0813f423639b63645104b7c85f20a245d83dd3c61badee2de231da66fe9b4d70

Analysis

max time kernel
40s
max time network
186s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
27-05-2024 09:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

78bd894d527bf6e5e36b87f4436155f5_JaffaCakes118.apk
Size

3.0MB
MD5

78bd894d527bf6e5e36b87f4436155f5
SHA1

d7037f1cecdbfae3b90f95355be4a12bff112c56
SHA256

0813f423639b63645104b7c85f20a245d83dd3c61badee2de231da66fe9b4d70
SHA512

ce13b511007b3534e93aadbe4a0926f8fe8193dea3f36e16b911ac377b628c852374bd89cc2b2715cd0e82ee4d43f407059cd1b45812b0dc9764c7eb2667faa0
SSDEEP

49152:1LUz7Ec4xmnlGFehyQdtBltOh2Y0WmPsG8GOWPnNBG6GzfEJ9tY:1oUJDFbs7ltOh2Y0JPhEWPXtGz2Y

Score

8^/10

banker collection credential_access discovery evasion execution impact persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks CPU information 2 TTPs 1 IoCs

Checks CPU information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	khone.deservashirini

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	khone.deservashirini

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	khone.deservashirini

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	khone.deservashirini

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	khone.deservashirini

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	khone.deservashirini

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Requests cell location 1 TTPs 1 IoCs

Uses Android APIs to to get current cell information.

collection discovery

Location Tracking

T1430

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	khone.deservashirini

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	khone.deservashirini

khone.deservashirini
1⤵
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries information about the current nearby Wi-Fi networks
- Acquires the wake lock
- Checks if the internet connection is available
- Requests cell location
- Schedules tasks to execute at a specified time
PID:4596

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Location Tracking

T1430

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/khone.deservashirini/databases/__pushe_base_lib_db

Filesize
24KB

MD5
3257f1f35fafe2d93e2f75eba3c69b29

SHA1
a74e218a3b8c77c08c348fd1fb090af0df82a263

SHA256
f2be8055b666d65981445b7c18cee2bc55d09e65591dd424569b15737d21aa67

SHA512
05b45e1515f0cd094624425a2267a85a45a49dfd4e5651cf0462614c2853f796b7dd119d24157109208b2733268a8e66cb62555cd3d4113e618e532722773b01

Download Submit
/data/user/0/khone.deservashirini/databases/__pushe_base_lib_db-journal

Filesize
512B

MD5
38e3b5578e129759d2e660de0e07d209

SHA1
ae2ae132bd2cc4644d28bae9d258f3cd16010815

SHA256
f099cd12dcd3bbcc920202d7ee0754a6d1c7a4426993e131a96fa951eaba29fe

SHA512
aeac96ff9b9167529599bf139bd11e0dccfc89fa8fcb946bb6b21ca129a971e203ebad54f810d410e38fd125d3aa234f2a77fc7236c9956293c4f8ca878a3ba4

Download Submit
/data/user/0/khone.deservashirini/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
15d875aa1ac3c44282448998c6bb55ed

SHA1
8953f2d7d4b0194c524d958d3f36800e6d0f7cf9

SHA256
51bc7c2ec36d52a92df5b51636343c4afe3423193c4a0a8dfcf036783260239a

SHA512
ed42a86a37f1b8aa0ef716694f7f6fe089adbf07b1d596d736f1921937abce55f31742870120562075e4a94226f15cc288d955638847161668c101cf84a28e80

Download Submit
/data/user/0/khone.deservashirini/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
e8c858f7d043f0bb868833e00eeb10fb

SHA1
a6418785e169813d89d498b5c7836ad8e0bd479b

SHA256
3b5a69c8c497d4418c7cf83544ea2fe3149055c1da24e9675004f6c9e9b8b51b

SHA512
1bd5504c5a28bbab510a1825a069b4cdddf0d08f9eec3c8f9b7ed8603b6e87f76690d588ae1eeb81b84a00ddee2176b124ba1b2536b6f2d69073797fadd1674b

Download Submit
/data/user/0/khone.deservashirini/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
9c6ad31d01ac38ab5f8bd3746a24dfc0

SHA1
5c17f3d1393b78b5f018402d454b083041ddec6c

SHA256
7fda89cc732f6884e01486c098788fff231e332b7943abbfca7effea66b933b4

SHA512
55fa9d3b3bfb8405ed2137e10e7c0be0ab3255f0bdd7b5a3910b0ddd47c7031fb335bb2d38168fc56b8e69a34cd7a993c4e788ffec577ea76b9dee3bde648746

Download Submit
/data/user/0/khone.deservashirini/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
a768923da7aa5202f72e7d7e60050d7e

SHA1
a477abca241c5d030dfbbfa9250a1309d83c4ff1

SHA256
24323d45093f69fd9aea3abee05fa36de51227938580b618e3c453c200da1636

SHA512
0629b18f80d353ff5923ff60f992788fad12476569c5a1ee48eaf799ac8b66cae7b5d2741201703b60b769079de81849073fb6ce74313181ab495aaf8e20bf34

Download Submit
/data/user/0/khone.deservashirini/databases/__pushe_base_lib_db-journal

Filesize
24KB

MD5
0a6e3c7441f4c7dff991b3dd40cb38e6

SHA1
6b8dbd1a851e613afb46ac27690078e594ea8f05

SHA256
cad1e71c4b64db26d024155c047d4f1459fd76847d7a3a113dfc02812bbae917

SHA512
4753e5ae436955485bff3c4cdd4837e19d1049120f3d2c79332e45310ff3aebf224bbdf0f1256338af1c72f761ef98d0e621c20ec6f0e3f20c5551e073df239d

Download Submit
/data/user/0/khone.deservashirini/databases/evernote_jobs.db

Filesize
16KB

MD5
3c2abe32664ffac9bbf8e84763afd1c3

SHA1
d7a7eff4ad5546953551e1f009efa0ae86ace0a5

SHA256
f5cda75ea20bb3e7c6e7df388336e93fd02faebfc7f6fa7fabced7cf09cfc12b

SHA512
9c73359289d1d43239188fb282bc762f277514c025cb66cefacd7b0c8d0f8c64b8991bd97bb9a9d5028d32adbb3edd943770441271937b4a166435c880925470

Download Submit
/data/user/0/khone.deservashirini/databases/evernote_jobs.db

Filesize
16KB

MD5
814cc975ffa88c80c056f10e842bb758

SHA1
b3592c1e83ad9e6a4df7a86c9ec2683bde3c40c4

SHA256
b893299effc14e233be369caa69089ce4589dfce1980d3cbb6a863c1ab0aab37

SHA512
964af37a9ebcc033ffdab59daeb00838cf4482dc56a9c3a72fee4aa52d1faa5ec99b51b36060d636624ab0ec483cfe14bd5b20824267e52fe3ea713c761de4f7

Download Submit
/data/user/0/khone.deservashirini/databases/evernote_jobs.db

Filesize
16KB

MD5
17c71870d2f71429d546581065c65a80

SHA1
f92e5217ffa26589d851f7e03edf275264267fa3

SHA256
6098133537da5a65e73b8f9afed438286d1aabb0090eb3d77618eeb470df055d

SHA512
f97c3f705b38424350f1f725fd69101a29208b4aff2957c07535bd01fc5346cbe02277576c62f5d734b7e0f8c3fb3640ca18fd3f23f9ad3c1cb5637a76dfc4a7

Download Submit
/data/user/0/khone.deservashirini/databases/evernote_jobs.db

Filesize
16KB

MD5
4d8e811b4649fb16fc6250cf24edc4f9

SHA1
bf9cb310b6b15ade130bb09a08f83b1bd4c1f41e

SHA256
c7930aa0539efa87036b27f8da4f5dda34ce4f48de44232b0bcca3603da013fb

SHA512
b5c7f1862eda09ae5581d7eb845a9448f99a6c9a5d6f5eaf20fcdc1298d5af03adbae5987e67055bfdd39a0a983474b1a15c6970ba74997de323c54e40562ffa

Download Submit
/data/user/0/khone.deservashirini/databases/evernote_jobs.db

Filesize
16KB

MD5
47080e3bfcf2db9b8620f2faf6c5857a

SHA1
6f63c1851255e0fa99567f047382074b086d38bc

SHA256
dc4f8a73f49d2a6b41ff425fd08b85c1eba5280c438a1a1ff9832e91dfa56cbb

SHA512
e757043d82798926a5ddd716457accf6616894ad1ad79ec832293a1f662910b663239f899bf05a5c8d90fed5bcb093c5529e5bc842fe9003c1d5902f9ed84473

Download Submit
/data/user/0/khone.deservashirini/databases/evernote_jobs.db

Filesize
16KB

MD5
000b95f2bc5a8f56e0aee563c1046575

SHA1
03f8e9a434378e066779319d875cee162919acea

SHA256
f2e73ae0ec6d6a2b256de2f0cd99ae221a1e3b54b4a1cae9bb0eb2c7101d3f48

SHA512
11e27f401a2c45c5493cf002e8da025f78c32760c1798dbff3bbd00ed2237a910771688c7dc59cccda2714f9b6167b141486fb11bf2ab6d9539fb377cb74fff2

Download Submit
/data/user/0/khone.deservashirini/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
0c6a92f2bb941cd31ba70c38817da7d7

SHA1
4b8dbc390640c95e099febf0e920b2004f949ea6

SHA256
1b5582da42e4fe66fb9328732f06f7f9db936a1e2fb56375306e30525346b914

SHA512
f87d9fbbb6adf6627fffae9b0276894005592204ce4a9c541dd3b49d9a0d47d4f13059880a4a8ef488ee98b561a13a8e8758cfcc9a6ed7df66af8dda407792fd

Download Submit
/data/user/0/khone.deservashirini/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
922221e7ab5c903d3d0aac032a54af1d

SHA1
07b02925155480da9fe94231c445896a09f1e73d

SHA256
d201055b5f3879b4a07f2ed5c4ecc395c3afb6a185c5e81e5160dc471f3ff308

SHA512
ed23665a686be216523f3eeadc7045c8e92806c2a351cd5067bfb542db36dc57cb143c76284dcae9da2db69ac94225553218d8936604e2e2f82353a412a01b3f

Download Submit
/data/user/0/khone.deservashirini/databases/evernote_jobs.db-journal

Filesize
512B

MD5
45c34c4b7dc58fc7550fb000f0aa6364

SHA1
b54cdd21ee4a7f63709ac84f3f058e67435f86f0

SHA256
f13a037dfb21cd873ac0a9e0fe3603aa03656947952a1d4a74be91d8bd2f65a3

SHA512
3180ca1282ad2ab964c31bc2b6f056e1f1174e09e7eb8d40945f0e2e0024032e3e520381fe26989632b0cfb2614d55198955cbc640bf8d29df6bdfc5bfea5395

Download Submit
/data/user/0/khone.deservashirini/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
65488f26a9771fdde5dceafbca175362

SHA1
98044a5649c38a541dfa921ec90c08cd0600a519

SHA256
abcf6fe49ad47bb9c981046d7069ab0641aa921482e1bd24c7adc7a0d210162e

SHA512
2cc80d4a7958ad1bc3c5d5b9947a519916cfd1dc3129b33cb2f596e3107ae17d65e46c55422a2d3904ee6bc2ecde9c4753cb0f6f27338600b95b126378eda77f

Download Submit
/data/user/0/khone.deservashirini/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
964d5592cd12f453d4cc92d5aa92a6d0

SHA1
bc70b34e0789cffe85fb2755c3b1da6aab747d0b

SHA256
8990443dfc84c97fc83a7b5d319ac18077f1324b0301f2ace2de07f7c2d687a1

SHA512
6b906a9752e1c9a40c7c5e828e03f9f1456d14dd644536f7f440942a860c678ea1daa625f862cd85bd9877e6a8a9fe2cbbe10a0e295bad66227f0dfa71e8c816

Download Submit
/data/user/0/khone.deservashirini/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
a0b4ab0ea4678584a54d319eecec74c7

SHA1
0f8762681b09fffd407cf5bf0dcb16942bfd8826

SHA256
bb65e696709d9cc86b4a2e309f30546551d1d26650aa2b163d73d537c70b1ce0

SHA512
585dec343e4fc6d4a65fc5ba559f5d061351ef5870cebb6e3f3dc9d13639cc7340ba13cfecbff6f87d342b95808e608d292189935a33157168a7aae4a5dd6e87

Download Submit
/data/user/0/khone.deservashirini/files/unsent_requests

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads