8c0cd19b7b71fb2cbbcab49cf436009e7f8f35402749426ee090b8c8b69c7e72

Analysis

max time kernel
124s
max time network
184s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
17-05-2024 20:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

515257eed660ad6345930c3f1c03bdcc_JaffaCakes118.apk
Size

4.2MB
MD5

515257eed660ad6345930c3f1c03bdcc
SHA1

d4662caee42d040b93e68eccd05073aa9e914453
SHA256

8c0cd19b7b71fb2cbbcab49cf436009e7f8f35402749426ee090b8c8b69c7e72
SHA512

49ef25b9f7f38def8c046203ccf86c3ba8cd0b1bde983c0a02219683abd5818aac35e7151d8b6322cfbda4c1dc0d00b4fe572a13e89e9501068ab7c48381b258
SSDEEP

98304:aQS5HjKr/tiHLJfFgxx0VC0s1KY68ljb9Wmk5MRpOx:aQSZIkELcA0UZW06x

Score

8^/10

banker collection discovery execution persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Requests cell location 1 TTPs 2 IoCs

Uses Android APIs to to get current cell information.

collection discovery

Location Tracking

T1430

Processes:

parseh.filmha.two

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	parseh.filmha.two
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	parseh.filmha.two

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

Processes:

parseh.filmha.two

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	parseh.filmha.two

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

parseh.filmha.two

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	parseh.filmha.two

Acquires the wake lock 1 IoCs

Processes:

parseh.filmha.two

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	parseh.filmha.two

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

parseh.filmha.two

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	parseh.filmha.two

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

Processes:

parseh.filmha.two

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	parseh.filmha.two

parseh.filmha.two
1⤵
- Requests cell location
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
PID:5158

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Location Tracking

T1430

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/parseh.filmha.two/app_Requests/QueuedRequests.sr

Filesize
169B

MD5
17da1384d8f589a75fba531db94a98af

SHA1
93ff1e39027dc28e631c4e07440814461a1482ca

SHA256
ff8b0d5f5e0b61edacff5c34d0a5da9c0228acf89aac49312d335f1aede50daf

SHA512
c02f633e026fc04637c9d43dcc897675489080b1fad3d81d9f0a28e9f94f6869f12de89284c828d3a48eba704a7eb3696fceeb2a5beb7a2f45c966fd621f8772

Download Submit
/data/data/parseh.filmha.two/app_Requests/QueuedRequests.sr

Filesize
169B

MD5
b425c6073acb8760dd7478af84bb3f41

SHA1
032000e6807efe3872418ebf95a317f831666faa

SHA256
46d901f5565af795aceba3640ccdc1896179f0dfeb3a42713ca53ed1795574f5

SHA512
1ee2c4d524429790ca68c062ed79ff781e21230836473b030563835970a61dd291a2ef0627baa220969a2be9c1772df67cc25e3dda63ff9a7b976b89686d6b7b

Download Submit
/data/data/parseh.filmha.two/cache/Temp97191484

Filesize
43KB

MD5
5c2db015bd9b8dd848f18d71ffb2b5f4

SHA1
25776f06fbf478feeb9fc78d07e9d84026a7445d

SHA256
914f8094a4341d90347aed7492b34a04fc3b79e4889bbc06eab39f04f9fb71e5

SHA512
d7f3e82501999d089cb822f1642d40703abfedc816240c3d949aab71c19059c98b5fba1252bcc83f5079bec0f5ca500ba27a9a486b5c56732d3793c440bf245b

Download Submit
/data/data/parseh.filmha.two/databases/__pushe_base_lib_db

Filesize
24KB

MD5
db989e14a5c585a551a3cbab52334135

SHA1
7f7e58da9c67856c415c137257ba6f13c5df7410

SHA256
e30671dd09cf77e55e835d4c052fdaf94e51ffe4c1585f4a7e37fc9c36491cd5

SHA512
54c9028f8db92681fad0273672b4244dc86df96afaaa0504c32220bb38862232bc83415ef5930c2e384afeb9f1c6a2ee7b6f12fab2a1c471163c9fd8214d7b8e

Download Submit
/data/data/parseh.filmha.two/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
0ad19cfa8b389fa1747ac432f4dc2176

SHA1
d8c749c6e1b74dde771606819c41363d61951ea7

SHA256
8efaeac75ecd81a384c717b46a36d5b81e7f09db5fa0ba0df0dd4c894ee91994

SHA512
04edcc0efc1b34019c2bd751fc8b186da018d02af11bb431d6af1a41e5387767a644b226fb1150c157334a2d2cd12fc9a20e59d0d77856396371b9f64d62d118

Download Submit
/data/data/parseh.filmha.two/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
294d6d924987d773860954ba586a15b3

SHA1
6818628ab9969392b1e6f38a41ba6223d9eff787

SHA256
232c5562990472c12cd86e66cc42b44523f4d1401eafe398a4186994f12c28d4

SHA512
27530d10ee7d32f8657f1c853bb48a17630b302f5d982e76d58ec26923dac52aebeb20e6ab22ac17fa58dabe201b492db4ad6bc84380eeef0eb020bf36e8e37b

Download Submit
/data/data/parseh.filmha.two/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
f5ad40040a8f7c945cd404f98e864f64

SHA1
15f24c5e2f2d2d4185404dd04c75956801690ddc

SHA256
17b09c7624332d67a097ea17bdf85abcd475d20df9cc385bc1a57294d3bfeb97

SHA512
72046c385648b35cf8a23eafdc1e6c0eeb6204fbccc9fda01a8fb7a0a34fd9ad1b0050ef2865d0ccb894f4072163e9862728c5d60ca111a91e7e8f0edd21d6f7

Download Submit
/data/data/parseh.filmha.two/databases/__pushe_base_lib_db-journal

Filesize
24KB

MD5
0a12595d52c03a31bded73aa425c9087

SHA1
0005edaa0e883d70b20a145f9ccb846e7759c825

SHA256
4861e38334aa6d203983438791b4945abe24fa37d2841bb3345fbbb76a50fa4d

SHA512
0718087137b8f6cb0345083c13bf5eeae175040bf9cafdb0d15c4ba3d977f4d2f8553e9a356fc9d0697c5a1994a72f1189756f6cb297d1151c27f340def77d95

Download Submit
/data/data/parseh.filmha.two/databases/__pushe_base_lib_db-journal

Filesize
512B

MD5
44c33a45af92071646077dffc421dd9f

SHA1
9b30fc319a0d34085df11323e2c287e6e36159e4

SHA256
83d69b3c4eec99b985c5851382b4e889415405530013d026ce7daefd25ac40e7

SHA512
c54ca3d2e3ed357a07d6c85b196bf8fd14ac6f601545773f381a7fe2169d098f65996187fd25b06883967cd00d0aa28d87bf711deb7625a3e24f18d2368f785b

Download Submit
/data/data/parseh.filmha.two/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
4cb754cf58dc05aba45ec7c0aa32fc92

SHA1
63c961debbcba3b4957bae0ed62e0492226addf1

SHA256
e080edfc64161f6f93c9c6903fd72e697359f251556e1b60c65897039f332a7f

SHA512
a3fe6976230cbbca0b7fe831e1ff874a20240ef17c9871dcbc6781e77c9a33bad0e03d4462e9cfeb97a9fe73559ae46c3812a77fb7ad989019c21636bd198abd

Download Submit
/data/data/parseh.filmha.two/databases/evernote_jobs.db

Filesize
16KB

MD5
ac9084441cc3e5b00e9dd7af5ac7f5f4

SHA1
31d69157b7e813484b6037939f513cccfd97e3d7

SHA256
b661374f100ee3fcd831e47eea8c3bfabdb735c3fc9f85c55080d8f87e067cb1

SHA512
08e647ed98b21eda4f3106faa126e9f33acf62a6d6e8ab56ada7139eb0af5786f60c8bc4ef03971b6219a04f0b7f584a8ca10bf3853d1823d8b872ebacb4c2de

Download Submit
/data/data/parseh.filmha.two/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
389c6dbeb3994d0a87f29d352a3b128e

SHA1
fdce9caba4b039d1596302ba46220bc6a751252d

SHA256
af660f5f446c32a8fec9559f636efb6d30eb4df9c3b83c98a38d9ad1074c20be

SHA512
5a7149a18ac0865ee5a0cf01c5ede11646024a6f05d5c4fe748b006d8f184ce17cae5aa959b72ba4a0eb18bd54ff6bab3dd4e053f32c8864319c681ceec7e410

Download Submit
/data/data/parseh.filmha.two/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
5b91bc4b12615382e3f237ef013bed43

SHA1
1f786f7584d38f6dd9ba38e318fbbb50b6e4b6e7

SHA256
e764ab5aa9a89c62383d6986b1ae083dc72825d7572061b8df1caba96c54d2b7

SHA512
2b6fa7e314545624dd85f974896f9be793cce51a0c615d572e75b3422dd5b6291ec8ab561b7bcd7b494e88d2e7953f8b85fd4d9793467390164ba3013a530bbd

Download Submit
/data/data/parseh.filmha.two/databases/evernote_jobs.db-journal

Filesize
512B

MD5
41eb73cf3063e64a9f302009d8f07396

SHA1
a63ce2a1b413db59e3216b1000dba4826ef70896

SHA256
a4905778d9c4ac5c735ab438a8f27d928a03acdc68f7ba15cbfb876ae8ce8562

SHA512
a8aae17e62246746e3c5dbc84b27be4e81638ad9ccb31e2b0a28ea8042d72cd12c2d471c1d139443e287656132ef1909cc364b8d6aa050f91e96ac2c0ce2249c

Download Submit
/data/data/parseh.filmha.two/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
4cc79622d065b8392fc0834b0ed7c0e4

SHA1
8c70a707fdc563a467f9c37746fda21a3fc2151e

SHA256
8b427d3f78c48b6678bee970bebe55e5573595a30ab2e7afa70fe3b0c00ed9fa

SHA512
5c8542113130537225a3a4ffdba22f7b1f6638239e0b68fd07a5fdea5cf69c567176c22bdc1bd3f09666d03d3aaaa7d0a1afbc65f4fa866944d8314956a01348

Download Submit
/data/data/parseh.filmha.two/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
5a62e2eb9b6bce9e8b222bc7114d5917

SHA1
9046b765f06846ffd779a4732131f221671f2908

SHA256
1cb71d77d3b7b7f8f74a2cd8a38ee2361d4c8cdf989644e5ed89e6acadb12d7a

SHA512
4048991baf3e94d7187843c70dd5a9caaea897d9133aa436e5f77ac5dd6840a08fa9d653a3f82b70e8c64167b4c3437ce7bb5ddbd239212c712169e2a2e63073

Download Submit
/data/data/parseh.filmha.two/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
437bc1070feb12b6de1f906fdadd3e2b

SHA1
a9a496e1e6f362c134254b9940aa00bb128be28d

SHA256
2d324a5f395cd7504bb73fd0cdeed0830473991f7f110598120282bb6e6f20e5

SHA512
2824ac23dc89add345487549192e6cd47832482a37a87d0484b66528dde037e006788068d2437cc08d736a9cece0ae9362e77ee1062731563cf2eff17db68c88

Download Submit
/data/data/parseh.filmha.two/files/unsent_requests

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit