0813f423639b63645104b7c85f20a245d83dd3c61badee2de231da66fe9b4d70

Analysis

max time kernel
50s
max time network
184s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
27-05-2024 09:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

78bd894d527bf6e5e36b87f4436155f5_JaffaCakes118.apk
Size

3.0MB
MD5

78bd894d527bf6e5e36b87f4436155f5
SHA1

d7037f1cecdbfae3b90f95355be4a12bff112c56
SHA256

0813f423639b63645104b7c85f20a245d83dd3c61badee2de231da66fe9b4d70
SHA512

ce13b511007b3534e93aadbe4a0926f8fe8193dea3f36e16b911ac377b628c852374bd89cc2b2715cd0e82ee4d43f407059cd1b45812b0dc9764c7eb2667faa0
SSDEEP

49152:1LUz7Ec4xmnlGFehyQdtBltOh2Y0WmPsG8GOWPnNBG6GzfEJ9tY:1oUJDFbs7ltOh2Y0JPhEWPXtGz2Y

Score

8^/10

banker collection credential_access discovery evasion execution impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	khone.deservashirini

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	khone.deservashirini

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	khone.deservashirini

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	khone.deservashirini

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	khone.deservashirini

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	khone.deservashirini

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	khone.deservashirini

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	khone.deservashirini

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Requests cell location 1 TTPs 1 IoCs

Uses Android APIs to to get current cell information.

collection discovery

Location Tracking

T1430

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	khone.deservashirini

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	khone.deservashirini

khone.deservashirini
1⤵
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries information about the current nearby Wi-Fi networks
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
- Requests cell location
- Schedules tasks to execute at a specified time
PID:5106

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Location Tracking

T1430

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/khone.deservashirini/databases/__pushe_base_lib_db

Filesize
24KB

MD5
acfb31786adce6eb83f66e7c4e1a64a7

SHA1
6dd06392f7474f00c462a423813de76e242c76d4

SHA256
db7c068162e5e2886e7a560d5d5ae09b3b5c273f67ad0211721e6c10a6b79e7c

SHA512
ee33af5a1cb92990b8369321d029bc2d03342e0a634619a134e6c7bf7c6be38913f9541da4272c61881ffeef0b66e437969e0067fd3f3e52363249f57085a1b4

Download Submit
/data/data/khone.deservashirini/databases/__pushe_base_lib_db-journal

Filesize
512B

MD5
f75d8e14aa9a54d7b77afd007b00c0f2

SHA1
b9aac4953ef8f1693950f6494d854fc10aa6c674

SHA256
51a7fd2dc121546e577fd08e15d94d9f2e15825d50a6651a1486bf3ea556bad7

SHA512
b1586c640b3b81a77a5093008d28548dcc613725341583eb41b02377a4e30a6e831f3c51de1b26013ae22f9c84e48fbda42ec0e514600be069d65d4c3d82636d

Download Submit
/data/data/khone.deservashirini/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
dcfee748509ca46f15a8891f69ec7980

SHA1
4c5c1170d381511d335de762ccd11cd17a65fea7

SHA256
cbf280a8c053821b765176dcae95b36665be4b519cf486c2f2ef691aa74f88ae

SHA512
d71be7559973e4255a28ceb44a4649dd9556afd24860b48db8285b069625ace3ff21beaa10b9d832290445b4a1e8fb0c3c8fc4f0534437ea9bf9f2284c3616d0

Download Submit
/data/data/khone.deservashirini/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
5e7e54e5c01fcf99a4133e450291b4c6

SHA1
e485870ad7449392b57591e13c41460c72530aba

SHA256
0e08101781dfc12f19ffe5eb54ebde43d8c9ed24e8cdb6e492529bf8189cd347

SHA512
9b46226c0e91b34da5e15caa72732bd5c25062f47351af474f12f4f8996f6157de7afa7bb4c1b0ad2de8948a982d04baad8a462fdf9a671237b188670d81104c

Download Submit
/data/data/khone.deservashirini/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
c731f61037d92277190161f56109dfcb

SHA1
73ca2dea7ecbda8e80159f78b2146aef3007356e

SHA256
5b9ca7752bd079a1c79b2585373b2566edf45a0abec7f2f30d8084476d5cecd3

SHA512
d23f62e31563d1153978c628c1195d406e09cd6d925ec5e8facb43ea63645b007ea01f3de9d422b0f94bdefcaf517f297edd856e5ac7e97c4289ba1d07f35744

Download Submit
/data/data/khone.deservashirini/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
3c7fbfd852d6cd976c72006ab333b6e5

SHA1
20c27c17dc3a4477699813829cccf866eebfedab

SHA256
66ff434a02be70aac47a0c09da7bcc091156416ce9daa114964ce435a95d1c54

SHA512
4d52535ce9e590c7d3cc685216109599ebdce22130847201ec947e8d113dc94de15901af4de63ad6e94bbe7759964641532e9b2dca1f0238861c2fd081a11593

Download Submit
/data/data/khone.deservashirini/databases/__pushe_base_lib_db-journal

Filesize
24KB

MD5
133c1a49a40886043f554fcdb4278c39

SHA1
ad5c64a7cc53feb105f62a7bc58893b722693c4f

SHA256
efbcd28c5af1ca0ca9426fbeedb522a6b8fea8883c806f3e8ae0f1261c103808

SHA512
40f7188d8550f89ce5308dcb1649ec6805fc31bde9708dbcc5f81e1dc1a553f5421a5b0bbad32450128cf5bdcfba19c5871d442d7fe3ca8b2d22fbae583dd671

Download Submit
/data/data/khone.deservashirini/databases/evernote_jobs.db

Filesize
16KB

MD5
0f633fe3df0b0584a03782c8c82dd6d3

SHA1
eea049b3035b7d12f2e3af28ff0eceadd2fbc59c

SHA256
a4817840c79bb978b4642ed44a0de0ad5981c56a4701394da2cb951679ce9c08

SHA512
f551bc3ebfbf095362439b19b8dc0855d00a2f68cfd51543c77fa2f9d55c76b81ade12d8c798c0bb42bef18eafde898d7ec243f32dba518389f50246d9b3b0d1

Download Submit
/data/data/khone.deservashirini/databases/evernote_jobs.db

Filesize
16KB

MD5
ec46d0aa0840e132227badf57edcf4ad

SHA1
73a119f3240a3ee71ca277dcce4dc60c5fb0985d

SHA256
27e51e72236feb24eed27df209c65819ac48d5e19fadf91820e966054ecf535b

SHA512
f7ed5d28b935f0415f8b0bb02914d0c2a0b5b63cc59fea9cc85e4fa1f6d2b5da22d75bd0636757d75feaa7252045f9c6023a1dee176d52066d64cf142dc4ef47

Download Submit
/data/data/khone.deservashirini/databases/evernote_jobs.db

Filesize
16KB

MD5
b8f678f6d85fe543e6a7c236581c9010

SHA1
68a5830f4c20e52b8b1fda5b6207ca1b5d936aac

SHA256
aad1e3e93fb591494646021824df435e07ee06a74e21e1099fff02fd3239d910

SHA512
6b492b7264f70b09065f59f85a4c32d46c8241ac79db30bcd445d16fb3b96792337afe7ad18243883b9f263be6c61c5812605d73fe7213b1588d1c4812e78b6d

Download Submit
/data/data/khone.deservashirini/databases/evernote_jobs.db

Filesize
16KB

MD5
73dbd02ea33757e0df3c2a2eda0a1bc8

SHA1
d302d4afea394417bd0a67da20ba95844f3ee2ec

SHA256
00fba2f2f6bee6a289154a31a907f1cc91a895ea2805241ad68c474fc9e1958a

SHA512
db367b7d3c5816a7db7bb2d4ec90862d885c954aca8a6ca7376605dca95e4057a0d2a55abbccf920aed6ae54d4a1d178b5a754093ae3f41180deb15ba329f130

Download Submit
/data/data/khone.deservashirini/databases/evernote_jobs.db

Filesize
16KB

MD5
00e829076f54c72b50b63fd6de296a03

SHA1
fbeb1b8be863931f98a7c29224a03b89f9616ab2

SHA256
c479f839c0bc15e9a9749cb5a5a3eef4e09c0163160073477f72fa78b2e300df

SHA512
1c6b0bfe980050072927f8d407ca86353098d03502f7194f141d43c045a3f35103261811281f023262f4823a4fd70659d6802b76e126e991120dc14cdf74bbcc

Download Submit
/data/data/khone.deservashirini/databases/evernote_jobs.db

Filesize
16KB

MD5
f13bd78a13a165bb5030037558619a18

SHA1
203521b9c8e85d2ba6c58c3f023717a1ebe5fef8

SHA256
2a91184659114e4971b4d9d481fe2b18b18fa9bc7ba26a0d31d42c8ed2d1f461

SHA512
7bd962a701a12d1611a8c455a7a76ec3bf3965e2508e503b1d8c7858f4f45a054a554ce91f0819e2508c296e8a0142c42f866f839d5124eca01f3550346fad4d

Download Submit
/data/data/khone.deservashirini/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
4d846afa379b24d785838b37ef183b43

SHA1
edd4f0a686059111e20476842770119523983948

SHA256
dd91a045c7eee55448d1d33b484bee107d6f700fbb735e06dc3528b7eccec01d

SHA512
cd24ce43c222a9a7a94c1b987c7900de7513dce89fa44ab23f45097728dd5ea3da63b8ae6662a9e90f4ea66d65881fd75d2dc46c1dd5a7410bcce1f62b096f96

Download Submit
/data/data/khone.deservashirini/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
a8d287010c91c0f1d0227c5fbaae1e79

SHA1
9cfc43e1b5245db603ad9024bf241ce918b77d2a

SHA256
6c31fcc5217c53d3eba8cdc2eeaf421d77efbf34929c5a580640f493c6afec36

SHA512
94091ea6490b75819bc55372ebd2044fbb9a62500a52ccba0ebe7f57cab57b18787bea69c979bcec1a4c32bbe176dee99968abff5755231a613bce0d6891cc94

Download Submit
/data/data/khone.deservashirini/databases/evernote_jobs.db-journal

Filesize
512B

MD5
30d86864a170979b0ad633f8793ab609

SHA1
7ca450d241bbb52d3192eeea2a138cb1a61bbf1b

SHA256
d9d57dff722729e8a6eebf4dd9b0d2ef6fa266b0cb03e7da70f73df2298f6309

SHA512
9658ddb0c7e932dbc867f61d6c16b97064f6fff892f4d8460ad482853b204400dfd6509ff5f9c45191e44c1267ec69c48ac949f88cebcaf05d6a2c4aed55b2cf

Download Submit
/data/data/khone.deservashirini/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
ef76423cd0f40218293cdb56a965df12

SHA1
f9888687373736e5bcdcbefa1e97b67d581fde05

SHA256
382a38f2ca68dcd198445af467bd776551658ff9586f6533fa46a994a76e771c

SHA512
5f5d29748eaeb9a1b3b62ee45bea4de07f04cfc3509aad8a6e984fde57f3249fc2461c3c7c15322adf5ea335ccb10676eb0dab4944377468293b51c9b55619ad

Download Submit
/data/data/khone.deservashirini/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
9daf04b39884c246c0e0e373d42162b8

SHA1
8e0d2b57e9c1b0f3294423cbee380857c1a9ff0e

SHA256
fd30c5deb33794a80ebe7c143196af7d505754c38db80b1b0e64b816d66afee3

SHA512
c8e7ef6bfabc4fd6cce7654829f76e5dfc049206c542c5cc02e2f630eb4205ba1fbeb7abe8a4432f28e9d65b26071d8fb85fad61e70c8f5718892ee4367f9df8

Download Submit
/data/data/khone.deservashirini/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
4a566301abd3628647add781d45da1d3

SHA1
d4c323875a64a28e2ecb93a0b94d619d3ee32f84

SHA256
6ae9f998960a35169dfa4dbb1b1b695ab10c4b33caf4fe39cdde84ddd62d8814

SHA512
bc12f77cb58aa686d186cf54fec2806d49562846af284e17ff8419820f10430cd6c887448e4126b05f70a596ee448660d4543270f9c5617f88d6f02713c84bd6

Download Submit
/data/data/khone.deservashirini/files/unsent_requests

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads