Analysis
-
max time kernel
48s -
max time network
131s -
platform
android_x64 -
resource
android-x64-20240514-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system -
submitted
02-06-2024 02:09
Static task
static1
Behavioral task
behavioral1
Sample
8c8f75b9359c72c749696684532d1d37_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
8c8f75b9359c72c749696684532d1d37_JaffaCakes118.apk
Resource
android-x64-20240514-en
General
-
Target
8c8f75b9359c72c749696684532d1d37_JaffaCakes118.apk
-
Size
6.9MB
-
MD5
8c8f75b9359c72c749696684532d1d37
-
SHA1
1d6f205803c7127fcb9792a8ba725bf3457a778a
-
SHA256
4273e080126a647a3c235bbfe063a658131ea7846e1d7301d9c97672792f4c42
-
SHA512
bc72aa32265dfdfa312086048222b3b60dcbc1940aee21d5ff19855ea8aeda72a1901500c212855bda9f8e3f15e6a87887c5959e7856abaa8d136e96d0777246
-
SSDEEP
196608:4tYfOZzPIhpyulLxAEzIqcZiIZEQU3pQ6FkAYQnAdT+36/xFI2xbWTBWCR:ovtQmGcipQU3KLAm2
Malware Config
Signatures
-
Requests cell location 2 TTPs 2 IoCs
Uses Android APIs to to get current cell location.
Processes:
com.mohammadrezaghaedi.ashpaziidescription ioc process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.mohammadrezaghaedi.ashpazii Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo com.mohammadrezaghaedi.ashpazii -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
com.mohammadrezaghaedi.ashpaziidescription ioc process File opened for read /proc/meminfo com.mohammadrezaghaedi.ashpazii -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
com.mohammadrezaghaedi.ashpaziidescription ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.mohammadrezaghaedi.ashpazii -
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
Processes:
com.mohammadrezaghaedi.ashpaziidescription ioc process Framework service call android.net.wifi.IWifiManager.getScanResults com.mohammadrezaghaedi.ashpazii -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.mohammadrezaghaedi.ashpaziidescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.mohammadrezaghaedi.ashpazii -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.mohammadrezaghaedi.ashpaziidescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.mohammadrezaghaedi.ashpazii -
Acquires the wake lock 1 IoCs
Processes:
com.mohammadrezaghaedi.ashpaziidescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock com.mohammadrezaghaedi.ashpazii -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.mohammadrezaghaedi.ashpaziidescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.mohammadrezaghaedi.ashpazii -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
com.mohammadrezaghaedi.ashpaziidescription ioc process Framework service call android.app.job.IJobScheduler.schedule com.mohammadrezaghaedi.ashpazii
Processes
-
com.mohammadrezaghaedi.ashpazii1⤵
- Requests cell location
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries information about the current nearby Wi-Fi networks
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
PID:5262
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Scheduled Task/Job
1Defense Evasion
Execution Guardrails
1Geofencing
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
24KB
MD5d449ed98b59b8da010089d65ff7f40a1
SHA128dd17291df535bea8e889dd9e7694fa5fc95e5f
SHA25612b7822091865e5022cdbd13f6b7114fe719e2c69940e13c6e8c98a1d68c45d7
SHA512d1068c41c1566a7911bb82314b0beff149cb62df3d9474171045713ff7dd8fadb3e435eafc0811a078f2d76d32d171d0fac05ba154b941edb23564e79a3feb92
-
Filesize
8KB
MD59cfb0cc6c82eff777cace1f36f3036c0
SHA1d141e9997ac8b6062ff8ccf5a5ce6ef56f906ed0
SHA2568313f591cb54ae2c04c49daa6475c6485549f0a99676c741f7c3e2091fd966e7
SHA512daffd3c796ca7bc4f36c1ad2c1b6aa1c9c97e9d8474454aef26c35e48580ceefe32d575daec566c1b216efe7e782c5c77b4e5d05d954faf28d82a4b4bd22a1ac
-
Filesize
24KB
MD50995beb7c856acbf7c604f68bfa7aedf
SHA18586f30815a8e2e1c14320eb12d2018f0327a98e
SHA256636ad25dbab7c9f42569ab276ab90faae35a0bd952eed2f8263719f5d3167648
SHA512a0c46fc75f505fd07c5cb0ae57938255557e55eed8699f2e9a9bae23d7adda9bbc5fb143cdccd455ebc59da2bb78ba2a178b6b0e985d6e52396a9e3eaab4670c
-
Filesize
512B
MD531219ad7be94c3b6de37537f8def3dd4
SHA161b303d510f447eef4aa917e1d29fa41b3185f3c
SHA256b23fc731a76aaff02f9dbedc0c35030401508f1095c15fb7344b1a0d901abdad
SHA512827cad78927684b6446eaaacba62e828f39e458864e4edd49ec90c64fcb3cdffa39619105c0334bbc929f9d513571cb2f0cd441ffe67ac9ec47d1f1e66d06bda
-
Filesize
8KB
MD570936dbd4db58f06703a10a208a3cb83
SHA1ff7336240444b43b52d2e046b069a24d936320b7
SHA2568d059cdccdadef16d68ce4d3b4b4f7a4fb9489e4af0348cd4fa3a51e65e8e450
SHA512aa0d5fd41e089bfb72e24638e42a36565800d3a21ba65d9e3667eca2430ba91bd208dcef542cade1f711945a685b72dfc670bd372923bfc8ccfd516d377b8512
-
Filesize
8KB
MD57bafb42f63649c33307ee3402180d152
SHA18a61446ccc357002f2f83ebf55f6938093669e17
SHA256b13d9f112f119acb1c7530b669d6e1a12ff5c079b17cd6fdac80e589a5b2ddfc
SHA512e1d1adaf8a5a4a45fd764170203547febec4d95e887e950a2d70b50cd7a1a6dbd0cac1b4270d1ef214ed919b0587e3c0e5f406bae1499360e1971043b805df64
-
Filesize
8KB
MD59cf99c7681c5a90996e7b9ded7a1851f
SHA174a50663f4d683f8d34b50f3d8cd0bcdb9c87ef2
SHA256d89bec6b87ed679b3204e987657cf59e79532fecf491e8a79e8c86ca4e5d15dc
SHA5123a5ffe820817efff19ee751f6350986964d4152397e3d45eeb0c021ad942b047ccc49b73e678333badecc53d71700a9fa32fc10b4836f0db6dc4cd7ff0d2dba0
-
Filesize
16KB
MD583ba958c640ca575578eaf4863b6d364
SHA11feb367ee2e0b453891da2e3a3c69d93c64b56c3
SHA2569a3cb2fa8851494dcc845e96e8b495a0ba0e792eed9315929f4637c55de39405
SHA51258856ecd47bf77ac4539f9a5ead5865b0ab6ce26040278f86cd35619efd17cee0dcb863605b6d7e6b5550c8b869611fb6cdaab7b8d347ec3a0ddc9f97e37ff28
-
Filesize
8KB
MD530be452d90f6a840b725a564b9676c3d
SHA198faffd803f0acbc1b1429ab07a3ef23160389f3
SHA25622c73edfa9bca878ded65462ac905e2bea5cbc596f47988d3f9685a5b439b1af
SHA51253fcc267e23c8775becbf44cbb79692ddc169e9c8594313baa76ae13ca796258be6359dd28fbfcd987acd533f4daceb8845721e646c71041fedbf0367c21fd5d
-
Filesize
8KB
MD53069c571837fa9e8f923fcf3683bd994
SHA1831cd9085446e139921e219b52e18fa19bd81492
SHA256a110f11112c021a2854b41d2de6d1e4dcb1faa8902bbd790c1edda3355f0fd3f
SHA512cc2baed9070df1a6f6376413ae34a5b6997303b5a36c493c20255690304151216ce22afb673b46ca5475bc097eb4623f54f1b485071c7c402d2483fc61ddb573
-
Filesize
8KB
MD5478c4534b201a92c18949f0cbc3710ea
SHA1e1014b73564f3f5a5c6379ca07d4312b7537fa6a
SHA256cd7d9b5bfab0881feebdcd0be94deaf2c7cb9282c82a107f8de1cae58d120fb5
SHA512d8ee85f46456740f3323f66371b79e08bcd539a0552c65c8bc4a58903b0331558c04f3a5b9e5fdfbc267686c9abd24044bb26cc5aa42c6a101f57558d693b2dd
-
Filesize
512B
MD5ec6316f729db1e4fc3b1c5539964423a
SHA1c0d565f3f3859389c31949cb1eff3177a8f691f8
SHA256066cbd7af43f334fc30bd22849e1e7e74804f484bc9af275bac48533d543d196
SHA51249d0e4afa27e5552e5091abb96a293a60424af91394c5f0a22ea0025ba30efce61d50b5bc3ddecf7a9b29cf5b19fe07c6beccf9ff4d368a03e1f4c35036faeed
-
Filesize
8KB
MD5126a84f4a334237184290a4878b2f4de
SHA158ae927794b0ba4833906cf034b16006335996ad
SHA256b22f01a60aac6179a8d314a502e5ccacacdc4c59dc37214f3cbaa089ea389d6e
SHA512f9179813ac18013527e11826d3e68bd01c1794d3bf5faa3b1d56483c0f3c942f1f56b7119e59178958fb2c3dceba88b1d5e303a0a4cbfee269241993b0bd8fe8
-
Filesize
8KB
MD5926541f9b4638e80abc63504648bfe39
SHA158ba1794b27eb62b7f083ad6e88ec70ff26fc12d
SHA2567f0f3b1368e0eb1900717d691e28b12371f87ce08c95e697588534660910afed
SHA5129e118f2d25ef4f5412b30cb59d1378e182c69f674d40f4b45d978175f59aeedc7d566e57b54f30d412d8ead53b78132fb3538d0d84ec5fb1c146cf5d6b41779c
-
Filesize
2KB
MD5f4b3b7c9fa90aaf32f495fd07bee65d9
SHA15714a8336c9ec3e27f60dae1691bf3718a224b84
SHA2562e4600b8532ab9710beea1652d581a4d92dd0f4e212bb19b8b0eafe54c19ed92
SHA51279d829aa4da01ca83459a15e352a5a8bcc248d77203ce13c4eb110a25eecd5b9d2445c9544b76cbd1a1a0878be6d6ef49e74aca554f411333bcf5c692ffdb180