fe466224bac7b5c3c12c92716a365e98b60aa91c427e8ea6ff644223fc079648

Analysis

max time kernel
50s
max time network
174s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
26-05-2024 05:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

747685f90d49d320c544fa1b50903d55_JaffaCakes118.apk
Size

2.6MB
MD5

747685f90d49d320c544fa1b50903d55
SHA1

acb1ebd906e4d85c86de759ea4a85b6fc7009368
SHA256

fe466224bac7b5c3c12c92716a365e98b60aa91c427e8ea6ff644223fc079648
SHA512

29143d9dbb93677fd9196d558fd5a2c56e0441af979dd95e6530c1045a384a98a1c1bbf29846a1731677b9611b465fc103eebd2b5b827cbedf5af9cb5406cce3
SSDEEP

49152:j5mR1R5XBxK4LS372cmWXYdid45rVWRYRd3haoRoTJkEb1I:j5kpBx47XdIdrNRd3hau0JkAI

Score

8^/10

banker collection credential_access discovery evasion execution impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	roman.eshghe.ghadim

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	roman.eshghe.ghadim

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	roman.eshghe.ghadim

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	roman.eshghe.ghadim

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	roman.eshghe.ghadim

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	roman.eshghe.ghadim

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	roman.eshghe.ghadim

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Requests cell location 1 TTPs 1 IoCs

Uses Android APIs to to get current cell information.

collection discovery

Location Tracking

T1430

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	roman.eshghe.ghadim

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	roman.eshghe.ghadim

roman.eshghe.ghadim
1⤵
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries information about the current nearby Wi-Fi networks
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Requests cell location
- Schedules tasks to execute at a specified time
PID:5223

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Location Tracking

T1430

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/roman.eshghe.ghadim/databases/__pushe_base_lib_db

Filesize
24KB

MD5
c92bd7fb8aba47c831676dae48dbcc99

SHA1
253b1f00889e4186d1d311ef1e53d80963d64e11

SHA256
82090b4d867a8694a9183b9f4d56f022f9bed12df25d87a57cc995f4447133f9

SHA512
59606ef19c5f5683125ec8c9b1ae486992d38f8f1173bee8a55681e6864efd27db36020d5f6b426aea35bfc4f1371bd0ff135744bdd87c46d16ab81f0b0a0780

Download Submit
/data/data/roman.eshghe.ghadim/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
b9ee6be14ad3944cd41f5cb5efd460a9

SHA1
94eab7ca266242043772fedf91babf30f5526a9a

SHA256
b6a5e91770411947e94a59799969cda1951541da6a1cbb6f51bbb1c70f187b06

SHA512
3764a70ae1f4d7e65ce2c45f50dcedcfe83a86329720c8431b87691dbca9742708ded4b1deb72aeedb9510af00f771b8dbfe955bc6e031e15203a34f9515123c

Download Submit
/data/data/roman.eshghe.ghadim/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
27f72cbf4ba9d93d174a2c4052ebbd95

SHA1
84150c48a386c2cfaf77ab0ba3b61d0e272d5af9

SHA256
6adeedebaf64d783880da1cc04052a9b17993cc28773b1f44ca4193bc643fe29

SHA512
ef2a9a30703e2acf34a5c9cadf4be5162eb0e9691b28d22514ce018738cab92d92d7ef24575e7dc38b70b601a3507d370f1949d624dc6d5c4e15ab5ffb130893

Download Submit
/data/data/roman.eshghe.ghadim/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
65c84582a5387d6df7d1b053519dc877

SHA1
c3e19baf15603eeb606471464269d7604eafcf53

SHA256
6953aebeb293826651c606c229681cb0da7c161001dd2a7b15ec1ebf745f9ef9

SHA512
ea1cf66f82337d02bbb44700128612049b1f13cc041819dd088168991cbf67e28b398060777d971850a0b00de1ee1023e9becef240761e6341b960e0625752f0

Download Submit
/data/data/roman.eshghe.ghadim/databases/__pushe_base_lib_db-journal

Filesize
24KB

MD5
9b0dda90ff2577b6544a79b262c0d77e

SHA1
2e7ba38b2b7dcc6037243e62919e7bfd04f5a636

SHA256
1c6827890415a8c0cd051e686d9caf68dbeef3bb520953c2ba95b078be710d71

SHA512
92529334ec2088c34e14c6e26d2b6f073b3df25ede2bc051df5917dc7fdbe6fd7f24972b3c0d4cabdf7442cfe26009155c8dba8c485ec87c43ba70db8a8f71a8

Download Submit
/data/data/roman.eshghe.ghadim/databases/__pushe_base_lib_db-journal

Filesize
512B

MD5
4ba108242caa1443dec69b4470afb61c

SHA1
ecfd9695441e07a53433efc58fa336be3d5e8f95

SHA256
12d1b9911f2b68ae5441a7c691d9085d391c53095fec86fbbdd2a01cd869e49c

SHA512
2e861e057f1bb4090385ae55421b8bbb8dad481cdcfc19c8555ebdea112afd1268bdcacc1f868967d866d2d00907e687aafd90511acd37131a0c9112bed35860

Download Submit
/data/data/roman.eshghe.ghadim/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
f77c2d951156a068a77ed3fa6e022be1

SHA1
cd05302af3ea7ef4b03094c1dbbe3b39b19ef881

SHA256
8c17bf89aa58a1da1141bb245dbc75728b256b25fa08263b5922ad7d9f06ccc5

SHA512
5865a084fe886d86f2b595286a56fd8549c121c2b8bc905c83c2bcb4a0de4ca8f0914d350b8dcfcd7217292263eb35bbd45f5271779f4b1f94528892dc491cec

Download Submit
/data/data/roman.eshghe.ghadim/databases/evernote_jobs.db

Filesize
16KB

MD5
0ea8b68a22e6ef364d76edc959f21046

SHA1
30b432004517af3894efdc864e006cb4bc0ef686

SHA256
a39c74213d986ed2a839d9810f09089391ec6a1f041ec843b4a476d435d35e4f

SHA512
2a52ea14a800e18b488a579f14745a16189795bddf45b408e466e26264e8f6310a3a4cc76303714da43d7b2ee1ddee0202d072b505e52c0e687a8dd527eb2e24

Download Submit
/data/data/roman.eshghe.ghadim/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
fe810a92d8cf0e9deb5b7fb0dc3a114c

SHA1
4328864f2f702b578c16d649c7c472b79275f355

SHA256
f48f3d20ba364db62d0755daa5fd9b471e719c1dff5f222080b91a292539cd99

SHA512
30b7fa92da64887315dc316a95140e71703140c3b467609004bc35301110f839786931efaf80be5bad7789ab66b3c2e6c76fddbc24f0ce37288519662d761942

Download Submit
/data/data/roman.eshghe.ghadim/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
35928b18203b531a62feacba90abad0b

SHA1
28b28d773e9425a1a792630121ee2f56aabcefa7

SHA256
3ea9b14cf26daa917fd768d232bc27962bf07f4c3db50f26a1a0224a75921168

SHA512
5d17a8c3b373df066e93b6866a1b8a5d0f49b021da06e4dc86d74ea602a243c3a885919e2ace3b426a8535d7ce6e712f3c342a946d7e996996cfd50e4fdc1f7f

Download Submit
/data/data/roman.eshghe.ghadim/databases/evernote_jobs.db-journal

Filesize
512B

MD5
94168e1296afa34c7299564a9f5a97a3

SHA1
17083f59f6e16849145b40fec340e388306dd506

SHA256
ec982fe960e110620de0d55362b565d19c03dd874abeaf163f2831a3ce94af04

SHA512
e5a27a468cfdfdad05cc6d44227e826bf0a8bcfcb13b7a6e20d7760c9c0453ba4b838a4919c6e242ac2769135617859afa3c1459f422e24e08ef230b498f2c29

Download Submit
/data/data/roman.eshghe.ghadim/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
4eea2e457b8948d4452fc289bf829dff

SHA1
ab65e8c740c64f49fcc7a1541f3d39142bb9cdfc

SHA256
02c220ac637a17160cfa698eed8e447beb2fe5034fe94fb1bc0a0973189f9163

SHA512
776daa37787fb3426410204bc8ef41024d19607ba2aa321da8f5e46760ccf80e87c7416c09e3ae616df61a1e86c1f6bbfbd8a6687e8c35912366307afef31e89

Download Submit
/data/data/roman.eshghe.ghadim/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
7cdc643cbccb1b2f7be22d4ff723683c

SHA1
80ea15044b5497d46bc8517533a5a6f5e3c3a0e0

SHA256
1c7dda7ddc280e8917f3854f58129f9d65b7adadf35b984148f90a12b4410faa

SHA512
61ee2a4db309b9bea64cac19a228afe9f4ca58cb940bf6dfab825e6ce85f24a1e22d6b02a17f476e2f7a1ad95723ed1147de4654af916dcb5be8b4e979f1c358

Download Submit
/data/data/roman.eshghe.ghadim/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
0242633320258828fff5e1152a58d306

SHA1
861045915bf74bae50200e425f666d0ffb6e01ba

SHA256
d976fce662d316ddef07bc2d252ab09b10eccf290871668104b6c05b2786132c

SHA512
3a29f49557fb46feac01dc21180e4a8f4e4af390d4debfeb81c384202ff6fcd71a83818d3a619aa72fcf652822aa1b868aa603f30785b7b405652f81333b1680

Download Submit
/data/data/roman.eshghe.ghadim/files/db.db

Filesize
1.1MB

MD5
499fd65c375c7bec13bb9e372cfafd07

SHA1
4c0f8bee521577244441075e757957e7e9299493

SHA256
6bed001bad2e0bdf16806dd3b5ed9810cca9a361cef909e9125d508825bb46fc

SHA512
aa79a82859e42fcd4e4c718ff071bf0aac8ba64cf917d23f49691809ce9edcbd2354dbf26849e078e7503d682940c9cb662b9b9f861c4227befee70b27109c7d

Download Submit
/data/data/roman.eshghe.ghadim/files/unsent_requests

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads