050b74a478b84a001b13b077d41e8c47aec8e9ba8c831916bd0bfae831841c28

Analysis

max time kernel
38s
max time network
185s
platform
android_x64
resource
android-x64-arm64-20240611.1-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
submitted
17-06-2024 10:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b83df944ee90b006bd565c1d2c24a48c_JaffaCakes118.apk
Size

12.5MB
MD5

b83df944ee90b006bd565c1d2c24a48c
SHA1

3f398ef018eb9454b1bf06384bb5b55445ec0757
SHA256

050b74a478b84a001b13b077d41e8c47aec8e9ba8c831916bd0bfae831841c28
SHA512

5ae165525b24176938d52a6a200428eb7212fcebd4a403c35087113b8648b4834f163e9cd8378c6e453d5289a0c940b45127f7f2e1cf42ca1accdcaa2b2fa33b
SSDEEP

393216:KKEUROkNoYde8sgimgtxwiPNI9jicXGjkIGMw9rZs:1MkNoYc8piXxLppuRs

Score

7^/10

banker collection discovery execution persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	ir.roman.softazarbaijan

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	ir.roman.softazarbaijan

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Requests cell location 1 TTPs 1 IoCs

Uses Android APIs to to get current cell information.

collection discovery

Location Tracking

T1430

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	ir.roman.softazarbaijan

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	ir.roman.softazarbaijan

ir.roman.softazarbaijan
1⤵
- Queries information about the current nearby Wi-Fi networks
- Acquires the wake lock
- Requests cell location
- Schedules tasks to execute at a specified time
PID:4461

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Location Tracking

T1430

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/ir.roman.softazarbaijan/cache/picasso-cache/3ed1487a0946d3bdf94ad807b24c5c96.0.tmp

Filesize
221B

MD5
3392f9f6bd3ae5817cddaeb03bddbaa3

SHA1
b79cc67c7d72d556d79f9501707f46c65a995842

SHA256
38d0072329c7ff9cd30efca4f7bc36f7b257eb1715456442a02a1a591fc1ba05

SHA512
4a0233eb6b72d2e29a971c7d223d916b9010c38dea02e9b16294ac5ffcee37a8f7fb488b863773a631d9f2f03cfea817e737a41dd7270179d2704bc77c456dc2

Download Submit
/data/user/0/ir.roman.softazarbaijan/cache/picasso-cache/3ed1487a0946d3bdf94ad807b24c5c96.0.tmp

Filesize
221B

MD5
eedda2cad6cb4406b76cecef5f3ca909

SHA1
dd10245875a9678c89263293d7b096c54fd190ad

SHA256
34194591b4373e9314e52b2d3073a2dd9779ff2c7f1202fe25e3507763d23d34

SHA512
3e9a6832b16c2f61ac2a380fc9d50b9d02b3fd0236a706b38bfbdaf8d66f60edae74798d58f0623ff33b3c8f27ad761754865caf2d4e117d0d383ea891b46c8a

Download Submit
/data/user/0/ir.roman.softazarbaijan/cache/picasso-cache/3ed1487a0946d3bdf94ad807b24c5c96.0.tmp

Filesize
221B

MD5
74176f47b946c8873206a693c52e6536

SHA1
d394b1581fdffa49986c5ccad60d3a4cc6807f40

SHA256
60137428a7ac906d67c423e2d6345b471e0e48475519544d1861a1e230812fc6

SHA512
64b71c3c022fc5923e580637cdeb6547dce8d86b68e2ff2e0ba1f629c04820771e6b31429993a540ceaeb11323ffa8bde38880f965fba1020b9641c2c1ba04bd

Download Submit
/data/user/0/ir.roman.softazarbaijan/cache/picasso-cache/3ed1487a0946d3bdf94ad807b24c5c96.0.tmp

Filesize
221B

MD5
9ba6a1da625b741d59f26add17740f08

SHA1
644a34a73d7f2220f6ef056112a1a46514d6c78d

SHA256
7fb8258a21c9842b82fd40dd0c621f516dd79fd2f12bf18e8508692f0c582954

SHA512
efb1477519760e7dd955f16adfef43b76902c55b2ee7563adee4fcebc867802422785776a0c89d63eb46bd799be5dee95eab833ae2bf16f906837b065519d8a4

Download Submit
/data/user/0/ir.roman.softazarbaijan/cache/picasso-cache/3ed1487a0946d3bdf94ad807b24c5c96.1.tmp

Filesize
232B

MD5
7e383e77e5eea584ba167b36ad012343

SHA1
81a6e96f0999dbc18a0d50860521345fdfed1367

SHA256
c9aa7d3f9634276fa46d2ef55b92862ab6653f219e8e54952b40ac3dcbd10a25

SHA512
3166b81f6e3fd9b5f3d7f3c7f43e97932d7d9551b397bd92948a3c135015c192207c4afca9b1d78dbfb3fc8aa3f29322879f1d7ac5d778c345c34be3dada6dc2

Download Submit
/data/user/0/ir.roman.softazarbaijan/cache/picasso-cache/3ed1487a0946d3bdf94ad807b24c5c96.1.tmp

Filesize
232B

MD5
0836a937110c6c406e030ec1aa38582d

SHA1
95c9a40c27fbe99ce3b6cbfbc2c78125f81f64fb

SHA256
3cc31461c7a0a6b559f7e1ab58c64577e3ba5d1ea12057b32c887ba1d644e67c

SHA512
f1886cbdf780067cc710d907aa8a83632b51500efe05d561d0f667e87703bf8d510016f71ab032d157007a864d933915834cf38d8a38f42d3b2a0700d07f1ff2

Download Submit
/data/user/0/ir.roman.softazarbaijan/cache/picasso-cache/journal

Filesize
494B

MD5
20e296be002cec3aeb198b4cb6285a4b

SHA1
1c6dfd9b716352222f57da558d1c8a13a947088d

SHA256
45d4a7d9ac69696ce7d96c7aeff0ba59bb6cb82819b0447a1933e53a6f62b50c

SHA512
6a886f877071de6aa4c4c0b4626f40e3f84550a87a946687cb2abe169b5866752238277e38ae0f2fe002af0032764e39df6206c24bc471166b3f273145089ec7

Download Submit
/data/user/0/ir.roman.softazarbaijan/cache/picasso-cache/journal.tmp

Filesize
36B

MD5
37e8e716e0e2f4a0b05cd9571d95b84d

SHA1
f8d068f6931707bddb8cd69f706f2224ad1fea3c

SHA256
7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca

SHA512
e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

Download Submit
/data/user/0/ir.roman.softazarbaijan/databases/__pushe_base_lib_db

Filesize
24KB

MD5
3dd3347f24eb47610a6b55436d01ebc4

SHA1
5c1d8d89853e9ce6245e6bf4a3a1c3f614cf4723

SHA256
e10c318e5e15b8185e5e5dfc3d10a012fd6a58d9a7ece36d1dacec668affd77d

SHA512
1907c1eaf5bd20220f02b43437d74b312e507f9915e79632f0d10ff29d8eccd1ba1861dffe3f7022fbe9c5a37eb839adeb5a9ab8a7a8a88534c5cf61ed26486e

Download Submit
/data/user/0/ir.roman.softazarbaijan/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
f986d9ee3dbb8087830fee0f7b3d01d8

SHA1
4c7256b3db891f411148b17da55b47c82cfab3e4

SHA256
4ee8aaa883e8eb1c3341a60c69f526ce0de89704c58554761d8230c190cce6a2

SHA512
b11364982a7f0041706c2f35f87600c767a9d2bc0e985f2089c80e00230bd2089417e69e6f96cf678a99510597bae7601c1a0888da2d9590865a591cc3e9e256

Download Submit
/data/user/0/ir.roman.softazarbaijan/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
ede32526d7d6b717f5c394036f081001

SHA1
70f5c4c6e6d3086ec5ae428428a73588ce706342

SHA256
125008740f0398b4505d61b28badfb71566778c0d9155cbb2b485aefa0f907b7

SHA512
d8c86a496e9dc5c6aa84bdee78dbb7e2c4efe029f81dc5611e1d8c4f30359e19b33b11146411c7c8711a240d475092526e216a3544905cee667fcddfa445f2aa

Download Submit
/data/user/0/ir.roman.softazarbaijan/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
2f703c419b37bbf59785b73e8f50723f

SHA1
57057a58682332b92ed03d20562fdd0d564f546f

SHA256
1a67cf246251fd47a24f0556bc13ffadb645a102ec7f044fc8d4ff4bb659daaf

SHA512
5e06b2f169e1763704083651afa4005ed9931cca58af8b9a0c25952ce8bede5a502f4d7cec8cd09dcc74e0a2f508ca2db04b0a17f65d9acef8ff5c398e7eca17

Download Submit
/data/user/0/ir.roman.softazarbaijan/databases/__pushe_base_lib_db-journal

Filesize
24KB

MD5
5c02b75221cb95c79ef8fcf6b13ff3fa

SHA1
e5ffe8c71197587a7e2c135cefb6ac2e9ed2b5ea

SHA256
f6fba0e7e093d32c7980b2fb2b7e5f0582d7283b10b06b6b94be903e06cd5a67

SHA512
2e581401c1e5c6b74533e1a07a2e6f8ee75cf7c6b11f8a07f3b52c164b06834472ee850e1bf10098e0902e1ce756d75c074f09c41f839d19fed27cafabcb02c6

Download Submit
/data/user/0/ir.roman.softazarbaijan/databases/__pushe_base_lib_db-journal

Filesize
512B

MD5
95383261bbc2530a2c02abf35b27ccd8

SHA1
a63c6272d484398716c3a4035d8c463a6e769b66

SHA256
1dc09533d85835363765a32403f3db6a8cdccf194a078f574ff91a1f4216bdc9

SHA512
1c6f6d409cc6b8bc79d3a1a3b3024f031a0d254119c6ac45595d8ee1b4865948dddf8178ee8b36e8cf3fe9e6ce4fab11d3de178c10ad7d8995dccdcb865a0e9b

Download Submit
/data/user/0/ir.roman.softazarbaijan/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
3c96d5c23422ca641899f5be8893f3fd

SHA1
1be0d2ce0c9d06a0ca8727796fbb210464cf4dc0

SHA256
84c232f61c5dec5a1698eb37c67fe1ebc70cd7fd2cf69388f94def9dfa47f199

SHA512
1621a88c788ef58e79d704c4dd52fe732ebcb4cb7b612ad3b3f0a51cb95b56349bda9839d5c78342421e15419437df99366ea7bce335e66bdf713b69714ab9e1

Download Submit
/data/user/0/ir.roman.softazarbaijan/databases/evernote_jobs.db

Filesize
16KB

MD5
c0859cbb151ce134d01b937a4084355d

SHA1
66759043fd32dbe4e6f9da0d70285f60f3dec843

SHA256
9bb47518520bec03746550356baa852c91d63fbef4dda76401f40ff2ffaa88ca

SHA512
2ded931a8125b3fe2cebf8a96d2e8e7a8c1fdd997e74931de6d71558cf93822947d8ac0119495ca2063d21b220c64dd55a399082090475c6ba37481cd2da5a46

Download Submit
/data/user/0/ir.roman.softazarbaijan/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
b27cf7ce49e3b583c7a62077820f5102

SHA1
4174447d8640456efdee042b7f616f54e6d3d9e5

SHA256
1004b622f00873e020997d3ed141fa367c51cc32d919c287fd9b1ef2100e81be

SHA512
21dcca38c98d3b3231a4937ada86ed038afc7563a4e5b7cc47179ef021f1ef9000b08b4564f74cdfd3ce643ad6e23883c8414c3819a970bf383a107de848176d

Download Submit
/data/user/0/ir.roman.softazarbaijan/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
cea3de1512c1c48a276dba24ad47801b

SHA1
3f1496f524b930151125f1be213cff91386bb0e1

SHA256
dff3004e6cc896a7ef7a953250bc27a4a048771b7f12502ec434ddffca911ab6

SHA512
70a1892eb6826f87fc72b54576cb7d4e8f9c2b7aaddbb7e402b37dbd6d458c1f049833bc26d6a3560eadafa14c2bbe294cf4cd5d809355c4dacd7c8dce8c6c01

Download Submit
/data/user/0/ir.roman.softazarbaijan/databases/evernote_jobs.db-journal

Filesize
512B

MD5
dabe386fef3fb9e9fbec043f05479aea

SHA1
afcc3d795b10537684983158d6915f497f1a445a

SHA256
829a4370267c61446b872779791844061dd0f89e60751bd36b37f2ca018d6ea7

SHA512
dbf705d7986fe044f640f3cd75d125588c468dc72a77b4b513e1911ad635be3605243edd303bd609c831c414952b0a105e947f0f2836e65d69940b2cb60a688b

Download Submit
/data/user/0/ir.roman.softazarbaijan/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
48fb50208bd7289232210acb0387be3c

SHA1
6cd5eab08e73d42c3cca4ba5ec18ebe1cb8d5b1c

SHA256
133385721079eea9c65d6be646222a02968a23dc670ce3711ac8728a9059d566

SHA512
5c34355cfdec69edbc83f096e901dcc0a4e98e3af4748bfaec297d6e9dca5ed066b9ca8e7898f1f23f01282600afe4841557bc054beeb4b0e9bb7d25792f8986

Download Submit
/data/user/0/ir.roman.softazarbaijan/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
913e493d222955f13141c5c00a037f5f

SHA1
4d733c41f2ced9a0c370b1ab126ccedfc79eb8a2

SHA256
afb31595e00f02e17dd57268f59db6dfdd2676a07f9931f158c89471d092515b

SHA512
03e20ffb31c003ddac63501b4ff1c5dd3aea66bb5d01b1965f80881c7020f8d62eb801dc599936a78c540b3f17f5d8cba0a37d417f96bc6248d7ff34ed58b3b2

Download Submit
/data/user/0/ir.roman.softazarbaijan/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
7915f70471e32b402ff91c31d8aed9b7

SHA1
7d3b832cd62a22448d1b1ff2633cddce2160a3f8

SHA256
1959e709078ea8a97f8919855f0efc699707af157e6ebb08c1284fa6d44b332b

SHA512
ccd007b8f4e92f46fb14ceecfc19750a5e843ab3746dc083a10255beda54b6aac1f34c487f8647cf587334d559e51d0c06d9c54b6a034f3dab86b1c5ad45b900

Download Submit
/data/user/0/ir.roman.softazarbaijan/files/banner.db

Filesize
2KB

MD5
f649f71595dc604297ef417c34edcd85

SHA1
ca0fc1700dee356296777e47e44141d871cff12c

SHA256
af98d28ebef44745c24fbb88f1dad8b03a60b07a9c4e76c175954d9ee59d035c

SHA512
24edf5a3006f0693a73ee63136b54c969f5a5449a4c180e5c523b87965e3a15a3cf3d1ef069c713a92dc66b8f18aa85d6a0db89ef49d00ce82e6a36a48de4690

Download Submit
/data/user/0/ir.roman.softazarbaijan/files/doarezg.db

Filesize
1.6MB

MD5
0788b95978101e661518313e3d53a08a

SHA1
d939b5d60d114edd86708d157545944f98a792b1

SHA256
8a58441465047a328f3e1bd8e1051c1e7988264507121dd9f6328cb735b29509

SHA512
387e6baaa8140fdb3cfcf810b75f05ea3339fc350b7e3233d50dfc6ec0a5a2c4c9761d203b2cd32f0d9b4b17a37181506b494143e63666d5c4ee4df0798559f9

Download Submit
/data/user/0/ir.roman.softazarbaijan/files/roman.db

Filesize
1.9MB

MD5
c249215298e77aaa98ab3b2196fd9125

SHA1
edd61d32bae06525c71e5f36df2c1efada58ac08

SHA256
2c230e6afed8a3cddaed203fa2666f7b3a57af94a177a2736a0c985062127756

SHA512
b5763d92483ca5cfb9b0e8ffd7608825f9a50fb4e5f921d0f4628706e07295150845e77a54a5cea2df54205e151cc6e2067d2bf42ec9ebe01b78b7ea4636a7e5

Download Submit
/data/user/0/ir.roman.softazarbaijan/files/roman1.db

Filesize
2.6MB

MD5
c6a498509c94ae37c6749580cd8f6a2a

SHA1
20bf4a6186c03b3fb2cf9bd22cee140a46eb5cd8

SHA256
f7f41da14f2da7af1aeece0214098d5f0bcd18b0cae04c07d2945326541352d0

SHA512
9866a55052725ec25829f1693d40bfa5ee19ecf12b53e4ce2669d699220dda01a9d87d04b188d1144cd9a79dd6450fd217be19b4110f352d504a85d5d92dad1d

Download Submit
/data/user/0/ir.roman.softazarbaijan/files/roman2.db

Filesize
2.5MB

MD5
f1f47444e47f5cd49c71141bd144da98

SHA1
9b1961a05bee23f69acc5b6ec2e5ed7e31a27ae7

SHA256
8099846cc28d2afe36c9d8f0ff37103227859d7645f8dfd410726b96fc882f66

SHA512
f3314294feee3967de1396c7f2ced53ab85befac697f5ef289eca1076cdd1b29be7b4fdf304bc472f9160af07cd75b948421a331dc98ec8ce1065075587fa033

Download Submit
/data/user/0/ir.roman.softazarbaijan/files/roman3.db

Filesize
2.7MB

MD5
6dd276367d44d4093e91dcad5b15750b

SHA1
995191c12277b5f50e3d1ce2a055184761efd0e7

SHA256
48e43010c42015aa3fd83fc5ad86115034ebf68f4a6f2b2617d4cc97ff4c9802

SHA512
b9e00c5092b99a261d6ea8a272953c0d81ade35a3772ceb910c257a43679fcb315d82489b344afd66b996010efd4972d858363597a113a97552e4f2a2f3e9eed

Download Submit
/data/user/0/ir.roman.softazarbaijan/files/unsent_requests

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads