449a67e03e05e2035b33fd253bee3f8bcf9c54c85e2bfde571e7e5d44ae485bb | Triage

Analysis

max time kernel
33s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240611.1-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
submitted
15-06-2024 23:21

Sharing

Report Analysis Logs

General

Target

b0a418ce4f5439ddcb9c864e5ffd45a4_JaffaCakes118.apk
Size

7.8MB
MD5

b0a418ce4f5439ddcb9c864e5ffd45a4
SHA1

c193efe7fddffc9ec3db481ee179f55723c9c82c
SHA256

449a67e03e05e2035b33fd253bee3f8bcf9c54c85e2bfde571e7e5d44ae485bb
SHA512

39fd4aee81c8fd89b465c5d6d904af11bd1e730c7afef6f781e0fe3e4c5047af03ae98329b4541671f5b49d230d958270bc217b909e529c0aee3157018472500
SSDEEP

98304:ho8sr3DIVnWwCBZUcJbzpWrW4ShYSDUBbo4CFDv/3IOcVx9DUzOpHw0DCq1di466:hmv7prh9DubcqVoyt6q+46rPW

Score

7^/10

discovery impact

Malware Config

Signatures

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

Process Discovery

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	ir.corona.viruss

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	ir.corona.viruss

Queries information about active data network 1 TTPs 1 IoCs

System Network Connections Discovery

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	ir.corona.viruss

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Data Encrypted for Impact

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	ir.corona.viruss

ir.corona.viruss
1⤵
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Uses Crypto APIs (Might try to encrypt user data)
PID:4642

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/ir.corona.viruss/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/5a64801a-a9a3-4f80-a993-4b41b5825ecd.jobs

Filesize
176B

MD5
f56f328eea1d5c96a1b96dbbf59488df

SHA1
440c784cacff61932e2f61580b7cfdc3a4943c95

SHA256
90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918

SHA512
36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

Download Submit
/data/user/0/ir.corona.viruss/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/6439bc12-ef84-4f0b-a0eb-d34cbb45885c.jobs

Filesize
278B

MD5
abeab51181739584ebbf3db336d9fc68

SHA1
e71cc977ab1a473aef1c39330dd5397f597f1c34

SHA256
715323e8ffbeab4d9a915f6e2fdb259ac1d849b36ff9abae38357eeb17121bf4

SHA512
c22e1e1391696cd902231626a715f8cd17a63fb7f23f15fe3b518aaf11dfc2673d07e6607fdb00804f4b1db5e01138afe834c5b348e22d35359e90b490aeb687

Download Submit
/data/user/0/ir.corona.viruss/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/9dbe18d4-3738-4891-b8ff-8dc902d66cd9.jobs

Filesize
179B

MD5
ac58f99a1b179d71e8621412ad31c6a1

SHA1
b51fdad95876f5615735c2ab411031ff67d5e946

SHA256
9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb

SHA512
faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

Download Submit
/data/user/0/ir.corona.viruss/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/c4472d70-6a55-41e6-8cca-25d17549fd5b.jobs

Filesize
778B

MD5
5b3cfe11a5389c4791e8335aa7345b2c

SHA1
7bb89dee43406093756c37e39e3d0896dc448b62

SHA256
2328566a33eae8888336832d793f0e19048202a429f3f40a421c25a988a2bf17

SHA512
7fd695697bcf5382fee7ae9d08007441ab167f3c60b47213e24f1c5457a744e6eb13a676f625ab285ac3071ff92bf3d5202a7f49c0a57e76b1fcdc38b30c6b14

Download Submit
/data/user/0/ir.corona.viruss/databases/cheshdb

Filesize
24KB

MD5
0660d3ef5f0245096a9fa0f61d6a8666

SHA1
282222362a5a05e3153b7f6b49ef35c667b19542

SHA256
1091580378b83e0ab3222d05659ab9aef1d2c65d766d5e04735b628d7a760ba2

SHA512
18bbe88051278314b76611bd68156ce60a9c3af3818d39991fa58d28bd9bcb8476eb00ef52ad8ae7d16c1d7ffcd9f2e8a858e2fd806ae59b5d85a8c3a9ca12a7

Download Submit
/data/user/0/ir.corona.viruss/databases/cheshdb

Filesize
20KB

MD5
337bd9d6de6acd4908f32e566724f2af

SHA1
c8cfc19a092620d5560fe96b5b6dc02edd1c28d5

SHA256
fb15a77abe85663e9fb473ab13cd80e994b95fce5529bba3baf989f1a8d64354

SHA512
fe8cc2ccbb27c80d845ca4d9156de4c0e0af7da6e389c40d00cd01b780733a510e15ab2a62b70673046254c7808f12ba369b8e4d34cfbc878946f7e0b0b5b40c

Download Submit
/data/user/0/ir.corona.viruss/databases/cheshdb

Filesize
20KB

MD5
40933193238cc6e7613ceec1043edef6

SHA1
26be1c9b8e625272023c277343b6bba4e25102b2

SHA256
ebbbc7f6bdf55a7c6a4565b7171196c0b0010cd8ff46f6b82c02578d6f513e25

SHA512
9953426f38e7c7cd2b03ef25589263573a97cdec82b1d67d6bdc83331b25db00e3c6d9365ef5262cf0fb9ad8f452a311a9fac572bda96c7d8e05d66b7d3c3e17

Download Submit
/data/user/0/ir.corona.viruss/databases/cheshdb

Filesize
20KB

MD5
9fc3f25e005048fe189f1c1b703637f4

SHA1
41d584d5822a649069328f0c6df2bf3adf25ca38

SHA256
d2ffbb0bfb9e418accc36bc5a81ce4784f51194f14fb67312c52f556dec3db6a

SHA512
40b39db0a3cef93a2d10dcf54c67614a387509af629cb522175888ea9781a708714462357d5c923588b0ebeb86a06789d52a086b7f617cfbf1ca4386402fde50

Download Submit
/data/user/0/ir.corona.viruss/databases/cheshdb-journal

Filesize
512B

MD5
27296cdcb37c9333d67335975df6f30e

SHA1
178d3c8b5336a3e677758f412ea3680d57111ffb

SHA256
f2c8dbfc189c162c58b2b27030c51edd7e90a6ef596ad62f612841a88a84e578

SHA512
6b7eb9843bd60ccc4c2c0b42ca3e2e1f05968ed9e44c1cbce77bb2f989b2b4c77ada7b7badd36a3c592e1b4710a35b194e0a452fe0903339808ddf389826f7f3

Download Submit
/data/user/0/ir.corona.viruss/databases/cheshdb-journal

Filesize
8KB

MD5
1a630c3e5bf49cb778e7f109fec40180

SHA1
e720ab9dfd864f503d89cd5036732dfd612ba5f3

SHA256
b7716954e9c6367d69211baabf40b9e09cf6b56e51dc643d039f7aa7ff37718f

SHA512
82a3859386a06613e4fab27f2eb2625f5d8dfe615d3e46dbd12cc9306f47a8355dd4298e200bca8d49fe1f104cc6d83d1b44df64211db4a80c8220d3c382e883

Download Submit
/data/user/0/ir.corona.viruss/databases/cheshdb-journal

Filesize
8KB

MD5
2d62a67b2e8f4603fe6dbc303c986d6f

SHA1
5d318096c9de77a15d2d41a8b83e4f64a773a0af

SHA256
75ab7a9c930986f06f1763fbb8b0bfe382c368b4420b7a3599a7ba7435dcae3d

SHA512
923d4857c7838c7f4e86a4ce28e7f4b96b26a50f725912fc5e70e83b0e0bf6a824ecfe2969b91f45f79d6fae1e65241f379fc684f17cd4174e40a438746c5936

Download Submit
/data/user/0/ir.corona.viruss/databases/cheshdb-journal

Filesize
8KB

MD5
ff36ee93dc7313ef44e728fce1a9203b

SHA1
29c6477bd65e35defde863adc3c9df60bdc90e26

SHA256
872259ac1b1bb704256b63494c73ed16dd22b0c29fff4c861efc293ee7873b56

SHA512
30cb7707e2075eccab3c152fc241d4e36140e94136b69deb69e94177617ce95d5b228192758c6cae27e3375db85a02139022c1cc677573433e1b2f10164eeee0

Download Submit
/data/user/0/ir.corona.viruss/databases/cheshdb-journal

Filesize
12KB

MD5
d6f80f0d447f6bd6c92552a229ce0032

SHA1
76d16f53f8f88746b139238fdf117a83e2f758fb

SHA256
1504475b7f99af12167d45fdf57f375677d430475db0ea42139185a4a01cc978

SHA512
e5836995e6fd087c22d9cb83b7fd6fa49205574992147fe535d00716af892c2ee587bdcb3c1b5d01d5f4c0affd41b95a8d65d80d1bf26e56381c24ae7de9f262

Download Submit
/data/user/0/ir.corona.viruss/databases/cheshdb-journal

Filesize
12KB

MD5
117c03a2ca1b56a4528ebfa89ec00c88

SHA1
e945dab22cc121789baf5d8ba205b728c1c6d9bd

SHA256
8eaa55fb9b53f59dd86c895c90d062d51b808a66dfcfdb209938bc8b943fbac0

SHA512
c4266a69199de24692235f23e5146c72f693d42465f7c3e3fdf4bafa2b44fe155ff0441b57f3c58da687b5871c2065327682c293fcb62161a44cfe7add78024c

Download Submit
/data/user/0/ir.corona.viruss/databases/db_default_job_manager

Filesize
28KB

MD5
eed4095fc834c7502b9e207c28b95978

SHA1
293bfac10e56e6db4b7dce5c95219d41e011458c

SHA256
914bb884232bbd1e8e41c7725283c1d04b8e9b058b74f35ff3886a1b99433f3c

SHA512
fbe65ed4ff8e9d23fe5830f8088351e8e3ca653d7c8a53c2386565c9a9b49a1d47b567e1fdd34c76fdedd90edbd90a4f1e6159ccfa47422c43bc353afbad9c0e

Download Submit
/data/user/0/ir.corona.viruss/databases/db_default_job_manager-journal

Filesize
20KB

MD5
4fb09da08ce11da2d6a3bf1124915191

SHA1
03700f5461d36f733342e64444d1de274e55f85d

SHA256
581eaf06944c922b72662aae37f0e89199f3fd2350321573617aca25f8d0a370

SHA512
9d757308bf24db94336e8348e52216374f9b638803585d27a58fe073fc1e22acefa0456ee88742b4057a80070e677007cac9edfa4a64dad298024b92a42d11d7

Download Submit
/data/user/0/ir.corona.viruss/databases/db_default_job_manager-journal

Filesize
20KB

MD5
d7b4c5e842da38fa72483665a0938cd3

SHA1
a249fd765cdf323c62133ccf08e33a1e5bab5173

SHA256
943f6140b8bf9414b86b1312498ece446f5c68bc51ac0645d8ad42bfc9a00c23

SHA512
ec728904c851b40ee3b587329741efe78457480bf16c7a4f6f1cfee4f8c31af274743183d3104b81d5764d58bbbed8e47bc9631dea9e88396901dda86cbe8f08

Download Submit
/data/user/0/ir.corona.viruss/databases/db_default_job_manager-journal

Filesize
512B

MD5
5127f62b156ddcff872bd82e0b55fe24

SHA1
825e8a209653ca640fdfe5e38e5ff285a07f5d17

SHA256
359b2b6d1d494ee0437eba3ed5f7c177d9a28c9b051edf6e110eec515e1eaa15

SHA512
d12b54af1f931e60280f3d35fa8da0287f53fb219405488a4f0ef2f7c7a4eba42a764624dde580e6f66c14543b7e52a3d91f717437d825fc64e733e83c0a2db0

Download Submit
/data/user/0/ir.corona.viruss/databases/db_default_job_manager-journal

Filesize
8KB

MD5
6b059f35c2689186bddd42427f9fff3a

SHA1
865f888f0177c8332e72a6f8efba605c2b737cb9

SHA256
d7d64288a1db89272cf22008d3aec177e8c3843486406f71807fef6778586bbc

SHA512
e3322d8489870b28e1993b804bda1282f62c286167e5e70554219d90ab2f3761c6a7b698976875d9b9837e5d62048ce694e457577ed963be8a1a8ea46ff2340d

Download Submit
/data/user/0/ir.corona.viruss/databases/db_default_job_manager-journal

Filesize
8KB

MD5
ea9a3bf1e1c572bdb9c69129edd7b2ab

SHA1
dadea8cccc28c4cc764ecfaea561814c078d6f07

SHA256
fb3253f6aaab1f0c96f6672ef46e5da4b86e5774a0865d7f1a5cdefad807e9f3

SHA512
3e1c695d775530b093840a8541f24678e0861887c7c17584262899a02a25da7b34407e253feddd94944bedd63b4b2266b4f3a1ee190a36f81f2a4668c5ad2c7c

Download Submit
/data/user/0/ir.corona.viruss/databases/db_default_job_manager-journal

Filesize
12KB

MD5
0d2e4d50d9b74d95b91c463c4f76a539

SHA1
640653da2df7ce17df71007bb14e8ccce3671948

SHA256
a04c4f6a61360bc873775f2c655f46d773a1ca617b07fff68544037377656284

SHA512
a8a74affe7fcd999c03bd96648a47b426c8e7e97dcc25ccefc5a67a95efd8f0d5cc96e838723668698af62a117870a24894d11f7dacd9ffd36f1b74b22949d77

Download Submit
/data/user/0/ir.corona.viruss/databases/google_app_measurement_local.db

Filesize
16KB

MD5
34142d87303b43ce691407aad049ba84

SHA1
f870ad5cfeb0aea19208dd4114f2235c7cfdfe6d

SHA256
82871abb8cce3ee1a852402bee5c16a60ae3ad1dd301d8f6e188e119ac3a9780

SHA512
264b43c5536fb528f4b86712b9a4a8c33e687b2dcff1c234ff9e57ec3d4e6673ebbf5f4723c18550febe3bff8bf1ce924de4a3cd3d9b5ef7f64ccaf4b4d0e425

Download Submit
/data/user/0/ir.corona.viruss/databases/google_app_measurement_local.db

Filesize
16KB

MD5
99cbff6d0fe3d83689154dcb6f91d0ac

SHA1
e6dfd6f5e6d67c40ccf925cb0758c21f4179c805

SHA256
988125e8f65af66dea43cf7f8c0af728e23f53d8915f4ebef563a9e59d1ea396

SHA512
c10b2f3fde09cbe02bd1d99a3ced2534c0da84fbb1f6359d6ff22e05360596034f58fb28f52764c3e0523d5cb089e34d740321ebb4f57651299fb875747afa50

Download Submit
/data/user/0/ir.corona.viruss/databases/google_app_measurement_local.db

Filesize
16KB

MD5
bcfb235dbd2118d5669b92e552ff93ac

SHA1
914f5d613cba17df0a68212108c7dbcd5a037508

SHA256
9d774d27a77c4bf7113f0b6c892a068183a81d1f08c140e8736641d4bf627946

SHA512
052699feaf58ea4a32fb70dee4ddaca615cb301b3677303b6e61a4b7f40aea6a4c3832d1a52b04072f0112941f0f6fb3142a7218fba5aca3cda9f8042516f8ca

Download Submit
/data/user/0/ir.corona.viruss/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3de5ae44297c1e34483b95186d71bd82

SHA1
d52db1987461c878588ec6a42d1d47acccab9244

SHA256
712082bc7b2a95ba9c42b37b3ffc01643b0762ff533122f63819b2a635a2c2e3

SHA512
683d4db2e7c37e48e8e7d38a116fadff6ff1d633ace7fea28ef6f86efcc39e361c049574cb06ce9af349466e101405770721b4e294aff411e80bb240f00723f8

Download Submit
/data/user/0/ir.corona.viruss/databases/google_app_measurement_local.db

Filesize
16KB

MD5
02586e339c6af6bcb8e6372c0fb5e4ee

SHA1
f3ce5609627d9c5ca87d23de6c2b32ee121d99fa

SHA256
324e0e9bce6bbbefbc812481658130bc1592381d4da5766c0ff0d442027ea0d2

SHA512
684caedbdfead2f48752480b479dc3c2e0b54ba65405150c7428189fb6c853774da5a11fa78ffb7031161a99d1f2034fb48b8829e3419e5db6b917babc5473bb

Download Submit
/data/user/0/ir.corona.viruss/databases/google_app_measurement_local.db

Filesize
16KB

MD5
aa136292bc15ba73f3c64468bfd75a9c

SHA1
f3f6899a12c8bddb18461cfdfc2bf93a26bc1bb6

SHA256
280fc51e7fe9d2fa7c3da5c191da4551122dad022fffa32c847ab0c402c25cef

SHA512
17965d6d8979166b79aabe67c7087af5561fac32a921ffe1e55189473198614c442372d96d4928d86bb235fd58039c73c8b2f625f7da153c23b44a0d16a023dd

Download Submit
/data/user/0/ir.corona.viruss/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
938852df64fbabd24be222cf4d0e3e06

SHA1
975345b381f14de9d4fbcc807874b2f4e6a8bd50

SHA256
20d7e16ffb08283cf2544a2f7104647feafa517c661a1a582e2d817a0b04bed5

SHA512
2b6b659ace075c471d21b112fd6d161aea7c3f0bde18e1b1578735471c1129c837e93e925ebcd8a035361f28f2c5a95430ddf977fe8f96313c92df024ff16150

Download Submit
/data/user/0/ir.corona.viruss/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
2bbdd5306dfd8aec961cfca88ce17b34

SHA1
da7dd00f6c4260c968667d4bfee7f690872d8cf9

SHA256
b64a1fba757cc07b939468276fadb78040e3998b94227723977fa3fe32ac9447

SHA512
4f9281ad4e4615f02743fcacd6005f2c3a179afd437aa42b2da4a440c3c484f180c953f4c02026df8a6eb5337a552a4555906944becad467a918794d7766780f

Download Submit
/data/user/0/ir.corona.viruss/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
4f70bca4dafc79428a9cd2a228f9d7cf

SHA1
456caa8ee334b37d85d9bbc078065a25b1d87800

SHA256
a02b715bf0fc1fcfd8d6183c13c5cd79b939273fab685669d1308ce13912784b

SHA512
e51dec0d19e016ac7946c5be8d528d0e7ebb2fbb4a0a1eab20f36571686cd06fccd2d5b61904d74cac4ecfe57bda339fb254db4f12a7c456954c7c9eef86ea6f

Download Submit
/data/user/0/ir.corona.viruss/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
3785b1760a8d3f12e1b0df5dde1b797f

SHA1
b9de9b01b0a2a57dcc7fe18a09cab3effb546801

SHA256
0b137005061f3505db175357c58a8577b646f0d7b855359b262c86765015b559

SHA512
58ad0ad460f40733acba7c6b08f347da7bd0359d1a432029b2049db1f58f5629e30bf6210dd59338c38fd3ed3f3ac636f818168f235297771e95ef893fd73253

Download Submit
/data/user/0/ir.corona.viruss/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
34e02f51f86a51ce7f26269bc6a180ee

SHA1
399130bda2b4a81a0afe71eb4e0629610196efa6

SHA256
33abaa4f041e9f962fbae3d4449db1c4fc2dff7b264d51b4c74c5602324fab97

SHA512
102fb05fc2899ad8f866ac506e9fcdf7eb9b87068f1b7a3f81ff345331cd2a7c8f586728a2528c93dcb446b0a3860a35ff6b9cf6f4c647d78deb500823fc107c

Download Submit
/data/user/0/ir.corona.viruss/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
91b407b3fa575a9b1fe996fe48584c42

SHA1
75a38f078589cde0508e36014fcc5170c0078bd4

SHA256
235f62f37d274c67d3b5e62411ccc08c1a24ef1e1a16971fcc9785c7c43d51f2

SHA512
97edfac8ff2a654a11d9ebf813a2af5194568b0f2ae873c8c1d394fb292df622e28ee08027edda06bc2d41d43a581cf60a004f62bb9f924e8ac0c242a34b0a9a

Download Submit
/data/user/0/ir.corona.viruss/no_backup/com.google.InstanceId.properties

Filesize
2KB

MD5
4d202942a22149139e4ac245fe99f841

SHA1
c28dacca7cf18a3c9ab7423d4790d998aa609d0f

SHA256
ff276f9899a619ef6c553e375fa5562f2c78fedad23902f1b959be4fc472da63

SHA512
27a7f8b99111ac03b54be037e64c48136f9ec329bef2929b5ecdf8f33c100e2ed5b747b4f3c2216310bbb03860c98db63b6f282a562f840f0520f66b47946135

Download Submit