8c0cd19b7b71fb2cbbcab49cf436009e7f8f35402749426ee090b8c8b69c7e72

Analysis

max time kernel
123s
max time network
187s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
17-05-2024 20:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

515257eed660ad6345930c3f1c03bdcc_JaffaCakes118.apk
Size

4.2MB
MD5

515257eed660ad6345930c3f1c03bdcc
SHA1

d4662caee42d040b93e68eccd05073aa9e914453
SHA256

8c0cd19b7b71fb2cbbcab49cf436009e7f8f35402749426ee090b8c8b69c7e72
SHA512

49ef25b9f7f38def8c046203ccf86c3ba8cd0b1bde983c0a02219683abd5818aac35e7151d8b6322cfbda4c1dc0d00b4fe572a13e89e9501068ab7c48381b258
SSDEEP

98304:aQS5HjKr/tiHLJfFgxx0VC0s1KY68ljb9Wmk5MRpOx:aQSZIkELcA0UZW06x

Score

8^/10

banker collection discovery execution persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Requests cell location 1 TTPs 2 IoCs

Uses Android APIs to to get current cell information.

collection discovery

Location Tracking

T1430

Processes:

parseh.filmha.two

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	parseh.filmha.two
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	parseh.filmha.two

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

Processes:

parseh.filmha.two

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	parseh.filmha.two

Acquires the wake lock 1 IoCs

Processes:

parseh.filmha.two

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	parseh.filmha.two

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

parseh.filmha.two

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	parseh.filmha.two

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

Processes:

parseh.filmha.two

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	parseh.filmha.two

parseh.filmha.two
1⤵
- Requests cell location
- Queries information about the current nearby Wi-Fi networks
- Acquires the wake lock
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
PID:4613

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Location Tracking

T1430

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/parseh.filmha.two/app_Requests/QueuedRequests.sr

Filesize
169B

MD5
4d312d7fbe07b60569efee4c6bd28f25

SHA1
c27b0bc5cff25c889b458d59692509ee7bc1397a

SHA256
2950b7a81a04f0a2056f5e9ca43fed85684b8c4af29b4ae8bbb1a77b14f24222

SHA512
03ebd9379c1e342c7ce9e3c1949f4ad952c5e477cac9a770e1bee16d5e97d04b83ceef37aa769001ba51530c2dab275051aed133953dded50e21d5270202ef1d

Download Submit
/data/user/0/parseh.filmha.two/app_Requests/QueuedRequests.sr

Filesize
169B

MD5
1e1d8c8f0d275881d4944e26f958a635

SHA1
580fc06ded1d4fba9d20236964792ad0f34fd076

SHA256
f5ea1e443f67fa87a00f36db7b43dbbcadb908e68337c5c5d9c60e47152d1c2c

SHA512
fc3eaa3226595c30f4077a9f70fb0c7fa14e476f03fddd312528685bfb24d99d070cc95faa7631f10bab05154d43286ed758af0030f4182227defd06b06539be

Download Submit
/data/user/0/parseh.filmha.two/cache/Temp1217810297

Filesize
35KB

MD5
4398d4e49d72943ca037145b667af5c2

SHA1
be257dc4fbb5756f7972c095236a3f15a950f088

SHA256
cf48c13513ae8276bb300dab93837095ff36d87d924ef1d621b52826b05c993f

SHA512
801a40a25aac69adf409891756d32085f66a0cafc22947eab1c76e8c0bc66a044a78ddccaa7e17a75e6db7a22caa59463827566ca72b8abba7e2e226c17456fe

Download Submit
/data/user/0/parseh.filmha.two/databases/__pushe_base_lib_db

Filesize
24KB

MD5
97af3ebd83f27d0d1aa6a07bbf4f8a89

SHA1
1729e01edeccb6201ef5204ed47b40a919cc47de

SHA256
439f22bbf6f5a57401bdba342c456fa7dd402d60b517db8b6eafc7e0ed1c7928

SHA512
23f80968195479911a897d03339fe2817d5794e5a9b9bf1ca0f2fb9c082a76acfe2d212eb9e938f3e6fc71ff8b29932ee911ddbf0ddf1e4448d1c7526288df2f

Download Submit
/data/user/0/parseh.filmha.two/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
c3b555cc3ecc06d10793ba847dc551e4

SHA1
a115f2e81fa55e5c0bddc2fa135fed0a95d97c57

SHA256
4830e7137448bc6771ed83521580284bdfcef48359a3495c1a952328ad23e6b8

SHA512
e01d244f3ae06edf5c7fa70f2ca829cdcc7969ae876b1342d2f2de0acaca52c2ba8aa96edc02c07ee802365d464900f7b8da64a3329d63ceaeb79dc699a94596

Download Submit
/data/user/0/parseh.filmha.two/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
04a9fd0a38ac4e14c697d936987253f0

SHA1
4c5a4967c4d9ca75314acd854ded20196e8a8146

SHA256
c12e8b97a05232ed45b542d929bae2054bc43bcb616c5c12056399de8551f9de

SHA512
c6e5db55c3053c57464ccd4f2878e7b5e582200aa6fb50c88ef3c3940328cdea449810544e928405bbd2603392fe758fc45a1afa3d5b1b5284a5cbeee0bef9fa

Download Submit
/data/user/0/parseh.filmha.two/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
fa37e8fc4093cc995f336ddab91d69ac

SHA1
4ae0e3d60686a3ff385fae4341f69a6430244e34

SHA256
ae3504ae0f2724b4b8ea7955a3a4ae7bf0eb4987cff7f74e3a380881464f4d70

SHA512
dc8cdcdcb96fb981b93ff5a8d18c08bf20365a2f4f46390be18b50aaa750b63a666727c676ce87eb4c86a3454969946fbc59d0e1c89c733445dff154dec279dd

Download Submit
/data/user/0/parseh.filmha.two/databases/__pushe_base_lib_db-journal

Filesize
24KB

MD5
7f451e848c7c385e69fe461fbbd15f7c

SHA1
9095d50cc0251197a2401aa6f94a26dd0a60cfb2

SHA256
654fdbeb1f781f46551870caffd1adf65bc9087566552193957a5c3f27aa6caa

SHA512
7c4127db483bc0b59567587c110c20e41347db054000109cc8c740b40379716c3339296d472c7416c130b01878a9cfc9dce2156a29ae92001c35c692b98dd92b

Download Submit
/data/user/0/parseh.filmha.two/databases/__pushe_base_lib_db-journal

Filesize
512B

MD5
f9f66796132a60071d3d5c6aa9163d33

SHA1
ac004a4b966cf9e21f4c70c7a33eaa4e59e9e7dc

SHA256
eb2feb023a5b6d70b0be77da6f12ae923b29dd16395df343cdbf43995a995ffe

SHA512
7d499493461e15ddf58c1795533f4a51a0e572bf5730e44dd45fdbb7bc871e71620794cf81831b544d2489c5376abf5db826ca1137a2e2ff0985e47ef0881b23

Download Submit
/data/user/0/parseh.filmha.two/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
3c3678fc03cc3da58bb69174576ac858

SHA1
307c41791d15317b8f01aa3624d4dca604d372d7

SHA256
45058263fb0a977c1c48c4e435e9bdb6547f3f27c86850fbffdd36326612c86c

SHA512
aa774a369af3187e0c736a937de0000bec75a22984bf4ddb05f7de6b6c5c214f2e31474a47fa0697d5e85fa54e2647fc36f9af246cbe3237e632797acc06cf6f

Download Submit
/data/user/0/parseh.filmha.two/databases/evernote_jobs.db

Filesize
16KB

MD5
7872aebbbdbc44eeaeb8cbb1b1175628

SHA1
8a1da9dc2add88ecb95ad7b6d3ba2ab097bcd584

SHA256
f4787b54251f86b0ea76e2adc65a019a063656c691e47142569f684faf9a312c

SHA512
02031997c6d13bf26ae4386fef97678cc78832d57ed70a6d8a5992c5590d2f2213df6149c692063065ed774a2c07169de72164352f049a73ecefed26834cf6a2

Download Submit
/data/user/0/parseh.filmha.two/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
ac78ccfdc1201f0b9e095804d83e83da

SHA1
7e4c2276bdabd56bde4eb1ec1b436e0b20151ea2

SHA256
e94cfff5bcef0a51776aef3f8278ed34744f267c246e417e64975d61889bea63

SHA512
668a0bdc1f141c6b006737e8abef9d42ab3397b577f29d3d9de1e0c82c3dfd8d723715eb3dcf10b426efe7c51f549316843d830850317488da631cc7831f75e4

Download Submit
/data/user/0/parseh.filmha.two/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
3e4e7f7339118fad2aafd1db85c6435e

SHA1
f0f2850651bd131d707b7596504781e9b2f9fe75

SHA256
feed0005f7e92b6d555f1c480ee5eeaef4385314fe73f24ef6649e20cad64250

SHA512
f8c6ba763bc8f9f503d3445eaf8e21bdf392821b6f9343231bfbfb95990a6fd50b3e63c6b9a3409c184addd6eec9802167bed2ab4ad4df0e9e7bd9cd83ec849a

Download Submit
/data/user/0/parseh.filmha.two/databases/evernote_jobs.db-journal

Filesize
512B

MD5
fc63cf439017d9857b154e89ed86e1ef

SHA1
9ab96342993e2299f80eceec84884fb5e385cd06

SHA256
095b8f93a05d00c7f8f588a5e79a1c6c3ad6fba76c89f847e468395ab9fb3822

SHA512
c46fb45320a028d9c215edbac10b8ebeb0ed9f24738341b8fd794ae6307d34721a4dd518d9f9679c84655a6c18ff381938739e8f36f533f7352e81cbd398e0af

Download Submit
/data/user/0/parseh.filmha.two/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
433bf08981051fe74e2b71cc3a8bf12b

SHA1
7065c3bc7b92f7d653e7d9789388d78a374ecef7

SHA256
0124f47c6ffa0e92369a18eace5b6cdb254fa7ca76be815031c694d1ab2b50c8

SHA512
ef2f6a7932282ced66c2ea72e04c76dcd7a5002db96a30e060b13beebfaa20c0627ca2b994f0d2539963068738d11dae85ef6f23e8afe254ac162be2bef11925

Download Submit
/data/user/0/parseh.filmha.two/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
8960f573e33b7d2fbcfe240f6a858cf3

SHA1
3b48f269ee876075ddba2bc1b4b9638e7c76604e

SHA256
8ebb7280de0fcee552d663e4dc560cc7a323073bb94d6c2a9f57470be6dd513a

SHA512
c6e16c6380decff1d4b956dfa004bc5d4124e4186d7c270f4f742186b09a9435ee7baf456dade1adbdadb3997c47ebf41dcf838b462ada42b5e39f90f458e1e3

Download Submit
/data/user/0/parseh.filmha.two/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
bfcf292e2dce0faa2784203aab54ae84

SHA1
4c1554d601a016f50e44367843cb9adec87222f1

SHA256
5b2a4e25f759d8e9f62bfee9e613a7675f0c76e6f6d28e87a35934f8d20322f5

SHA512
b184e561e9ba37796691d4513b176a122abe69e274493a6aa1ec8c8425fc9f45e7e4bd17f88eb3a52d607af2d5c9ecc55504f55a4f2b7cec4aa47339f0e1e3b6

Download Submit
/data/user/0/parseh.filmha.two/files/unsent_requests

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit