503b25751fb6f59b2848bebb8739e98f8dd9d6b9b4841ecfe62c1ca771d1c2f0

Analysis

max time kernel
47s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240603-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240603-enlocale:en-usos:android-9-x86system
submitted
04-06-2024 10:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

948eeab43bea60c4e20bc245f76ef785_JaffaCakes118.apk
Size

7.0MB
MD5

948eeab43bea60c4e20bc245f76ef785
SHA1

fd675e8cd919e2058d6c3b14aad80941e2fb5e2b
SHA256

503b25751fb6f59b2848bebb8739e98f8dd9d6b9b4841ecfe62c1ca771d1c2f0
SHA512

73a4c4b4739bce6de97a0fc0a97852ae910adfcfd0f0a56a1c52a04ea34d046005a5d7bc081999a78add792a35299b4a1424068a864d38af848ce35b67f1e40c
SSDEEP

196608:AVqjLxqDzak3eFm/KuEOq6vRyRS46f+AVBR:AI0Pak3eFm/KTONgRra+ArR

Score

8^/10

collection discovery evasion execution impact persistence

Malware Config

Signatures

Requests cell location 2 TTPs 2 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	ir.ronak.ghazabasibzamini
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	ir.ronak.ghazabasibzamini

Checks Android system properties for emulator presence. 1 TTPs 1 IoCs

evasion

System Checks

T1633.001

description	ioc	Process
Accessed system property	key: ro.product.model	ir.ronak.ghazabasibzamini

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	ir.ronak.ghazabasibzamini

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/ir.ronak.ghazabasibzamini/cache/1582435991586.jar	4363	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/ir.ronak.ghazabasibzamini/cache/1582435991586.jar --output-vdex-fd=87 --oat-fd=88 --oat-location=/data/user/0/ir.ronak.ghazabasibzamini/cache/oat/x86/1582435991586.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/ir.ronak.ghazabasibzamini/cache/1582435991586.jar	4284	ir.ronak.ghazabasibzamini

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	ir.ronak.ghazabasibzamini

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	ir.ronak.ghazabasibzamini

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	ir.ronak.ghazabasibzamini

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	ir.ronak.ghazabasibzamini

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	ir.ronak.ghazabasibzamini

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	ir.ronak.ghazabasibzamini

ir.ronak.ghazabasibzamini
1⤵
- Requests cell location
- Checks Android system properties for emulator presence.
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4284
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/ir.ronak.ghazabasibzamini/cache/1582435991586.jar --output-vdex-fd=87 --oat-fd=88 --oat-location=/data/user/0/ir.ronak.ghazabasibzamini/cache/oat/x86/1582435991586.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4363

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ir.ronak.ghazabasibzamini/cache/1582435991586.jar

Filesize
9KB

MD5
e8e0527a01aefdb89afd2c508f131da1

SHA1
f1103e6b260c657ceb3d95f1b023af3fda8b133a

SHA256
f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce

SHA512
fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

Download Submit
/data/data/ir.ronak.ghazabasibzamini/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/data/ir.ronak.ghazabasibzamini/databases/__pushe_base_lib_db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/ir.ronak.ghazabasibzamini/databases/__pushe_base_lib_db-journal

Filesize
512B

MD5
2789744caa5d43b0f5123c5a831afc2c

SHA1
66d2422190d38d9fded8c44ab3a83fbc75479e77

SHA256
590817e7ac4a82ae9c64729edcf43c2b47da1f28313a53ab96c0406335f7ab10

SHA512
d6a4df9af05587e608959640855e67d7b68abcc9e9b9cf11bdb3242d97915b05e098dd5f78b07027661c8c3fd6c9c293a1cf2a63e0fc3b2d12017290b4908af3

Download Submit
/data/data/ir.ronak.ghazabasibzamini/databases/__pushe_base_lib_db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/ir.ronak.ghazabasibzamini/databases/__pushe_base_lib_db-wal

Filesize
152KB

MD5
9b3b7b319730867b143b59b657319281

SHA1
e939f7f910fbac34f079b85413c3ac55b371b287

SHA256
5b7bcaac875dfea0a9b5115c6e8f87c894ccbf74d999f765b6f0c2016efcfad3

SHA512
9c41cb3b035fbc7dc579a43b55b4dfe09e29b1b9ac154956b48a27b3a0e3ed004b38f5b15d5048f58f6f4ca0399d0b3479f323369148a372d5ac4d1cc9521c17

Download Submit
/data/data/ir.ronak.ghazabasibzamini/databases/evernote_jobs.db-journal

Filesize
512B

MD5
6184f4918a788d18dc74d4e79bc5cdfc

SHA1
ee31c8221acf64df2992897cb5dcf4daf128d5f3

SHA256
1d282adf7326e26391b7b68ed87bef89424d9ddad0180416dda0cb7ee4bb6a17

SHA512
7e41534f6fbeaca8a6475dbb8947673ea21bdb5d029014b4e6ffac0debc7545141b3c0d2064d3c05b780f6bcb20132837155c33657fad73624104a8c901c48f9

