8386715c5fc28c0c5de37fbde8004c29ad1022b15141107633b2b48799fa0df7

Analysis

max time kernel
123s
max time network
147s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
17/05/2024, 04:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4e7d171fcdcc00e1882872750b1f8fe6_JaffaCakes118.apk
Size

5.8MB
MD5

4e7d171fcdcc00e1882872750b1f8fe6
SHA1

e71bc1f849bd0afb0b36a3ee3574577cedb90cdb
SHA256

8386715c5fc28c0c5de37fbde8004c29ad1022b15141107633b2b48799fa0df7
SHA512

43be43293f73d18ae861109e11c7afbc8759819ca01431ac5b3720da52db320b661acb87dfa666ac490c907e0fe383e87911af9bef9b9979eeb8ce6042c503ff
SSDEEP

98304:M0XCcDlfLwJ55mHgLljLWH6yE6eQTsddYU46uR3M13PxuqUsRt/OI5w5tPP:9XCcDljwfJLWH68pKcRhqUGUUw5dP

Score

8^/10

banker collection discovery evasion execution persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	parseh.logo.two
/sbin/su	parseh.logo.two

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Requests cell location 2 TTPs 2 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	parseh.logo.two
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	parseh.logo.two

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	parseh.logo.two

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	parseh.logo.two

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	parseh.logo.two

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	parseh.logo.two

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	parseh.logo.two

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	parseh.logo.two

parseh.logo.two
1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
PID:4307

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Credential Access

Discovery

Location Tracking

T1430

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/parseh.logo.two/databases/__pushe_base_lib_db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/parseh.logo.two/databases/__pushe_base_lib_db-journal

Filesize
512B

MD5
c8606bb929302a497b16e3ec50c36529

SHA1
c77b09aaa77c3417417206a41ccf59fcc455c125

SHA256
434552c8bed417676207c532a0ee50e34eb4bc4abb3f7174a3f4338a5302eceb

SHA512
fb4afe7a97b8a93bc8ca34a92a8c31979e61b9bc50d8e1ea65e540f803bb2aaaaeff60b114abaf1ead4112a5fbfdc9eb3ffb259bfeaae2e0d37f7e9c025fa25e

Download Submit
/data/data/parseh.logo.two/databases/__pushe_base_lib_db-wal

Filesize
164KB

MD5
8557badc93e6604dd383910c07fcc18a

SHA1
bd52eb8c8668c0e33581153d15175edaded9d19d

SHA256
38936ad835b6010fa80bb1ade27cbce3b495948bf60f1c487997ee6219059b68

SHA512
1ecec27329db9cf3eabef118af76e4b06697026e220426031d12ab5ae371ccd4042eaf484ce1a78bdb896af1f9996e7a3854c298505525e6da2e200b5a9d99b2

Download Submit
/data/data/parseh.logo.two/databases/evernote_jobs.db

Filesize
16KB

MD5
d0aca282c1aa4a4d884bb8bd579e37d8

SHA1
9c8b96b7f08f435921c8394d8acf9c0947fef61b

SHA256
fa99b4751a374604e5f46420715b821153fdcc3b036f70be74db5fd49db674b4

SHA512
abcfd11ac0ec31434aada4a665ee63a8a59936283fe0961c0d53c0bc1509cbc9dfbe88a9e49944fdcbed6cd523e824d142add1b308ec8837044ef519b740128d

Download Submit
/data/data/parseh.logo.two/databases/evernote_jobs.db

Filesize
16KB

MD5
978fdf85b8448e3a7c9015e51477eb49

SHA1
793bb88398dc9457935a4416638d5ed3974baf19

SHA256
8f72919eebbe45ed6d33b7b763d7e45d76a880128aee9aa5c29d28ab79689a92

SHA512
852b2d3e2607c96625e9bcd454c702ccec6a0f07aba3410976d6400ecd2d48ccc92d93c8ce7fcc87a622d04357bd6805a996f11d339ca7fc3eab99c0e991fe38

Download Submit
/data/data/parseh.logo.two/databases/evernote_jobs.db

Filesize
16KB

MD5
f2969d2b63ad4a90e1fb105e965aa1c8

SHA1
6613acabb7ed9d8bd26a457d4d6208b41b83d41d

SHA256
d3f649999eec92cf29c41f70c74ffd7adbf09db63f41ed848bac5d06bcf7db4a

SHA512
51677c163b33fd754dd32e3fedac49e21ccdf251827f3918ed5ae3dd1f822d43430172fec12f197037835ba90b8d5b6599bd87811a104943331b5f133f592319

Download Submit
/data/data/parseh.logo.two/databases/evernote_jobs.db

Filesize
16KB

MD5
b8ff291130048be3e3013f917911ffa7

SHA1
270a6816d6d5bc65e4f0ed9ba0683867067af895

SHA256
17bab2e1ca7814c3648b0f9e636d49f5544d4a6f1a03944c9d378c660ad8e3bc

SHA512
ac7f520cd5ada4747c1a30f3c1f6586d573f0757266a334563e4cb83602d56225d2f2ee652b93d2c467c1962325d210605382335b791a108b410bfaa2650861f

Download Submit
/data/data/parseh.logo.two/databases/evernote_jobs.db

Filesize
16KB

MD5
71f8303f6e345492f9a538f674a68941

SHA1
b77280aa3a57e74992a8dfab31c89817bf50ebe9

SHA256
0104a0b4af93d731b64b50c4dde94aed45f0ae8de2a6595dbeceac95f3584cf1

SHA512
b51eb38d0bd7697eab37b5103c17b34bafb1eb2aff93660c185cf42dc7eac391e1ae956310c751c3590336e0ba8311d82481d1399868801e216ed3143e941218

Download Submit
/data/data/parseh.logo.two/databases/evernote_jobs.db

Filesize
16KB

MD5
f4ed44b1a3cc718d552f61a9b16e8a41

SHA1
749e092a63cde748566138ed3c3c74e2079fa0ba

SHA256
0cc6affae9b54085db6d8ffbf3995fe14be1bb32032ccc460143fc9580d91cb6

SHA512
78c57a1d84482a9a1706c5a13024baad3b1b80eb2a2c46d16215573a6e730d52525ebf6c3cec59984950f468622ad2935645912ceb6a251cf6ca950650265434

Download Submit
/data/data/parseh.logo.two/databases/evernote_jobs.db-journal

Filesize
512B

MD5
0a0b9d5792a3dab64c0dd7827b1c32d4

SHA1
805dd34f27f9e30837677558770541951de2ec04

SHA256
4dcedffddedde592c4e3e5c02bc915365e5f204b0ab5e3a6a75a6e69b53cfd70

SHA512
882345e432892d5ea074d474e1beaae1eda62e17288e717ac4d5c09772804acdc8a89f6243520b1c8e54b92398a25de4885db5617bc1ec1de160a89a44399a25

Download Submit
/data/data/parseh.logo.two/databases/evernote_jobs.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/parseh.logo.two/databases/evernote_jobs.db-wal

Filesize
4KB

MD5
43a556b2396f2848b59443e9f8910a6d

SHA1
ad3513bf5fb328e65798fef732910ebe13534e53

SHA256
a1e1d78666b9e26c7494cc7ef736c9a9d74b40b69e474a0e78b5dd13612c18a4

SHA512
bcde8294f0e239ed5a3da011551a79d5feaee406fa0fa4a1a1f84ca93f30c84490f0176ac3faf139b93fdee706288c89134fcdd921f9c8c9e12e06660c38cf90

Download Submit
/data/data/parseh.logo.two/databases/evernote_jobs.db-wal

Filesize
4KB

MD5
a9f9fe6f55f9839f32acbd9c98fe2c4d

SHA1
fc36b1db51167df7a19717e33e5daf33ef52bf26

SHA256
4b370a605fdb5f712f58275592183866ec1c53720380a96e8785c3e3c474459e

SHA512
7cbb45162d5f8e514f1386332474879ea11d4c5daf45ec0550a64b6d923836e6d14b853c9418b1fa28270166208c38a2f6b270e416f01d12550512c8d8f0cfc8

Download Submit
/data/data/parseh.logo.two/databases/evernote_jobs.db-wal

Filesize
4KB

MD5
2fffb085d1c2382d5e8ce3f34151c8fd

SHA1
38f968723ad1e55023dc5f5febbb1ae6a531f3cc

SHA256
1a0943f264527ebe3cbb7eede9a678b54b23a4e90e6e8d8e7aee1c14975346e1

SHA512
2c7c19850b1d406fe430410ba36796f0c4c316cb47726c3623b40010f1cc155af99fae25a383f5ed8e2bcf6d5f16b77e59c600bd862779c50ff645e034d547e2

Download Submit
/data/data/parseh.logo.two/databases/evernote_jobs.db-wal

Filesize
4KB

MD5
3f1afa2ea98bd2c6041d9e93d7f418cb

SHA1
09dc6cd7b654c3cfe48d38938688dabbeeb57d87

SHA256
f05533ab480369a2688a20a54e4e147314d4a819f3ca4cd323ae303a8587b3e8

SHA512
c1d62bd1d31ed2312ccc606563a61a53ef9ae767915f8f7e9a5fb9c41cab4a1f2762dbcadd6dd80dd206ef76f12316648b80a83c5c3615e9a9bbce68e48aadcc

Download Submit
/data/data/parseh.logo.two/databases/evernote_jobs.db-wal

Filesize
28KB

MD5
26e548c945a6c7ef4ebb1647a11e16e7

SHA1
7d0110668e4c2063f6328ee301c8465203cdff48

SHA256
383275821aee2d73d9a813b23e407efac6a866cf10522a43039979f411c7156b

SHA512
99410c2f097cb632d9793f32d957ac41847b711b81c747d300c35d1de5f692a92d3f14f5de3a0428d655f97db482c46080fd4f23635ae312407164d1f3d02d10

Download Submit
/data/data/parseh.logo.two/databases/evernote_jobs.db-wal

Filesize
4KB

MD5
483deda724c37c7edbc634d3bdcbc6a1

SHA1
90a5d6a49c813cbea77e681766bcd82a63f42c2e

SHA256
561c4e07c588421c0e59c0366037ec04b749067c05a67243296ceeddb192df19

SHA512
c9dbf4f59f72486b599efc8ad5cf81c70fc245ff532afe67afff57da6d6ea9fe47e8a18b2a6822799cba686b801209675c79251f806331e5bc91ffac70e2b833

Download Submit
/data/data/parseh.logo.two/databases/ir.tapsell.sdk.ads

Filesize
36KB

MD5
f29d088cc2131f3be847663b61b3f21b

SHA1
28bf5b805220e56594baa597a9c96ed51392b70e

SHA256
821fdecd357c8e1e21d6818bb1262f3b8181d63a8f70c78474e2dc766b877230

SHA512
bc717e29894a53c475da4e7873170232f4cb233d9a8a4aa90d931301f319cb3deb06d878d75f8182708a063e3a9a6657df7abd6b69137df227fe25166895e125

Download Submit
/data/data/parseh.logo.two/databases/ir.tapsell.sdk.ads

Filesize
28KB

MD5
dc666f7fc7a1bc6806f35e04d2b85d99

SHA1
542edd4fc2f7fd25620b25409c649594f133a8fc

SHA256
d7f8f4dffceb012e0be37feea3aa158f1c934453938edf6132fc27f42c4f62ec

SHA512
ebc3212a4d8ab30eca2c1ea4ad84460f1de6cfd59bd7b507f5ad3d30ffd6982f952888f3f4669a4f6c8330bcca4b7e823ccbe36b6ef60bab8d0e35dc48286f7d

Download Submit
/data/data/parseh.logo.two/databases/ir.tapsell.sdk.ads

Filesize
28KB

MD5
dbe0b7ce94af5019f781bf00172d8a19

SHA1
3e29cfffea4bdf79bc3a17fc0a827041297dc900

SHA256
219bb22220dbe8687b0977d6d091b3c4706fed070c005d15d59f7c0fc85eb7e0

SHA512
685af3c5e264040bdd527dcdf40e771175ddf5085cb0c195baec4c325be62e6102c90e6f90aa37572c16264152dd977c3d2d1a90ce479fe6c14003b9ffdb688c

Download Submit
/data/data/parseh.logo.two/databases/ir.tapsell.sdk.ads-journal

Filesize
512B

MD5
121ab5f2efd62f10e77fbe9b01b774d5

SHA1
e6ffeec70ac0e3735dbb21f6913b2edf51ca504e

SHA256
9dde6cafbb394705fee100f883f4b67b058edb509d537f42eb22a1ea68eee475

SHA512
a540c27a8ed2e176d26290e5d53120adfd42bdba0b1c742c9bb609340637de888d9b479c1ce9636f20b6d2accd45608b177a4844bfff250e86223eccfeefdd7b

Download Submit
/data/data/parseh.logo.two/databases/ir.tapsell.sdk.ads-wal

Filesize
48KB

MD5
64c640e27c8931dc1b77e51a0006c1e0

SHA1
16c2c89530d56f85ba86aa8cdf2d18f46a15e27c

SHA256
8e60580110fb256d06440a7f271647496e4e460dc75aea1c523cbf98a7722510

SHA512
66c39ce2e0fc97875cf2b0f0022eb0e7e240d1c1516240676c3ba6c5f47d13e51cc3d6ea8a2e85d1199420c0dab43cf0a924a1bd5531890834fefb611ae69cf7

Download Submit
/data/data/parseh.logo.two/databases/ir.tapsell.sdk.ads-wal

Filesize
8KB

MD5
eaaca70adb5f7a69cb313ce5cf658a08

SHA1
f8e01a2b143e952be4c86717074bd62bd713cb9e

SHA256
03524f1a288495a9af93448054560743459434ab7f65d503baeec94b5de2578d

SHA512
d597e28f3ce14c04e1b41b82f1a07ad2037c276ae258ab5c984468bf4d844d0203686e92081feedaf1f98f8c66de6249a72ad99cc697aa893c6810a98494db3f

Download Submit
/data/data/parseh.logo.two/databases/ir.tapsell.sdk.ads-wal

Filesize
8KB

MD5
8bfd7e7932446b6d402c67c602ad0d82

SHA1
acadc78b1de82874e9bb8421ec1f7ee8b14566e7

SHA256
bb31313d30e8aa5c354c7451938914aed5877c07ea9a1b2d7aa4027f1dbd49ee

SHA512
d0b30d348e0add06165deb07db275a70d9bd4c2f885a3f96be6fba328f2d6605e1fec27c0c1af2e5d2e77d9d982a000bed6238744d3c102ce28f4d48c6077ec7

Download Submit
/data/data/parseh.logo.two/databases/tap.db-journal

Filesize
512B

MD5
3107b6f007e7bcae9611cad21491dd65

SHA1
919e3962892bc147577739a1946abe21a79b11a9

SHA256
7a59f7b7810fb0211dc42dc13eb79d270c7cb1d92bb26aff63c251591d0ca5d0

SHA512
85a0eac49bec9c25c7f68c4ff61df9e62bf25c3eb5443634e981b3a6a643c5d93e64089719920acc45b97dc9769a444fc0427ff560aaaf6c1197af295ca80ba4

Download Submit
/data/data/parseh.logo.two/databases/tap.db-wal

Filesize
64KB

MD5
cd03bba571bd296f05974de0951cdd1c

SHA1
300bbdde31573f548b8f745606f0cc8cd83c4baa

SHA256
c7fcc30c6045dd55f153c91ba7b2163b2ec215a13a12b01613299fef72e22ad8

SHA512
fc2cde96fceb1d5112e43a52d89c9b37fa016e1b75b3267f73fbf5bb207cb236d03da0fc6aeb622b707b4bdba4518e801f07164ac3ce97bedead49fd0b0376e7

Download Submit
/data/data/parseh.logo.two/files/fonts/bkoodb.ttf

Filesize
3KB

MD5
42ed81df7776b8b0ce4272a0928a2565

SHA1
51d7d6847c17547d17f5e658341022f0c1566ca8

SHA256
25d3f3d41f695978a1920935a09c2839ea1cc221191aab12dbb03560156a72a4

SHA512
76a9bf954af4cf14e909ead307ff46bd978b01bc25aa7b30a565cf7128b55166c8381e5cabf05705d271dbf8301e2f6834cf4dc3285dc2d17a05ba76da3ea33c

Download Submit
/data/data/parseh.logo.two/files/unsent_requests

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads