Analysis Overview
SHA256
4273e080126a647a3c235bbfe063a658131ea7846e1d7301d9c97672792f4c42
Threat Level: Likely malicious
The file 8c8f75b9359c72c749696684532d1d37_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Requests cell location
Requests cell location
Checks memory information
Queries the mobile country code (MCC)
Registers a broadcast receiver at runtime (usually for listening for system events)
Obtains sensitive information copied to the device clipboard
Queries information about the current nearby Wi-Fi networks
Checks if the internet connection is available
Reads information about phone network operator.
Acquires the wake lock
Schedules tasks to execute at a specified time
Requests dangerous framework permissions
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-02 02:09
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-02 02:09
Reported
2024-06-02 02:12
Platform
android-x64-20240514-en
Max time kernel
48s
Max time network
131s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Processes
com.mohammadrezaghaedi.ashpazii
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.212.232:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| BE | 66.102.1.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| GB | 172.217.16.238:443 | tcp | |
| GB | 142.250.179.226:443 | tcp | |
| GB | 142.250.178.4:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.212.196:443 | www.google.com | tcp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
Files
/data/data/com.mohammadrezaghaedi.ashpazii/databases/__pushe_base_lib_db-journal
| MD5 | 31219ad7be94c3b6de37537f8def3dd4 |
| SHA1 | 61b303d510f447eef4aa917e1d29fa41b3185f3c |
| SHA256 | b23fc731a76aaff02f9dbedc0c35030401508f1095c15fb7344b1a0d901abdad |
| SHA512 | 827cad78927684b6446eaaacba62e828f39e458864e4edd49ec90c64fcb3cdffa39619105c0334bbc929f9d513571cb2f0cd441ffe67ac9ec47d1f1e66d06bda |
/data/data/com.mohammadrezaghaedi.ashpazii/databases/__pushe_base_lib_db
| MD5 | d449ed98b59b8da010089d65ff7f40a1 |
| SHA1 | 28dd17291df535bea8e889dd9e7694fa5fc95e5f |
| SHA256 | 12b7822091865e5022cdbd13f6b7114fe719e2c69940e13c6e8c98a1d68c45d7 |
| SHA512 | d1068c41c1566a7911bb82314b0beff149cb62df3d9474171045713ff7dd8fadb3e435eafc0811a078f2d76d32d171d0fac05ba154b941edb23564e79a3feb92 |
/data/data/com.mohammadrezaghaedi.ashpazii/databases/__pushe_base_lib_db-journal
| MD5 | 70936dbd4db58f06703a10a208a3cb83 |
| SHA1 | ff7336240444b43b52d2e046b069a24d936320b7 |
| SHA256 | 8d059cdccdadef16d68ce4d3b4b4f7a4fb9489e4af0348cd4fa3a51e65e8e450 |
| SHA512 | aa0d5fd41e089bfb72e24638e42a36565800d3a21ba65d9e3667eca2430ba91bd208dcef542cade1f711945a685b72dfc670bd372923bfc8ccfd516d377b8512 |
/data/data/com.mohammadrezaghaedi.ashpazii/databases/__pushe_base_lib_db-journal
| MD5 | 7bafb42f63649c33307ee3402180d152 |
| SHA1 | 8a61446ccc357002f2f83ebf55f6938093669e17 |
| SHA256 | b13d9f112f119acb1c7530b669d6e1a12ff5c079b17cd6fdac80e589a5b2ddfc |
| SHA512 | e1d1adaf8a5a4a45fd764170203547febec4d95e887e950a2d70b50cd7a1a6dbd0cac1b4270d1ef214ed919b0587e3c0e5f406bae1499360e1971043b805df64 |
/data/data/com.mohammadrezaghaedi.ashpazii/databases/__pushe_base_lib_db-journal
| MD5 | 9cf99c7681c5a90996e7b9ded7a1851f |
| SHA1 | 74a50663f4d683f8d34b50f3d8cd0bcdb9c87ef2 |
| SHA256 | d89bec6b87ed679b3204e987657cf59e79532fecf491e8a79e8c86ca4e5d15dc |
| SHA512 | 3a5ffe820817efff19ee751f6350986964d4152397e3d45eeb0c021ad942b047ccc49b73e678333badecc53d71700a9fa32fc10b4836f0db6dc4cd7ff0d2dba0 |
/data/data/com.mohammadrezaghaedi.ashpazii/databases/evernote_jobs.db-journal
| MD5 | ec6316f729db1e4fc3b1c5539964423a |
| SHA1 | c0d565f3f3859389c31949cb1eff3177a8f691f8 |
| SHA256 | 066cbd7af43f334fc30bd22849e1e7e74804f484bc9af275bac48533d543d196 |
| SHA512 | 49d0e4afa27e5552e5091abb96a293a60424af91394c5f0a22ea0025ba30efce61d50b5bc3ddecf7a9b29cf5b19fe07c6beccf9ff4d368a03e1f4c35036faeed |
/data/data/com.mohammadrezaghaedi.ashpazii/databases/evernote_jobs.db
| MD5 | 83ba958c640ca575578eaf4863b6d364 |
| SHA1 | 1feb367ee2e0b453891da2e3a3c69d93c64b56c3 |
| SHA256 | 9a3cb2fa8851494dcc845e96e8b495a0ba0e792eed9315929f4637c55de39405 |
| SHA512 | 58856ecd47bf77ac4539f9a5ead5865b0ab6ce26040278f86cd35619efd17cee0dcb863605b6d7e6b5550c8b869611fb6cdaab7b8d347ec3a0ddc9f97e37ff28 |
/data/data/com.mohammadrezaghaedi.ashpazii/databases/evernote_jobs.db-journal
| MD5 | 126a84f4a334237184290a4878b2f4de |
| SHA1 | 58ae927794b0ba4833906cf034b16006335996ad |
| SHA256 | b22f01a60aac6179a8d314a502e5ccacacdc4c59dc37214f3cbaa089ea389d6e |
| SHA512 | f9179813ac18013527e11826d3e68bd01c1794d3bf5faa3b1d56483c0f3c942f1f56b7119e59178958fb2c3dceba88b1d5e303a0a4cbfee269241993b0bd8fe8 |
/data/data/com.mohammadrezaghaedi.ashpazii/databases/evernote_jobs.db-journal
| MD5 | 926541f9b4638e80abc63504648bfe39 |
| SHA1 | 58ba1794b27eb62b7f083ad6e88ec70ff26fc12d |
| SHA256 | 7f0f3b1368e0eb1900717d691e28b12371f87ce08c95e697588534660910afed |
| SHA512 | 9e118f2d25ef4f5412b30cb59d1378e182c69f674d40f4b45d978175f59aeedc7d566e57b54f30d412d8ead53b78132fb3538d0d84ec5fb1c146cf5d6b41779c |
/data/data/com.mohammadrezaghaedi.ashpazii/databases/evernote_jobs.db-journal
| MD5 | 30be452d90f6a840b725a564b9676c3d |
| SHA1 | 98faffd803f0acbc1b1429ab07a3ef23160389f3 |
| SHA256 | 22c73edfa9bca878ded65462ac905e2bea5cbc596f47988d3f9685a5b439b1af |
| SHA512 | 53fcc267e23c8775becbf44cbb79692ddc169e9c8594313baa76ae13ca796258be6359dd28fbfcd987acd533f4daceb8845721e646c71041fedbf0367c21fd5d |
/data/data/com.mohammadrezaghaedi.ashpazii/databases/evernote_jobs.db-journal
| MD5 | 3069c571837fa9e8f923fcf3683bd994 |
| SHA1 | 831cd9085446e139921e219b52e18fa19bd81492 |
| SHA256 | a110f11112c021a2854b41d2de6d1e4dcb1faa8902bbd790c1edda3355f0fd3f |
| SHA512 | cc2baed9070df1a6f6376413ae34a5b6997303b5a36c493c20255690304151216ce22afb673b46ca5475bc097eb4623f54f1b485071c7c402d2483fc61ddb573 |
/data/data/com.mohammadrezaghaedi.ashpazii/no_backup/com.google.InstanceId.properties
| MD5 | f4b3b7c9fa90aaf32f495fd07bee65d9 |
| SHA1 | 5714a8336c9ec3e27f60dae1691bf3718a224b84 |
| SHA256 | 2e4600b8532ab9710beea1652d581a4d92dd0f4e212bb19b8b0eafe54c19ed92 |
| SHA512 | 79d829aa4da01ca83459a15e352a5a8bcc248d77203ce13c4eb110a25eecd5b9d2445c9544b76cbd1a1a0878be6d6ef49e74aca554f411333bcf5c692ffdb180 |
/data/data/com.mohammadrezaghaedi.ashpazii/databases/__pushe_base_lib_db-journal
| MD5 | 9cfb0cc6c82eff777cace1f36f3036c0 |
| SHA1 | d141e9997ac8b6062ff8ccf5a5ce6ef56f906ed0 |
| SHA256 | 8313f591cb54ae2c04c49daa6475c6485549f0a99676c741f7c3e2091fd966e7 |
| SHA512 | daffd3c796ca7bc4f36c1ad2c1b6aa1c9c97e9d8474454aef26c35e48580ceefe32d575daec566c1b216efe7e782c5c77b4e5d05d954faf28d82a4b4bd22a1ac |
/data/data/com.mohammadrezaghaedi.ashpazii/databases/evernote_jobs.db-journal
| MD5 | 478c4534b201a92c18949f0cbc3710ea |
| SHA1 | e1014b73564f3f5a5c6379ca07d4312b7537fa6a |
| SHA256 | cd7d9b5bfab0881feebdcd0be94deaf2c7cb9282c82a107f8de1cae58d120fb5 |
| SHA512 | d8ee85f46456740f3323f66371b79e08bcd539a0552c65c8bc4a58903b0331558c04f3a5b9e5fdfbc267686c9abd24044bb26cc5aa42c6a101f57558d693b2dd |
/data/data/com.mohammadrezaghaedi.ashpazii/databases/__pushe_base_lib_db-journal
| MD5 | 0995beb7c856acbf7c604f68bfa7aedf |
| SHA1 | 8586f30815a8e2e1c14320eb12d2018f0327a98e |
| SHA256 | 636ad25dbab7c9f42569ab276ab90faae35a0bd952eed2f8263719f5d3167648 |
| SHA512 | a0c46fc75f505fd07c5cb0ae57938255557e55eed8699f2e9a9bae23d7adda9bbc5fb143cdccd455ebc59da2bb78ba2a178b6b0e985d6e52396a9e3eaab4670c |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-02 02:09
Reported
2024-06-02 02:12
Platform
android-x86-arm-20240514-en
Max time kernel
107s
Max time network
156s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getAllCellInfo | N/A | N/A |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Reads information about phone network operator.
Schedules tasks to execute at a specified time
| Description | Indicator | Process | Target |
| Framework service call | android.app.job.IJobScheduler.schedule | N/A | N/A |
Processes
com.mohammadrezaghaedi.ashpazii
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.200.42:443 | tcp | |
| GB | 142.250.178.10:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.200.42:443 | tcp | |
| GB | 142.250.200.42:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| BE | 142.251.5.188:5228 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 172.217.169.66:443 | tcp | |
| GB | 142.250.179.238:443 | tcp |
Files
/data/data/com.mohammadrezaghaedi.ashpazii/databases/__pushe_base_lib_db-journal
| MD5 | 112b314e2661d6d5f3d912ba2958e4dd |
| SHA1 | ef7b6eaaa1190f52baff817a5e45fd3b83110bf4 |
| SHA256 | 7d2036d1017c90542d63de1bc42334a2a2e7fd009d6a4dc0d37896f6babb979e |
| SHA512 | 7e4c74d2924321ec3550e831085768ff46954fc7161f810822043a88e28ecb212b3b8b28d246294bbdc260a0c5fd5c997f79171f45e2effbc383cd732ba79c62 |
/data/data/com.mohammadrezaghaedi.ashpazii/databases/__pushe_base_lib_db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.mohammadrezaghaedi.ashpazii/databases/__pushe_base_lib_db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.mohammadrezaghaedi.ashpazii/databases/__pushe_base_lib_db-wal
| MD5 | 747c2ba8bc07cc9763d33569010fdfcd |
| SHA1 | 317430d403f0a95f9eeb6327d683a72eb2e2ee44 |
| SHA256 | 57af54617d0fc1a763c4c17fe359d5b1614cebe5198ff558afc054c3e85de2b7 |
| SHA512 | fc56180b1ad06e926b3c065530aff1de8e699b1b2e7808ecf44932030d1a355deafc04cef362661f3c65aa5f3ca76b388f497fea93b361ae231b83b0a6a46893 |
/data/data/com.mohammadrezaghaedi.ashpazii/databases/evernote_jobs.db-journal
| MD5 | 36ad486d0e522ce9181fdb6bf38e98d2 |
| SHA1 | 88a35e28db89ffce071ebb2f9c1021b0586392dc |
| SHA256 | b143e55c369a7f66a1fcf681e0d868bcd968415654de58edc7158fec8172d083 |
| SHA512 | b8b711ae63bdfb01fcc7487fdc0cda48f4f46128e0c74c521fe1929e90917d7496d03256553436985118b8d7c63b68dd9cf25255998bc97365ed7c8020a67667 |
/data/data/com.mohammadrezaghaedi.ashpazii/databases/evernote_jobs.db-wal
| MD5 | db642395f646d65adf3b6deb596874ae |
| SHA1 | ebed69821e18d00943a5ab982b1296de30b4251a |
| SHA256 | 12a79eaedeb9bd4eea606c678e7a89ec80a84142c310bcd82fde1159d49c9fe8 |
| SHA512 | 443176cb502cd136ab0cba0748ed35d4c05c42f0b5a6b8f62e2d64dc79471c868d52a8697210e3f3f9152d4d172e1d86aeaf96f70b0abcfb509d9a0f48d07798 |
/data/data/com.mohammadrezaghaedi.ashpazii/no_backup/com.google.InstanceId.properties
| MD5 | 055b54a548a4f57c4b7b3f7755652fc0 |
| SHA1 | f0ff3681baad3f7c490964d9708b6fcd67273581 |
| SHA256 | 51ba316e5f7044da8b88e4b1f1b10013f286690703f2b2ee9935478d895c1435 |
| SHA512 | fb09c5fb3185e7f02045f72f354ee7fc2a3125a48d97226d45688b45a985c937410f13bdff3cd9207650c6a79cd3052a7de137c06ef841043f76c47b276f434c |