Download Submit
/data/data/ir.ronak.ghazabasibzamini/databases/evernote_jobs.db-wal

Filesize
217KB

MD5
a246648e04eab4635d4a9eed2b43e12e

SHA1
1e8e66cc98af5dd2032b57fd5d0c90e0b9e890f9

SHA256
a33d87f4c3b535bcee0fd5aa648f3ad414ba96cfb17ca25b8ca03f18a907ceae

SHA512
d5c61b9b8cb7d012d99c34c18db862122af6944381626ac04a392c0e7612728448cad939170a6b47e078fc40b4abe2595b5b4f8ce04848fa47c485a58dafe7e4

Download Submit
/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db

Filesize
16KB

MD5
4e76ed01fae681f1dd1adfa8d4bbeb23

SHA1
cc6c9020f5e188f81bbf437a99131aa027b9f5ca

SHA256
e642ee0ccc7ca566d3ab0c5b7a711589dc161d7380589047673ceb0d655a5117

SHA512
a3c64ea54011b3cd1789a490d624d29db97ab92c75c5075fa70e749638974e074b7f9e9cba9f84774d098cce382156e1605fc11705f1b39c2b807be0b7399bd2

Download Submit
/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ac3d3d5d24e7c31eae90ed410494dc47

SHA1
0ba760b00c44b369a39f019fe26df1670914d224

SHA256
a9241c741b0949972fac590f73fbba5578d52ce287ea85358aaa08a385fd943a

SHA512
44d2743b4b8cf2faea02f89aea5575adbb713fb94e5c0b3489dbacceac049d7b29b44dd5f7be8f8a93d4438c40a28c1ac283f2f4b9ecacf4ef8c42c80a7939d9

Download Submit
/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db

Filesize
16KB

MD5
5eaaf3e3965b9046f4f893af27d62b52

SHA1
cf088721d432e089779611a32c71a564f84f8cfb

SHA256
4d8f1a009af0370c2677904813e4a5cece1e48fda33c485da50d90cc72d73139

SHA512
653ea6c9204fe585c116361ce835ac9f0d749feebb7e0bcef841d6b732bbf46a4d80377747d475fd4501647bf07e355479885718228c53303ee974c6a1b6d4c0

Download Submit
/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db

Filesize
16KB

MD5
4b1b2fd7f1f4c95b9f6f6a0de4fe1b94

SHA1
77bd029bde4f6aab5fcc750eff2ead2692fa8a33

SHA256
c828fb806d7b4da5b9d81a97faea9b06cc426e16f7dbc107cf49c0f739a8ceff

SHA512
e64a499eb7d2bbb3abc341ced6bf8e46cc2f178d42a54fbfa8129410aab4cafe974e696520f3b7b16aaaceec72cdcf7c585f7b9fc04e359a0a61bdb3ecc28302

Download Submit
/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ae40eed41112b3a4aeebcd6aade5f5f2

SHA1
7eb0be0aeacc160ed4e8ab173d9b42b204be6de7

SHA256
ef05bab1a95992ea26046167012f1d67767d18e08f60e416f659027fa0b41855

SHA512
9cc6d59cb015beef6527c185ae271a12e487fa055761c525d8ee946d555fe56a631662efb73270f44d65dd02ed95012849a8572297f5c5f7ca040dd362427d2d

Download Submit
/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
38708cc96a10059f5091d94627dd9c39

SHA1
f92da6194997d43b2e379acc72c3ccc6864fde0d

SHA256
58f703f9cb34d07c9ea8a1fa87cd1aaec470a5af6f596645ce0e789d5cd5cfc6

SHA512
359209539bd417389cdeba4280555547616df311b140da599633c9d7b64484b07b130bf2afb6f76a2541726f886af33d3c995aa3b38dbeeff8461831c77b965e

Download Submit
/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
f132d276273cb7bc8408936ec610217a

SHA1
15fe252f4111c0b4dc3ad4d33d07b658d1c4e09e

SHA256
4ec9f86634c439988214398016a8e61b5f078af03f6f3fc157143ebac824f75e

SHA512
1165cd017c1bc2d5f0b7405efc62c9a4d738aa067490ffec10d0a4ba42e262203e781d764c8de6c36cdcd4937dbd6e5d99f739fad145a2c0e2be659cb6a86dcd

Download Submit
/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
d079e0884609f14cc842d923ad038fbe

SHA1
17c486adbec6610a4a14f5e738b6172bbc144619

SHA256
2e83e097ca25cf8c417e9ddc31cb455e87167d9fd0f79d92eb8073342d3aed0b

SHA512
78ce5ce6ac6dbfb1d0941878dec9c387ca8f007c8604cc34f2aae353c18ad446933e943cb24167faf4ec868fcaea707844d84e37cb202e286485c94e87b98b6d

Download Submit
/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
18c2e18fd895d3f847f88c8033df92e9

SHA1
ab6e0ea82ba5f61cd1e4a74a1aa1bfa65149e9d8

SHA256
de6c1ac59fcd437e077c17ffa083230f8f83b1cec1e8f30599e780c28d7b91b1

SHA512
24023f3adc3a8b7a1c97f42b533a13c29c85d9083b754a0d4aaf84030eddb6e2375840e5144781a5d0b850f7695c3a5da94403fb4fac86c45ea5f157dbf83ce8

Download Submit
/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
1fe246d934a9eaba8078314e4d0f297a

SHA1
2a035891f6c677a5dfa8925545a2f1657e7c01a6

SHA256
edffdd51ae3ea64192c414e6348d083fbe14460af2b8241f6cd0da7a5642b28b

SHA512
61740d9cc953b15629359a2f1401f9ffd8c3375463fc95edbcfa854f9e9151ff9389ea8f83fa52c5b2735b9f7937f756db3bbe9933ce9db152705ab067c756f8

Download Submit
/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
c6a743e394e5a598b205330bab11f3fe

SHA1
859b4a27180f8bee40777af7fd76f3f92c271cab

SHA256
f16b03b859735b330002adcbbef02ad991053863f10123b9c4a6da2cf9550d30

SHA512
0355f7b05582e59167f7314629ecfca254e7d6a3b233f124f48c863cacdd7aeb3e91f8f64ce10286ed56ba991b1acd891746cdac5be7f20995f629fee6fcd1a7

Download Submit
/data/data/ir.ronak.ghazabasibzamini/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
2f10bf528f15bd87f00c9dc485b9a671

SHA1
dfa5ca5c46b56150f9b3e4ed2505278796dff33b

SHA256
ef1f3c4c684dd80d3b7785cd172207ec40daf88fbc3c2c2a46be58ae74f8ac31

SHA512
87125f68cc14f9ff177521efbbd5c2a2c37e87131c30e02233c1de9639c8eea6cb44b2ceded3e0b9155ba42ccb9e58e019b1daf5dd392ed016ab7c9d2754899e

Download Submit
/data/data/ir.ronak.ghazabasibzamini/files/info.db

Filesize
11.0MB

MD5
3ee9167ca71f1ac8d3195bbfac42a159

SHA1
dba0c1c007870a1ed7824459f2e4bfa45927934c

SHA256
745c538ad35c680a7a4cfbd4340d5f0944e7c703d48f7dcab13a0077121d5184

SHA512
289ca38f05575c97aa138a2787ed86555c7fb2ba12885297556f85f69157c836d87178e31110b570419bcce2946403645fc06193e97989f63fdfdbdd1bc63a00

Download Submit
/data/data/ir.ronak.ghazabasibzamini/files/info.db

Filesize
1024B

MD5
2424b1e6619ab4de25bf2e34473a0b62

SHA1
0a6a986a6f0606180eeaecc353c89d2c68e69ff2

SHA256
1c3b2bea86ec589583223d6865b1346ee6c9d25d19c94def0e4cc58c95894fc6

SHA512
6fec744e3857641fd97d186f12775d0064700fc1771906e479aa05b3f68caaeafc96069c26c300661f424067341bb29b50e8579ded9430e4c7cdfc4ff40b0555

Download Submit
/data/data/ir.ronak.ghazabasibzamini/files/info.db-journal

Filesize
1KB

MD5
9a3142996bf9049bca7dc7e6f95702c0

SHA1
c2dd1b1cb3d41766e916e4aa8a4cfcaf40b45ca8

SHA256
4d6130f39de1a1fcc45049bfed528249e015d8d29624b8ba30f5196c04badab6

SHA512
14558b82c0ff16a1c703e152f55c47ef6c8ba8f47652313122a1df9c68d042746b09ce0127158338a3eb83fb7296829972bab794b5ee524b64136f0ed0f429ff

Download Submit
/data/data/ir.ronak.ghazabasibzamini/no_backup/com.google.InstanceId.properties

Filesize
2KB

MD5
55e4d88569fff16f2d02e4cff9823393

SHA1
94e99d8c757954051e265aa16944554aceb3c428

SHA256
4f5b540b77a9159143c5681f5514bb8916797175848caaac7c55540cc54e0188

SHA512
30c6e77f30f20a70b7146093568e875e96afef417c654408aeeb0bbb8a523771a622177f2e024b150807a100cb1799de58e7f553625cea7904dfd5936db9ab38

Download Submit
/data/user/0/ir.ronak.ghazabasibzamini/cache/1582435991586.jar

Filesize
20KB

MD5
2048eb6124a452540ee51dae4145aadf

SHA1
d05005b2cd7fe4cd652b0d7fd1bdac2c19d51451

SHA256
105c54b6fe3f25350e92187467761598e4c21d62b1091b77d091f65f3bd98864

SHA512
bb6cb3853dd2a5d0701e20607d4e153ae201268dd2e5e2d06cc2df208b3b4dc50132a4ab428251b1644d2399fcc717662438d082ff14203387bab8794109d44d

Download Submit
/data/user/0/ir.ronak.ghazabasibzamini/cache/1582435991586.jar

Filesize
20KB

MD5
fde2ee00cbd121cfab5290b078aa3ceb

SHA1
e2b77d5320e155e413d040a8c20020962065b2f8

SHA256
2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685

SHA512
a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads