050b74a478b84a001b13b077d41e8c47aec8e9ba8c831916bd0bfae831841c28

Analysis

max time kernel
43s
max time network
184s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
17-06-2024 10:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b83df944ee90b006bd565c1d2c24a48c_JaffaCakes118.apk
Size

12.5MB
MD5

b83df944ee90b006bd565c1d2c24a48c
SHA1

3f398ef018eb9454b1bf06384bb5b55445ec0757
SHA256

050b74a478b84a001b13b077d41e8c47aec8e9ba8c831916bd0bfae831841c28
SHA512

5ae165525b24176938d52a6a200428eb7212fcebd4a403c35087113b8648b4834f163e9cd8378c6e453d5289a0c940b45127f7f2e1cf42ca1accdcaa2b2fa33b
SSDEEP

393216:KKEUROkNoYde8sgimgtxwiPNI9jicXGjkIGMw9rZs:1MkNoYc8piXxLppuRs

Score

7^/10

banker collection discovery execution persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	ir.roman.softazarbaijan

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	ir.roman.softazarbaijan

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Requests cell location 1 TTPs 1 IoCs

Uses Android APIs to to get current cell information.

collection discovery

Location Tracking

T1430

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	ir.roman.softazarbaijan

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	ir.roman.softazarbaijan

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	ir.roman.softazarbaijan

ir.roman.softazarbaijan
1⤵
- Queries information about the current nearby Wi-Fi networks
- Acquires the wake lock
- Requests cell location
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
PID:4299

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Location Tracking

T1430

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ir.roman.softazarbaijan/cache/picasso-cache/3ed1487a0946d3bdf94ad807b24c5c96.0.tmp

Filesize
221B

MD5
9e0096f69d5811a8efd00d73f2ec836c

SHA1
1e819de06e7b174ba0154c04554e276a19ef6f27

SHA256
83835435d88960c312edecd392f0aa8fafb9aae05033876111a41a8d80df74c7

SHA512
53bfd42620d6900b3c1e59994fc83bfca19a29b4b83d9642279194599b0f89b5051a9e016b88fee2b7926a393534cf4036584111046b8c8153707b9f6bf8aad5

Download Submit
/data/data/ir.roman.softazarbaijan/cache/picasso-cache/3ed1487a0946d3bdf94ad807b24c5c96.0.tmp

Filesize
221B

MD5
1cce3b14c9341291333bb76cfcf0b8c9

SHA1
5c75ee42e7c94dd92f8559c143dfd79a4960ba9f

SHA256
b5e53cddcc860ea8155a3ddf455f0d820bf73d8902e96913050fa622a8e27ad1

SHA512
1175f1b94d731078711854cde6b91e92c200d21d1d8aca2eaf2036625a8106025b8e405750a9ea303b2fe6c85ecc25a9b36c1a4be4bd0d090bbab2fa8842de03

Download Submit
/data/data/ir.roman.softazarbaijan/cache/picasso-cache/3ed1487a0946d3bdf94ad807b24c5c96.0.tmp

Filesize
221B

MD5
87ad4f6a0d0ebf5766afd016b41c48d6

SHA1
461a868af0de9c5056af596d6df5ff4a15b387e7

SHA256
810aa7bbd1100465a0cb2f5abf4a31728268a15fcc2f9383ea3f173807e5a996

SHA512
c6b9846381d2bce89803b8246d465733e9392874629bccf2f7930e23e9ab7c507f21ce393b5e4bacf68a94096d8ce092766e6516f46f34534c9520ef068f9b64

Download Submit
/data/data/ir.roman.softazarbaijan/cache/picasso-cache/3ed1487a0946d3bdf94ad807b24c5c96.0.tmp

Filesize
221B

MD5
b9a5d6677568432e4d91ff3851a6945a

SHA1
d2d7f592333d260db2ee88c78318d17b6e431668

SHA256
04c60264c8aaafdb76f9e3d17e6eab54df938c7d8755892a95cf03c2c351d0d5

SHA512
a5c041ef634e8e93ed4877ac59812e6b46abf55e5d485b324cdcdd01b7e3b66dfd65d918de672b9636bf634d4eea8e03b7a9c3994d7c5c922efd5ad8d68d2e6b

Download Submit
/data/data/ir.roman.softazarbaijan/cache/picasso-cache/3ed1487a0946d3bdf94ad807b24c5c96.1.tmp

Filesize
232B

MD5
cc4fcd9a6faea70292a65be057cb833f

SHA1
f874ece1c8c563490fe52e31111eb1f8a3917a65

SHA256
1b254fa832a6cfd93b74fa38ddda79750fc0c6d4333309e9adcb301d25d06fa0

SHA512
34c1483c34f38f60785b9d75e88b922401b449773247b3af00acb2e0773960bc10b88f83dd31e287f7dc8b77d12a9deac46caa140857aeb4bf541be910277edb

Download Submit
/data/data/ir.roman.softazarbaijan/cache/picasso-cache/3ed1487a0946d3bdf94ad807b24c5c96.1.tmp

Filesize
232B

MD5
1796de33e9fbc6d75b6eec238849383d

SHA1
950ec92c036f8c09a1eaf32fa74c915acc9c6acb

SHA256
2d4addc5f8b3f74af0d1f48934672942189b7e6b8705d379bb51167624131ae7

SHA512
2727394dcca967c0c99d113c233b0f441851465f37d25766d2da073a5d18b99fb599945ab22c06587e1fff6896af9ee0c6f59bff60c11b03133371e94774baf5

Download Submit
/data/data/ir.roman.softazarbaijan/cache/picasso-cache/journal

Filesize
494B

MD5
627031eab76b522e7b43579be65ee891

SHA1
2c9cebea90823216b55ae347f59c72c02b67bdc7

SHA256
65cbd1407e1898a30fb7b498a9548b1a885236d047739fe0cfd2e302be6decb0

SHA512
182073324299a5a06527d81e75e0ed876d2407ed5fde53677955664f7114c7b46cb69048b93fadf9e40e97a701ece4c8932cd50b33bc8894b01cbf5db51ea938

Download Submit
/data/data/ir.roman.softazarbaijan/cache/picasso-cache/journal.tmp

Filesize
36B

MD5
37e8e716e0e2f4a0b05cd9571d95b84d

SHA1
f8d068f6931707bddb8cd69f706f2224ad1fea3c

SHA256
7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca

SHA512
e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

Download Submit
/data/data/ir.roman.softazarbaijan/databases/__pushe_base_lib_db-journal

Filesize
512B

MD5
8a40f7a8a6f8a58d6418a3ed668c6edb

SHA1
7fc8da5d46e2f79339aad2b7361c07a3a0203059

SHA256
4e094d47729e645c20a526be6e36747a42fa78c8284effdcb279b35eb3d91975

SHA512
902791df92282c7bc2ed29403f9516531519cb2c6bdc2a41b8d18628193f0bb638685c0700e0e44a2427096599e72592354def98867c3b52ea9980a5d276dc73

Download Submit
/data/data/ir.roman.softazarbaijan/databases/__pushe_base_lib_db-wal

Filesize
164KB

MD5
00a20bb1c027bd17abec8d3dea66d8b9

SHA1
10f63251a4b91133a8db1107a1a82a40542774c2

SHA256
2c56310d3e10b618138ee823844b3156435c486c658e7430bcdedb786d26fbd9

SHA512
5ac4b14a2d40e36a09491341144cd05d42d57ae23d72e33b42d5279550c288096512ae6c84f3db57c50776ac8dda26f8e60d21e568d2fefb7d05d332fe79e683

Download Submit
/data/data/ir.roman.softazarbaijan/databases/evernote_jobs.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/ir.roman.softazarbaijan/databases/evernote_jobs.db-journal

Filesize
512B

MD5
e5b7a6fb7ea3c0554fe00d6a72852252

SHA1
c2579bb11e0cfed7bbcd9745464f1d8ec2accfcc

SHA256
af812b5495f2ca66b024c54b7f3e6abdebcce2272ade7ac9925966a9ca5160a2

SHA512
f69b8edb0b8d95b0f11ea80deb30edf2da1bfec7ccba3382bac61c42a1e59ae76fe09523b15fcb3683d0108b59e9fdfb7ece311f499fa44daece0711156572b7

Download Submit
/data/data/ir.roman.softazarbaijan/databases/evernote_jobs.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/ir.roman.softazarbaijan/databases/evernote_jobs.db-wal

Filesize
104KB

MD5
71f934913a9cecc2327796ae7df478a2

SHA1
3b274bc3b1a3482c27de5af0102339c3bcfbadf2

SHA256
e13fb11c12065506cd1947fece81e87b642ed449d07f31baf6cc9c215f39160f

SHA512
8c7f4c65e5b4f2d9af9174ccad3aa02bb53f54739d18bf6e9e6472f1ce6f0a623623e8fecb49cd48e01b27271fa1fab2c529d4166d42fda905e8a9be085e15dc

Download Submit
/data/data/ir.roman.softazarbaijan/files/banner.db

Filesize
2KB

MD5
f649f71595dc604297ef417c34edcd85

SHA1
ca0fc1700dee356296777e47e44141d871cff12c

SHA256
af98d28ebef44745c24fbb88f1dad8b03a60b07a9c4e76c175954d9ee59d035c

SHA512
24edf5a3006f0693a73ee63136b54c969f5a5449a4c180e5c523b87965e3a15a3cf3d1ef069c713a92dc66b8f18aa85d6a0db89ef49d00ce82e6a36a48de4690

Download Submit
/data/data/ir.roman.softazarbaijan/files/banner.db

Filesize
1024B

MD5
41f34e9f54716c453d069d04dd1b6f9d

SHA1
cbb90887bd0151dbc3e29665f97ebfee6620785d

SHA256
94f662d2cd4f251840c8456348e8efda4ae9a2af5c3891e38db9cea2f92df0bb

SHA512
c454ce6f8d3b81cbfc8689e616502f560b01610480042de8207a0bec5f9d442b92e26d88804b83467deff574e09a9a0fc67e2258fc581461bd6dd3e5ade522fc

Download Submit
/data/data/ir.roman.softazarbaijan/files/banner.db-journal

Filesize
1KB

MD5
94075d236124b71cb3a7eb8e5c502bb1

SHA1
b9557248dc19d7a9c8147b8b01932b657fb4c61b

SHA256
163839dad385dae9627aab45c254ee363d3260005f05160d59e55c4018689510

SHA512
d19480b736464926ba4c4273552506c52f8675ef1461162d262b0e6d98d4f5a0404d2ce40365e9d153f6cf405fa16ac8930041c9840582b854b044d28307097d

Download Submit
/data/data/ir.roman.softazarbaijan/files/doarezg.db

Filesize
1.6MB

MD5
0788b95978101e661518313e3d53a08a

SHA1
d939b5d60d114edd86708d157545944f98a792b1

SHA256
8a58441465047a328f3e1bd8e1051c1e7988264507121dd9f6328cb735b29509

SHA512
387e6baaa8140fdb3cfcf810b75f05ea3339fc350b7e3233d50dfc6ec0a5a2c4c9761d203b2cd32f0d9b4b17a37181506b494143e63666d5c4ee4df0798559f9

Download Submit
/data/data/ir.roman.softazarbaijan/files/roman.db

Filesize
1.9MB

MD5
c249215298e77aaa98ab3b2196fd9125

SHA1
edd61d32bae06525c71e5f36df2c1efada58ac08

SHA256
2c230e6afed8a3cddaed203fa2666f7b3a57af94a177a2736a0c985062127756

SHA512
b5763d92483ca5cfb9b0e8ffd7608825f9a50fb4e5f921d0f4628706e07295150845e77a54a5cea2df54205e151cc6e2067d2bf42ec9ebe01b78b7ea4636a7e5

Download Submit
/data/data/ir.roman.softazarbaijan/files/roman1.db

Filesize
2.6MB

MD5
c6a498509c94ae37c6749580cd8f6a2a

SHA1
20bf4a6186c03b3fb2cf9bd22cee140a46eb5cd8

SHA256
f7f41da14f2da7af1aeece0214098d5f0bcd18b0cae04c07d2945326541352d0

SHA512
9866a55052725ec25829f1693d40bfa5ee19ecf12b53e4ce2669d699220dda01a9d87d04b188d1144cd9a79dd6450fd217be19b4110f352d504a85d5d92dad1d

Download Submit
/data/data/ir.roman.softazarbaijan/files/roman2.db

Filesize
2.5MB

MD5
f1f47444e47f5cd49c71141bd144da98

SHA1
9b1961a05bee23f69acc5b6ec2e5ed7e31a27ae7

SHA256
8099846cc28d2afe36c9d8f0ff37103227859d7645f8dfd410726b96fc882f66

SHA512
f3314294feee3967de1396c7f2ced53ab85befac697f5ef289eca1076cdd1b29be7b4fdf304bc472f9160af07cd75b948421a331dc98ec8ce1065075587fa033

Download Submit
/data/data/ir.roman.softazarbaijan/files/roman3.db

Filesize
2.7MB

MD5
6dd276367d44d4093e91dcad5b15750b

SHA1
995191c12277b5f50e3d1ce2a055184761efd0e7

SHA256
48e43010c42015aa3fd83fc5ad86115034ebf68f4a6f2b2617d4cc97ff4c9802

SHA512
b9e00c5092b99a261d6ea8a272953c0d81ade35a3772ceb910c257a43679fcb315d82489b344afd66b996010efd4972d858363597a113a97552e4f2a2f3e9eed

Download Submit
/data/data/ir.roman.softazarbaijan/files/unsent_requests

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads