fbc061df4aeb65383fad78890df1c464bd847db236068cda42a9e564ed945c46

Analysis

max time kernel
42s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240506-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240506-enlocale:en-usos:android-11-x64system
submitted
14-05-2024 05:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3e1d7bcf1d82b84925de1535a83fb825_JaffaCakes118.apk
Size

3.6MB
MD5

3e1d7bcf1d82b84925de1535a83fb825
SHA1

795937912e6260dc87c06841697f0605dac57945
SHA256

fbc061df4aeb65383fad78890df1c464bd847db236068cda42a9e564ed945c46
SHA512

bf51c8650edc994e599d5817cd4aa9a07a660854f578fe7ebb0d4e991da23c87932804883c9a4228c583f56081f1bf4134a343351d2fecf80ec81805b91f2531
SSDEEP

98304:7eO/VwL7Fqdp+H/3wJFsv3fj2NUn2pdLFsBGHT:Ptm8gf3tvPj2Nxdhsa

Score

8^/10

banker collection credential_access discovery evasion execution impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Requests cell location 1 TTPs 2 IoCs

Uses Android APIs to to get current cell information.

collection discovery

Location Tracking

T1430

Processes:

ir.pars.ash

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	ir.pars.ash
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	ir.pars.ash

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

Processes:

ir.pars.ash

description	ioc	Process
File opened for read	/proc/cpuinfo	ir.pars.ash

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

Processes:

ir.pars.ash

description	ioc	Process
File opened for read	/proc/meminfo	ir.pars.ash

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

Processes:

ir.pars.ash

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	ir.pars.ash

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

Processes:

ir.pars.ash

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	ir.pars.ash

Acquires the wake lock 1 IoCs

Processes:

ir.pars.ash

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	ir.pars.ash

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

Processes:

ir.pars.ash

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	ir.pars.ash

ir.pars.ash
1⤵
- Requests cell location
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries information about the current nearby Wi-Fi networks
- Acquires the wake lock
- Schedules tasks to execute at a specified time
PID:4895

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Location Tracking

T1430

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/ir.pars.ash/databases/__pushe_base_lib_db

Filesize
24KB

MD5
84a596c9111a5344c9a96f15a53cb043

SHA1
34a05626da40e5aab088b0a9b27c5471c5240b94

SHA256
b9bb27211de818330a355c09f54602b03021769250310daa519602545194a9e0

SHA512
174f3156747942a30bc5a22bb77cf16094db46ebdf7cb0989d4cade4bb19a05745503b99145f396e20ec2b9f9ea5deb324d134ccf0cb2b61f8c62e60beb84c35

Download Submit
/data/user/0/ir.pars.ash/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
84c3f14c3a76ca2d5f2bad6edeaf6758

SHA1
2c23801dfbfa2c12c9b228023714b074acc08fbf

SHA256
a9730cec4bd7e95d85cfd8e7e676f012bf8b6c507ffd701f23bc8e8917647d30

SHA512
176df8999e7560833a284ef1d5d1f86b1cc4a8d1452c5f057ed52e782a87bba674cc0d82fb596ea03824408c9950cec0337ceede8b1aad1f95bfb328e548cd4d

Download Submit
/data/user/0/ir.pars.ash/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
ab8a405f5a3868e8242d8631e39e4e38

SHA1
f30578a19bc9ce00ab003765e5c9323ccbfb178d

SHA256
b6b54b6fcb4203ff13a0d7b029c885ea19b6f7b10dd434c0b4511a153e21e9a9

SHA512
42ef59e8e2b1a7679155dccb7cf775f52028b72d8a6d5c2923c58125d8412bc271e7561f40d2e90e3c6eacdb00f8dfe7c0f966635c115fb34b505a6a9df54528

Download Submit
/data/user/0/ir.pars.ash/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
66e19245b5f932a58145b25a38807777

SHA1
3934b9d66fff4633fa0875d42cb3de1ca3e42c30

SHA256
842725a6873f8cc4af0a8ad6bf7eca36b07cd47eab905be878a77161c88676de

SHA512
44bb252396a37a2a860cfc9c4259ad193da3af13c66fd1a3337b41701017522e72509908e65c3281674bad7265bfe2a5351b7644970ab08af1b5591874b9f1df

Download Submit
/data/user/0/ir.pars.ash/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
4d2c04f735cbda2fb52ea284676ded1d

SHA1
4742965e7d6cbb03af39a730841cd5b5df82fe28

SHA256
be6ee9869318fc60bb905647152222eb165b9ca8f6e2826d07ccb18b71555d1c

SHA512
755a19ea13243dcee5da82b44bb77609b1506b2582c33debbfeb6a0130f3e2f271d76c138dbaccb23393a39029eeac3c4e7675544cd4b3eceac87abc61bd567d

Download Submit
/data/user/0/ir.pars.ash/databases/__pushe_base_lib_db-journal

Filesize
24KB

MD5
50d7ae0b1157c839ddbc794cd4f12e20

SHA1
822bd235697f31525ddbfafad441b547750a2d0c

SHA256
9125406ea004ba101b74c7c1744d329d76e4b596c5482feda531cb5e540c9a81

SHA512
4303f11c1b148351b4a6ddb9c76a49a88a5cf2f31946f566e49855ddac72faf15dbdee689bc34889897fa6e68189ae7fb95857930d171a48a6b75754fb5fdc7d

Download Submit
/data/user/0/ir.pars.ash/databases/__pushe_base_lib_db-journal

Filesize
512B

MD5
2ea349283b86e2f537f442d0828ac26d

SHA1
cfe6914a60cb59314dd31c276325f109b35299b2

SHA256
c229fd7b53a97b210d70817a56629a6a03d3266b1fda222f1a534c2ef4718145

SHA512
6f6082089b4421c9917788b59e6128c63cb836e836e88955b9183db8124bc29b9aa43712e69b0cab2215c6cb1a5031e23e3de242f0fc4b3fb3c5217c49406522

Download Submit
/data/user/0/ir.pars.ash/databases/evernote_jobs.db

Filesize
16KB

MD5
ac41df1104469ee4683dee6ecce210b0

SHA1
174b3a262756b2eb6e0f2237b3cec40a2551e056

SHA256
8765963ba4253fae527868fdfbdc820a836be53f5e6335fb16a998ebe8bce4d8

SHA512
1bdfecbc5541e9a71399ed9ae2cbc69a61fae8bb2b9c5548e2b63a58f34b0aef5436c0786df5ebb4ef91272cfc912ce0e1923560b8753f1d08cca122209b658e

Download Submit
/data/user/0/ir.pars.ash/databases/evernote_jobs.db

Filesize
16KB

MD5
a4797f70ef68509856bb2ca5ae2c0505

SHA1
d3b48fb4c9aafd023f529dd6cbfc97e4965985a7

SHA256
d88281f0c4e9623884839bf3a1177c476852fc33830f734242c88d3ff5ee2c38

SHA512
889ab707e6399a39fa44baee0fbc70b30fe80217502a16276a54b508807f2d16a47a0ce6b6a2b4d1a696fd61bed356ca7d52ba220c41b502b3b85bce04caa12d

Download Submit
/data/user/0/ir.pars.ash/databases/evernote_jobs.db

Filesize
16KB

MD5
c1aaeb33e804cdc5ac95ac43424d6d38

SHA1
72587ce9f2476adc36b0e3a9d04ff8915bb61b75

SHA256
609d448e1b20d4c1da612e2d0e0941842c797341382cb8720f001057fabef6ce

SHA512
51d65f6e88590cb90f1615281f33940151f8fb9ce106c20510e4fefad9619dd6707c6f055d71ada18422c834364277c36ae1eb50003a8b94dfd8794b057dfb7d

Download Submit
/data/user/0/ir.pars.ash/databases/evernote_jobs.db

Filesize
16KB

MD5
79b44d2105e924f8ab8eb16bd051e8fd

SHA1
76545ec85816116bb146e67807903e5030b12776

SHA256
f61a5dbaf79080720a18db824006968d25bb90017bba8030065d0a11aafdb86b

SHA512
71203c3a4ce57a51035795caa51d6bb973ba58e775c01761fa05448eed3bfcda61c2e49c3b4f09196a3d0def7b9c6024870765fb52d6edf5938312585d58ade0

Download Submit
/data/user/0/ir.pars.ash/databases/evernote_jobs.db

Filesize
16KB

MD5
47080e3bfcf2db9b8620f2faf6c5857a

SHA1
6f63c1851255e0fa99567f047382074b086d38bc

SHA256
dc4f8a73f49d2a6b41ff425fd08b85c1eba5280c438a1a1ff9832e91dfa56cbb

SHA512
e757043d82798926a5ddd716457accf6616894ad1ad79ec832293a1f662910b663239f899bf05a5c8d90fed5bcb093c5529e5bc842fe9003c1d5902f9ed84473

Download Submit
/data/user/0/ir.pars.ash/databases/evernote_jobs.db

Filesize
16KB

MD5
496a7e861c9cb282166229a18c4e1120

SHA1
2276a216b15783a6081d0ff7f2e5baf9f513ad52

SHA256
c358017327539f360fd6a38889d9fb319c790bfbdf187801dc208ef4f8303135

SHA512
9efa66f81cdd6a29b3b32c5fd412eb749f298f1fb58951b425ffd03bfc2b8bb4fd6d4268daa09e762755a6bd4920911bf1acb1ff70a8a35ba0f0fe17da64cc85

Download Submit
/data/user/0/ir.pars.ash/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
2c8b0dcf617f91b20d1304268298eb3a

SHA1
6b2c9cc4c124eb3d518d68aca313304f13542bdf

SHA256
abbde2f894dd84c4037bc5d4763306da6c0fbec5cf6c1aa583869af7f8b481c2

SHA512
e357ac395489dc0ea490d5158f3e28cb02e23aa8715818ef5c203b2b119470f1e78520a29c16b19c016c82f1b0af04593334f8015bd5fff9ed74d8865992a909

Download Submit
/data/user/0/ir.pars.ash/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
0e4c286d174a726e698181dec003f0d4

SHA1
cc49dfba387b8658f2d29b03150ea28097492539

SHA256
7e6e0faba9bfcead1e6a7af26cebfdf7e3f678ee44f4f6e5503b26ca0ea3b9e8

SHA512
3443db65d43df3532a5b0bd95367fe23e4a2e445f9f9ab3b315bdb63d5640f11d56dc878691b64b463f821aeea0d5be6f53a3bf8d61554ea8e17d450342ff78f

Download Submit
/data/user/0/ir.pars.ash/databases/evernote_jobs.db-journal

Filesize
512B

MD5
fc8be71b67eeb9257f9ed043213675bf

SHA1
cec21f44e2ab4a936c579c09d2d78a968a6972b8

SHA256
6b06396899a20fecd026674ab956e92437d4a7a72f0f218dce078e7bd21ede8f

SHA512
87d0d1ae411d954bdf04114ec504c4f6bcb5bf2fbcb451924b8940b3be13f2344315458d2caa965c717f5e32357120b5a2e89e27c27233d9a4173c1e97199d1b

Download Submit
/data/user/0/ir.pars.ash/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
80ff21d96525938eb568ae22ee53f15e

SHA1
820674f889eef0a738f03528a924867bd408f229

SHA256
0e75316a54e8b6fc1aa123dab72223257ed60164d4b268099c9e06006775eff9

SHA512
58b5354e988e930ef5db2154a362b2b649534ad24cba961d054b9e657d02a132142cc350680db2ba3f2e1ddbe26c47765c615ef011fe4342fe62e1b85e532a68

Download Submit
/data/user/0/ir.pars.ash/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
05e4d72acc839a97d77abce0b6b3f15e

SHA1
83ac9fab5bd8464e579d7fba5547bbd09916dfa7

SHA256
c452211cd495426b40549f0df55b2562bc9f68d1c5409cccc2e546dafd9ea967

SHA512
e8126be9d6fc018a0d54a01ef11b8672a699acfb55c12794765a03a09109271b7ead3440223c85620ec1e8a1054c2772e9737007eb517b0dc3c00145cba050ca

Download Submit
/data/user/0/ir.pars.ash/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
1a61aab1b715674278abe0b12015ac73

SHA1
b64216545c0f3f5c619db22229eea82e98249018

SHA256
f2260c5741912927f6e34a117930cf4a84119efd67b4651577a88dc2b065655f

SHA512
1313794f8d86e5689da6233c5f78aa63c9e6e69eb32c62efb3bf9d12784e11a0e43bfc1a1011c32f5af0b6d9cff508b504b70c81a333be28382528f58a08b724

Download Submit
/data/user/0/ir.pars.ash/files/sop&ash.db

Filesize
108KB

MD5
5f1b372d2a74ccc6f23bf056d2ab11e9

SHA1
ffe4843014b1abf493412d997410eb5596d3e839

SHA256
9b75d26962b6eb5ac7227091cbcf332411b293ee0451b512f9aba39b38d44791

SHA512
7137ece4ee60e215f36d96c32cb56b91deee2cc91b0eb9a4c651b779bde4159491a5bce2e93f0cd5dd54d57b0758d0e39ba0c4bb1d9a195d15dc085c159b5f7e

Download Submit
/data/user/0/ir.pars.ash/files/unsent_requests

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit