def02d3f63d1c787762e099678a7d8369dd391a296433ef0880a5f5ba16b6ddb

Analysis

max time kernel
100s
max time network
134s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
17-05-2024 17:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

50b31094574176ab12d7a32fe9066d43_JaffaCakes118.apk
Size

1.8MB
MD5

50b31094574176ab12d7a32fe9066d43
SHA1

134cb174c877ed7afb11fee04735be0ede617d13
SHA256

def02d3f63d1c787762e099678a7d8369dd391a296433ef0880a5f5ba16b6ddb
SHA512

92e44ca81b09216133e840824d722ae3d0c59c24643312cac703c94342f69329ffd4ea9a475156be4930a27329934efd872d1b5c2265a38228f336a95f2555fb
SSDEEP

49152:68VSh37NIAhWAE8UDokN20+GrEJilTDsN:68VkZIMGo620+GIJilTDsN

Score

8^/10

collection credential_access discovery evasion execution impact persistence

Malware Config

Signatures

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	ir.naderh.iran2018.walkietalkie

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	ir.naderh.iran2018.walkietalkie

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	ir.naderh.iran2018.walkietalkie

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	ir.naderh.iran2018.walkietalkie

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	ir.naderh.iran2018.walkietalkie

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	ir.naderh.iran2018.walkietalkie

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	ir.naderh.iran2018.walkietalkie

ir.naderh.iran2018.walkietalkie
1⤵
- Requests cell location
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries information about the current Wi-Fi connection
- Acquires the wake lock
- Schedules tasks to execute at a specified time
PID:4541

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Location Tracking

T1430

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/ir.naderh.iran2018.walkietalkie/databases/__pushe_base_lib_db

Filesize
24KB

MD5
5ebbf2da59a359130ddec2aa7b6395f2

SHA1
acd3ddd881f4008dafebabc43ad5eac6a1a22311

SHA256
e9906f016d21019db121da5ec2beef247a8b00106b44cfe802ede801b82a52e9

SHA512
817b20d5361f52192488a4906f605bc385b7bced58fee58216fc5173e8ca70892242f7a6e466c25a061a105c49b1e4d065865e101377608d73b142d5f86361b8

Download Submit
/data/user/0/ir.naderh.iran2018.walkietalkie/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
336923e542d7bddfee587d6a39492cbf

SHA1
bc9a19bd50a7d27c667ed8f2c683011d4bfba713

SHA256
93febdb5051158b0baac837cb176c74a73f087e78c476b795723088c60500541

SHA512
38d03d77992ccfb3a4d1a1c2d932740572adc4e13abcd50d9fe1db62f7b0e67200224dd4fe3201986ee6b1f9498b978c3a0face8724ba6c3e5e3a4a09cc49f46

Download Submit
/data/user/0/ir.naderh.iran2018.walkietalkie/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
30a00e2818793c599be19934a35e2e4c

SHA1
5ea1ccbb57903edfd111b3c9c2ccd6b99c76b594

SHA256
8f449e756a83e50e89bbef6339e2a7ef17d40f75fb9c6169e239f081d1345ac0

SHA512
f08a6c677c74d9dea1ba93541684ada16c722802f5ab9bd541bb1f3f270102a5d3343d1dba0160a9f9244e55c98e7d1ddb36baf0d642d170dde359c584643086

Download Submit
/data/user/0/ir.naderh.iran2018.walkietalkie/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
d66285ec078e14ac628fe86b10849982

SHA1
97d37be9d17bb1870ed62ae81a9440885528723b

SHA256
1c839d70caa6f8d485ed3e4b635887144c1c7344d773b211620a0078b7ff9665

SHA512
f552a8f3c4831738e18e8ab50ae32f89171a16904389db03622dd42481a1430d00446fa24885b29d2d6cd3fa30af97d2e196affe3deb985f89a6c29eda1fb7d9

Download Submit
/data/user/0/ir.naderh.iran2018.walkietalkie/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
885ea96caafc60b6607515eaa9d0c398

SHA1
42c940227358284fbfd0d6e79dfa8ad5940cd3a0

SHA256
b0043dda93d2def6b1f6abb3de62c6fd1c129281ed0982998bfba6cdee8e3ac3

SHA512
9f7d4725466f3cfd9ff39fc0725efe2aab98ae12f4fcb37d987e3c6a7130acbdc193dbc14d876ac7473ab8265b429d623474f7251944e150ead0baabfeb9f96b

Download Submit
/data/user/0/ir.naderh.iran2018.walkietalkie/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
29cd71bf824e2f82906f3c0d1a879fc4

SHA1
05beef2b5709eaf8219d6b2d6a32b11685da1291

SHA256
259030e360ac8a37bb42cfe7980cd75497c6095209b9d2e328a672f32d4a1a62

SHA512
46ed1186dcea49b0b857ec21a724dc2c685c3b4baa2a787bdf4af6a960c6c12f6c5d94855696ed4f49761954f65742f80a999e571132a5d432040ba6b68b8cb8

Download Submit
/data/user/0/ir.naderh.iran2018.walkietalkie/databases/__pushe_base_lib_db-journal

Filesize
512B

MD5
ea6fd301a5a776d53a7f55cd90a9a138

SHA1
1c0f30efa228abdd405df40751c47b4f1f9f98aa

SHA256
66e6702d48e16f9c597ad94314fa792c9569bb1104a1ab821cf76e1d1d680d34

SHA512
5bdb541501b107cd3352d8a9509c3a738611b81141d0b0cdc516a70381b11ef78756b1e537397fec79f98610d8bd57d413bb37c715e6cad0ca77d2fa599e5a58

Download Submit
/data/user/0/ir.naderh.iran2018.walkietalkie/databases/evernote_jobs.db

Filesize
16KB

MD5
88267be05d8d1452ce467d1db69b0be9

SHA1
2101ae1fcfb18a7c05f8596431998b1aca4bf906

SHA256
85132df83bfe02acc8df1a343878897033c679887776f12fdfb44d7add6fc5f1

SHA512
82e9479c0c2cca3d5ecc70449924d0a6686e131fb53ef0486da3fbe56b965c7744daad1fea45fddfcbbcf96e65bd0f3c99bc40b311bb4d2970b717e7dd62a383

Download Submit
/data/user/0/ir.naderh.iran2018.walkietalkie/databases/evernote_jobs.db

Filesize
16KB

MD5
378799b91450a1c883d55793a0edb71c

SHA1
ebf615cf12cc8f6560583368161e0c9c45d32423

SHA256
1f0b64e047bd9d8ba58f82760ed3d1f216106fa870ac2f1c4c2abb1e7eea0fa2

SHA512
b35ad44a5b889d2222a9518a04bbe5bcea99293d4cbeb978804488278d559c964715c7f2afdda89a2c1460e55555255807780e97e0a59a0c54a75c7d1b34c67b

Download Submit
/data/user/0/ir.naderh.iran2018.walkietalkie/databases/evernote_jobs.db

Filesize
16KB

MD5
116eeaa5121fb610009f1927ade6290e

SHA1
6bd329c08ca79a926e487e275507eaaf19e95e54

SHA256
8a746093fdf0fc51eae52c091a7af4aab96451b3553194ceb14206698ad1f585

SHA512
b43d92409158e83b703af5035c74ab68079873640f649a3f54c96339014107a9a0246256ae267b6457d8f95d28ba60bbe231a354b81541df9d86ba14777a368d

Download Submit
/data/user/0/ir.naderh.iran2018.walkietalkie/databases/evernote_jobs.db

Filesize
16KB

MD5
c083a1d67763b9656547e062a7bb83e4

SHA1
e2f01103ccc9dd1036009b8edc5bc2245debaf83

SHA256
3e70eb6a806a6002851979c52bbee675adf0b0ca9cc08c19217ea276eccecb33

SHA512
dd083bd40bebb9479aa84d81a2ae9b791a986f3e2d69a866d1d4087479862338a9f97081d10288d59119ef895d841d668701de71028418b4c791a33fed83302a

Download Submit
/data/user/0/ir.naderh.iran2018.walkietalkie/databases/evernote_jobs.db

Filesize
16KB

MD5
47080e3bfcf2db9b8620f2faf6c5857a

SHA1
6f63c1851255e0fa99567f047382074b086d38bc

SHA256
dc4f8a73f49d2a6b41ff425fd08b85c1eba5280c438a1a1ff9832e91dfa56cbb

SHA512
e757043d82798926a5ddd716457accf6616894ad1ad79ec832293a1f662910b663239f899bf05a5c8d90fed5bcb093c5529e5bc842fe9003c1d5902f9ed84473

Download Submit
/data/user/0/ir.naderh.iran2018.walkietalkie/databases/evernote_jobs.db

Filesize
16KB

MD5
25164aa717b922d7ca9990c5cf46e889

SHA1
a888b641c8a11c7f97dbc620f40916ddb1c0bdae

SHA256
4a35806a697ccae82f2b29154cb6649d5b06b959042a234e2ad1420bfb700541

SHA512
bc2c848fead4da0d8d0f03eb71fa59f3d0d00bc73ae13ecf8cac80b3506626b316d5f3ded1701a4270561fcfea71aeee0939e08a45dd2bb93e0529121a555879

Download Submit
/data/user/0/ir.naderh.iran2018.walkietalkie/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
ba90f7d53c6ec94e38cab8e89588cdb1

SHA1
e79ca10edb6451d6126c2cc8c787157b5daea7bf

SHA256
73884596571e20a1b9effdf7922bc98152566b698ba83561e8bfca620546e02b

SHA512
d49063822512c66f8865892903301c9ff31c048712111fdc3b4283cf1321f5dce5d14f605046eab4e02cf83e68b839da098c1e53a09b2929b5f69ed9dc8fcbd5

Download Submit
/data/user/0/ir.naderh.iran2018.walkietalkie/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
01d20bd3b1de49c5f1abd0e2f7953215

SHA1
d59dd4d3a8032d89be03dc4a8052eb1c8f20e2a6

SHA256
f99b8d8d3d7b981e2b55892b60694398918baa34b2218b55dd7008a9cb258a8c

SHA512
01bba3e3176664b16c92e0d2d7ed6c7e744b22ebae559a0087c59b4ca8a357f83dba3224acdc9a2e63ebbd9c4159c0ea02423fbd4b8203adb39f73cfde75a41b

Download Submit
/data/user/0/ir.naderh.iran2018.walkietalkie/databases/evernote_jobs.db-journal

Filesize
512B

MD5
f198453ffebd18ab2ee5a5d479e4f798

SHA1
0dbc369b058bf3eede99dfbc6c246f3115ae5b4c

SHA256
9294757b85a21b8ec36379585eece55cac7a2a09516ee62e6e511926c1f9b073

SHA512
b62a5b6964ea9fbb3550394bc2e86fe0d528b13acd1cd21cdf90c92f01fe326a02d310c81b1fae5e6a40206d022dd6620fe0ed62c4b82a104dc705ed03e1b4dd

Download Submit
/data/user/0/ir.naderh.iran2018.walkietalkie/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
88d813c48eaf021f883cd57883aed3e6

SHA1
88193e0ea3aef5ebbdebd0a1bdf39db27fe4abfb

SHA256
9f2e33bed49ea374f509b82910352c45645f9ac4cab8c39725754c92963879a0

SHA512
6704e8862aeb2ce74d0d491146c689f1677119ff19d19f1b91adf543a776fd75eef65d2bc767cba64798d71bbe420828fdf3ce0762bc43205cf85ab9cb6e7263

Download Submit
/data/user/0/ir.naderh.iran2018.walkietalkie/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
78a604fc95144528bd26c096d290e919

SHA1
d7e734a910ca2e967f99a06894489b1ed01a85d1

SHA256
bd8f38c5e95294c48ba71c3c4c4e8559e18e397e941cc06563ed1dc6b3cbf696

SHA512
9454b199fe32dcdfdf976fd430294fec206f0fc28f4405f6e25d97ff7c3693ef79f1544a4100a9b0e92675bbd1b469bb0f70b273a172bc015dae7bb170d7c5f3

Download Submit
/data/user/0/ir.naderh.iran2018.walkietalkie/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
a07391e2e359003189c13455cc679d10

SHA1
442aa45a68dfeecbd1c3a80a18d8aa7fa5585eba

SHA256
a9a28dc04a8c4fc4bd728b135211c76fce6bab0569256f277de49881fbbfd45a

SHA512
19f06f5c7e3d5c542ce088e7e4237ce3ff522f95f9f25e41a0df0a147162c7831562b969a60f3c3e572e24571c514d39f63ceff69ecdcd0ca00e969b50e02dcf

Download Submit
/data/user/0/ir.naderh.iran2018.walkietalkie/files/unsent_requests

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads