449a67e03e05e2035b33fd253bee3f8bcf9c54c85e2bfde571e7e5d44ae485bb | Triage

Analysis

max time kernel
175s
max time network
183s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
15/06/2024, 23:21

Sharing

Report Analysis Logs

General

Target

b0a418ce4f5439ddcb9c864e5ffd45a4_JaffaCakes118.apk
Size

7.8MB
MD5

b0a418ce4f5439ddcb9c864e5ffd45a4
SHA1

c193efe7fddffc9ec3db481ee179f55723c9c82c
SHA256

449a67e03e05e2035b33fd253bee3f8bcf9c54c85e2bfde571e7e5d44ae485bb
SHA512

39fd4aee81c8fd89b465c5d6d904af11bd1e730c7afef6f781e0fe3e4c5047af03ae98329b4541671f5b49d230d958270bc217b909e529c0aee3157018472500
SSDEEP

98304:ho8sr3DIVnWwCBZUcJbzpWrW4ShYSDUBbo4CFDv/3IOcVx9DUzOpHw0DCq1di466:hmv7prh9DubcqVoyt6q+46rPW

Score

7^/10

discovery impact persistence

Malware Config

Signatures

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

Process Discovery

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	ir.corona.viruss

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	ir.corona.viruss

Queries information about active data network 1 TTPs 1 IoCs

System Network Connections Discovery

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	ir.corona.viruss

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Broadcast Receivers

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	ir.corona.viruss

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Data Encrypted for Impact

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	ir.corona.viruss

ir.corona.viruss
1⤵
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4261

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ir.corona.viruss/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/1152dc98-bdb8-4166-8217-14a05eb1cb23.jobs

Filesize
179B

MD5
ac58f99a1b179d71e8621412ad31c6a1

SHA1
b51fdad95876f5615735c2ab411031ff67d5e946

SHA256
9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb

SHA512
faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

Download Submit
/data/data/ir.corona.viruss/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/96d6eff3-5670-4ded-bacf-31bbe6422a1e.jobs

Filesize
176B

MD5
f56f328eea1d5c96a1b96dbbf59488df

SHA1
440c784cacff61932e2f61580b7cfdc3a4943c95

SHA256
90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918

SHA512
36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

Download Submit
/data/data/ir.corona.viruss/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/cdbbbf7b-2933-4cf5-bc1a-9ace6cfa37b4.jobs

Filesize
278B

MD5
91359af18b6fb01200aaf8ed04bbbea7

SHA1
cd54e539656e879b49f179dccc7b7db6d3dd25d8

SHA256
ba3b64dcebd7f3a6cf7d606e37c51ae7d95388d26acc30b587f0dedc04d584ea

SHA512
85491791ddcffa957a3ec67a222d0d0715394cb192c98b8f33f1f02ce4abb6d139c92815ea96ef6191651c51d3b6666f75a64d447da9a0bf2fd0343fc2aa323d

Download Submit
/data/data/ir.corona.viruss/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/daf411cf-b8b3-4493-adec-4b7b96f50b31.jobs

Filesize
777B

MD5
8d53ecd6177efeb356c4827e55157dce

SHA1
9df1d1d4128ee787f4e3177b90f8569941aab9a2

SHA256
768dc14603a18057430817724d7f7899f87e99270d5bb412d80255df434beda1

SHA512
d60e532b2ee0e5a7824498a3e807f3dd7c0b438b5410b20d8955d53a69ad66659d3b0a4aad79181d0909013f0f8a864cda6a2996de6fe4e8e3295b6cd635fe29

Download Submit
/data/data/ir.corona.viruss/databases/cheshdb

Filesize
24KB

MD5
1f347cea6a53594be878e35079bdabc4

SHA1
ae24631f83d3c875dd678040baafb5e64fc6ba6e

SHA256
46cc2cd48a3621ce276d0927dfaa0e367261e740d6c248c48fa48b25be769fd5

SHA512
6f09f140cda839271dcc15857faa5ec7fed65afabd0ed53164744e0b15c145b4fd0ae3f6ef0ad01cdf4eb612510f7f150ea72781740a9c6d67ed1075e5e026e9

Download Submit
/data/data/ir.corona.viruss/databases/cheshdb

Filesize
20KB

MD5
f665e4f9d7e1a42fa7d305df0b49eec9

SHA1
4545a0739cfe42e827bf5c325a7ea44388ac1465

SHA256
17c2d82d1544255b2218c92efe4ae9e47fa7fcb69dbcb19319742fbac7654038

SHA512
f8065e57f41649c7d5a74a0f0972d080ae4e8b975164f415ea64fff87c9540207cc068292af2f788a4823895e89f2836c519f48c1997f212ebf15fb9aab2635e

Download Submit
/data/data/ir.corona.viruss/databases/cheshdb

Filesize
20KB

MD5
8ade285177b57eadff204f66b93ee1ca

SHA1
6daf7f48346f58d679e446b18f62a2730199be2d

SHA256
df3d779210a4d72d885d64b21efd42673a5e48006b11424ebcb61a2444697b37

SHA512
8f968913e1e66e997d0deb5974eeb273c90f45c2f1ad7b2b1420fd0edafc4b4331a43a49344669b495784f1a3dd746e844540561f8bc9bebe803aeb51b5582b8

Download Submit
/data/data/ir.corona.viruss/databases/cheshdb

Filesize
20KB

MD5
b20fbc10f56165b46d348a09d059ca96

SHA1
0e58df40d208a421f8eeb5f794bf660a0d6c7a8b

SHA256
53978dfed0f2ee8478f17d52045ec19a2c3711361d0de3dc67bc57471374a5af

SHA512
337c793da9cc610986f55ae1e72bc6bb6975074ee9cbc0fd742562867cf0b4f657d85c4562159b67bc6e325b5901ebcb808f20ab6397fdf9e401fabf35fede9d

Download Submit
/data/data/ir.corona.viruss/databases/cheshdb-journal

Filesize
512B

MD5
3a8d871782fc3dc8ab77cad584d18488

SHA1
cc924e80c51a33e4b6214c11b5265ecc12685474

SHA256
dbcfc5a1fd801d8fb53487b91232dbfd02945af191de6918ed4d9877e82e13c1

SHA512
443e56d020f64b143d1af76f90648fd2fd38bd2e5cada04886d207a877cba9f8658261d39d9e9e7874ac81e4b460eeed2d6da6362545656b5938ae8431d93c35

Download Submit
/data/data/ir.corona.viruss/databases/cheshdb-wal

Filesize
40KB

MD5
dca1d91c8ac4aacd94b01f33b319d372

SHA1
5f4ab3319643c536969fb9054824055b3e8e23e9

SHA256
3c6f68bee552f91cf0cf1d050a1da704aa0da84102383aeea9e16ef66fbfe880

SHA512
0aeee8f9411cc016835157f72281a426261181da98763155c8ad412fcf80fa51c2507ee63c21b96f6a1e2c4c036da7c32a308ddd6c9425d7e4d8a2b6b5f56b81

Download Submit
/data/data/ir.corona.viruss/databases/cheshdb-wal

Filesize
8KB

MD5
7c4c3dc6713d1bf41b0402d65cdaccc8

SHA1
ca754c1226d30168b0a13ead149da8a839ded30b

SHA256
ca27584238f54e52ed2973ea07e63db206941dd06779112113993ad8a3aa4343

SHA512
4bec4a038cf3ebca4f6bdee7675e6614fbfd3a537dbe874548826c852d6da116ce13c2d7032f0b146f6ce1ca0028526690fb84ef433aa7ab0cfeb1a09158ac3f

Download Submit
/data/data/ir.corona.viruss/databases/cheshdb-wal

Filesize
8KB

MD5
9015337649b50113139da3ebee4a93d2

SHA1
c5e67619737c4d8eca8cec4fd96d00597e6156f4

SHA256
ff6d73af9de055e43b6d97051ca901b1fae3e7aba445360742edf8a774983925

SHA512
3b4c96e88dffedef149ebe855ac98de36a8d2a431e366b1d86b585abf2487946c88987415756ca2aef4b66fa339c3a7ec9da32030d83f1e5b72371b4eabffb12

Download Submit
/data/data/ir.corona.viruss/databases/cheshdb-wal

Filesize
8KB

MD5
95260a97c58730f2ddb81ed2d65da795

SHA1
f4d1fd6de259c5945481eb04bcaad47181b3615b

SHA256
64b56e3d03ab808513078c6c3012f056a2de7bf1f9e4a7010fcadcd491a9306e

SHA512
85a1b838a4c3363afee8645ff5d1fb4237397666f7be01fcd4c5c34f7b64f516e94609f77795952d87284f453bdd199caff27099c4f719627cf2d6d0f03fee0f

Download Submit
/data/data/ir.corona.viruss/databases/db_default_job_manager

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/ir.corona.viruss/databases/db_default_job_manager-journal

Filesize
512B

MD5
d5119ddd2c34e84eac7993818dc8d7c7

SHA1
31ca513643bd04f38b0337bf3306cc3dd41e04bd

SHA256
e219690b45a426c94e643b9dda662d6a665b2cd469df94a2ad38e23fd4cf0c98

SHA512
5890bffd277770021344aabf40286831f94fc51cf66ccc8873f456b2383572850e1225667d6f7962362dd16d68ff4311d8a06b7f4fc8142288951809433f56a9

Download Submit
/data/data/ir.corona.viruss/databases/db_default_job_manager-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/ir.corona.viruss/databases/db_default_job_manager-wal

Filesize
156KB

MD5
964d0444ebb975e3f18f4763c47f0e4c

SHA1
6de83f8fdc65767b3a0572b17e91403cdb647289

SHA256
a36f47af71c14e4e0970de5de41bf56bb84458e99c91245ea1610174a167822a

SHA512
846010e4fecd37caf6c132598eb2579f43a050569280163a1a25d7c32f8e9b24141ad35daf7df4ecaf453a8b58c9339c5bbb5936a3d233ad60a4e444b26be780

Download Submit
/data/data/ir.corona.viruss/databases/google_app_measurement_local.db

Filesize
16KB

MD5
abcc25c662c32eeaaacf979460ab5578

SHA1
7f58a09afe3c6d0fb16a3d0e0a88458f238b810f

SHA256
30ed15432c628cb6e987be262a6093b875f47d73d05cd72d04dddf253e2f104a

SHA512
a7a29ef7f53ffd6fc9979b774ce55c9d7b3d4f77a5bfea07dded27382ea64149d9e8c56b29e0cc8a23fdf15029f29dd8b4037e228f6b438045a22a74e08191d5

Download Submit
/data/data/ir.corona.viruss/databases/google_app_measurement_local.db

Filesize
16KB

MD5
b7bb86f842d1bf9393506d2af8c47e64

SHA1
dfe4a36e1904fe0288cf3b756bd1a280236b05f8

SHA256
93cc3a517cb70a4eeee6293ec2c29277219d01c2e48edc64c7bebd732c75ca47

SHA512
d16ee1787fc945b301a74858c1a63a21b37da7609c97e35dd77e8766eeeda6ab7dac13202f1c189fe9da4b3927c2d1985ab6e8fc13feb8786f260db8ea96031b

Download Submit
/data/data/ir.corona.viruss/databases/google_app_measurement_local.db

Filesize
16KB

MD5
4b9baca3d971d5d5e3d34fb50668bd6f

SHA1
401efc0793fcf182c566167958a7dfc48216774e

SHA256
61880cf630c098b6153f1e4aff45435c9b96896ab2cceca4cf9e659bf9df5186

SHA512
9eee577c46a01c4dd197ea3752bd0e0ef31face7ad58ac4c01a14a34929c5f9d6f853834c059cc44d9ec26ca968046d072e8238a5f0d38f30000458927a53bf9

Download Submit
/data/data/ir.corona.viruss/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7b664782fb50a7db8e043239f398863b

SHA1
a9f6dd09aeae2958f2eeb9c190361bd093877628

SHA256
948857509670cefe069fa77951ae8d08c66c6b87d6ee01fdb67732fc01fef2a9

SHA512
c22c409ee7d0e47348896681630162bce44cc851f504917e893d82f824fed4b8964a9232ffad28add48e9052d997917d127db1931e654ba9e57a562e462fcefb

Download Submit
/data/data/ir.corona.viruss/databases/google_app_measurement_local.db

Filesize
16KB

MD5
461d9010057f51d3f9832841c9c140e3

SHA1
a498dda162ca489bfc44531747b14137826da0de

SHA256
50c864e0b494014e9a1d78a253ca9daa126f2762dd8d78991540ef45207db793

SHA512
321bf12a07777b10b2fd3181ea292124769ba8a1633a65eced09558611a56ce12ffd21cfea58aae0168a8cb5bb7cf954f8ed51c570a9785251a4786865db92a0

Download Submit
/data/data/ir.corona.viruss/databases/google_app_measurement_local.db

Filesize
16KB

MD5
25f221a7c9d78569f3e872c325a6d3f2

SHA1
3ad15eaf1c0f8cce75bd7f2be60b4fac95c5f4cf

SHA256
b134f29f4f0484e2b5b738b3a1e30704c6376259ae9d2bf2f330ddfbb5101445

SHA512
cd91d8520f06f29ef067630d58a92309a43bdc74575abb7a94f13dfb02a0d78897b9db1f0407c977519094634cdcbfedca9f1cac62c606a2a641c121c1a2157d

Download Submit
/data/data/ir.corona.viruss/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
17af8f575a61ab91f5c40b8880c9a923

SHA1
6f3538acd4cd5bfaca618270d459cb84aa8d1483

SHA256
dfe71669547a184fcee88ea5d6bc2ebfe84722135cd99925c4e94ed8f8ec32cf

SHA512
38602ea581d4fe7123362941ed06e954c2e72bc87e46a19644b31a013e130b8b8c5953fe1537e6170d94525a18ee16169f443b2883316b6bfb76136173306947

Download Submit
/data/data/ir.corona.viruss/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
0c6168ffe0e05f0c24396f6acb7087cd

SHA1
c02e0a87abd5ec207b01bb80f3de89cfe92f8a40

SHA256
ca43f23ce6ed2d89d00b264f7d423a195e32d4a3942a96ea9a9c54986d56ab6c

SHA512
5bd5bcd33318f3f6a235e9547c3273a9509440b074200a4f997770c607f919444bbc3ec81fc9df4c12e67dbe9a05c7c53592951625cd1c871252f6551da5e486

Download Submit
/data/data/ir.corona.viruss/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
02621c236fa46b44fe79c0dcc586ecca

SHA1
9e9a70755575c14d57ff7bdf01a839e8fa6b992b

SHA256
04c776fb4f5bed3e1fec6ee3e0eae85b54f583aa2698938c578da6fa39e9bc4e

SHA512
9764e6a7cd168d4afe4b8af119f5fa0b96ad2337ddb87d82a9703773c7df7c1940263e11623801cd7ca5f3dcc01d83be02614601e0dc7af1831ac1c08b76662a

Download Submit
/data/data/ir.corona.viruss/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
260345a55500dad275136c2578de607c

SHA1
88c04cc08925a599d6b5ed606af4a9be74cbf127

SHA256
1ac9d8ff7a768731eb094618ad45b991b5e6fbea3b4553c926a904aca354c4e4

SHA512
772d0136d43d34a427ddc40133bbaf72cc64369b80320a604bc6ec96ebefef8cd7642c38add9322ac8da2ee5e5c1907b765bab8d75932cd4599de84b00e37a54

Download Submit
/data/data/ir.corona.viruss/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
f871aa53f786e1176bec65139a598f7b

SHA1
6d33130ff7c031e23cec4ae5e3fc0ff9426579b3

SHA256
0b03c0cffcf39fb401abf8f30024b6653b2275966f9e07d7663d3913ca4ee453

SHA512
04ec54109c0158ad458be93df0a9fb1ff0cce6918bf8d79a26c2e17d7a0c71408568670f6712f8cfff0a412955eb3b9b475b22cc88a612042794aa8fe314d7c0

Download Submit
/data/data/ir.corona.viruss/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
9c5ecf3f07f778eed71491364c8b1501

SHA1
6d85c1732b5ea168c6dc3474557e9d4f01cd3c35

SHA256
a8503453ad7019c1a3bb5758b2871a87ea9db1af2f4b7e6f1100990f65e8e044

SHA512
56cd615c8151880822fb23bfecd07aba871c57ae72db60a42f5ba196661cbfd717a9ea2a8c5f7e8d4d52888fafd95a44dfd53a7c759cc1b4a045c9c93f4395fd

Download Submit
/data/data/ir.corona.viruss/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
7a0a34e53cf0408fb4a2056f3e407609

SHA1
a4b6179f986fca103f407351ea273f0e5cc4425c

SHA256
b353c69bdde01cbc817b6ecadbd54c88d9c43a2db600967e9d533cfb1a5b574d

SHA512
734a06554775e6ec407599a3634678b32dd56a27ec7011d0a112b365837dfc25bfa1b4d66851218eaed3a56545c80ef583d2697e9dcbafa73d350cfed198c44a

Download Submit
/data/data/ir.corona.viruss/no_backup/com.google.InstanceId.properties

Filesize
2KB

MD5
011e2d831b94868c780c05bf1f6f74b7

SHA1
3cd71bc38061ea42c49bd87d66db0c490a75c52f

SHA256
5d341576178ac64ba09c11bbe525e6938a99c1e1a0927c116786e2a9e1689455

SHA512
534bb7d5ea8268d22c8705c01b41f92b3893c555f955a92262ffe7de0774266a8662a26945cd0d0c5fe684876f51667f8fd82b4c94565c6b1519414f1980afd6

Download Submit