fbc061df4aeb65383fad78890df1c464bd847db236068cda42a9e564ed945c46

Analysis

max time kernel
51s
max time network
157s
platform
android_x64
resource
android-x64-20240506-en
resource tags

androidarch:x64arch:x86image:android-x64-20240506-enlocale:en-usos:android-10-x64system
submitted
14-05-2024 05:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3e1d7bcf1d82b84925de1535a83fb825_JaffaCakes118.apk
Size

3.6MB
MD5

3e1d7bcf1d82b84925de1535a83fb825
SHA1

795937912e6260dc87c06841697f0605dac57945
SHA256

fbc061df4aeb65383fad78890df1c464bd847db236068cda42a9e564ed945c46
SHA512

bf51c8650edc994e599d5817cd4aa9a07a660854f578fe7ebb0d4e991da23c87932804883c9a4228c583f56081f1bf4134a343351d2fecf80ec81805b91f2531
SSDEEP

98304:7eO/VwL7Fqdp+H/3wJFsv3fj2NUn2pdLFsBGHT:Ptm8gf3tvPj2Nxdhsa

Score

8^/10

banker collection credential_access discovery evasion execution impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Requests cell location 1 TTPs 2 IoCs

Uses Android APIs to to get current cell information.

collection discovery

Location Tracking

T1430

Processes:

ir.pars.ash

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	ir.pars.ash
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	ir.pars.ash

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

Processes:

ir.pars.ash

description	ioc	Process
File opened for read	/proc/cpuinfo	ir.pars.ash

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

Processes:

ir.pars.ash

description	ioc	Process
File opened for read	/proc/meminfo	ir.pars.ash

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

Processes:

ir.pars.ash

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	ir.pars.ash

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

Processes:

ir.pars.ash

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	ir.pars.ash

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

Processes:

ir.pars.ash

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	ir.pars.ash

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

ir.pars.ash

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	ir.pars.ash

Acquires the wake lock 1 IoCs

Processes:

ir.pars.ash

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	ir.pars.ash

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

Processes:

ir.pars.ash

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	ir.pars.ash

ir.pars.ash
1⤵
- Requests cell location
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries information about the current nearby Wi-Fi networks
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Schedules tasks to execute at a specified time
PID:5198

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Location Tracking

T1430

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ir.pars.ash/databases/__pushe_base_lib_db

Filesize
24KB

MD5
d5a3ec1f841cf6b1a5976291d5413c08

SHA1
575ccf6133dd05626ee72172194787fedea88775

SHA256
614053e9f08705db506bf1b31db5b1fdc062ef2c7c313263bbd36ac4276aadda

SHA512
21a0bc972633726ae31f8f4c3bf8895bcd1bf05822a08fd96a24585cdf190d6bcb43a6cd77e1394f90547d7f8fbf03fcc8e0673888cc07f12246d461f5118014

Download Submit
/data/data/ir.pars.ash/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
209ed972594504311ada0e869eee0649

SHA1
956dff23f5e9887b2a79eedda78924f22eec065e

SHA256
b0a7e90ba1249f786efafb01abbf70a46da805c9e3fd618455a19a6ac3d9859a

SHA512
929e96a102ab607c81ea651eb7443d7598e78f446cd043ea1415356769a2f1f1d94f4770872b079890a82e6117c03d6e29d76ed8712c21c4e80db5b8ea9a367f

Download Submit
/data/data/ir.pars.ash/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
72481b27d5fae37b1da7c5a6098bba9c

SHA1
9d1e130a86a1538f230153643f0a89b0a198c59c

SHA256
0fea471790265a4724d7e5d95b6ec9de80090ffdcf819008dcc2b57c8fe7c427

SHA512
8d09de61ae6713f50ed8c54a55ea28b8f84cd4ebe2e75ccdb0a4541e9c6f69889d7d1621771bbcb1f00f061e7300182fa116184c50122fc73a0c1060c80f4466

Download Submit
/data/data/ir.pars.ash/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
91edbcdfb1f977d7cb9be6a10107e551

SHA1
8db42a8ee3662b525d44eeb3d6b4e7f26de32809

SHA256
c310489baa204a9df99c8d1d6d94c10ab79f9b7b98e02cedd42a1240fcd42bd8

SHA512
00e66a6ce0fc054529648b707c756cd90c9ebea8c814278ac603cc02c4c5b5f7d509c704372baea8a799ed08efa5eb75b44e8ef36a2ce3c24f2353f3719e7ee8

Download Submit
/data/data/ir.pars.ash/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
84ce884baac9ae9447bdf182c8f393e9

SHA1
872d96e18ab77f70609eab9cdcfa34091ef5edd2

SHA256
c3b57e10b2b26660eb593166565aa91bc4dcdff59962257b44c57595e9908f3d

SHA512
040ae4f0a08112c06c335f69c334c1cf4778ca6549bb40c658486051b57f5851c5472d2f382f65cff06facd2d0fb4f8f85076d30cbbd50cbd64e085fd242c8ec

Download Submit
/data/data/ir.pars.ash/databases/__pushe_base_lib_db-journal

Filesize
24KB

MD5
a9f249ae07bb5737a64dba927b0a4193

SHA1
1001e62948a79c75c563932a1faf73df2d8b1322

SHA256
e81952d311fcb0be8fc5c48c6339a44609135006053aedd20ae4bd12986670b4

SHA512
8556b12e33b2df2a1a5c6dd02df6c3a4d00a8c3ac8de2b39424a128242b9e8d9359a2a2ba2a07ae8fe9492c270fc71deeb22f9851c6dfe53b12ba9682145f5f9

Download Submit
/data/data/ir.pars.ash/databases/__pushe_base_lib_db-journal

Filesize
512B

MD5
c841001df337d6299b808ebead9e0b68

SHA1
bbc8f694740f95e8a351fb47d1afd493e4571c07

SHA256
9a6fce9329df94e0f53d405a41f21a102c6c6fcfdbd564dfdb8dc6e0fe55cc90

SHA512
49b1b3c501c806a90b23cfb6b520fa2b287fd653e71fe9af4a61499b824d2050e291a6594e2efce802016620f20bae6d3bd4ba63d0184467d676fb70e287fe3e

Download Submit
/data/data/ir.pars.ash/databases/evernote_jobs.db

Filesize
16KB

MD5
31ca5b79b6731be021000d6282a59af3

SHA1
71d7dc6eeb93d010ed553f60c21b7136abc9fd2f

SHA256
5fcaec1b76754bd8cb46cd18161fb3e744441d393245c4e11dfbd28b486f9579

SHA512
2be811ed66a4f25464160fd1989f5b5cc9df11db3316eb118c9f6fbbf97dc5fd3757a977e2b359f879090179c1418174e31148733336afd528fb4dbe67cfd6df

Download Submit
/data/data/ir.pars.ash/databases/evernote_jobs.db

Filesize
16KB

MD5
c1275b87877f25bb546ff6a1ff063f43

SHA1
da7661c168fb207e0ad4f88dfb9eab53a293b576

SHA256
dcecbe01dea28dd2b310428260d58a57ec15f540081a8a47c32e203f60716a5b

SHA512
626b8b06530094327265bc56a88f40113cf8870acee4b8a62c43a1cb012451ba9dd4d98d689ab6944e647f4998683323a5715bd258f53b115f5ce92356412f56

Download Submit
/data/data/ir.pars.ash/databases/evernote_jobs.db

Filesize
16KB

MD5
81bf797f95ffe936398d57f6f128dce6

SHA1
f5fe5b762d8661e3c2a13073f022f489c5a09c9b

SHA256
cc186fb3cbcd54e886578773bfe3f307ab3535b4d33233b0e3dc5f9072f2baf8

SHA512
f814a8c83312fab8eee922c0739e044eb5b0ca78bd6de47aeb3f668d6af645df3323b397b7aa98929938abb85d72692c00af307833decc9e770614f120d93c31

Download Submit
/data/data/ir.pars.ash/databases/evernote_jobs.db

Filesize
16KB

MD5
9e851a1e9f0f3bb4436959eeab19de47

SHA1
5224eac0d320725d8d7b8f103b342c7b0f2041ba

SHA256
ceeb24f3d3603b2ba96807ad6479141dc7fe7b668eb717bda8b5736946bf4267

SHA512
2469932f0e91c1dc13bc58d69766b08ba6491e3b314afe92d1dbc39ffffabf13e891ea7b971a28d323261085309fcce4e56d69107d0b19350d59b692588dc0e2

Download Submit
/data/data/ir.pars.ash/databases/evernote_jobs.db

Filesize
16KB

MD5
00e829076f54c72b50b63fd6de296a03

SHA1
fbeb1b8be863931f98a7c29224a03b89f9616ab2

SHA256
c479f839c0bc15e9a9749cb5a5a3eef4e09c0163160073477f72fa78b2e300df

SHA512
1c6b0bfe980050072927f8d407ca86353098d03502f7194f141d43c045a3f35103261811281f023262f4823a4fd70659d6802b76e126e991120dc14cdf74bbcc

Download Submit
/data/data/ir.pars.ash/databases/evernote_jobs.db

Filesize
16KB

MD5
8cc9a9bb5316b737896fa8309318b1bc

SHA1
49ada0d74f2aa827a6f37c7f9ce3367c13c2a871

SHA256
228c58c85f35b782d425ee00d7eda6a9211ac099bda70c65555d9c1046ba645a

SHA512
6c9fc9e0a9392df9f2c76672c6fca7ac18274d643e4ce94703dee298f720bfc288e2ebc1a91091f39739f744125242417d3a936fab512004e4cf4fb09c5f039d

Download Submit
/data/data/ir.pars.ash/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
220515e99314613e7332bc2e65aae056

SHA1
af91c18d8dfc8e01ae046b94470fbe8b146e43da

SHA256
289cf5fce38b3d40a728c3932f78c619494c1d104c4becd521c7083fdb3162d1

SHA512
462acce9997272006cd59326447d40b61cfcc600134e4a568f5bc56e17030412321bb288b5a64366e3d99f38d47dbb82a8c08ade1abdaa9844af62aa313a78f3

Download Submit
/data/data/ir.pars.ash/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
379bd0da16854a32176eb7b6cd739b7e

SHA1
944cb6b00b1761d1e2c68abd6d7198577df11e01

SHA256
2c29d7f605c7d26aee72ad9a542415595d82814dc5175f4b67e3ea21c65cc665

SHA512
9ac495ae7a1eee45c835ada7dc593c824dd6958a399c5c007f6d6c7073fa07384097a7c024ca4f0bddef94334a2c17b4f578472b976cb594c3c89b6361e377ba

Download Submit
/data/data/ir.pars.ash/databases/evernote_jobs.db-journal

Filesize
512B

MD5
a5dbff0d0ab3d99f6dd17349adb9c362

SHA1
d2c29c2ec9949ebb4fb311d54de2977b3cf24d2f

SHA256
b091e900b2cd2afdd8617700669cef694e942beeb0711cc655dd4dbcbf15a921

SHA512
144bb94a9a68aa4a94dc9daa5517fb96a9977ebb65ccfd6837c037908fb21444a332d197bb15b6f02cb1297654778ff8355b33a4aa16279c0459084e59c5df04

Download Submit
/data/data/ir.pars.ash/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
3271b7a568fa43521174b108dd595162

SHA1
d6110f7c71414b63577fb9c99b0b00a6d18a8ff6

SHA256
985236ac23dfb72eb18d6880dfa9bdffd9967c0818fd5e817bbeb2bbaf4b87fd

SHA512
3beccc309a2435efd7952204be5dab8540a56dff9e2afaa926a6768047e24e7f52831884d40b2b09fc050dd640b10a38398cb63e1ebdb1fd865c1515464b0994

Download Submit
/data/data/ir.pars.ash/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
489e00400fb1588b46688fefd6b9ebb2

SHA1
91742ef223dcfde98a4e07622e715f1cfc1036de

SHA256
0e829fb9864df206fd68ef00bb55216865cf988e08666b45882786dae574de42

SHA512
a6c801ec77ac28a254188f521888f37657bc086eccc15da10638231b0ae3d50122954ca06c33d96beacbde4ad87f9f9f41ca6b590e7548a1ad916977d73d59e3

Download Submit
/data/data/ir.pars.ash/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
a95a5b4ef50866a7c8a9280a6758e2e3

SHA1
6d24027998ac92d3a4a219205b6d368ea7518131

SHA256
6b21cfa7cc17fd478c9cce2f044bda7f0162042c827421f56e3f193a073ddaab

SHA512
c1bc9271c39cc778b1c262ef66bacaea5d9a9567a82e42c3831a51435a966a351bbfb75fdb0e29fad7eb40461e1521498c1b7d79852c1d08079bd8a339ebadd5

Download Submit
/data/data/ir.pars.ash/files/sop&ash.db

Filesize
108KB

MD5
5f1b372d2a74ccc6f23bf056d2ab11e9

SHA1
ffe4843014b1abf493412d997410eb5596d3e839

SHA256
9b75d26962b6eb5ac7227091cbcf332411b293ee0451b512f9aba39b38d44791

SHA512
7137ece4ee60e215f36d96c32cb56b91deee2cc91b0eb9a4c651b779bde4159491a5bce2e93f0cd5dd54d57b0758d0e39ba0c4bb1d9a195d15dc085c159b5f7e

Download Submit
/data/data/ir.pars.ash/files/unsent_requests

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit