Malware Analysis Report

2024-10-19 13:18

Sample ID 240602-clafjafg84
Target 8c8f75b9359c72c749696684532d1d37_JaffaCakes118
SHA256 4273e080126a647a3c235bbfe063a658131ea7846e1d7301d9c97672792f4c42
Tags
collection credential_access discovery evasion execution impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

4273e080126a647a3c235bbfe063a658131ea7846e1d7301d9c97672792f4c42

Threat Level: Likely malicious

The file 8c8f75b9359c72c749696684532d1d37_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

collection credential_access discovery evasion execution impact persistence

Requests cell location

Requests cell location

Checks memory information

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Obtains sensitive information copied to the device clipboard

Queries information about the current nearby Wi-Fi networks

Checks if the internet connection is available

Reads information about phone network operator.

Acquires the wake lock

Schedules tasks to execute at a specified time

Requests dangerous framework permissions

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-02 02:09

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-02 02:09

Reported

2024-06-02 02:12

Platform

android-x64-20240514-en

Max time kernel

48s

Max time network

131s

Command Line

com.mohammadrezaghaedi.ashpazii

Signatures

Requests cell location

collection discovery evasion
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Processes

com.mohammadrezaghaedi.ashpazii

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.212.232:443 ssl.google-analytics.com tcp
GB 142.250.187.206:443 android.apis.google.com tcp
BE 66.102.1.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
GB 172.217.16.238:443 tcp
GB 142.250.179.226:443 tcp
GB 142.250.178.4:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.212.196:443 www.google.com tcp
GB 142.250.200.36:443 www.google.com tcp

Files

/data/data/com.mohammadrezaghaedi.ashpazii/databases/__pushe_base_lib_db-journal

MD5 31219ad7be94c3b6de37537f8def3dd4
SHA1 61b303d510f447eef4aa917e1d29fa41b3185f3c
SHA256 b23fc731a76aaff02f9dbedc0c35030401508f1095c15fb7344b1a0d901abdad
SHA512 827cad78927684b6446eaaacba62e828f39e458864e4edd49ec90c64fcb3cdffa39619105c0334bbc929f9d513571cb2f0cd441ffe67ac9ec47d1f1e66d06bda

/data/data/com.mohammadrezaghaedi.ashpazii/databases/__pushe_base_lib_db

MD5 d449ed98b59b8da010089d65ff7f40a1
SHA1 28dd17291df535bea8e889dd9e7694fa5fc95e5f
SHA256 12b7822091865e5022cdbd13f6b7114fe719e2c69940e13c6e8c98a1d68c45d7
SHA512 d1068c41c1566a7911bb82314b0beff149cb62df3d9474171045713ff7dd8fadb3e435eafc0811a078f2d76d32d171d0fac05ba154b941edb23564e79a3feb92

/data/data/com.mohammadrezaghaedi.ashpazii/databases/__pushe_base_lib_db-journal

MD5 70936dbd4db58f06703a10a208a3cb83
SHA1 ff7336240444b43b52d2e046b069a24d936320b7
SHA256 8d059cdccdadef16d68ce4d3b4b4f7a4fb9489e4af0348cd4fa3a51e65e8e450
SHA512 aa0d5fd41e089bfb72e24638e42a36565800d3a21ba65d9e3667eca2430ba91bd208dcef542cade1f711945a685b72dfc670bd372923bfc8ccfd516d377b8512

/data/data/com.mohammadrezaghaedi.ashpazii/databases/__pushe_base_lib_db-journal

MD5 7bafb42f63649c33307ee3402180d152
SHA1 8a61446ccc357002f2f83ebf55f6938093669e17
SHA256 b13d9f112f119acb1c7530b669d6e1a12ff5c079b17cd6fdac80e589a5b2ddfc
SHA512 e1d1adaf8a5a4a45fd764170203547febec4d95e887e950a2d70b50cd7a1a6dbd0cac1b4270d1ef214ed919b0587e3c0e5f406bae1499360e1971043b805df64

/data/data/com.mohammadrezaghaedi.ashpazii/databases/__pushe_base_lib_db-journal

MD5 9cf99c7681c5a90996e7b9ded7a1851f
SHA1 74a50663f4d683f8d34b50f3d8cd0bcdb9c87ef2
SHA256 d89bec6b87ed679b3204e987657cf59e79532fecf491e8a79e8c86ca4e5d15dc
SHA512 3a5ffe820817efff19ee751f6350986964d4152397e3d45eeb0c021ad942b047ccc49b73e678333badecc53d71700a9fa32fc10b4836f0db6dc4cd7ff0d2dba0

/data/data/com.mohammadrezaghaedi.ashpazii/databases/evernote_jobs.db-journal

MD5 ec6316f729db1e4fc3b1c5539964423a
SHA1 c0d565f3f3859389c31949cb1eff3177a8f691f8
SHA256 066cbd7af43f334fc30bd22849e1e7e74804f484bc9af275bac48533d543d196
SHA512 49d0e4afa27e5552e5091abb96a293a60424af91394c5f0a22ea0025ba30efce61d50b5bc3ddecf7a9b29cf5b19fe07c6beccf9ff4d368a03e1f4c35036faeed

/data/data/com.mohammadrezaghaedi.ashpazii/databases/evernote_jobs.db

MD5 83ba958c640ca575578eaf4863b6d364
SHA1 1feb367ee2e0b453891da2e3a3c69d93c64b56c3
SHA256 9a3cb2fa8851494dcc845e96e8b495a0ba0e792eed9315929f4637c55de39405
SHA512 58856ecd47bf77ac4539f9a5ead5865b0ab6ce26040278f86cd35619efd17cee0dcb863605b6d7e6b5550c8b869611fb6cdaab7b8d347ec3a0ddc9f97e37ff28

/data/data/com.mohammadrezaghaedi.ashpazii/databases/evernote_jobs.db-journal

MD5 126a84f4a334237184290a4878b2f4de
SHA1 58ae927794b0ba4833906cf034b16006335996ad
SHA256 b22f01a60aac6179a8d314a502e5ccacacdc4c59dc37214f3cbaa089ea389d6e
SHA512 f9179813ac18013527e11826d3e68bd01c1794d3bf5faa3b1d56483c0f3c942f1f56b7119e59178958fb2c3dceba88b1d5e303a0a4cbfee269241993b0bd8fe8

/data/data/com.mohammadrezaghaedi.ashpazii/databases/evernote_jobs.db-journal

MD5 926541f9b4638e80abc63504648bfe39
SHA1 58ba1794b27eb62b7f083ad6e88ec70ff26fc12d
SHA256 7f0f3b1368e0eb1900717d691e28b12371f87ce08c95e697588534660910afed
SHA512 9e118f2d25ef4f5412b30cb59d1378e182c69f674d40f4b45d978175f59aeedc7d566e57b54f30d412d8ead53b78132fb3538d0d84ec5fb1c146cf5d6b41779c

/data/data/com.mohammadrezaghaedi.ashpazii/databases/evernote_jobs.db-journal

MD5 30be452d90f6a840b725a564b9676c3d
SHA1 98faffd803f0acbc1b1429ab07a3ef23160389f3
SHA256 22c73edfa9bca878ded65462ac905e2bea5cbc596f47988d3f9685a5b439b1af
SHA512 53fcc267e23c8775becbf44cbb79692ddc169e9c8594313baa76ae13ca796258be6359dd28fbfcd987acd533f4daceb8845721e646c71041fedbf0367c21fd5d

/data/data/com.mohammadrezaghaedi.ashpazii/databases/evernote_jobs.db-journal

MD5 3069c571837fa9e8f923fcf3683bd994
SHA1 831cd9085446e139921e219b52e18fa19bd81492
SHA256 a110f11112c021a2854b41d2de6d1e4dcb1faa8902bbd790c1edda3355f0fd3f
SHA512 cc2baed9070df1a6f6376413ae34a5b6997303b5a36c493c20255690304151216ce22afb673b46ca5475bc097eb4623f54f1b485071c7c402d2483fc61ddb573

/data/data/com.mohammadrezaghaedi.ashpazii/no_backup/com.google.InstanceId.properties

MD5 f4b3b7c9fa90aaf32f495fd07bee65d9
SHA1 5714a8336c9ec3e27f60dae1691bf3718a224b84
SHA256 2e4600b8532ab9710beea1652d581a4d92dd0f4e212bb19b8b0eafe54c19ed92
SHA512 79d829aa4da01ca83459a15e352a5a8bcc248d77203ce13c4eb110a25eecd5b9d2445c9544b76cbd1a1a0878be6d6ef49e74aca554f411333bcf5c692ffdb180

/data/data/com.mohammadrezaghaedi.ashpazii/databases/__pushe_base_lib_db-journal

MD5 9cfb0cc6c82eff777cace1f36f3036c0
SHA1 d141e9997ac8b6062ff8ccf5a5ce6ef56f906ed0
SHA256 8313f591cb54ae2c04c49daa6475c6485549f0a99676c741f7c3e2091fd966e7
SHA512 daffd3c796ca7bc4f36c1ad2c1b6aa1c9c97e9d8474454aef26c35e48580ceefe32d575daec566c1b216efe7e782c5c77b4e5d05d954faf28d82a4b4bd22a1ac

/data/data/com.mohammadrezaghaedi.ashpazii/databases/evernote_jobs.db-journal

MD5 478c4534b201a92c18949f0cbc3710ea
SHA1 e1014b73564f3f5a5c6379ca07d4312b7537fa6a
SHA256 cd7d9b5bfab0881feebdcd0be94deaf2c7cb9282c82a107f8de1cae58d120fb5
SHA512 d8ee85f46456740f3323f66371b79e08bcd539a0552c65c8bc4a58903b0331558c04f3a5b9e5fdfbc267686c9abd24044bb26cc5aa42c6a101f57558d693b2dd

