Analysis
-
max time kernel
145s -
max time network
187s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
-
submitted
26-05-2024 05:29
General
-
Target
747685f90d49d320c544fa1b50903d55_JaffaCakes118.apk
-
Size
2.6MB
-
MD5
747685f90d49d320c544fa1b50903d55
-
SHA1
acb1ebd906e4d85c86de759ea4a85b6fc7009368
-
SHA256
fe466224bac7b5c3c12c92716a365e98b60aa91c427e8ea6ff644223fc079648
-
SHA512
29143d9dbb93677fd9196d558fd5a2c56e0441af979dd95e6530c1045a384a98a1c1bbf29846a1731677b9611b465fc103eebd2b5b827cbedf5af9cb5406cce3
-
SSDEEP
49152:j5mR1R5XBxK4LS372cmWXYdid45rVWRYRd3haoRoTJkEb1I:j5kpBx47XdIdrNRd3hau0JkAI
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
-
Acquires the wake lock 1 IoCs
-
Reads information about phone network operator. 1 TTPs
-
Requests cell location 1 TTPs 1 IoCs
Uses Android APIs to to get current cell information.
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes
-
roman.eshghe.ghadim1⤵
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries information about the current nearby Wi-Fi networks
- Acquires the wake lock
- Requests cell location
- Schedules tasks to execute at a specified time
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/roman.eshghe.ghadim/databases/__pushe_base_lib_dbFilesize
24KB
MD528f6296ebc606f20a76d59cd81ecf253
SHA1206271401b5deeff48bd98dde896e9e761b126a8
SHA2569cd3c46e4a86bee0a0ca1d8fbf620d1a816c57aec46e9cf9b4ae37ec108092e3
SHA512b9cb78e888fd0491b405ba1bac1f751431549e158358536264ac4019d899c861fb4d2150b3c8b13347e176fb235639c851c4bd42e23b35966dad5ac785dfa7cb
-
/data/user/0/roman.eshghe.ghadim/databases/__pushe_base_lib_db-journalFilesize
8KB
MD53a558cb6d9de84fef494a7fd600f8e18
SHA130ebf80307e4855df63a08e528d2d8732e6947a6
SHA25638aa233b464495fefd30a6f77f2dbe7e3bad6ad29fe113c579a62570df7e24ad
SHA512132e7817c3be1d84a2d22c6e323e6505169513573b32d115886ccfea8510cc28359ef94e57cf4d6916bdd0c87a735289d576753e12eb9d5626a5d4b675304c69
-
/data/user/0/roman.eshghe.ghadim/databases/__pushe_base_lib_db-journalFilesize
8KB
MD512eae9beebebf52a119815a6836bb910
SHA17aa28fb88032b0e75412023e68e3c0069afec7b3
SHA256a13c2acc8bbde32cf92f2a854f37286f0962b34f1d10a708c8cf89a8d3c932d2
SHA512cc3110f3b6aa21c7f9cc94f8f530ced90dd2ff9eb8ebe0ae07b8bfd13567043691cb8a55fe664a78b243cc89cf19859928d26d33f26317663c8ff72617ac9a9d
-
/data/user/0/roman.eshghe.ghadim/databases/__pushe_base_lib_db-journalFilesize
8KB
MD55f0f171a4525adc2d091df8bb1dde9a1
SHA11b21ec4d710f0ef8319080c9794efad1a734ab28
SHA25608064a8d7aacbe2c8da20331ef78a0fd8a15104230427b047b875bda67fd3a6d
SHA5122377e9ff0eb340fd5f2ab17348b2f01ac495b72cace53d952d27f7a902d1a7cfa60afd3bb8ff76d801f40ba674299944d467b13ee232348f229b2ab2aba07c18
-
/data/user/0/roman.eshghe.ghadim/databases/__pushe_base_lib_db-journalFilesize
24KB
MD59c89d490bb8b49242220629296d6c5ff
SHA15a34611e479244695041f4a2b7d9949461a32629
SHA256b726de7c4ab6f584ce0ff67234a49c5877e2388d8e83d88918fbb228c1538aa4
SHA5128f33e9623f484bf7b36708d813aa6f8eedec941c96b1bd77024f84c8588ca3ac574f4b9c0fc8b33879912feae834edaae608f3874875bc84c0a75585c60a82e7
-
/data/user/0/roman.eshghe.ghadim/databases/__pushe_base_lib_db-journalFilesize
512B
MD5dbb3d476cc325837fc1627ab6328e16f
SHA1791fde031ef978b9d23e6088b34eafeb59b0c869
SHA256c3620bb8545df7eefd71327cde524696348b63931faddd88e9033cfbd6370a22
SHA51281af111808acff8829ade78acc50718ae7ac8e547f3249d3962815590b5dba6225fb5fcd994043f1abb3fd8d3b3d0a5ebf92587bdf10a787914c910900e055b9
-
/data/user/0/roman.eshghe.ghadim/databases/__pushe_base_lib_db-journalFilesize
8KB
MD5ae58c10f24a3f3725db75664a35135c4
SHA1c8c004fa5d117a48415e6f9c0c3a9b7d8e5182b3
SHA256f346ce8eef2c1c98c0fb1e8065471caea1eac9dd32613a9a6141569b778844b7
SHA5129443d5b1a2322e8261c443b904f856ffc05ebe62c9405c268235ad2f8b10035a2bad7e7c3a0e7cb544ede86407115e4cfab9d8f3d1717d79cc1b593dfa51b92b
-
/data/user/0/roman.eshghe.ghadim/databases/evernote_jobs.dbFilesize
16KB
MD5a5cec0d5011e447b33fd5c7c7eb5ac42
SHA12e5e4157fee78b1d148003a6bdb4199296f1a5c8
SHA2562cc3302ea35bc1e322e7ea088c7bf50b21d03cda6d0c89caacb48928db43414f
SHA51229c3df7819bc9684350722a9c6fdefe2948106fd5ab05bd7de759f491fec66f00514365855fab733cc1269a2ab6c30424a745b79f3fa82ae069600482928c46c
-
/data/user/0/roman.eshghe.ghadim/databases/evernote_jobs.db-journalFilesize
8KB
MD56ce5978d66a70593d32584e2f6573ea3
SHA18cc9bff42bfa0e6eebf55b861c8f3c8be581da71
SHA2569cc2b2fc3b0168ddfb04f83212b70f5975de7ba8f7c9fba28998909bc00d4d1a
SHA51226edfed83ab3acf3a7a5ffe3cbfd7d0168056aac01966b484682847291848d520f2ec904e1dc27ee69b42ded8bb89b424399c989de0cca48e11ae31fd81a7138
-
/data/user/0/roman.eshghe.ghadim/databases/evernote_jobs.db-journalFilesize
8KB
MD5bda7e660df3075dd24d7274236634dfb
SHA1a978049ab4118f5ff644cef1a6d1f18549d939c5
SHA256e416765fba3dcd07722b49684149e8cc29c00ef371a31abbbaad5dc3abc9f878
SHA5122541c87f2e6bb7e770517c7b1cf0beba534e620e190f465e6b526fe19c4d82d6243e959fca5f47876afa877f9e68c074c59624eca3c6f691f1c2e3049761d1d6
-
/data/user/0/roman.eshghe.ghadim/databases/evernote_jobs.db-journalFilesize
512B
MD55770c304ade9d152469e49fd845cf19a
SHA12d936a4db506bf37b2788bb3ec3cb641f0de6924
SHA25640065828f9d404d4eeaaa98a42af23e5b3c02caf5c575e524804efec9aae1c2b
SHA5123f2e3bd996a989534f6b7e4ef88889ee7f79ebe40af5ca294bd9ec8100cb9d20bdc987a6609478433405aca69d6f9177d21e56ceb010b6d56287257c4358b704
-
/data/user/0/roman.eshghe.ghadim/databases/evernote_jobs.db-journalFilesize
8KB
MD5b5e40be614418226f659578dce9582ee
SHA1ba0a3f8c12902387374648e5ad07233db0dbb823
SHA256f8807fd96c175c1de4ebb0323efa1351805160ebf5ce7ca4f3249b576d097a0a
SHA5122fd27c1860365e2dbed1c59d8b3fe6d6e6f5a6c6fc1b2849d801b28b21f79c51bb6b50ae312255a35bfe6efe5a61b1a7c125e2eb8986fa3d3ccf2e5a74fe9c12
-
/data/user/0/roman.eshghe.ghadim/databases/evernote_jobs.db-journalFilesize
8KB
MD5067c167ef618939c7337e8fdf8d0aa14
SHA1055ab095a5fbe3ff2cbb45b04fcf37a40cf5aafc
SHA2562a5f5bc835a658274d69fb0c4a2b6a905707fb6f2b660a22daa814832312aad3
SHA512230ac49efb70cb97d521ee056f98de94d70d1c1ff97c3661aaf7c20414a76a9f487ea3fe3e0a2f868e9aff4a32b9ad8330fb04188b8ab0b2042edfd1610c42ba
-
/data/user/0/roman.eshghe.ghadim/databases/evernote_jobs.db-journalFilesize
8KB
MD538a4588db85659c5575447841d4851e0
SHA18ab3317677560715161d5014720c3c0d57df56d0
SHA25615d064af21efb6cc6dc170f231239adc1121e728787c3c7b9dbf70686a671d11
SHA51235978ed5e31f9aa47222d997e63a2901a1aebd08d8569a4642772418e5830ccc1e29cb97e07e0d24d4a9d59a20bd1c6640d2de81270e47573080d5487f12adf3
-
/data/user/0/roman.eshghe.ghadim/files/db.dbFilesize
1.1MB
MD5499fd65c375c7bec13bb9e372cfafd07
SHA14c0f8bee521577244441075e757957e7e9299493
SHA2566bed001bad2e0bdf16806dd3b5ed9810cca9a361cef909e9125d508825bb46fc
SHA512aa79a82859e42fcd4e4c718ff071bf0aac8ba64cf917d23f49691809ce9edcbd2354dbf26849e078e7503d682940c9cb662b9b9f861c4227befee70b27109c7d
-
/data/user/0/roman.eshghe.ghadim/files/unsent_requestsFilesize
58B
MD50d210bfb2a0e1f1b4c082a6a0f79de07
SHA1bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1