fe466224bac7b5c3c12c92716a365e98b60aa91c427e8ea6ff644223fc079648

Analysis

max time kernel
145s
max time network
187s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
26-05-2024 05:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

747685f90d49d320c544fa1b50903d55_JaffaCakes118.apk
Size

2.6MB
MD5

747685f90d49d320c544fa1b50903d55
SHA1

acb1ebd906e4d85c86de759ea4a85b6fc7009368
SHA256

fe466224bac7b5c3c12c92716a365e98b60aa91c427e8ea6ff644223fc079648
SHA512

29143d9dbb93677fd9196d558fd5a2c56e0441af979dd95e6530c1045a384a98a1c1bbf29846a1731677b9611b465fc103eebd2b5b827cbedf5af9cb5406cce3
SSDEEP

49152:j5mR1R5XBxK4LS372cmWXYdid45rVWRYRd3haoRoTJkEb1I:j5kpBx47XdIdrNRd3hau0JkAI

Score

8^/10

banker collection credential_access discovery evasion execution impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	roman.eshghe.ghadim

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	roman.eshghe.ghadim

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	roman.eshghe.ghadim

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	roman.eshghe.ghadim

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	roman.eshghe.ghadim

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Requests cell location 1 TTPs 1 IoCs

Uses Android APIs to to get current cell information.

collection discovery

Location Tracking

T1430

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	roman.eshghe.ghadim

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	roman.eshghe.ghadim

roman.eshghe.ghadim
1⤵
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries information about the current nearby Wi-Fi networks
- Acquires the wake lock
- Requests cell location
- Schedules tasks to execute at a specified time
PID:4554

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Location Tracking

T1430

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/roman.eshghe.ghadim/databases/__pushe_base_lib_db

Filesize
24KB

MD5
28f6296ebc606f20a76d59cd81ecf253

SHA1
206271401b5deeff48bd98dde896e9e761b126a8

SHA256
9cd3c46e4a86bee0a0ca1d8fbf620d1a816c57aec46e9cf9b4ae37ec108092e3

SHA512
b9cb78e888fd0491b405ba1bac1f751431549e158358536264ac4019d899c861fb4d2150b3c8b13347e176fb235639c851c4bd42e23b35966dad5ac785dfa7cb

Download Submit
/data/user/0/roman.eshghe.ghadim/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
3a558cb6d9de84fef494a7fd600f8e18

SHA1
30ebf80307e4855df63a08e528d2d8732e6947a6

SHA256
38aa233b464495fefd30a6f77f2dbe7e3bad6ad29fe113c579a62570df7e24ad

SHA512
132e7817c3be1d84a2d22c6e323e6505169513573b32d115886ccfea8510cc28359ef94e57cf4d6916bdd0c87a735289d576753e12eb9d5626a5d4b675304c69

Download Submit
/data/user/0/roman.eshghe.ghadim/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
12eae9beebebf52a119815a6836bb910

SHA1
7aa28fb88032b0e75412023e68e3c0069afec7b3

SHA256
a13c2acc8bbde32cf92f2a854f37286f0962b34f1d10a708c8cf89a8d3c932d2

SHA512
cc3110f3b6aa21c7f9cc94f8f530ced90dd2ff9eb8ebe0ae07b8bfd13567043691cb8a55fe664a78b243cc89cf19859928d26d33f26317663c8ff72617ac9a9d

Download Submit
/data/user/0/roman.eshghe.ghadim/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
5f0f171a4525adc2d091df8bb1dde9a1

SHA1
1b21ec4d710f0ef8319080c9794efad1a734ab28

SHA256
08064a8d7aacbe2c8da20331ef78a0fd8a15104230427b047b875bda67fd3a6d

SHA512
2377e9ff0eb340fd5f2ab17348b2f01ac495b72cace53d952d27f7a902d1a7cfa60afd3bb8ff76d801f40ba674299944d467b13ee232348f229b2ab2aba07c18

Download Submit
/data/user/0/roman.eshghe.ghadim/databases/__pushe_base_lib_db-journal

Filesize
24KB

MD5
9c89d490bb8b49242220629296d6c5ff

SHA1
5a34611e479244695041f4a2b7d9949461a32629

SHA256
b726de7c4ab6f584ce0ff67234a49c5877e2388d8e83d88918fbb228c1538aa4

SHA512
8f33e9623f484bf7b36708d813aa6f8eedec941c96b1bd77024f84c8588ca3ac574f4b9c0fc8b33879912feae834edaae608f3874875bc84c0a75585c60a82e7

Download Submit
/data/user/0/roman.eshghe.ghadim/databases/__pushe_base_lib_db-journal

Filesize
512B

MD5
dbb3d476cc325837fc1627ab6328e16f

SHA1
791fde031ef978b9d23e6088b34eafeb59b0c869

SHA256
c3620bb8545df7eefd71327cde524696348b63931faddd88e9033cfbd6370a22

SHA512
81af111808acff8829ade78acc50718ae7ac8e547f3249d3962815590b5dba6225fb5fcd994043f1abb3fd8d3b3d0a5ebf92587bdf10a787914c910900e055b9

Download Submit
/data/user/0/roman.eshghe.ghadim/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
ae58c10f24a3f3725db75664a35135c4

SHA1
c8c004fa5d117a48415e6f9c0c3a9b7d8e5182b3

SHA256
f346ce8eef2c1c98c0fb1e8065471caea1eac9dd32613a9a6141569b778844b7

SHA512
9443d5b1a2322e8261c443b904f856ffc05ebe62c9405c268235ad2f8b10035a2bad7e7c3a0e7cb544ede86407115e4cfab9d8f3d1717d79cc1b593dfa51b92b

Download Submit
/data/user/0/roman.eshghe.ghadim/databases/evernote_jobs.db

Filesize
16KB

MD5
a5cec0d5011e447b33fd5c7c7eb5ac42

SHA1
2e5e4157fee78b1d148003a6bdb4199296f1a5c8

SHA256
2cc3302ea35bc1e322e7ea088c7bf50b21d03cda6d0c89caacb48928db43414f

SHA512
29c3df7819bc9684350722a9c6fdefe2948106fd5ab05bd7de759f491fec66f00514365855fab733cc1269a2ab6c30424a745b79f3fa82ae069600482928c46c

Download Submit
/data/user/0/roman.eshghe.ghadim/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
6ce5978d66a70593d32584e2f6573ea3

SHA1
8cc9bff42bfa0e6eebf55b861c8f3c8be581da71

SHA256
9cc2b2fc3b0168ddfb04f83212b70f5975de7ba8f7c9fba28998909bc00d4d1a

SHA512
26edfed83ab3acf3a7a5ffe3cbfd7d0168056aac01966b484682847291848d520f2ec904e1dc27ee69b42ded8bb89b424399c989de0cca48e11ae31fd81a7138

Download Submit
/data/user/0/roman.eshghe.ghadim/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
bda7e660df3075dd24d7274236634dfb

SHA1
a978049ab4118f5ff644cef1a6d1f18549d939c5

SHA256
e416765fba3dcd07722b49684149e8cc29c00ef371a31abbbaad5dc3abc9f878

SHA512
2541c87f2e6bb7e770517c7b1cf0beba534e620e190f465e6b526fe19c4d82d6243e959fca5f47876afa877f9e68c074c59624eca3c6f691f1c2e3049761d1d6

Download Submit
/data/user/0/roman.eshghe.ghadim/databases/evernote_jobs.db-journal

Filesize
512B

MD5
5770c304ade9d152469e49fd845cf19a

SHA1
2d936a4db506bf37b2788bb3ec3cb641f0de6924

SHA256
40065828f9d404d4eeaaa98a42af23e5b3c02caf5c575e524804efec9aae1c2b

SHA512
3f2e3bd996a989534f6b7e4ef88889ee7f79ebe40af5ca294bd9ec8100cb9d20bdc987a6609478433405aca69d6f9177d21e56ceb010b6d56287257c4358b704

Download Submit
/data/user/0/roman.eshghe.ghadim/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
b5e40be614418226f659578dce9582ee

SHA1
ba0a3f8c12902387374648e5ad07233db0dbb823

SHA256
f8807fd96c175c1de4ebb0323efa1351805160ebf5ce7ca4f3249b576d097a0a

SHA512
2fd27c1860365e2dbed1c59d8b3fe6d6e6f5a6c6fc1b2849d801b28b21f79c51bb6b50ae312255a35bfe6efe5a61b1a7c125e2eb8986fa3d3ccf2e5a74fe9c12

Download Submit
/data/user/0/roman.eshghe.ghadim/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
067c167ef618939c7337e8fdf8d0aa14

SHA1
055ab095a5fbe3ff2cbb45b04fcf37a40cf5aafc

SHA256
2a5f5bc835a658274d69fb0c4a2b6a905707fb6f2b660a22daa814832312aad3

SHA512
230ac49efb70cb97d521ee056f98de94d70d1c1ff97c3661aaf7c20414a76a9f487ea3fe3e0a2f868e9aff4a32b9ad8330fb04188b8ab0b2042edfd1610c42ba

Download Submit
/data/user/0/roman.eshghe.ghadim/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
38a4588db85659c5575447841d4851e0

SHA1
8ab3317677560715161d5014720c3c0d57df56d0

SHA256
15d064af21efb6cc6dc170f231239adc1121e728787c3c7b9dbf70686a671d11

SHA512
35978ed5e31f9aa47222d997e63a2901a1aebd08d8569a4642772418e5830ccc1e29cb97e07e0d24d4a9d59a20bd1c6640d2de81270e47573080d5487f12adf3

Download Submit
/data/user/0/roman.eshghe.ghadim/files/db.db

Filesize
1.1MB

MD5
499fd65c375c7bec13bb9e372cfafd07

SHA1
4c0f8bee521577244441075e757957e7e9299493

SHA256
6bed001bad2e0bdf16806dd3b5ed9810cca9a361cef909e9125d508825bb46fc

SHA512
aa79a82859e42fcd4e4c718ff071bf0aac8ba64cf917d23f49691809ce9edcbd2354dbf26849e078e7503d682940c9cb662b9b9f861c4227befee70b27109c7d

Download Submit
/data/user/0/roman.eshghe.ghadim/files/unsent_requests

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads