25bc19747c8bf50ae06a694e473b3db5d58e9047f9c41e4b54b18e4bb99f0ca3

Analysis

max time kernel
47s
max time network
169s
platform
android_x64
resource
android-x64-20240611.1-en
resource tags

androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
submitted
17-06-2024 17:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b9108eafff97b9d290fe0eea39139ad7_JaffaCakes118.apk
Size

4.7MB
MD5

b9108eafff97b9d290fe0eea39139ad7
SHA1

5f92828b231172973b1cd376d51aebeba8937d17
SHA256

25bc19747c8bf50ae06a694e473b3db5d58e9047f9c41e4b54b18e4bb99f0ca3
SHA512

ff58738b8f15ef3c133f2523e29d8af11c5935adda940516267bb02429bdd4be7c665277c9e583e5607b3af5f7e1300aa4a08194dd27b57b783624e1804c6aa1
SSDEEP

98304:ZSYuHXPLJwak4LReXuVGD7y8YnzTDwr4fimUgSj0hEbCwa:ZfuHXzTteekD7y3nzTe46ZgbhSCf

Score

7^/10

banker collection discovery execution persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
discovery

T1421

Processes:

ir.amir.sandevich

description ioc process

Framework service call android.net.wifi.IWifiManager.getScanResults ir.amir.sandevich

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	ir.amir.sandevich

Requests cell location 1 TTPs 2 IoCs

Uses Android APIs to to get current cell information.

collection discovery

T1430

Processes:

ir.amir.sandevich

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	ir.amir.sandevich
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	ir.amir.sandevich

Acquires the wake lock 1 IoCs

Processes:

ir.amir.sandevich

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock ir.amir.sandevich
Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

ir.amir.sandevich

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo ir.amir.sandevich
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

ir.amir.sandevich

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone ir.amir.sandevich
Reads information about phone network operator. 1 TTPs
discovery

T1422
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

ir.amir.sandevich

description ioc process

Framework service call android.app.IActivityManager.registerReceiver ir.amir.sandevich
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

T1603

Processes:

ir.amir.sandevich

description ioc process

Framework service call android.app.job.IJobScheduler.schedule ir.amir.sandevich

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	ir.amir.sandevich

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	ir.amir.sandevich

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	ir.amir.sandevich

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	ir.amir.sandevich

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	ir.amir.sandevich

ir.amir.sandevich
1⤵
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
PID:5130

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ir.amir.sandevich/databases/__pushe_base_lib_db
Filesize
24KB

MD5
8c5307f2224c816bdbf5bb938ef4dec1

SHA1
d448585350ac25025de0e2145c9acbb4176db89e

SHA256
b202ab0c2c00affe3e289e2be126bd4fff19a32b4bfe81c7ae22e02160684f49

SHA512
f8eafbf657e3a479534979633729e77774e2c1119f70019fd6cee7b9a035f411f405f6ee68ce6fdf3b34a40401ad469873f19d2956237f82dc1f79939e0c39bc

Download Submit
/data/data/ir.amir.sandevich/databases/__pushe_base_lib_db-journal
Filesize
8KB

MD5
669a3a33669f7c365950a7cdcaa757ac

SHA1
fe2535905c586d851f22c918af1132e4d30ef9b2

SHA256
4a08efddd7ba3ee6ac611d80cddf8890c6e045d742c96b81490d9b5f4e829cc0

SHA512
1190098030edfb7928e31e17b3a839f90e93f35af5aaf35647791264ee1f0a7060d8c64261bc37ef492c4d1970f69467b5bb766781a202e8f3d814048d9fa9ab

Download Submit
/data/data/ir.amir.sandevich/databases/__pushe_base_lib_db-journal
Filesize
8KB

MD5
13ec27458ec7b4ff45b1ed331554458c

SHA1
446b0c0c3f87797800b4e3d6829032ff2cc91471

SHA256
10050a8be963d66383e9741de4908b0791f9a20b987e5a94bcdea830ead5345f

SHA512
3c520a7c38c4be2cacdff56e6dcb373f03d5b47354d2b4f778b15fbfe5ffaf77bea156d9b93da77038d05f09c9ecb4d26dcfd5078d849bf78a3c9ba52583475a

Download Submit
/data/data/ir.amir.sandevich/databases/__pushe_base_lib_db-journal
Filesize
8KB

MD5
261a969e393f4f1cbb611fd60a1bf453

SHA1
6a955f441b7c7fc99778500a9acc0bde81cee9ff

SHA256
cf9759b955259170c0e065dcb2f9f48c270fde04f375a284dabcce19b4b1193d

SHA512
6d6e231a4e995312ea54aa1ae13093bf1ba7e76cb718ec08e6ee529ab7feaa0e1927761fd06c7518b4771e0994c095415f851ac8373951e40e03726940c98f63

Download Submit
/data/data/ir.amir.sandevich/databases/__pushe_base_lib_db-journal
Filesize
8KB

MD5
c9a3e626410cc61053131bfb628a3fb4

SHA1
0f7618b33e3a3c781bbdcad00d750713cf579025

SHA256
6d36a2c58a6192dafae6bef6dfc505f179733972794393e301bf8417ce34251b

SHA512
59648b1f82cb6f901b5abdcef0914298cbbbfcb83c2aacbdda28e82fdf9c2931e9b4958dafd8a63f4ff8c4d2f551481d55d8147e3e025ea2f0ab8936a3091ced

Download Submit
/data/data/ir.amir.sandevich/databases/__pushe_base_lib_db-journal
Filesize
24KB

MD5
8868bf3804d01527b294df27e7fb663f

SHA1
f1b40d726350ae1e2bcb6578c65a1f56b1ae1ef4

SHA256
c85f2d82efef612a2bba0d2a2e8b74bb61a2df8d91b93ed75baaf7aa7dd6d6f6

SHA512
d0ea2f58bf5a757b8138fb2da1cebc1cb515f7ed1c7823f10a11d23409ee8aaea7e9676c8e3ca89430c0af91247bb64b3c62e7b0e8742060f8fc4b649773adbd

Download Submit
/data/data/ir.amir.sandevich/databases/__pushe_base_lib_db-journal
Filesize
512B

MD5
6885cb498a8e0bcfdfa3d6adc6e6d673

SHA1
bfa1d38d86322e036f77141469a5082ecc46e224

SHA256
67608740d6014bc86ef208e4ce81b95124960be9a257579c2363c4bce8b17d04

SHA512
ff349fd64d550a7a0ad618af1aeede9418960c6e39683c62408bcebfc3b3de0228e876777d12b49a56d5c390596f9cdb3682cfcd817946610fd05d93697e6f4b

Download Submit
/data/data/ir.amir.sandevich/databases/evernote_jobs.db
Filesize
16KB

MD5
9c92a857a856d8d8e47fc78114f41fcb

SHA1
3c480966d777b1a35b096e6d48dd7c5381b3890b

SHA256
8d3f941c1c63b0aafa716a658a23ff3c75de3d4284898c51645dae0a64345769

SHA512
6a3f7877995f83a4068d2250282c3eded695e1f58204e8f9e1c1e5f34edcb05b892ef9411f56272b7e58e96f28c626de644927e16fa4e97399c1b91329071480

Download Submit
/data/data/ir.amir.sandevich/databases/evernote_jobs.db
Filesize
16KB

MD5
00e829076f54c72b50b63fd6de296a03

SHA1
fbeb1b8be863931f98a7c29224a03b89f9616ab2

SHA256
c479f839c0bc15e9a9749cb5a5a3eef4e09c0163160073477f72fa78b2e300df

SHA512
1c6b0bfe980050072927f8d407ca86353098d03502f7194f141d43c045a3f35103261811281f023262f4823a4fd70659d6802b76e126e991120dc14cdf74bbcc

Download Submit
/data/data/ir.amir.sandevich/databases/evernote_jobs.db
Filesize
16KB

MD5
fd8f545fe2714dbcd233ab8acd8d24c5

SHA1
ed50230e76e445e04075266afa515b62aac11c9f

SHA256
ae80efb3921034f36de23694aa05581b6c4819c40c05f2dcedfef6f05e26f91d

SHA512
d03ac863c5cd809bd9b6505e0c9c37604479dd3fe714fe50cd3f52c5b31136b538dee02e4f7384cde2c49137b8bdf5a3cb3581ad4c5cbe4403f66b228bb88c69

Download Submit
/data/data/ir.amir.sandevich/databases/evernote_jobs.db
Filesize
16KB

MD5
c42dc6f6088d07857912122fa26a31a2

SHA1
d75026ccf9a8d4c14b33d19493e430177ea21760

SHA256
b99db3dd0ad82386a265661a870eeaf06742d941494d0e69ba5b0c2d06dc9acd

SHA512
f11d846b824d749ee1c237cf84c15c21b2de0071e46986127951a759471101280069bc2bf5dc6ff076ec657abadcef90b544849d15ea8fdb438b7c2f09291d84

Download Submit
/data/data/ir.amir.sandevich/databases/evernote_jobs.db
Filesize
16KB

MD5
78e46f5b851b2c0d298317ffa8818580

SHA1
e0c8c8dc71ac508c54b284694b688501a9ac2781

SHA256
500e46bc6c07fec1c894b83cb732ce74d79e49aa2634a14ecfd2de4063225d51

SHA512
a9a818ff34c8db5be00fc960c3291325fe0b4d44ce078e21d17a03fb492d76ec610a342c28afaf2150838690c1eb4319c4e312dd515728275eead746a6560e1f

Download Submit
/data/data/ir.amir.sandevich/databases/evernote_jobs.db
Filesize
16KB

MD5
28970ea9dc7002600686782acfe28154

SHA1
27d8260356de42178c21e025dc4148e1b2aeaa6a

SHA256
4452287aaa3d13b769636cbd2ef44f174c01b62777ef9a7dea3c47dc3560eecc

SHA512
bff78d0ea2929d6bc63324590b3eef6786c9a326608d34fea54d1a803978e97bf3c3a979dd097dbf2f69287e9d92d7e403523c9ed28a4f8c7d91d8f794d26b21

Download Submit
/data/data/ir.amir.sandevich/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
5acf42056f301be6699457a6ca6ff2c3

SHA1
5090a5f144d709cf3efaee0cbeba71751722927e

SHA256
fb40c2c6abe420406d1396a7c605b9e46649bbac118470af636e439af7b9c2c4

SHA512
ce59620deaaee02929af26315a1bca76ff2e5c4d706e355305dc5979b2d04a0e870bf8fffb6d2f63a01ce096d12a413348caa2b78a39c01ba7e5dd254663918d

Download Submit
/data/data/ir.amir.sandevich/databases/evernote_jobs.db-journal
Filesize
512B

MD5
3246fdcb681c3894cfc4a7c646e1c0f6

SHA1
13b13e53d89f153b991fc4cf5fb356f8f5976f53

SHA256
f56088822db8db83136feeb15979f0a124e532a6e0e824e92b287cd0cbb832b0

SHA512
7b1ddd499969915dfdda5031e80d389891d1ba8fed56ffeaa91b1d371bf607e319eb86103088efb81007bdea3b33db65fd2e9fb8fa9346c86de180ab012b01e1

Download Submit
/data/data/ir.amir.sandevich/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
2191e9d531840561b12cd40aa464ed28

SHA1
9911a9f348baa039288133eae4fc84bc3fef8a43

SHA256
9c80b43d80de49a1376b70380390e995d50fb6bc889387d4338500175fa4f2c8

SHA512
86edb5bc0f92f05bddcc75d7df61e4da65a16ffb625113b1f71ae29bbd1cfd7e05c5717cdda78061afc3e1430f77f396c97120eac999b2d31f641d08ad5306c0

Download Submit
/data/data/ir.amir.sandevich/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
282622811eb1de8694c7ea0c1202e022

SHA1
d199c708cbec90da76f712cc1c6a566f4f1ebfd7

SHA256
dcff8d5ba81208b38796b2a643dd454aa57c1ee6cf5438af299d60ec48daba96

SHA512
2c27bcab286b21e2a5ccf6f15d69bc23e6fb72928d593141e8ed83ad835671dd0243270b1345c0c9008e697d0f6e9be739fb0dbf1faff222bb5f30fd5d27321f

Download Submit
/data/data/ir.amir.sandevich/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
9af95beda667e3740f8c9327c12143db

SHA1
9bfbcc43fbf4058fa1d0b2bf735eab43ca58d3ce

SHA256
d515d620800fc71ae5a1c5af0302ff3b2bdb7472b30fb0ab5f8e4bc1a1e4d630

SHA512
f586774f0b9a6090c83e46e0ca2d4c94dfc84fcc2b11ca1399073c67b5c64a16250ecd1b1c90c9f2e0b38665648dabc99ed3ac9f328b1d0c7c10c5095dc9a190

Download Submit
/data/data/ir.amir.sandevich/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
64ffbe2ec76d8d9619f9db644b315873

SHA1
48b403c5fc6eb3fe67fab52d0c689399058dc5d2

SHA256
dfb5d99a27185ea4f85e813d791196a994266d09f5283fe2626edaa372df9b58

SHA512
d4565ebea92ab8aaf113ba8a31d5b5bcd0a4cbb24c06083c00864563b5dc200ddc0065e25dd3abee0ee075a17a627d4a7af01ebb902fa5897139fc4a6bd810b3

Download Submit
/data/data/ir.amir.sandevich/files/ashpazi.db
Filesize
242KB

MD5
aecfe638d8b736fa6e00e7bd1be431a7

SHA1
9267ad7543515bcdd6a34e163faf094aa09ad646

SHA256
e3e85aab3d739a112898ed37f501e3f16e7346343b0324e5f97ea6acd78dee34

SHA512
f64c4538de25c712712aa9432c5cae82fbfef477332700289f350b6c64c252a92c9a340cb64cb1e8e9914f25f298e46efadab5910954c66460a998c73e50120d

Download Submit
/data/data/ir.amir.sandevich/files/unsent_requests
Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/storage/emulated/0/Android/data/ir.amir.sandevich/files/Magnet/magnetLogo
Filesize
2B

MD5
e0aa021e21dddbd6d8cecec71e9cf564

SHA1
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7

SHA256
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

SHA512
900110c951560eff857b440e89cc29f529416e0e3b3d7f0ad51651bfdbd8025b91768c5ed7db5352d1a5523354ce06ced2c42047e33a3e958a1bba5f742db874

Download Submit