f6f548b26a74ccfe673e0168

SHA512
739a778ae6e9598bfcde1f9c204a8ebc14cf3d6ebd3e43993f8a8807fb798d7b2dd66e62df0c8549b4bbd402c54497ce68b3dea5858303a8bfe439934a1d1329

Download Submit
/data/data/ir.pars.ash/files/sop&ash.db

Filesize
108KB

MD5
5f1b372d2a74ccc6f23bf056d2ab11e9

SHA1
ffe4843014b1abf493412d997410eb5596d3e839

SHA256
9b75d26962b6eb5ac7227091cbcf332411b293ee0451b512f9aba39b38d44791

SHA512
7137ece4ee60e215f36d96c32cb56b91deee2cc91b0eb9a4c651b779bde4159491a5bce2e93f0cd5dd54d57b0758d0e39ba0c4bb1d9a195d15dc085c159b5f7e

Download Submit
/data/data/ir.pars.ash/files/sop&ash.db

Filesize
1024B

MD5
8c8a1c9cbeaa451840ed4aff8ec9e6c3

SHA1
0aa7779e949307a929c179990e7bdd41dbb8d310

SHA256
8a9e1633d139ecf186f7c466f4e738f07eb62690de8ae6f028cde3e23d35f1b2

SHA512
5d7ad1c14255aac69be4e1148be354e99c54188d5755ef903dcdcf8fca0f3ea0f3f033160f0147cf87c2f38d65e363a0463586b2119f548ba9b574f84d09ea69

Download Submit
/data/data/ir.pars.ash/files/sop&ash.db-journal

Filesize
1KB

MD5
ca1f4bc7de7b3c93ba842930b8f6f7ff

SHA1
53a86f66d865e72b4440eca2e5811f79e06b3a1e

SHA256
f6710a5807995fae24b8d431b811c211554426846324a0e47e8deed04dcf38bb

SHA512
53f74fbcdc5ee596a242310c74be7b46e2f87649efb5d790edc8d700813660d227b63cfff002a2e3891df27b157617b1818bef4a06d35eb901167a4c09eebeec

Download Submit
/data/data/ir.pars.ash/files/unsent_requests

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit