25bc19747c8bf50ae06a694e473b3db5d58e9047f9c41e4b54b18e4bb99f0ca3

Analysis

max time kernel
37s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240611.1-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
submitted
17-06-2024 17:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b9108eafff97b9d290fe0eea39139ad7_JaffaCakes118.apk
Size

4.7MB
MD5

b9108eafff97b9d290fe0eea39139ad7
SHA1

5f92828b231172973b1cd376d51aebeba8937d17
SHA256

25bc19747c8bf50ae06a694e473b3db5d58e9047f9c41e4b54b18e4bb99f0ca3
SHA512

ff58738b8f15ef3c133f2523e29d8af11c5935adda940516267bb02429bdd4be7c665277c9e583e5607b3af5f7e1300aa4a08194dd27b57b783624e1804c6aa1
SSDEEP

98304:ZSYuHXPLJwak4LReXuVGD7y8YnzTDwr4fimUgSj0hEbCwa:ZfuHXzTteekD7y3nzTe46ZgbhSCf

Score

7^/10

banker collection discovery evasion execution persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
discovery

T1421

Processes:

ir.amir.sandevich

description ioc process

Framework service call android.net.wifi.IWifiManager.getScanResults ir.amir.sandevich

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	ir.amir.sandevich

Requests cell location 2 TTPs 2 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

T1430

T1627.001

Processes:

ir.amir.sandevich

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	ir.amir.sandevich
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	ir.amir.sandevich

Acquires the wake lock 1 IoCs

Processes:

ir.amir.sandevich

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock ir.amir.sandevich
Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

ir.amir.sandevich

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo ir.amir.sandevich
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

ir.amir.sandevich

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone ir.amir.sandevich
Reads information about phone network operator. 1 TTPs
discovery

T1422
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

T1603

Processes:

ir.amir.sandevich

description ioc process

Framework service call android.app.job.IJobScheduler.schedule ir.amir.sandevich

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	ir.amir.sandevich

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	ir.amir.sandevich

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	ir.amir.sandevich

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	ir.amir.sandevich

ir.amir.sandevich
1⤵
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Schedules tasks to execute at a specified time
PID:4457

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/ir.amir.sandevich/databases/__pushe_base_lib_db
Filesize
24KB

MD5
0cacc868d0f799eb4d993b322cb846e8

SHA1
e4213ca4559b065460ff43046ad7df68fd2b52af

SHA256
0d7614e74fc3fa4a46da56cd65030245ed1cb39fc3e1abace5b56aee18d6388b

SHA512
aa0a782bc8b4ad373f134dfdc37d7f563c99bb82a1b4a6aad3eeff3d8571ec8c55d9afa9107ab5d8c477bea137efea41f57c052616e24883517bbb760ec57f5f

Download Submit
/data/user/0/ir.amir.sandevich/databases/__pushe_base_lib_db-journal
Filesize
8KB

MD5
ed686b7d7d21f734b5ed2889d9e251a0

SHA1
f4bde276b3314e594bd99f3896ba7214ff906f1b

SHA256
1842875323e6b62de79b5612805f4a7950cdf3fecf19fa5aa525fc728eeb3704

SHA512
a824d9d24a2aa0490aacedae4a60bae96800035273eafed639550a753c71e3bfc69b17edf3d74b04325a9cefab40a0cacc6ccb031daa8de48513432eea7043b0

Download Submit
/data/user/0/ir.amir.sandevich/databases/__pushe_base_lib_db-journal
Filesize
8KB

MD5
b51f586cd29d29a124e47a9de306b0fa

SHA1
35d615b8131cd74b86adc64a3de1f2346e781997

SHA256
b8d6352ee3eb7d247a621f95b53183296950f1d4f2ba095cc9be0e2fead4c022

SHA512
6cb18a567ad75dcb615684b87aec67b76bbd5fd1cceb1da9c88ca11a2adf48eb4db2c7ac99a9014910a92e04565a0262ebaa4712cdb6b2cd7f951da498268d9f

Download Submit
/data/user/0/ir.amir.sandevich/databases/__pushe_base_lib_db-journal
Filesize
8KB

MD5
97d58bcaea194b3f3dc5fb1885546cf8

SHA1
0bdff0339ea031f9ce91a5a3aef77f7d239ddf90

SHA256
2ea1df0b8c0b494b6282dc5a2145e02e6db0e918aa13fa3010158149a8d64427

SHA512
765a51209451cf925d6afed55392c99ff01f9cdb2a5137072d6e2903493054242fd7cd3fd537ad1a96a6feaa5920475234aca31a9c9af478c8be532336276a4f

Download Submit
/data/user/0/ir.amir.sandevich/databases/__pushe_base_lib_db-journal
Filesize
8KB

MD5
39cc8b25849eb20d5dbb2fdb28436bd1

SHA1
f8b70519f56025948a3809a9c9d5b08d7c202505

SHA256
8cee114361a374fad6f5fac1da3579561890e56d633d93aebddc8f524fab981e

SHA512
1ea9b5bd063a3b23481ce3376011196c4ed61220bbf2a0c3a646f01955369d5b50c1b812020d33edf59c4c73ef70cc662f5a5c8220762ca24795024819dcaf0b

Download Submit
/data/user/0/ir.amir.sandevich/databases/__pushe_base_lib_db-journal
Filesize
24KB

MD5
97c6e1ce1e677e8b987cac5c8f953f71

SHA1
02df9f88cbd7a3beafab4f062518d55fcbd53f72

SHA256
6a2a00f6dff4e0d6eaf4bc0481dd234593fcc9f08a405b86394eac293f840491

SHA512
bdc1f3e65db6f96a372b144305c4a349b6d5a212b7832f4da0c43c47baa86b67d91be233cd43e2fb977ea3940eabe364e548f40890a15780b14034721f971879

Download Submit
/data/user/0/ir.amir.sandevich/databases/__pushe_base_lib_db-journal
Filesize
512B

MD5
8a7c445a12f9632dfd3c932fa3aa873f

SHA1
d1d6bfe1537581f3128c7ffb5d1808d7c766009e

SHA256
acf5c3b8542354dbc1da70f999fa7a5a3d2fe004b15738cd011d136494847583

SHA512
4dcdc18a2bbf22b572cd95179c9b234003acba59377b3100298f65912c96416f156eba52eb3e111910374ec838bf68ae81ac061707c9935d0f097db976214e7f

Download Submit
/data/user/0/ir.amir.sandevich/databases/evernote_jobs.db
Filesize
16KB

MD5
16b3d9eb3a15c6e7ba10e05fe9d0a335

SHA1
12d785c446c6234250bb78fb49cb65b84e4588c5

SHA256
11639cb343d8c1c11ac79e13db9c6ebf7010065cdde4da1e2f0e0e5f6fb5df31

SHA512
d438d06a828395e0bc0135c5dde30ae12941a2c16a418e8c45679affbb8e5a23823f55cbea8de69aeae41e568ac09d54a18cc0da80e58dc7ec2179fc0277533f

Download Submit
/data/user/0/ir.amir.sandevich/databases/evernote_jobs.db
Filesize
16KB

MD5
47080e3bfcf2db9b8620f2faf6c5857a

SHA1
6f63c1851255e0fa99567f047382074b086d38bc

SHA256
dc4f8a73f49d2a6b41ff425fd08b85c1eba5280c438a1a1ff9832e91dfa56cbb

SHA512
e757043d82798926a5ddd716457accf6616894ad1ad79ec832293a1f662910b663239f899bf05a5c8d90fed5bcb093c5529e5bc842fe9003c1d5902f9ed84473

Download Submit
/data/user/0/ir.amir.sandevich/databases/evernote_jobs.db
Filesize
16KB

MD5
957fa04eeb2663c116c4dcf8ffa88f6d

SHA1
a64797f7f1f9f52030d25c88e5edc2860f197709

SHA256
484edc8a50ca63db7d38991bfc342227a4e8c7d42ff315834ae3df8b1e555e5f

SHA512
2fc6b20f7c91ef4df603858015897de0a7ce5e94ee2f60093c92e383f6d238b84d5aa06d697fe0c15a14f4f45e5589eee87fdad6bd32a1220f4a1ec84e806a41

Download Submit
/data/user/0/ir.amir.sandevich/databases/evernote_jobs.db
Filesize
16KB

MD5
594c920195f0863589e513b8045026c4

SHA1
0f7f0687c44b618f22501a91d250d67726751260

SHA256
f4b2873c0052fb2260ad1a5c3969c1d26ccbb631795ae178b7710d6078045a7f

SHA512
fe63b0d69a62b28cbb82922a1833140a754753ca547e54cb73f0d4d377b0f324e21c47df4c3577b194302fd14c8ae6de2092d35709171ea57342b6af3252c289

Download Submit
/data/user/0/ir.amir.sandevich/databases/evernote_jobs.db
Filesize
16KB

MD5
78b387106aa43a3291fe7a5b8c6bcc96

SHA1
1d7b5a4fbf637b9673c38f5d6cd2c692736b6a09

SHA256
8999afc995c7a13b6b94b9a35b7ae37ad4567dd884502a7100acb4ae7cef4d37

SHA512
04cb91e1e4d1db8848f3ce7b176a284bb01160c9b2f939324790820b393e4d728ddc4811bcf6d1eaa8c9e7ba56bd33cd21deb30527f92aa30c1a362878dec10a

Download Submit
/data/user/0/ir.amir.sandevich/databases/evernote_jobs.db
Filesize
16KB

MD5
9724f46196c7bbecd35b8b2a8a4cd198

SHA1
9bbc16373cb30ad7c5cc20b03efa5ff4ea532807

SHA256
68a4e7eedb95872746ab7acb6ae3d9c738bb6a0c5eed73525fad5366d6da52c2

SHA512
f24766aa54e42eff94f04060310398c471a7de9300aacf3e8e0880a8bb6ad8d9cdb51ea1ba32c318e051270c857f8b242a3e6bf8a28a65d9aacfedcf5ccbfd97

Download Submit
/data/user/0/ir.amir.sandevich/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
df9143a34f91c3373ecf15a87be2475b

SHA1
e1c2bf19ed8a3ea0533b7cd42ff4864cbe35851e

SHA256
176a210c123d7eb3d4a6aa944a92fd969cd2c1a925a8fd3904e7eb78ecd463db

SHA512
4b71c74e9d1003fb9486be7f8d26e72b6f249902516e4a66708fdb15709612d3960c78c101f9681f9e9c09a3ebff571405351a79460d54424ccc6e5ae7ef62bb

Download Submit
/data/user/0/ir.amir.sandevich/databases/evernote_jobs.db-journal
Filesize
512B

MD5
b8c48cab829a38bd55adbace07c1345d

SHA1
fd36dd3ee02ed464cab938b43983bdbda96d4996

SHA256
241430cfe92ee3e641deeafc09d4e0d6f4c79cb84a495c1b7bc9b6cced75a1fe

SHA512
f141a43315e67bb6d7f62ec8b2efc6fde9ba88926e541ba233a3fac7a29151820183379bc290b0e26b2f275418588383cb76dd75782c62de0175508f9c86ce66

Download Submit
/data/user/0/ir.amir.sandevich/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
e1bcb70a01287569c0c7c98503118881

SHA1
59ed7a5740392cd9a6c8b6b74192a64d7c3edda6

SHA256
b448d80a944b785c8ce71c314645149d6439645b9e46b1df731ef7dc579d29a5

SHA512
82f86a9bddfac2d8b6fb6d32919c256607adf3ca9be2d1bde78fc0628b937146b658e9715684d88ad7c45eb1261d216de9ab7869a432d63c4b2d15d46046fa0a

Download Submit
/data/user/0/ir.amir.sandevich/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
0d7f1dd853c2463b18188c017c140c84

SHA1
e61aea9aa634463cad16b57cfddeb32ba4231dd9

SHA256
809762d435c92365a830601d4a346e4a04f5b6030f52ed50025a3582e99885cd

SHA512
7ba203b59dd31379d9639ef51c1be64c3f18d03d004acb74a876ac81e077243eb6197392f1a4eb4ebba883d38fd4b8aebbf5d535e0cb2b6d6bfd33f28cc75f25

Download Submit
/data/user/0/ir.amir.sandevich/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
e9cf8c0e0de3e35dae55ef1113ad70e2

SHA1
bad47b96f3ad5ff9ab9459f8e729484b2b061c2f

SHA256
749265123006bdd7881e810c9bebf51d22284a9856541bce3b770453c9ff683e

SHA512
61aef0e4248c6fc3ba2ac1ffbdedce5d71ad536c70a433c1a63cceb7ce5f90b9d58993ed2c7984ca67cc57b1d8c2e8e950b13d59ad12c2eadfe2539251953e88

Download Submit
/data/user/0/ir.amir.sandevich/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
20f16c19a35888b016b3d5377748ce47

SHA1
9b0c53050f6f1aae402304b2cf0fbe48e1138de7

SHA256
2f9f1656c648069e55ca02cc73a0027b3da01e00198848ed55654907db640a98

SHA512
9a9387c1abbbb0cdae86f68738967b8e629f8c55852ba1f7aab40f89defea8bab7c8044cf7cbfaf072831d1343f137805764a041036d0873316894bbeedadf17

Download Submit
/data/user/0/ir.amir.sandevich/files/ashpazi.db
Filesize
242KB

MD5
aecfe638d8b736fa6e00e7bd1be431a7

SHA1
9267ad7543515bcdd6a34e163faf094aa09ad646

SHA256
e3e85aab3d739a112898ed37f501e3f16e7346343b0324e5f97ea6acd78dee34

SHA512
f64c4538de25c712712aa9432c5cae82fbfef477332700289f350b6c64c252a92c9a340cb64cb1e8e9914f25f298e46efadab5910954c66460a998c73e50120d

Download Submit
/data/user/0/ir.amir.sandevich/files/unsent_requests
Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/storage/emulated/0/Android/data/ir.amir.sandevich/files/Magnet/magnetLogo
Filesize
2B

MD5
e0aa021e21dddbd6d8cecec71e9cf564

SHA1
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7

SHA256
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

SHA512
900110c951560eff857b440e89cc29f529416e0e3b3d7f0ad51651bfdbd8025b91768c5ed7db5352d1a5523354ce06ced2c42047e33a3e958a1bba5f742db874

Download Submit