8c0cd19b7b71fb2cbbcab49cf436009e7f8f35402749426ee090b8c8b69c7e72

Analysis

max time kernel
123s
max time network
172s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
17-05-2024 20:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

515257eed660ad6345930c3f1c03bdcc_JaffaCakes118.apk
Size

4.2MB
MD5

515257eed660ad6345930c3f1c03bdcc
SHA1

d4662caee42d040b93e68eccd05073aa9e914453
SHA256

8c0cd19b7b71fb2cbbcab49cf436009e7f8f35402749426ee090b8c8b69c7e72
SHA512

49ef25b9f7f38def8c046203ccf86c3ba8cd0b1bde983c0a02219683abd5818aac35e7151d8b6322cfbda4c1dc0d00b4fe572a13e89e9501068ab7c48381b258
SSDEEP

98304:aQS5HjKr/tiHLJfFgxx0VC0s1KY68ljb9Wmk5MRpOx:aQSZIkELcA0UZW06x

Score

8^/10

banker collection discovery evasion execution persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Requests cell location 2 TTPs 2 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

Processes:

parseh.filmha.two

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	parseh.filmha.two
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	parseh.filmha.two

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

Processes:

parseh.filmha.two

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	parseh.filmha.two

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

parseh.filmha.two

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	parseh.filmha.two

Acquires the wake lock 1 IoCs

Processes:

parseh.filmha.two

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	parseh.filmha.two

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

parseh.filmha.two

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	parseh.filmha.two

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

Processes:

parseh.filmha.two

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	parseh.filmha.two

parseh.filmha.two
1⤵
- Requests cell location
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
PID:4309

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Credential Access

Discovery

Location Tracking

T1430

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/parseh.filmha.two/app_Requests/QueuedRequests.sr

Filesize
169B

MD5
97caf4ddfaf8dd7539f7d0f86232587e

SHA1
81835c6adfd75679cc60a62242478a86d77c3354

SHA256
b6d8a0363c2a2ae0773fabbfe03903d6bfbb96ac8febef0504fb4d1cf2ddfe7f

SHA512
43f340b2179805242758c235acc5e2ee5c13148c9991c9f0354b3d11a97b25d8155f60c734d72d48e6c48e15d4b0ba79240a4956d0b15107605ed22302857aa3

Download Submit
/data/data/parseh.filmha.two/app_Requests/QueuedRequests.sr

Filesize
169B

MD5
b702a676a3122403ac567d4088409d60

SHA1
a91a036eb064b83068d04300d9013c98ab163d46

SHA256
817ea666a659249dde4db287c564d8b08bc46fe822843b16e72a5737aa0e81c8

SHA512
71b6c2f7f4fe5550a4979855d61a6f40ccaf269f502566d89152f0bf6773b29baebce5bdcdfa7de938a3f8dadc75788f938af238a64507f709d5ad577f2f0eda

Download Submit
/data/data/parseh.filmha.two/cache/Temp1217810297

Filesize
35KB

MD5
4398d4e49d72943ca037145b667af5c2

SHA1
be257dc4fbb5756f7972c095236a3f15a950f088

SHA256
cf48c13513ae8276bb300dab93837095ff36d87d924ef1d621b52826b05c993f

SHA512
801a40a25aac69adf409891756d32085f66a0cafc22947eab1c76e8c0bc66a044a78ddccaa7e17a75e6db7a22caa59463827566ca72b8abba7e2e226c17456fe

Download Submit
/data/data/parseh.filmha.two/databases/__pushe_base_lib_db-journal

Filesize
512B

MD5
1cbaf18236f78abea92c59e4deffc5e7

SHA1
72c3e130a0f1c133da8b79f594e190336e53f0c9

SHA256
7e3b0a5f396d76ab6bd8779a64410b187e87ce349ed0a6c0dd35fad8c25df01b

SHA512
b52c0784b727a49ac93f1a5e1e8e136728d66e9b28d53c799e22e48e7383768dd822711bb2f72bdc14c7c8ea94e3ad753a8bfdd5ff5620287abe395f12680dd6

Download Submit
/data/data/parseh.filmha.two/databases/__pushe_base_lib_db-wal

Filesize
156KB

MD5
644e1f2e8cb71ce1232e7be2d992e6a3

SHA1
a89e644a4a715305cdb2b23dadfe33ded61fc7fe

SHA256
83da27d69855447a01edf29fd7ed3eadc56c66cf2cf0c67303bb7aca6ab07b3d

SHA512
8863556711362b3473dcc0136f8d3ce45dc32f0b2f5989d09d6af68e3cedd320d5a46db9a648403f3537bf7fb18a0b10471c895c9e33c33bc9ef86f6718faba7

Download Submit
/data/data/parseh.filmha.two/databases/evernote_jobs.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/parseh.filmha.two/databases/evernote_jobs.db-journal

Filesize
512B

MD5
4cfad73e1e2427d12162c957bf600187

SHA1
8c769ddc5124da5991fbff54a9ff7ae713209f68

SHA256
a174118d62ca076c7cc0e7a7c0f31247b1269a43df0de86c95204eaf210c1ba7

SHA512
6b61c006580b90498534731e1f2d095ede844fc4a8414e980334165cf777ad542e3e66d6f551aef74df86caf86289d48cd119f08c3ccad0e533d32d3cfe947a9

Download Submit
/data/data/parseh.filmha.two/databases/evernote_jobs.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/parseh.filmha.two/databases/evernote_jobs.db-wal

Filesize
104KB

MD5
b9baa8e53c68452d790152fc289f2e73

SHA1
963049b20f78ec1c7f5688d718d21e95c1a7b648

SHA256
07e0c40f0e11b05f0323a85072379eef7450edf96cb3e6ffcbbdf8f980f7ef04

SHA512
a67d7ba24dca3cf8d143fefad9b8774e26ca54afc31f15059b267247d3225233095d1dcf2e9ca614a7fa5aca7b6b044f91fb726699c6725f03e837ac1e333303

Download Submit
/data/data/parseh.filmha.two/files/unsent_requests

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit