449a67e03e05e2035b33fd253bee3f8bcf9c54c85e2bfde571e7e5d44ae485bb | Triage

Analysis

max time kernel
34s
max time network
151s
platform
android_x64
resource
android-x64-20240611.1-en
resource tags

androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
submitted
15/06/2024, 23:21

Sharing

Report Analysis Logs

General

Target

b0a418ce4f5439ddcb9c864e5ffd45a4_JaffaCakes118.apk
Size

7.8MB
MD5

b0a418ce4f5439ddcb9c864e5ffd45a4
SHA1

c193efe7fddffc9ec3db481ee179f55723c9c82c
SHA256

449a67e03e05e2035b33fd253bee3f8bcf9c54c85e2bfde571e7e5d44ae485bb
SHA512

39fd4aee81c8fd89b465c5d6d904af11bd1e730c7afef6f781e0fe3e4c5047af03ae98329b4541671f5b49d230d958270bc217b909e529c0aee3157018472500
SSDEEP

98304:ho8sr3DIVnWwCBZUcJbzpWrW4ShYSDUBbo4CFDv/3IOcVx9DUzOpHw0DCq1di466:hmv7prh9DubcqVoyt6q+46rPW

Score

7^/10

discovery impact persistence

Malware Config

Signatures

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

Process Discovery

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	ir.corona.viruss

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	ir.corona.viruss

Queries information about active data network 1 TTPs 1 IoCs

System Network Connections Discovery

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	ir.corona.viruss

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Broadcast Receivers

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	ir.corona.viruss

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Data Encrypted for Impact

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	ir.corona.viruss

ir.corona.viruss
1⤵
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:5155

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ir.corona.viruss/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/216756b7-b71a-4bf7-a592-f055699b1d86.jobs

Filesize
778B

MD5
510aaf38c0e06d400c819caddacda95f

SHA1
a839fa7fec66a2c13113d070ce7972c4494e82ce

SHA256
d4bec4deaa25ea06c6938f13b417135d6627160cf72347ddcd309ef69141c445

SHA512
adc30a676491f187445e0e235bb01e72af475951dfce38295d98da378b36e2d4782a01bd1d1b109e6c3d523f314f7397d3b21e45b900093904479b9f08834f49

Download Submit
/data/data/ir.corona.viruss/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/245bda17-21c2-4796-b33e-c1ac71a35872.jobs

Filesize
278B

MD5
2fe25e9702b55ef369fdd29b556bcac8

SHA1
da032b2a1299466d02345b0cd92ed1cba5d9152c

SHA256
bc94ab388a3240cc0c62ea8bee9e71565dfb91912431820de6149ff6c5384f4e

SHA512
1020c0a86592d5762daa49dd64b24d55f8709d1decfc0c95588451e67aa89f27acb0af77db484350e7a4daa448890d8a7bd719f9874f081a5e9f069b5a60202a

Download Submit
/data/data/ir.corona.viruss/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/40497b76-940d-4d5e-b6e9-5cfbcc82ccfa.jobs

Filesize
176B

MD5
f56f328eea1d5c96a1b96dbbf59488df

SHA1
440c784cacff61932e2f61580b7cfdc3a4943c95

SHA256
90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918

SHA512
36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

Download Submit
/data/data/ir.corona.viruss/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/f245988e-6b80-4409-bfe1-a0eed1ef4441.jobs

Filesize
179B

MD5
ac58f99a1b179d71e8621412ad31c6a1

SHA1
b51fdad95876f5615735c2ab411031ff67d5e946

SHA256
9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb

SHA512
faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

Download Submit
/data/data/ir.corona.viruss/databases/cheshdb

Filesize
24KB

MD5
259a1e4e7ebc4b0d0341ffcf0c3bc2ea

SHA1
9b8da5a0b24833a3e84567d9d8ee0d2f54d7b48c

SHA256
4f4987ac3d84abad3490459fa7a32b7bfadaae5f329e15dcff36e07d34faaeb1

SHA512
dc1296e2b0b18dd83a3782acb700e155ea9a60ef193bfa8c98999e7cc3c5b73a97c20a974cc956ab438aeeba812ec2d2f401fb2e714bb9bb5fb421fa4b7a2313

Download Submit
/data/data/ir.corona.viruss/databases/cheshdb

Filesize
20KB

MD5
c9205574ae1d93626d299d8060c1f8c4

SHA1
fc8bffe3e4cc07af39604232910b9365210dc7c3

SHA256
96d35bec27e5125ded8acd4fd39706e82f878ed884957af6d76a20365c6e4a24

SHA512
3296732b92b89faac04f82c990763cb4581000d7545cf8a7f09cfdcad5828107eb83ce654c83c73365e057706ba4f36e9a15e4a689638163b8cfe2b2282e7bd3

Download Submit
/data/data/ir.corona.viruss/databases/cheshdb

Filesize
20KB

MD5
2aa1b33313ea319a958b7ae3ec785861

SHA1
726993b86945616481e096d0bb63549b3602a9fe

SHA256
c8092296754e86961aa31bbba4f459f5d6dc02b1b67dd0661344d1d18e27abf7

SHA512
cde21febf83637476b3e3a3071c544c986ef17960d473a8e9e49d9ce4e13093c289536759077d9533be1f4ca215eee840386ada337defa7eb67635c66e96e061

Download Submit
/data/data/ir.corona.viruss/databases/cheshdb-journal

Filesize
512B

MD5
3fd049b9089dcca6438050b7e49cf61e

SHA1
eeeacac941d3f952852e4669afdf17f53fe76bb1

SHA256
8b7e5f79af74d0091bd61ee738c424823fa25e3ee12f39f2b9408e69c136091c

SHA512
7569266d9d0f3572abff56459ee45b0d65e6d62cb63de4f9a5d787c0e1dbf1bc8db47d2d3750bb41fb6fe74f68f29f7308342ab4e50ff5c7af9d01f561d5fa75

Download Submit
/data/data/ir.corona.viruss/databases/cheshdb-journal

Filesize
8KB

MD5
c31e2971dd1b6d1487a85ed8d54ef934

SHA1
6216c8f35d88d7b22b9d9ff0ff3ebbb1ecd48495

SHA256
65e232f13b14e7ee114e72155f3deefacdef2b06a1b68c59732a8b272907eb76

SHA512
fe891e73d7fd1ada429b77138608d69373f626c5c730beee58a57f4f1b48419551cb753c79ac864867c5c44a9009d19cb4b52eeddc2690b264a3df1df77d4626

Download Submit
/data/data/ir.corona.viruss/databases/cheshdb-journal

Filesize
8KB

MD5
0c474419961259a66e5efb4b884f2cbc

SHA1
37335441609e657d6e52b319e7117e606d47d920

SHA256
966bf53ddfa443295239a0c0076465f07b8e7fd598f92005910ce6550df3bf16

SHA512
c4293076b01ee03554fd5ee15a92ff18fc381a24843fa4629b4156cf20d46912844eff0369f753aa393a6278550fba6f0c2118f2d7382ebf3635a27e04fc31b7

Download Submit
/data/data/ir.corona.viruss/databases/cheshdb-journal

Filesize
8KB

MD5
e12ee71cf4eae281511e329b8b53b32d

SHA1
54906b30e350a22a4efdf2ce091ec07c65015ce0

SHA256
39139f2c98f39fa05bee6b8e9304a3aa9382d6f770de7984a6812994bdba0207

SHA512
3c37230db10f874976d9974bb8eee7839358c8e68ed29cbc472a8e0d0da807f0f3a4ba43af66b5ee6181d4800262d99dc24c8af32dd43118c82831eb87c88627

Download Submit
/data/data/ir.corona.viruss/databases/cheshdb-journal

Filesize
12KB

MD5
45c345d74409f712ea9e781aea287e9a

SHA1
bc4828217dabdae8a1e0531cc4b372eaf91ec313

SHA256
bebcd489e9310377e9fe5518b306784138bbe94281b3bb656eac3441e1b5da8d

SHA512
bb6d58aae804c4cbcafe3f62f46662f15149a4d5a90aaba5b96d1bd4adc27ff118a489c3a16b6333eef3ef5e415dd6f01250e3c9f70eac6d008c21d2ce7d26af

Download Submit
/data/data/ir.corona.viruss/databases/cheshdb-journal

Filesize
12KB

MD5
07b8cdab7fc7f2255109dbf9b7e647b0

SHA1
139bf5f2761d9e270b2e23c4537c9356bd255236

SHA256
fac80543edc390a8ab6a333f4422ed6cb93764a67011b35a6d455849989fa4aa

SHA512
753cdef13463caedffd6cb44766ae3ff792d8712e5189997e401e8623153bca7c0ff61a0b6b4a156767e9ca096b0b29e18db986b523e0c41ab67c7cd3d486629

Download Submit
/data/data/ir.corona.viruss/databases/db_default_job_manager

Filesize
28KB

MD5
3369e93d584904099f7ce3015597f425

SHA1
86f887e783527186b18242591738f212deb53d00

SHA256
6dcec7146d3b80d2970f670b2644ba23b2aa25d9e496d7bed91401b7e7438bd2

SHA512
ef3c3b8381a3be842a8650649d2b8cbb5027d5f790727390e636c79b248453e6eac656678bbf514541ccfad9ef8279ee75f7447f2077017477f56df58bece09c

Download Submit
/data/data/ir.corona.viruss/databases/db_default_job_manager-journal

Filesize
20KB

MD5
7548ac3c9409c8e81765c554e3bf097a

SHA1
63f735c8eeeec0bc77bf5b227f3246866068d106

SHA256
e183d1d583aa1a9c0d6ccb7bcbfdf5fab1674130d4398662d1d8e3a169fbd82f

SHA512
a8fe3f054decdc075eaf5b445b41082701127b62a29ade552eddeab35d2cfcab4bb578ec9d222a1dcffa0a37d3557c381273a33a34bc3a36b52317974aef74b6

Download Submit
/data/data/ir.corona.viruss/databases/db_default_job_manager-journal

Filesize
20KB

MD5
4495cbc32f9ab5ca3b52deb7ad84f369

SHA1
b43dcab69088d3b9305bef31b15e60a4c0a8368c

SHA256
0dfa8152d2c729cd7319a4a1c90cbdaf46bdb2452351203a6f078b423798afb3

SHA512
5df7de50bab8db060d324520e7c800294afb6b7f7374317a0a93c822aab0dff9e8b3429590e0e8b8935776eb36163b0bac41498ab862c1923624252541114532

Download Submit
/data/data/ir.corona.viruss/databases/db_default_job_manager-journal

Filesize
512B

MD5
cb568d95f7adff4d8e8435743f1cb77f

SHA1
96df9df54f2a2a9c0b1dc022f5c791c615ff1a92

SHA256
a9f94fbf2bd8ed0b11406eec42818325c05b991f657aa9dde1e30e997ef9d29f

SHA512
ad5ac79eb9815609fba736ff71b66646c4f4ce60f92f4223dc981caa3028316d04ae21bbcd6f7249b9f7febd31fc5da5d79a557d75a852ad99f684a97e046945

Download Submit
/data/data/ir.corona.viruss/databases/db_default_job_manager-journal

Filesize
8KB

MD5
6d96984d12febf6fde7e3bbe49366f83

SHA1
da7218207aeb7e40e1d06c7f2cfe828405925694

SHA256
e823b06756eeed9cfc51b1bf4732f2d7e4d4f9aafa391bf02360c622c6392b96

SHA512
957ae9ac796ddf3d9d788867b59e4792fee80d8367de1962c2155d8a3915116ad74226d00683d5902c3d845380c724fc28d580e9c91ad575ad87d873512efadf

Download Submit
/data/data/ir.corona.viruss/databases/db_default_job_manager-journal

Filesize
8KB

MD5
124d646f8c24fe51eff12ef8f52df2aa

SHA1
fff9cf029ebed8ad2b293bc1a6ac0cc4a62ac210

SHA256
30b6ffaf4ac4fd3f8e1dd03a8a400481d138bf019949f33b5c1ba08b4c21a134

SHA512
3da19f8b21a134605b3eee20aa396554aacb001068c22c2194ac06bdf386b21f2b4c44cc76986e78e27514ab33f40d74cfb1d227ead0c423913c80351595885f

Download Submit
/data/data/ir.corona.viruss/databases/db_default_job_manager-journal

Filesize
12KB

MD5
1f7d2994f8681715b11834fe0157362d

SHA1
b27a02ce6d6b78743ab8bba83c3220d7b35a9848

SHA256
dd7161d3bc37213a723decdcaee341f247b39fed9a2239f25967eb5d92a48e6b

SHA512
fc08aa4f4c2a8fd03ea3680b433fc1278eec04ce9a560b572d887e109cc3049b657717a6dd1e637a4e03c895d741e3a2ccecb963ccefdcfde1a082b9da5a106e

Download Submit
/data/data/ir.corona.viruss/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3035fe8fc3fdd3e2f183b911dc7c2ad8

SHA1
390e122dc0962336a556b02c636e7d17b1fd734e

SHA256
672c923b05359ec59e88f4730a22dcd20d3dd615d1b45513a2b0813619a19824

SHA512
2320fb917adc45ebf26da53b17b288ae57a68202dca746a1f1c2a7ca75dcaaf9e7590b09c57f7ebaec3213603284d9d6e04e54592a3c1fdf1f2b58228bf8f465

Download Submit
/data/data/ir.corona.viruss/databases/google_app_measurement_local.db

Filesize
16KB

MD5
9af32e6e45cad9c22a0beff7e5a3b5a1

SHA1
5a29f2bc3632484e3b47e1c6f08bf5f9de1cc49d

SHA256
b9ec7ef3639b78ce794fd930256c63a5971d6c591a575b72c2565e88b226f0f8

SHA512
eccbc029247794c094a0ee62de06ac5017ef3c8097d132efb40af9487224eababd73ed51be4e681cefa2d9bb8b1041bd51fb26ddaa2f0b15368b1114ce5d1837

Download Submit
/data/data/ir.corona.viruss/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2cf75c2e19722534b535106a341f889f

SHA1
1cb74934efb237e58747dff9b75ad129fd094837

SHA256
d50783e016559013c2c6299c2e1c2719fa085b7a7827704794d22520603d4712

SHA512
b73bf02c52eb8fa491152d46a4d8796281bc25f78154dccb380835f9e0b2f1f734bf550032e904c4c577df0d983676dd26ffd0a94daf5003dcc9e48897ab6cec

Download Submit
/data/data/ir.corona.viruss/databases/google_app_measurement_local.db

Filesize
16KB

MD5
62a48441c971800382680c5af07d8a84

SHA1
ae5ea53c543f7a85bbba8fc16d81803cf720947e

SHA256
054d8384806ea8634bd69b9ab7820a32e8f8545d69b81655de525ac7032c571c

SHA512
470ea9a38e0b5ba416edf6f6aa4b69f43789107a15c0254d0b94831f11c5c084f5f9f3218d6ade9bfea1087a9843287d3f14d2badd041e48c341e54da7bcdcb7

Download Submit
/data/data/ir.corona.viruss/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f8adb5e771c0a12a8d1c6361702afb00

SHA1
803fb0934259eaa6e7cac024550003748c100148

SHA256
9b08a96d83afb1a0af37a8936d20bf8fedbea27bc9ba9348b5956e5ef8b984c0

SHA512
1bf19b2088445ade6ee7d54e1c46c63bee98309d29ebf823b9752e5b97bf963da7ce873e230b5a899180900fec0d2306a3c70a7822d68001c557c20674d31ccc

Download Submit
/data/data/ir.corona.viruss/databases/google_app_measurement_local.db

Filesize
16KB

MD5
022add3e2f0cde4a6c2fff583bed00c2

SHA1
2e6f114ef3ed7cdd9eacbe01797b73482699fda9

SHA256
3248996b7d923110c3a0e609ad14a7f85aa399d0583401cd91b136a2368caece

SHA512
b076b9c84e33b58678b1900411d1e097c40ca5bf4a6121fb3c77c011b2d1b189f275d7169cb707b0b3f6bfac56765cec7bdcc1055618dcc15999a7ba7364f33e

Download Submit
/data/data/ir.corona.viruss/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
d13f7ac17402522039d5ce412d6b17e3

SHA1
3122969397854d34ebf44f815ae43b95cc0016fb

SHA256
217696248ba187821fabe7e60b81e944d431fc3d8dfb7f66d5eb3f5625bca28f

SHA512
50a4bfda62d5cd73f335fca0c05a223efdab492cd70aae36173c5a2189c9dfaadf6bf94c2309f3480e2c40cde645239a796e6fbd611e429758922bf1efc26e7d

Download Submit
/data/data/ir.corona.viruss/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
540769b25f2648fe270e02d9ceb80984

SHA1
08db42e067f5db7812da8b71ac1f12f94dd97b6c

SHA256
b3b6caccd67166a12d7dd5a328488630d3215b74e41b7d0fbe88dfa74a1099b5

SHA512
c38daedf772708177183145212fb12364f54ff0e1dfa6375eb360e29a8533cadf40df0c994b766b5e523e65f967e4d72c084f9efbb886078c71c08d8e89ba181

Download Submit
/data/data/ir.corona.viruss/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
4910b6937efa4ea2436724fa2a20f652

SHA1
30b8124b3f29dc9129331ad40f2911adc6ca8e83

SHA256
6d1ed2dfdf88e53457b90c6ffef23d52349e270af5a34fbab5cf971007bbbe9f

SHA512
a5c16c73002f69273c865e4bf3ec93dc13c392997379bec4f58497d36298d2e9e6d1fe9043871b55e2b84070cc3346ae9e8e3c8f4e1cde672722412fae85e7e0

Download Submit
/data/data/ir.corona.viruss/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
4580f3b8cc18ef1bdcadcd09ea58e1fb

SHA1
e7e9e95cfdc4e73f93e1c40a1402d3eccca49893

SHA256
3cba495254e7de26bcdeaea88d04dee7a32d4afe83f01cf5f5ce3df2d3665bc7

SHA512
8f92dc36031f7611b62008309e06004c92442946a915559829b20cc17268516af7207ae9a6efec25e30022c4e9ba8e04ce812582818499fc2451d0b404ac9d98

Download Submit
/data/data/ir.corona.viruss/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
a6fc078964aa662c7f823d3d6bcd44ac

SHA1
b9ce4fa8493fc5ddcc29adb8e8469dfaa6ff07e4

SHA256
d8da8b9f65eaec3207990700bb598e24e3c65e91d79e1324d17d250ee5d8c4ac

SHA512
23e0da40123664ce7f3d920633801397a4f5fb6b26a85f8c2d896b47df6cd34c062cba94e4ce485a8f936c9153504918cfe9e4e0a2be6de540f6e71f090dca39

Download Submit
/data/data/ir.corona.viruss/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
821a7f7b03568669fe7a7be2e20a631c

SHA1
1ea120004a0a6c0c83772add7299fa968b48c0d5

SHA256
bc0aae25c5ac6c23bae68d36861f01070b27a50d02fd9e9247d0dd430735ce4e

SHA512
a3f94b0c468cf682e74ac5d669de8c8539dfa779e4c26c35ea334c6b3f6c3599727cd614cedca114b4b93d4a205d65bd4e4d190bfb533857dd04e3afccc2c015

Download Submit
/data/data/ir.corona.viruss/no_backup/com.google.InstanceId.properties

Filesize
2KB

MD5
2db44a442f7e2c45cf4c0a4e72ab30fb

SHA1
17d48c3478938a1718f4fecfb59b0752db8f7821

SHA256
347ba75b3dc6c55c129c12286b03857006ac8d746d22fcdc38d514a8678f9196

SHA512
7fd41acfc2b6cad3d063cdb00e77511057fab61a7a1f51f040d197f16f21ac8587e5ee55ad693a705a152b83c8a2cccbdc28cbfdbe1cb54ed0fdfab68b004e11

Download Submit