/data/data/com.mohammadrezaghaedi.ashpazii/databases/__pushe_base_lib_db-journal

MD5 0995beb7c856acbf7c604f68bfa7aedf
SHA1 8586f30815a8e2e1c14320eb12d2018f0327a98e
SHA256 636ad25dbab7c9f42569ab276ab90faae35a0bd952eed2f8263719f5d3167648
SHA512 a0c46fc75f505fd07c5cb0ae57938255557e55eed8699f2e9a9bae23d7adda9bbc5fb143cdccd455ebc59da2bb78ba2a178b6b0e985d6e52396a9e3eaab4670c

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-02 02:09

Reported

2024-06-02 02:12

Platform

android-x86-arm-20240514-en

Max time kernel

107s

Max time network

156s

Command Line

com.mohammadrezaghaedi.ashpazii

Signatures

Requests cell location

collection discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo N/A N/A
Framework service call com.android.internal.telephony.ITelephony.getCellLocation N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Queries information about the current nearby Wi-Fi networks

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getScanResults N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Processes

com.mohammadrezaghaedi.ashpazii

Network

Country Destination Domain Proto
GB 142.250.200.42:443 tcp
GB 142.250.178.10:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.200.42:443 tcp
GB 142.250.200.42:443 tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
BE 142.251.5.188:5228 tcp
GB 216.58.201.100:443 tcp
GB 142.250.179.228:443 www.google.com tcp
GB 172.217.169.66:443 tcp
GB 142.250.179.238:443 tcp

Files

/data/data/com.mohammadrezaghaedi.ashpazii/databases/__pushe_base_lib_db-journal

MD5 112b314e2661d6d5f3d912ba2958e4dd
SHA1 ef7b6eaaa1190f52baff817a5e45fd3b83110bf4
SHA256 7d2036d1017c90542d63de1bc42334a2a2e7fd009d6a4dc0d37896f6babb979e
SHA512 7e4c74d2924321ec3550e831085768ff46954fc7161f810822043a88e28ecb212b3b8b28d246294bbdc260a0c5fd5c997f79171f45e2effbc383cd732ba79c62

/data/data/com.mohammadrezaghaedi.ashpazii/databases/__pushe_base_lib_db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.mohammadrezaghaedi.ashpazii/databases/__pushe_base_lib_db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.mohammadrezaghaedi.ashpazii/databases/__pushe_base_lib_db-wal

MD5 747c2ba8bc07cc9763d33569010fdfcd
SHA1 317430d403f0a95f9eeb6327d683a72eb2e2ee44
SHA256 57af54617d0fc1a763c4c17fe359d5b1614cebe5198ff558afc054c3e85de2b7
SHA512 fc56180b1ad06e926b3c065530aff1de8e699b1b2e7808ecf44932030d1a355deafc04cef362661f3c65aa5f3ca76b388f497fea93b361ae231b83b0a6a46893

/data/data/com.mohammadrezaghaedi.ashpazii/databases/evernote_jobs.db-journal

MD5 36ad486d0e522ce9181fdb6bf38e98d2
SHA1 88a35e28db89ffce071ebb2f9c1021b0586392dc
SHA256 b143e55c369a7f66a1fcf681e0d868bcd968415654de58edc7158fec8172d083
SHA512 b8b711ae63bdfb01fcc7487fdc0cda48f4f46128e0c74c521fe1929e90917d7496d03256553436985118b8d7c63b68dd9cf25255998bc97365ed7c8020a67667

/data/data/com.mohammadrezaghaedi.ashpazii/databases/evernote_jobs.db-wal

MD5 db642395f646d65adf3b6deb596874ae
SHA1 ebed69821e18d00943a5ab982b1296de30b4251a
SHA256 12a79eaedeb9bd4eea606c678e7a89ec80a84142c310bcd82fde1159d49c9fe8
SHA512 443176cb502cd136ab0cba0748ed35d4c05c42f0b5a6b8f62e2d64dc79471c868d52a8697210e3f3f9152d4d172e1d86aeaf96f70b0abcfb509d9a0f48d07798

/data/data/com.mohammadrezaghaedi.ashpazii/no_backup/com.google.InstanceId.properties

MD5 055b54a548a4f57c4b7b3f7755652fc0
SHA1 f0ff3681baad3f7c490964d9708b6fcd67273581
SHA256 51ba316e5f7044da8b88e4b1f1b10013f286690703f2b2ee9935478d895c1435
SHA512 fb09c5fb3185e7f02045f72f354ee7fc2a3125a48d97226d45688b45a985c937410f13bdff3cd9207650c6a79cd3052a7de137c06ef841043f76c47b276f434c