050b74a478b84a001b13b077d41e8c47aec8e9ba8c831916bd0bfae831841c28

Analysis

max time kernel
47s
max time network
176s
platform
android_x64
resource
android-x64-20240611.1-en
resource tags

androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
submitted
17-06-2024 10:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b83df944ee90b006bd565c1d2c24a48c_JaffaCakes118.apk
Size

12.5MB
MD5

b83df944ee90b006bd565c1d2c24a48c
SHA1

3f398ef018eb9454b1bf06384bb5b55445ec0757
SHA256

050b74a478b84a001b13b077d41e8c47aec8e9ba8c831916bd0bfae831841c28
SHA512

5ae165525b24176938d52a6a200428eb7212fcebd4a403c35087113b8648b4834f163e9cd8378c6e453d5289a0c940b45127f7f2e1cf42ca1accdcaa2b2fa33b
SSDEEP

393216:KKEUROkNoYde8sgimgtxwiPNI9jicXGjkIGMw9rZs:1MkNoYc8piXxLppuRs

Score

7^/10

banker collection discovery execution persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	ir.roman.softazarbaijan

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	ir.roman.softazarbaijan

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Requests cell location 1 TTPs 1 IoCs

Uses Android APIs to to get current cell information.

collection discovery

Location Tracking

T1430

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	ir.roman.softazarbaijan

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	ir.roman.softazarbaijan

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	ir.roman.softazarbaijan

ir.roman.softazarbaijan
1⤵
- Queries information about the current nearby Wi-Fi networks
- Acquires the wake lock
- Requests cell location
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
PID:5124

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Location Tracking

T1430

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ir.roman.softazarbaijan/cache/picasso-cache/3ed1487a0946d3bdf94ad807b24c5c96.0.tmp

Filesize
221B

MD5
4d54fc484f55474255a2a0988e6970f1

SHA1
0ff32e7397a10c1501fafbd475439fc1502b8f60

SHA256
4f798da53baa03cadee14c3fb3e56784e1f7c00db0231e1682089456a688df04

SHA512
c059358462c343a84c019fec80293ca0b958ddb693c2e5fe1e3d2fe183834fbe97d75ff195e03de08cbb09ef341bf887d4288809f2cfe9687bf12edede8aa9c3

Download Submit
/data/data/ir.roman.softazarbaijan/cache/picasso-cache/3ed1487a0946d3bdf94ad807b24c5c96.0.tmp

Filesize
221B

MD5
3352f99adf7719f75f97f68d4f33aecb

SHA1
90b9030e66edb2d2dcac6d6196def2f4ca8514b8

SHA256
816034b97d306e1b2756826eb371f3b6d55318a20f6a4bfe54c8f36243039a6b

SHA512
552821ba173c2cb6007cce9c39c8c89c75de3d2dac90409fdcf2ad6ba019e22f85e2da2a987c7d397cbccc2da6055150a204200edcf59a00234d45403e8ceda4

Download Submit
/data/data/ir.roman.softazarbaijan/cache/picasso-cache/3ed1487a0946d3bdf94ad807b24c5c96.0.tmp

Filesize
221B

MD5
433a253bea1336d0a08de5baad250115

SHA1
415c9d284605b03b047df4aa316b711a86356c63

SHA256
b07a5db77bae3ad13c30a908dda7af42f117d72b364c713aeb2a05916f7b1a13

SHA512
46ea8f0e641d1fb7d7a2ab29421a12f0ccc34c180506dcaacf526ac3c6eed2321f4f3c7ea27702b08ee56304145351bb0b534add60e7951dab40586bccd6438b

Download Submit
/data/data/ir.roman.softazarbaijan/cache/picasso-cache/3ed1487a0946d3bdf94ad807b24c5c96.0.tmp

Filesize
221B

MD5
879e4e67d68d574146eb9b49814e5ee4

SHA1
3a9e6db05126f495cbb069689905571090b438ca

SHA256
744ffd1208b76503adcaf73d201c05ca57562cd8912b1a2ee93027eaddea5613

SHA512
3eed1a05d73f1c2bb17e0ad51b727abf829fb601a4bd3cfc683f0e5ab70f47423a879ce05b49bc10d4fc40a0f63cdaa3bab3a854ac862e58bc2c4f5671df0409

Download Submit
/data/data/ir.roman.softazarbaijan/cache/picasso-cache/3ed1487a0946d3bdf94ad807b24c5c96.1.tmp

Filesize
232B

MD5
eacfb498196f8e74c4055a05a51b34d0

SHA1
1165c85baf60e9bf6e1f27c1418386865e55427b

SHA256
0bdad58f452577e62e12ec2acf3e467c83a7c0c5f64e1a1b2dbefdb25c8d720a

SHA512
4e8e95dccf45a8c7faa3bc334da05c3312d397ef6065fcc3f526e05da97b1f1b635facc3786e1e9c065c0e0982dc8f86d01e49adfc86712e5fcad2ebdeecd039

Download Submit
/data/data/ir.roman.softazarbaijan/cache/picasso-cache/journal

Filesize
494B

MD5
5a8c5e7b1bcbcde37d6823ad68ab6a8e

SHA1
4405729e211b83241f9d46f6a49a55f8967b85e5

SHA256
b2a2779f6218fd6b184b0439753220812258f5268bc1bb7cfd4bcf258ad41ab1

SHA512
1786397502a1c3652a980bf7d3e807fc2bfdbba6d0efb6e3b65e82840322d9ae6e7eb8b2596e69da291f15ba6e684acb37b966814139d60319681f0153a1d1eb

Download Submit
/data/data/ir.roman.softazarbaijan/cache/picasso-cache/journal.tmp

Filesize
36B

MD5
37e8e716e0e2f4a0b05cd9571d95b84d

SHA1
f8d068f6931707bddb8cd69f706f2224ad1fea3c

SHA256
7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca

SHA512
e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

Download Submit
/data/data/ir.roman.softazarbaijan/databases/__pushe_base_lib_db

Filesize
24KB

MD5
2cf9a8155e4f4b6d10417946712aeeb3

SHA1
e2d2161891c12a5554508fd0bd5415a92331243a

SHA256
9859140fb32e7c4cbf1a7228ce007c8ccbca820571de3f6eaa2d46e554880b55

SHA512
ac9c8ceea40ec58e4edd4613141f8d4ad45775229525b03e683d28d6a5dd6906be5c170f4512199cd034d209e28d30dbe7d9bbd3b631778ec6bc5abd5df8f0a9

Download Submit
/data/data/ir.roman.softazarbaijan/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
9300197fb5d27612903d30980cef7d0c

SHA1
51366f76f3727ffa64e223f1a19e66fec05a228b

SHA256
f08556d7e270113bc995eea10f5066c2ca8716ff5d7cfd9eb11ed7b567c09b62

SHA512
9af8dba2582ba0dfeaebc08174b22b8e0afbe35b24382ae2a5dd3b1c512656daa00bb9be725246f9dcdb84405785a27eefc7e0ca31023ec1bdc6c29a487f7c20

Download Submit
/data/data/ir.roman.softazarbaijan/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
d50c8630d217e6bfedc12317b754e952

SHA1
ff9d855e8c1857765e5f670cf7a7b61c5065dbc3

SHA256
636a0ee1e749c7edb671af2bf4cd34b981a737249b70e14b8979d2b84e9e6fb7

SHA512
61ae6e00d4c42328925b9539aadfe863fe87b3d628e700899142725d43da3583615efda04dea0fe82a7acb180de944d4e49e15c1a71321f403ad2b0c99d78998

Download Submit
/data/data/ir.roman.softazarbaijan/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
7968d490fb650df64d69b9cd486b9131

SHA1
d505e4fc153d72ba1ba8cdcc89d7d9c039326df1

SHA256
5410a403874e730ce3a6f2d852c1275b32702b8ac319521bd88dc42d618a6d56

SHA512
bea7c247d5e3cb7660f8a80cfaf56ffc7f72a8b1f93fee744b17bfdf93860a5508253212f529a48d8d419e1754fdd1db324347b43d602bd2614c310754faa6ad

Download Submit
/data/data/ir.roman.softazarbaijan/databases/__pushe_base_lib_db-journal

Filesize
24KB

MD5
ce763cbb02a5324434a1aa94e9c1fd37

SHA1
c30b7d2967b8fab6693380dd17b28b2bd81cf62f

SHA256
cd921e00b5f1dc26c4661d67def313cbba8d39b6813f2350f3923641b8a83cfc

SHA512
8a0b5eb755410b65654e9f6bf45ce300045cd63ca40a9cf2d84b0ededc0d838c87f155fe9010d705df181f5b9686e6248fe222d22dd13228e7dfa6d528406901

Download Submit
/data/data/ir.roman.softazarbaijan/databases/__pushe_base_lib_db-journal

Filesize
512B

MD5
ba5eea5a3c138f9afe3748edf0cf94a1

SHA1
3be623efa9a2db50c5906f66a890d493673db810

SHA256
fe507dd0926293b70424c695efdd5a1d08f8dca0e9d950f4befeaf2f164efada

SHA512
f3bd074e4ba0665e51236352f2d06e2ce7df9888bb83f0eee3df6e095491f1920d56e02caaf72b0ab63dc2ba8501bf50cd338329c4738d72963a17a3462ec8f5

Download Submit
/data/data/ir.roman.softazarbaijan/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
42d62fc42db1323002cadf70eebe5216

SHA1
7f76e1a6f3969267ebfb6541cda42a19e6539d18

SHA256
01c8977cdbc4e036aa4a8a39aaae0af52f4d460a18595b318133b870a6b20ea5

SHA512
05314522e31ee2a7af0b6fcbbb6642e1b0894f981d1c1aa75eb56d76ff7c3cab479b41494fd4e6c28e8bb8e6c9cb503fc1e3445cb52c59ad580af6f85728fe96

Download Submit
/data/data/ir.roman.softazarbaijan/databases/evernote_jobs.db

Filesize
16KB

MD5
6156e7f2c022095e9d3a918e21c61576

SHA1
704d0b6520924f28657d060854a5247ec59ce744

SHA256
6a74ffdf0bc2d08165aa1d71984acf888e40e0a7b862c4cbf889257e7a927197

SHA512
e9ef3bb71f1bd02cf90d3bcc7b16938417412151a8c4510136c2b62025dcc716f9935dbf720b1ba0a59169e3e37bda99d52c570f34a60b79512cc9891f0bdd17

Download Submit
/data/data/ir.roman.softazarbaijan/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
fb82d5f5dccfa87ee0103abb8479eb1a

SHA1
ba46c44c07acc748440dfd53138521324453c20f

SHA256
19e092ceee595fdb7f45fc9a1d4c0ca76460095687032b6631bf956222995211

SHA512
43e08520eb461bfe9b1ba4cbdc8d4462c81c8ae19e3a4a7561c0ed271330e9c5f937330251a8ac75baf7dd8d1d01bf31b9816e31829754373be671c7bd3c382c

Download Submit
/data/data/ir.roman.softazarbaijan/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
ec97d175c9e223d5dc0fad99ae99e5e8

SHA1
e58432b8fce506333136073c48a80deeb6b79ad2

SHA256
0774b16b2f5858d4129a3813700f8493caf92777584f57073345fa0cd965d977

SHA512
e84f72acd28a338f5048000788300fb9f4dc38f4670530754100b03a8eb6beb613d36737dc7b7e6bb62e520f75d5f59979fa911812c9ca786dbaeb5b4289d1f4

Download Submit
/data/data/ir.roman.softazarbaijan/databases/evernote_jobs.db-journal

Filesize
512B

MD5
70268782a9e2710172a6fd05925e8acc

SHA1
40075b4972bdb51474e88fc4c62d65efb8233d70

SHA256
a32e6f90b70316e8d1446dcd65ec861166a46cce2f827920075ee6cb08ecaa5e

SHA512
90821ee3ccadfc0a0a8918a73ddacb29cb674b17ced710db7dc95e11c82ca81a196914eac531c1747413b102b75176916711bee763e12a56df7d24b67bb6782b

Download Submit
/data/data/ir.roman.softazarbaijan/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
ec7873399a0adf45c56897a1a5b04066

SHA1
71dcbc6a709ef32c31ea38fe0ee73e394caf5d07

SHA256
9cb26142a1da5e8f5409b5301a5f9dd3f2bf26177f60facd489be8c8991a61cf

SHA512
679aef07139f613769d739f33f7355b146b7cc74a80eb6cb462a0038d2a0e73ab308667533c727add2f8244771dbb79fd36904748aa55e544b7ea5709981f565

Download Submit
/data/data/ir.roman.softazarbaijan/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
e38c3fa7790799678a4cbc864a12f94d

SHA1
b7544ff5555f3ca21f4665f6007a5cc059eb1f02

SHA256
5323c37205f9f2f093b86a2440fd4c15afa4d4fc5928fe4c6c08ba95b7b49dd3

SHA512
e563159a86383e764df2ec522d54b5144b1292df6398b16006aafe9c42040c6ff6b608afbeee75db8055b71430cfe47adadf1b8299f809c3f5950483db8d0889

Download Submit
/data/data/ir.roman.softazarbaijan/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
8ddc6602e46c28fc873d6022c046b53d

SHA1
ba41816f76655377e407be02ae4247979bfcfc3c

SHA256
b321ba77d2577abd2073e25a8bd0e206f8e2556561435812b1c868506ce771cb

SHA512
a15c9eb3344394ac3108e500234f82e8042501e9385c392f59eaf6fd3bbf9eeefb340083beefaef4e9769af50edab00387aac2d58852e5b125fa019be87d3d12

Download Submit
/data/data/ir.roman.softazarbaijan/files/banner.db

Filesize
2KB

MD5
f649f71595dc604297ef417c34edcd85

SHA1
ca0fc1700dee356296777e47e44141d871cff12c

SHA256
af98d28ebef44745c24fbb88f1dad8b03a60b07a9c4e76c175954d9ee59d035c

SHA512
24edf5a3006f0693a73ee63136b54c969f5a5449a4c180e5c523b87965e3a15a3cf3d1ef069c713a92dc66b8f18aa85d6a0db89ef49d00ce82e6a36a48de4690

Download Submit
/data/data/ir.roman.softazarbaijan/files/doarezg.db

Filesize
1.6MB

MD5
0788b95978101e661518313e3d53a08a

SHA1
d939b5d60d114edd86708d157545944f98a792b1

SHA256
8a58441465047a328f3e1bd8e1051c1e7988264507121dd9f6328cb735b29509

SHA512
387e6baaa8140fdb3cfcf810b75f05ea3339fc350b7e3233d50dfc6ec0a5a2c4c9761d203b2cd32f0d9b4b17a37181506b494143e63666d5c4ee4df0798559f9

Download Submit
/data/data/ir.roman.softazarbaijan/files/roman.db

Filesize
1.9MB

MD5
c249215298e77aaa98ab3b2196fd9125

SHA1
edd61d32bae06525c71e5f36df2c1efada58ac08

SHA256
2c230e6afed8a3cddaed203fa2666f7b3a57af94a177a2736a0c985062127756

SHA512
b5763d92483ca5cfb9b0e8ffd7608825f9a50fb4e5f921d0f4628706e07295150845e77a54a5cea2df54205e151cc6e2067d2bf42ec9ebe01b78b7ea4636a7e5

Download Submit
/data/data/ir.roman.softazarbaijan/files/roman1.db

Filesize
2.6MB

MD5
c6a498509c94ae37c6749580cd8f6a2a

SHA1
20bf4a6186c03b3fb2cf9bd22cee140a46eb5cd8

SHA256
f7f41da14f2da7af1aeece0214098d5f0bcd18b0cae04c07d2945326541352d0

SHA512
9866a55052725ec25829f1693d40bfa5ee19ecf12b53e4ce2669d699220dda01a9d87d04b188d1144cd9a79dd6450fd217be19b4110f352d504a85d5d92dad1d

Download Submit
/data/data/ir.roman.softazarbaijan/files/roman2.db

Filesize
2.5MB

MD5
f1f47444e47f5cd49c71141bd144da98

SHA1
9b1961a05bee23f69acc5b6ec2e5ed7e31a27ae7

SHA256
8099846cc28d2afe36c9d8f0ff37103227859d7645f8dfd410726b96fc882f66

SHA512
f3314294feee3967de1396c7f2ced53ab85befac697f5ef289eca1076cdd1b29be7b4fdf304bc472f9160af07cd75b948421a331dc98ec8ce1065075587fa033

Download Submit
/data/data/ir.roman.softazarbaijan/files/roman3.db

Filesize
2.7MB

MD5
6dd276367d44d4093e91dcad5b15750b

SHA1
995191c12277b5f50e3d1ce2a055184761efd0e7

SHA256
48e43010c42015aa3fd83fc5ad86115034ebf68f4a6f2b2617d4cc97ff4c9802

SHA512
b9e00c5092b99a261d6ea8a272953c0d81ade35a3772ceb910c257a43679fcb315d82489b344afd66b996010efd4972d858363597a113a97552e4f2a2f3e9eed

Download Submit
/data/data/ir.roman.softazarbaijan/files/unsent_requests

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads