25bc19747c8bf50ae06a694e473b3db5d58e9047f9c41e4b54b18e4bb99f0ca3

Analysis

max time kernel
41s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
17-06-2024 17:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b9108eafff97b9d290fe0eea39139ad7_JaffaCakes118.apk
Size

4.7MB
MD5

b9108eafff97b9d290fe0eea39139ad7
SHA1

5f92828b231172973b1cd376d51aebeba8937d17
SHA256

25bc19747c8bf50ae06a694e473b3db5d58e9047f9c41e4b54b18e4bb99f0ca3
SHA512

ff58738b8f15ef3c133f2523e29d8af11c5935adda940516267bb02429bdd4be7c665277c9e583e5607b3af5f7e1300aa4a08194dd27b57b783624e1804c6aa1
SSDEEP

98304:ZSYuHXPLJwak4LReXuVGD7y8YnzTDwr4fimUgSj0hEbCwa:ZfuHXzTteekD7y3nzTe46ZgbhSCf

Score

7^/10

banker collection discovery execution persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	ir.amir.sandevich

Requests cell location 1 TTPs 2 IoCs

Uses Android APIs to to get current cell information.

collection discovery

Location Tracking

T1430

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	ir.amir.sandevich
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	ir.amir.sandevich

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	ir.amir.sandevich

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	ir.amir.sandevich

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	ir.amir.sandevich

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	ir.amir.sandevich

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	ir.amir.sandevich

ir.amir.sandevich
1⤵
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
PID:4270

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Location Tracking

T1430

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ir.amir.sandevich/databases/__pushe_base_lib_db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/ir.amir.sandevich/databases/__pushe_base_lib_db-journal

Filesize
512B

MD5
9261fabbddd293571e828e3390e03fde

SHA1
16badea2aecea40756733a5962caa519386b6d79

SHA256
63a32b4ebf2b63cc172c83d303fbb8232627b624736f6ec714a88a80d8f91811

SHA512
de051244f0095f2e47030be89030b4021db8f2ede7e1a47ee50a36f00c75250bf2df4b527af8e75522e42e18e74376d3088e3b9e53c28299c78ce1bc60cd35e9

Download Submit
/data/data/ir.amir.sandevich/databases/__pushe_base_lib_db-wal

Filesize
164KB

MD5
5d0b46f89d5f89604b4ecad5c4b3d332

SHA1
38bc3d8568fd45d938f2a172f03d0b099539a29b

SHA256
c502717c68bd431a71d154b6ad88fa9441c01992431580e8d9d427f4f886143d

SHA512
72eff2c0e961af1fb1749e84877f5cd095bc5d679e8da077a21b408c88a766efa1a712ee22feaa8f9dfc28668c795d1d1b65496402bde1cabe9f01bec30d0c79

Download Submit
/data/data/ir.amir.sandevich/databases/evernote_jobs.db

Filesize
16KB

MD5
a90b181e610f2de0b63d63263237631c

SHA1
def4a6b12b39196f6a52cc03be1eece781c69baa

SHA256
bb12a0e4f670dc7eb011ac966ecf97fdefd9b674af187d10e45b9f5f6d89fa83

SHA512
0b7ea884565436126f3fdabaf352983f38b39a523050c2cd8d0780fbf0aa656aa02957460408193f5ff106a0cbecd45f1027ff908183cf9a79e8556e12b23c21

Download Submit
/data/data/ir.amir.sandevich/databases/evernote_jobs.db

Filesize
16KB

MD5
978fdf85b8448e3a7c9015e51477eb49

SHA1
793bb88398dc9457935a4416638d5ed3974baf19

SHA256
8f72919eebbe45ed6d33b7b763d7e45d76a880128aee9aa5c29d28ab79689a92

SHA512
852b2d3e2607c96625e9bcd454c702ccec6a0f07aba3410976d6400ecd2d48ccc92d93c8ce7fcc87a622d04357bd6805a996f11d339ca7fc3eab99c0e991fe38

Download Submit
/data/data/ir.amir.sandevich/databases/evernote_jobs.db

Filesize
16KB

MD5
4ff822ef77d832b643e1a818d08f4a84

SHA1
2ed2aa38f1065c2bdbe69882371f98affd21e986

SHA256
9e9b3b326d758d1e227e84f16c51cafc556b37630535dedbc80c820bfd26afe9

SHA512
5d52a07703ee9ae9d02ff85f3df4c77de413f3b035c6228a054e1a8dea61248fcb0db6aa2818636e19eb0b0528239e4e7398295918f3b4fe5870dac9d271c9ab

Download Submit
/data/data/ir.amir.sandevich/databases/evernote_jobs.db

Filesize
16KB

MD5
9ed52d5eb0c896af1e63a93606f99bd9

SHA1
7c07f497a56535ae501bca889f35faf3966aefc2

SHA256
d0f45c29674093710f0f98d9d0c84335caa35e22cdd0c255b84d260a18d2379d

SHA512
01ea6ebace39623f178ed66478a83a02620f2922cb8651ab718fb45f2a8b6b51b2178d1794bf1146221594aa8a640f964b8c8e9cc45d088bd599d86592287406

Download Submit
/data/data/ir.amir.sandevich/databases/evernote_jobs.db

Filesize
16KB

MD5
77002ca4f7270a7348addcc886e0b88f

SHA1
8d6a89db9009bbfd5ea35c4d7a2f63d0e6113c64

SHA256
aed5d323223e149768531477ba1c542dea01659fc429edb4718250c44766717e

SHA512
d297c9d2419ab3100b62272c5abde351109ca0ac91ee442b3e21f028eabaf75b71822fcbce244f36a7866ee10e17cd79393babb190324d55f863acf68b0689af

Download Submit
/data/data/ir.amir.sandevich/databases/evernote_jobs.db

Filesize
16KB

MD5
63c89b33f9c9edccec2a03931d70f396

SHA1
f06810ab1bd77ada9273daef5d64452020e20282

SHA256
f3341b96c5dba5a57f4f21a199007baef6555790ed05929ecddf748d2fcabae1

SHA512
2e35f7dd36f272f803e9f6a4945a3a8fcede69e3c9eebde9ecee9d80ae99921f8c0bab2612bb73265b7479406d1e1ca6f6a8ac45a13f58b274960e0802ab0dde

Download Submit
/data/data/ir.amir.sandevich/databases/evernote_jobs.db-journal

Filesize
512B

MD5
1638f9830ec45b4ad37343c46bc66883

SHA1
b75420949ae6bd469b992879c190de6e91812397

SHA256
4c8988363b1268e3bdf271b7eae7daa7a3c4bf707e4fa762485e7d6f0169d99c

SHA512
21c15634bec53e115fd2c7cf119babbfc8265df5326828e4ac69eb823f1f8cc2f7271e02c0b1143b9b0e6f9d0bbacc5fe0f3520e3c19f95719f7ace67e52e060

Download Submit
/data/data/ir.amir.sandevich/databases/evernote_jobs.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/ir.amir.sandevich/databases/evernote_jobs.db-wal

Filesize
4KB

MD5
c10cc877d64853473204694b4271d7f0

SHA1
703ec7bbba4d188fa2424373dac64579763e55d5

SHA256
156ee9e4fa1ae2b34c356ddfca6d8d42e1028ae374fc273c19f97d8237945a3e

SHA512
47b036b4408a25baf93875ee05092bb1d8ed296ffff85d734475c5f364556d0e3a19cc6c3274f930d900775485d5e9622e595c6c2612c37c90c81f8626c2f955

Download Submit
/data/data/ir.amir.sandevich/databases/evernote_jobs.db-wal

Filesize
4KB

MD5
bf0badfa40ec4bdb76510e9a4299e604

SHA1
892c2d39bbc47462ae41e33ddfcce478d2151f4a

SHA256
ac58c040d4b7419f7fc81e225478a75947e7572f20491dbd06f82461c575f7aa

SHA512
83119b33422209297e4ce6c11c5785daf146cec6d6ffb357cadf60406def9db7fe08dac5400adb6b4477fd55e9949b287ca1beb52fd282e05b949cf59c0a7d07

Download Submit
/data/data/ir.amir.sandevich/databases/evernote_jobs.db-wal

Filesize
4KB

MD5
96033d0a7f744641f17555cbf73bc931

SHA1
890b17f34f8af586708256f7387a4c0524d55c49

SHA256
25c642c837cd7d8cfe3f32eca9999ebdf658deeffd9e159b1d08e8f674c361ea

SHA512
f6a4458174fe5f8e1d732bf9822f45eaaad79477a10d019c80270b5274d8a068bba1042032faa4361b5157f1ccc2e05e65871f40678cbd644ca3e56e00566c57

Download Submit
/data/data/ir.amir.sandevich/databases/evernote_jobs.db-wal

Filesize
4KB

MD5
c62ff847e2c1951748ed2ec8711bf26e

SHA1
94364e63e3f818f979c75636b7ee749a10bcc33b

SHA256
40c75650981774e680b51b3e51fc4c39d835278638f286fa6eef0e221393a12a

SHA512
2f14484c89b5f2e7b9699970d6ad480e79ee2d1b0bcb0c178d643bd89b91b2dbef5d9f4ae8e7af92662c9f087c9c4f167720883268862db4affcba2db3eadca8

Download Submit
/data/data/ir.amir.sandevich/databases/evernote_jobs.db-wal

Filesize
28KB

MD5
40ae9375d994b11070f796ce932017d4

SHA1
f98e5b31ea814738bfbc5aca8605eab7f9e7367c

SHA256
ff00e19ffa4d58249fd7e543202466dafef959868dc19d415604cabb4fb2818b

SHA512
879b3a58cc5ff35d2715ecda18473c3990e47deef049c9930cf7f5ec4d37232c12d260ec08bfa09279a42170943df7b4a2c49aa97146c8fe900438d40936672c

Download Submit
/data/data/ir.amir.sandevich/databases/evernote_jobs.db-wal

Filesize
4KB

MD5
30325a4abee44afa00ff1e505f6f652b

SHA1
885ae70b0f3bfb78e2b1569dc95ddab0d6ccfa8f

SHA256
07dbe84522f7627907d7657b48b364f86e394d34e0ff50c2a3f1c11436bda08c

SHA512
44ed6d6f53186f0fde4619a14ecd8765f57728d4b2191c6f70dfd2c7156b8f6aa7159ba92909856787af3e0c6dc0a169b9d66f73dfb90929352864451a4c8cb4

Download Submit
/data/data/ir.amir.sandevich/files/ashpazi.db

Filesize
242KB

MD5
aecfe638d8b736fa6e00e7bd1be431a7

SHA1
9267ad7543515bcdd6a34e163faf094aa09ad646

SHA256
e3e85aab3d739a112898ed37f501e3f16e7346343b0324e5f97ea6acd78dee34

SHA512
f64c4538de25c712712aa9432c5cae82fbfef477332700289f350b6c64c252a92c9a340cb64cb1e8e9914f25f298e46efadab5910954c66460a998c73e50120d

Download Submit
/data/data/ir.amir.sandevich/files/ashpazi.db

Filesize
1024B

MD5
955b937bcc21cc5645f5e3de65ccecb6

SHA1
efaac4fe5b687a4970bd6f2990a1364f0ef368bc

SHA256
62efb63e63838192197a7f254887ebac382dd55e76293a1f59c75f86989e1b41

SHA512
37880c0f8a11405631c7255241936a5fd5e4cb5758c9cff61decd39ddd9610cc306e94c363e6c9fb28b947d7487e42132dc327262a8e77bf98d68eafeef55af7

Download Submit
/data/data/ir.amir.sandevich/files/ashpazi.db-journal

Filesize
1KB

MD5
21d2789f032426f888bf001753766433

SHA1
b7e4f724793772cdbc7019c2799edc787ec300c4

SHA256
d7b2bd49318be2effb783ddd199c65c8350086a96a9eddbf4f8a1f3b23f338c4

SHA512
4d52c5ab00012df859ba4175247b2fe030df786c24872eb350b575bda13ce4af4f88987271ba382dcdd2b912eaa2cbc76dd5e26b4005de3fcf52147948bfa9f3

Download Submit
/data/data/ir.amir.sandevich/files/unsent_requests

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/storage/emulated/0/Android/data/ir.amir.sandevich/files/Magnet/magnetLogo

Filesize
2B

MD5
e0aa021e21dddbd6d8cecec71e9cf564

SHA1
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7

SHA256
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

SHA512
900110c951560eff857b440e89cc29f529416e0e3b3d7f0ad51651bfdbd8025b91768c5ed7db5352d1a5523354ce06ced2c42047e33a3e958a1bba5f742db874

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads