25bc19747c8bf50ae06a694e473b3db5d58e9047f9c41e4b54b18e4bb99f0ca3

Analysis

max time kernel
37s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240611.1-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
submitted
17-06-2024 17:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b9108eafff97b9d290fe0eea39139ad7_JaffaCakes118.apk
Size

4.7MB
MD5

b9108eafff97b9d290fe0eea39139ad7
SHA1

5f92828b231172973b1cd376d51aebeba8937d17
SHA256

25bc19747c8bf50ae06a694e473b3db5d58e9047f9c41e4b54b18e4bb99f0ca3
SHA512

ff58738b8f15ef3c133f2523e29d8af11c5935adda940516267bb02429bdd4be7c665277c9e583e5607b3af5f7e1300aa4a08194dd27b57b783624e1804c6aa1
SSDEEP

98304:ZSYuHXPLJwak4LReXuVGD7y8YnzTDwr4fimUgSj0hEbCwa:ZfuHXzTteekD7y3nzTe46ZgbhSCf

Score

7^/10

banker collection discovery evasion execution persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	ir.amir.sandevich

Requests cell location 2 TTPs 2 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	ir.amir.sandevich
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	ir.amir.sandevich

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	ir.amir.sandevich

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	ir.amir.sandevich

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	ir.amir.sandevich

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	ir.amir.sandevich

ir.amir.sandevich
1⤵
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Schedules tasks to execute at a specified time
PID:4457

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Credential Access

Discovery

Location Tracking

T1430

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/ir.amir.sandevich/databases/__pushe_base_lib_db

Filesize
24KB

MD5
0cacc868d0f799eb4d993b322cb846e8

SHA1
e4213ca4559b065460ff43046ad7df68fd2b52af

SHA256
0d7614e74fc3fa4a46da56cd65030245ed1cb39fc3e1abace5b56aee18d6388b

SHA512
aa0a782bc8b4ad373f134dfdc37d7f563c99bb82a1b4a6aad3eeff3d8571ec8c55d9afa9107ab5d8c477bea137efea41f57c052616e24883517bbb760ec57f5f

Download Submit
/data/user/0/ir.amir.sandevich/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
ed686b7d7d21f734b5ed2889d9e251a0

SHA1
f4bde276b3314e594bd99f3896ba7214ff906f1b

SHA256
1842875323e6b62de79b5612805f4a7950cdf3fecf19fa5aa525fc728eeb3704

SHA512
a824d9d24a2aa0490aacedae4a60bae96800035273eafed639550a753c71e3bfc69b17edf3d74b04325a9cefab40a0cacc6ccb031daa8de48513432eea7043b0

Download Submit
/data/user/0/ir.amir.sandevich/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
b51f586cd29d29a124e47a9de306b0fa

SHA1
35d615b8131cd74b86adc64a3de1f2346e781997

SHA256
b8d6352ee3eb7d247a621f95b53183296950f1d4f2ba095cc9be0e2fead4c022

SHA512
6cb18a567ad75dcb615684b87aec67b76bbd5fd1cceb1da9c88ca11a2adf48eb4db2c7ac99a9014910a92e04565a0262ebaa4712cdb6b2cd7f951da498268d9f

Download Submit
/data/user/0/ir.amir.sandevich/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
97d58bcaea194b3f3dc5fb1885546cf8

SHA1
0bdff0339ea031f9ce91a5a3aef77f7d239ddf90

SHA256
2ea1df0b8c0b494b6282dc5a2145e02e6db0e918aa13fa3010158149a8d64427

SHA512
765a51209451cf925d6afed55392c99ff01f9cdb2a5137072d6e2903493054242fd7cd3fd537ad1a96a6feaa5920475234aca31a9c9af478c8be532336276a4f

Download Submit
/data/user/0/ir.amir.sandevich/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
39cc8b25849eb20d5dbb2fdb28436bd1

SHA1
f8b70519f56025948a3809a9c9d5b08d7c202505

SHA256
8cee114361a374fad6f5fac1da3579561890e56d633d93aebddc8f524fab981e

SHA512
1ea9b5bd063a3b23481ce3376011196c4ed61220bbf2a0c3a646f01955369d5b50c1b812020d33edf59c4c73ef70cc662f5a5c8220762ca24795024819dcaf0b

Download Submit
/data/user/0/ir.amir.sandevich/databases/__pushe_base_lib_db-journal

Filesize
24KB

MD5
97c6e1ce1e677e8b987cac5c8f953f71

SHA1
02df9f88cbd7a3beafab4f062518d55fcbd53f72

SHA256
6a2a00f6dff4e0d6eaf4bc0481dd234593fcc9f08a405b86394eac293f840491

SHA512
bdc1f3e65db6f96a372b144305c4a349b6d5a212b7832f4da0c43c47baa86b67d91be233cd43e2fb977ea3940eabe364e548f40890a15780b14034721f971879

Download Submit
/data/user/0/ir.amir.sandevich/databases/__pushe_base_lib_db-journal

Filesize
512B

MD5
8a7c445a12f9632dfd3c932fa3aa873f

SHA1
d1d6bfe1537581f3128c7ffb5d1808d7c766009e

SHA256
acf5c3b8542354dbc1da70f999fa7a5a3d2fe004b15738cd011d136494847583

SHA512
4dcdc18a2bbf22b572cd95179c9b234003acba59377b3100298f65912c96416f156eba52eb3e111910374ec838bf68ae81ac061707c9935d0f097db976214e7f

Download Submit
/data/user/0/ir.amir.sandevich/databases/evernote_jobs.db

Filesize
16KB

MD5
16b3d9eb3a15c6e7ba10e05fe9d0a335

SHA1
12d785c446c6234250bb78fb49cb65b84e4588c5

SHA256
11639cb343d8c1c11ac79e13db9c6ebf7010065cdde4da1e2f0e0e5f6fb5df31

SHA512
d438d06a828395e0bc0135c5dde30ae12941a2c16a418e8c45679affbb8e5a23823f55cbea8de69aeae41e568ac09d54a18cc0da80e58dc7ec2179fc0277533f

Download Submit
/data/user/0/ir.amir.sandevich/databases/evernote_jobs.db

Filesize
16KB

MD5
47080e3bfcf2db9b8620f2faf6c5857a

SHA1
6f63c1851255e0fa99567f047382074b086d38bc

SHA256
dc4f8a73f49d2a6b41ff425fd08b85c1eba5280c438a1a1ff9832e91dfa56cbb

SHA512
e757043d82798926a5ddd716457accf6616894ad1ad79ec832293a1f662910b663239f899bf05a5c8d90fed5bcb093c5529e5bc842fe9003c1d5902f9ed84473

Download Submit
/data/user/0/ir.amir.sandevich/databases/evernote_jobs.db

Filesize
16KB

MD5
957fa04eeb2663c116c4dcf8ffa88f6d

SHA1
a64797f7f1f9f52030d25c88e5edc2860f197709

SHA256
484edc8a50ca63db7d38991bfc342227a4e8c7d42ff315834ae3df8b1e555e5f

SHA512
2fc6b20f7c91ef4df603858015897de0a7ce5e94ee2f60093c92e383f6d238b84d5aa06d697fe0c15a14f4f45e5589eee87fdad6bd32a1220f4a1ec84e806a41

Download Submit
/data/user/0/ir.amir.sandevich/databases/evernote_jobs.db

Filesize
16KB

MD5
594c920195f0863589e513b8045026c4

SHA1
0f7f0687c44b618f22501a91d250d67726751260

SHA256
f4b2873c0052fb2260ad1a5c3969c1d26ccbb631795ae178b7710d6078045a7f

SHA512
fe63b0d69a62b28cbb82922a1833140a754753ca547e54cb73f0d4d377b0f324e21c47df4c3577b194302fd14c8ae6de2092d35709171ea57342b6af3252c289

Download Submit
/data/user/0/ir.amir.sandevich/databases/evernote_jobs.db

Filesize
16KB

MD5
78b387106aa43a3291fe7a5b8c6bcc96

SHA1
1d7b5a4fbf637b9673c38f5d6cd2c692736b6a09

SHA256
8999afc995c7a13b6b94b9a35b7ae37ad4567dd884502a7100acb4ae7cef4d37

SHA512
04cb91e1e4d1db8848f3ce7b176a284bb01160c9b2f939324790820b393e4d728ddc4811bcf6d1eaa8c9e7ba56bd33cd21deb30527f92aa30c1a362878dec10a

Download Submit
/data/user/0/ir.amir.sandevich/databases/evernote_jobs.db

Filesize
16KB

MD5
9724f46196c7bbecd35b8b2a8a4cd198

SHA1
9bbc16373cb30ad7c5cc20b03efa5ff4ea532807

SHA256
68a4e7eedb95872746ab7acb6ae3d9c738bb6a0c5eed73525fad5366d6da52c2

SHA512
f24766aa54e42eff94f04060310398c471a7de9300aacf3e8e0880a8bb6ad8d9cdb51ea1ba32c318e051270c857f8b242a3e6bf8a28a65d9aacfedcf5ccbfd97

Download Submit
/data/user/0/ir.amir.sandevich/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
df9143a34f91c3373ecf15a87be2475b

SHA1
e1c2bf19ed8a3ea0533b7cd42ff4864cbe35851e

SHA256
176a210c123d7eb3d4a6aa944a92fd969cd2c1a925a8fd3904e7eb78ecd463db

SHA512
4b71c74e9d1003fb9486be7f8d26e72b6f249902516e4a66708fdb15709612d3960c78c101f9681f9e9c09a3ebff571405351a79460d54424ccc6e5ae7ef62bb

Download Submit
/data/user/0/ir.amir.sandevich/databases/evernote_jobs.db-journal

Filesize
512B

MD5
b8c48cab829a38bd55adbace07c1345d

SHA1
fd36dd3ee02ed464cab938b43983bdbda96d4996

SHA256
241430cfe92ee3e641deeafc09d4e0d6f4c79cb84a495c1b7bc9b6cced75a1fe

SHA512
f141a43315e67bb6d7f62ec8b2efc6fde9ba88926e541ba233a3fac7a29151820183379bc290b0e26b2f275418588383cb76dd75782c62de0175508f9c86ce66

Download Submit
/data/user/0/ir.amir.sandevich/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
e1bcb70a01287569c0c7c98503118881

SHA1
59ed7a5740392cd9a6c8b6b74192a64d7c3edda6

SHA256
b448d80a944b785c8ce71c314645149d6439645b9e46b1df731ef7dc579d29a5

SHA512
82f86a9bddfac2d8b6fb6d32919c256607adf3ca9be2d1bde78fc0628b937146b658e9715684d88ad7c45eb1261d216de9ab7869a432d63c4b2d15d46046fa0a

Download Submit
/data/user/0/ir.amir.sandevich/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
0d7f1dd853c2463b18188c017c140c84

SHA1
e61aea9aa634463cad16b57cfddeb32ba4231dd9

SHA256
809762d435c92365a830601d4a346e4a04f5b6030f52ed50025a3582e99885cd

SHA512
7ba203b59dd31379d9639ef51c1be64c3f18d03d004acb74a876ac81e077243eb6197392f1a4eb4ebba883d38fd4b8aebbf5d535e0cb2b6d6bfd33f28cc75f25

Download Submit
/data/user/0/ir.amir.sandevich/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
e9cf8c0e0de3e35dae55ef1113ad70e2

SHA1
bad47b96f3ad5ff9ab9459f8e729484b2b061c2f

SHA256
749265123006bdd7881e810c9bebf51d22284a9856541bce3b770453c9ff683e

SHA512
61aef0e4248c6fc3ba2ac1ffbdedce5d71ad536c70a433c1a63cceb7ce5f90b9d58993ed2c7984ca67cc57b1d8c2e8e950b13d59ad12c2eadfe2539251953e88

Download Submit
/data/user/0/ir.amir.sandevich/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
20f16c19a35888b016b3d5377748ce47

SHA1
9b0c53050f6f1aae402304b2cf0fbe48e1138de7

SHA256
2f9f1656c648069e55ca02cc73a0027b3da01e00198848ed55654907db640a98

SHA512
9a9387c1abbbb0cdae86f68738967b8e629f8c55852ba1f7aab40f89defea8bab7c8044cf7cbfaf072831d1343f137805764a041036d0873316894bbeedadf17

Download Submit
/data/user/0/ir.amir.sandevich/files/ashpazi.db

Filesize
242KB

MD5
aecfe638d8b736fa6e00e7bd1be431a7

SHA1
9267ad7543515bcdd6a34e163faf094aa09ad646

SHA256
e3e85aab3d739a112898ed37f501e3f16e7346343b0324e5f97ea6acd78dee34

SHA512
f64c4538de25c712712aa9432c5cae82fbfef477332700289f350b6c64c252a92c9a340cb64cb1e8e9914f25f298e46efadab5910954c66460a998c73e50120d

Download Submit
/data/user/0/ir.amir.sandevich/files/unsent_requests

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit
/storage/emulated/0/Android/data/ir.amir.sandevich/files/Magnet/magnetLogo

Filesize
2B

MD5
e0aa021e21dddbd6d8cecec71e9cf564

SHA1
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7

SHA256
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

SHA512
900110c951560eff857b440e89cc29f529416e0e3b3d7f0ad51651bfdbd8025b91768c5ed7db5352d1a5523354ce06ced2c42047e33a3e958a1bba5f742db874

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads