Analysis
-
max time kernel
107s -
max time network
156s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
02-06-2024 02:09
Static task
static1
Behavioral task
behavioral1
Sample
8c8f75b9359c72c749696684532d1d37_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
8c8f75b9359c72c749696684532d1d37_JaffaCakes118.apk
Resource
android-x64-20240514-en
General
-
Target
8c8f75b9359c72c749696684532d1d37_JaffaCakes118.apk
-
Size
6.9MB
-
MD5
8c8f75b9359c72c749696684532d1d37
-
SHA1
1d6f205803c7127fcb9792a8ba725bf3457a778a
-
SHA256
4273e080126a647a3c235bbfe063a658131ea7846e1d7301d9c97672792f4c42
-
SHA512
bc72aa32265dfdfa312086048222b3b60dcbc1940aee21d5ff19855ea8aeda72a1901500c212855bda9f8e3f15e6a87887c5959e7856abaa8d136e96d0777246
-
SSDEEP
196608:4tYfOZzPIhpyulLxAEzIqcZiIZEQU3pQ6FkAYQnAdT+36/xFI2xbWTBWCR:ovtQmGcipQU3KLAm2
Malware Config
Signatures
-
Requests cell location 1 TTPs 2 IoCs
Uses Android APIs to to get current cell information.
Processes:
com.mohammadrezaghaedi.ashpaziidescription ioc process Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo com.mohammadrezaghaedi.ashpazii Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.mohammadrezaghaedi.ashpazii -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
com.mohammadrezaghaedi.ashpaziidescription ioc process File opened for read /proc/meminfo com.mohammadrezaghaedi.ashpazii -
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
Processes:
com.mohammadrezaghaedi.ashpaziidescription ioc process Framework service call android.net.wifi.IWifiManager.getScanResults com.mohammadrezaghaedi.ashpazii -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.mohammadrezaghaedi.ashpaziidescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.mohammadrezaghaedi.ashpazii -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.mohammadrezaghaedi.ashpaziidescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.mohammadrezaghaedi.ashpazii -
Acquires the wake lock 1 IoCs
Processes:
com.mohammadrezaghaedi.ashpaziidescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock com.mohammadrezaghaedi.ashpazii -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.mohammadrezaghaedi.ashpaziidescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.mohammadrezaghaedi.ashpazii -
Reads information about phone network operator. 1 TTPs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
com.mohammadrezaghaedi.ashpaziidescription ioc process Framework service call android.app.job.IJobScheduler.schedule com.mohammadrezaghaedi.ashpazii
Processes
-
com.mohammadrezaghaedi.ashpazii1⤵
- Requests cell location
- Checks memory information
- Queries information about the current nearby Wi-Fi networks
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
PID:4299
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5112b314e2661d6d5f3d912ba2958e4dd
SHA1ef7b6eaaa1190f52baff817a5e45fd3b83110bf4
SHA2567d2036d1017c90542d63de1bc42334a2a2e7fd009d6a4dc0d37896f6babb979e
SHA5127e4c74d2924321ec3550e831085768ff46954fc7161f810822043a88e28ecb212b3b8b28d246294bbdc260a0c5fd5c997f79171f45e2effbc383cd732ba79c62
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
160KB
MD5747c2ba8bc07cc9763d33569010fdfcd
SHA1317430d403f0a95f9eeb6327d683a72eb2e2ee44
SHA25657af54617d0fc1a763c4c17fe359d5b1614cebe5198ff558afc054c3e85de2b7
SHA512fc56180b1ad06e926b3c065530aff1de8e699b1b2e7808ecf44932030d1a355deafc04cef362661f3c65aa5f3ca76b388f497fea93b361ae231b83b0a6a46893
-
Filesize
512B
MD536ad486d0e522ce9181fdb6bf38e98d2
SHA188a35e28db89ffce071ebb2f9c1021b0586392dc
SHA256b143e55c369a7f66a1fcf681e0d868bcd968415654de58edc7158fec8172d083
SHA512b8b711ae63bdfb01fcc7487fdc0cda48f4f46128e0c74c521fe1929e90917d7496d03256553436985118b8d7c63b68dd9cf25255998bc97365ed7c8020a67667
-
Filesize
213KB
MD5db642395f646d65adf3b6deb596874ae
SHA1ebed69821e18d00943a5ab982b1296de30b4251a
SHA25612a79eaedeb9bd4eea606c678e7a89ec80a84142c310bcd82fde1159d49c9fe8
SHA512443176cb502cd136ab0cba0748ed35d4c05c42f0b5a6b8f62e2d64dc79471c868d52a8697210e3f3f9152d4d172e1d86aeaf96f70b0abcfb509d9a0f48d07798
-
Filesize
2KB
MD5055b54a548a4f57c4b7b3f7755652fc0
SHA1f0ff3681baad3f7c490964d9708b6fcd67273581
SHA25651ba316e5f7044da8b88e4b1f1b10013f286690703f2b2ee9935478d895c1435
SHA512fb09c5fb3185e7f02045f72f354ee7fc2a3125a48d97226d45688b45a985c937410f13bdff3cd9207650c6a79cd3052a7de137c06ef841043f76c47b276f434c