0813f423639b63645104b7c85f20a245d83dd3c61badee2de231da66fe9b4d70

Analysis

max time kernel
28s
max time network
156s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
27-05-2024 09:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

78bd894d527bf6e5e36b87f4436155f5_JaffaCakes118.apk
Size

3.0MB
MD5

78bd894d527bf6e5e36b87f4436155f5
SHA1

d7037f1cecdbfae3b90f95355be4a12bff112c56
SHA256

0813f423639b63645104b7c85f20a245d83dd3c61badee2de231da66fe9b4d70
SHA512

ce13b511007b3534e93aadbe4a0926f8fe8193dea3f36e16b911ac377b628c852374bd89cc2b2715cd0e82ee4d43f407059cd1b45812b0dc9764c7eb2667faa0
SSDEEP

49152:1LUz7Ec4xmnlGFehyQdtBltOh2Y0WmPsG8GOWPnNBG6GzfEJ9tY:1oUJDFbs7ltOh2Y0JPhEWPXtGz2Y

Score

8^/10

banker discovery evasion execution persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	khone.deservashirini

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	khone.deservashirini

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	khone.deservashirini

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	khone.deservashirini

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	khone.deservashirini

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	khone.deservashirini

khone.deservashirini
1⤵
- Checks CPU information
- Checks memory information
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Schedules tasks to execute at a specified time
PID:4281

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/khone.deservashirini/databases/__pushe_base_lib_db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/khone.deservashirini/databases/__pushe_base_lib_db-journal

Filesize
512B

MD5
525c6ba42fb647e58a41e4b8b019f3be

SHA1
702fb966246127c2283cf6e214b3d1965ecc4256

SHA256
c72610fc78a6f109ff5e0dcfac8bda21b1252a355b78d2831b746999bb44dac1

SHA512
79324857ee54f5f5c11803e352518bea2e931c11baef02ded6c6163f359f3603176f17ee2ed44ab6afab95a833ee30ab7c27da8856ace9160ccad9652718c1ed

Download Submit
/data/data/khone.deservashirini/databases/__pushe_base_lib_db-wal

Filesize
92KB

MD5
c75e9ea2c2a6700c1d374fb13f51a59c

SHA1
94effb3b3000a3c30bec547f0f9a93154a078815

SHA256
584d4eadc0b070342e921d5a172217c583079f3f0e611b3b422c9d0211a3e1fe

SHA512
2eb1d29bd2fe72cefb924b3b1902713260509cfc0e941ca45d767d73cfc3e5c6c369086c8c933299d6b8af974caac3dc48167b5342f0c8dd12693ce697d32e99

Download Submit
/data/data/khone.deservashirini/databases/evernote_jobs.db

Filesize
16KB

MD5
f8323d60aa312ed3b37c5a326d208a09

SHA1
5ca422772e2e18ca60582b0722e2b140b9d6784a

SHA256
4cad21457cf5e13fa2ce645b8b75da2164a7a0c6039e0caa4d82f6fd23ace64a

SHA512
be4b602b9e09411f8ef7f36fe15464aebe2926a42772001921ba2a8f25d0f7a6c1e024aff2890385a171e22f96dafd111d8ce8fc3d2907a08fe41bf37547ab8b

Download Submit
/data/data/khone.deservashirini/databases/evernote_jobs.db

Filesize
16KB

MD5
40e7ce69872c5ce8b961b25c5ec4117e

SHA1
e77b1a9712313e4c69aaaaa5244360d58d078c6d

SHA256
d97c3c9ddaf4255b157ad541c3b1f1f8ad6ccd8bbdb05edeb2f5682a042daba7

SHA512
3ebf4cac7b20e3985243664fc9169d41655dd15e52a1ae86cbab488fa89591daab66d8fcbe23f8c1fb7208f6e670047459ac3261cce82e703f0f2be2908db62e

Download Submit
/data/data/khone.deservashirini/databases/evernote_jobs.db

Filesize
16KB

MD5
09a8d47f1621806543942bd759c8fe91

SHA1
0104fb12b70a6b4b186e1f1083272f12953091bb

SHA256
6a79188e1a74f45021ecaec8997ab01ab5d581e8b7e8faa0f8655f810ecd58b5

SHA512
03adfcebcdeadd840b2f602039cf8cdc92b63e6a4d9513040e67f25a037be4336b2d70b24a71e0b1c959133ad7a2b68de1139c5e47cda121c7b76fcc7e9cbeec

Download Submit
/data/data/khone.deservashirini/databases/evernote_jobs.db

Filesize
16KB

MD5
60fabb7199883ea2d249873e0082ed4c

SHA1
3687721768290863b44ae6b181481006ba3dcde2

SHA256
eacf2e421ab56d7b64490e7420aa05ba7da45ac5841d8dbadc147cc8e06fa6e9

SHA512
a583d7d108963ef679ad76ca5714e9a1a7764d03733d700d739c1d199bb1745a83ecec80f2eb5a5ab0366aa9cc6efd7924332cef224d39542bc3be44342f4cde

Download Submit
/data/data/khone.deservashirini/databases/evernote_jobs.db

Filesize
16KB

MD5
978fdf85b8448e3a7c9015e51477eb49

SHA1
793bb88398dc9457935a4416638d5ed3974baf19

SHA256
8f72919eebbe45ed6d33b7b763d7e45d76a880128aee9aa5c29d28ab79689a92

SHA512
852b2d3e2607c96625e9bcd454c702ccec6a0f07aba3410976d6400ecd2d48ccc92d93c8ce7fcc87a622d04357bd6805a996f11d339ca7fc3eab99c0e991fe38

Download Submit
/data/data/khone.deservashirini/databases/evernote_jobs.db

Filesize
16KB

MD5
79b35fe1b88796e60c7b97a53fc35abc

SHA1
6ab07ac24d58e2d4b44ed11a762e8603721b5cb8

SHA256
34bf26fbbfa3917324678b8cc6259f3e843241cb51928620febf9ba26e210604

SHA512
5b3c093987074bf49ca1bbf9baf39611abb6bd6d8e07d793ecff1c200cf89be88d67a678b2d7d992b5183e3b5f277656d2cb366d16e23ce84eb94097786d7f1d

Download Submit
/data/data/khone.deservashirini/databases/evernote_jobs.db-journal

Filesize
512B

MD5
fa45e8cdadc720e40a830554f95ef8d7

SHA1
a3a85a54fb47cac9d8b71d65c2a074a48b2b98f1

SHA256
141e1174c70d455795a068aa5c55ddeb6360437475d2187ab32a498cd7db794c

SHA512
99790fdce92ab9f04e4831114775d2f629cd0ae98a9458727413b593afd4a5c71b0f9575005802d3b026ceb4405c7c7e22d0861e98370a8fd08340435f088c59

Download Submit
/data/data/khone.deservashirini/databases/evernote_jobs.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/khone.deservashirini/databases/evernote_jobs.db-wal

Filesize
4KB

MD5
7fd503c4865998fcc2262e2081a8f94d

SHA1
06d9a6a74338e3dc57c3ad36f204abd190133a33

SHA256
449ccb52d1f856d05d1831abfc5c623a333d666bc3f91ea4a5e9c04d4d11673f

SHA512
b62118c50b062dc74743d63ed4351399d9d751dcb8e4a63d180e433b32ce50473b487b5454430548a2372c4f596df9b67cf4ad341e0602cea6dc6431058b9d98

Download Submit
/data/data/khone.deservashirini/databases/evernote_jobs.db-wal

Filesize
4KB

MD5
546f005e57e4a4907e1c612cc637fd50

SHA1
822f74998b413494a047459daf081ecae4c302d2

SHA256
026ffcce2d12e24c1bb0aed0fe591a03a02ec7cb355492973bb71c22b15285f7

SHA512
6944f830d8cbcf49a3526acba7948901e2b14d005c957788cfe11e0471327020a45c1e4816e82f533f5c71caab23b27f606b2da7061e85327629d81c6fd09d3a

Download Submit
/data/data/khone.deservashirini/databases/evernote_jobs.db-wal

Filesize
4KB

MD5
08815508f25c7bddb49136efe93031f2

SHA1
ba3690068c324a1cfbf1f7e82d447f8d69bbdf2b

SHA256
57d3e663ae31df70d232fb57f55db93f165ac044372aaaed726994961de12d6c

SHA512
0cbd65ca52b530f49f6a62803340c098e424826dc0f2c23be9db2520e933438fa509912d83dc17b0bba78dc6f3fd907bc6c4cabbd19f5cbe71dc995add49dadb

Download Submit
/data/data/khone.deservashirini/databases/evernote_jobs.db-wal

Filesize
4KB

MD5
323b3ea0bef035781f062d701f1445ea

SHA1
be08830bb1bbd74ce3b6d628cfc0e6372b182a22

SHA256
6afe18d953a57f8da2a6b22ed5056489c0807803b9679db7d234692fe3dda1aa

SHA512
b04ef0054a9bdacbf0c213324083589ef8409dac9bd17149bcd71806c1ae098b0b9d2a24915544458beec170bae8a4ce3bd748cb61400708cf12b7b9582fc09f

Download Submit
/data/data/khone.deservashirini/databases/evernote_jobs.db-wal

Filesize
28KB

MD5
db5129f69f4cd52f1b15f604111bb050

SHA1
77ed01d6e989e21c108f53c7ae5ad47dfcfb488f

SHA256
e3fdee9fc65e5f3c9d435c7ab2a8f6b7d441462c554b75e7fd0770189eabc99e

SHA512
2580098298e78bfad373c7904b9ad2605156bfe6442e8852226beba5c7f2d1e9de4836a1aaff44893e7636e4c4e79c54343196ffa9e9234ec4d75d86c3efdb21

Download Submit
/data/data/khone.deservashirini/databases/evernote_jobs.db-wal

Filesize
4KB

MD5
04cd8175f936ecd11f8d9faadececca2

SHA1
5e31f781453b82028a798d4794ca269b69e0c4d9

SHA256
3f29ed7da8e693aa39ccb3cc92c03cc8c0b23da2934cd2e578b6ad678616ef62

SHA512
619ce013261fb5f92f1e9232c309a21225bf093b49c1348632ad73823126ea45a6f628522b04fc2232f0212c28679d8abaff4473272585fbec4b1b616a024974

Download Submit
/data/data/khone.deservashirini/files/unsent_requests

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads