624f9a6183adca39ca8e7f2aa25135cbc9ca870ff57f185a4207dc7111b20b6c

Analysis

max time kernel
70s
max time network
180s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
15/07/2024, 19:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4afeacf6cb8c6f7e742ffe059c5d72e1_JaffaCakes118.apk
Size

3.8MB
MD5

4afeacf6cb8c6f7e742ffe059c5d72e1
SHA1

1f89d71e84523abc8c88bc3afd05df6f8985bbc0
SHA256

624f9a6183adca39ca8e7f2aa25135cbc9ca870ff57f185a4207dc7111b20b6c
SHA512

2928bde852ac9e0ed8084075ab8df0488fb34fe39e2af4e410c9f81c33007c3035a511e6d6005c86ec825351bd15390feaca8bcc5a194d42f3a7fae2bdffe949
SSDEEP

98304:uzQ218N2QYd/peiLeNWQ0RpHtWBxbWq9apLdnmg0:uU218N2peiqNJWGBxbdApL8L

Score

7^/10

banker collection credential_access discovery execution impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	ir.arzanikamran.ash

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	ir.arzanikamran.ash

Requests cell location 1 TTPs 2 IoCs

Uses Android APIs to to get current cell information.

collection discovery

Location Tracking

T1430

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	ir.arzanikamran.ash
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	ir.arzanikamran.ash

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	ir.arzanikamran.ash

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	ir.arzanikamran.ash

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	ir.arzanikamran.ash

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	ir.arzanikamran.ash

ir.arzanikamran.ash
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Acquires the wake lock
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4458

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Location Tracking

T1430

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/ir.arzanikamran.ash/databases/__pushe_base_lib_db

Filesize
24KB

MD5
d8740d8dd26cd2d04aa43c71a4085600

SHA1
3da570580980823266edecb6bf4a0c138192a2a7

SHA256
0fb2f4341cfecc78d6f6260d292b4a7d7b4bfdfe85c8d0b54a7bbcd37219b14b

SHA512
d416539ffb418d2f560eb52b573d7b8ca96ddb59d74f99109ffd831080a16b55e0ac63d0529abdf99f934d57f9c81ae0b6de1d1093a82d65de3dfcf4cc3a6e4d

Download Submit
/data/user/0/ir.arzanikamran.ash/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
251a9c8ff4e070b7c3e74c8e1f4a810f

SHA1
fa839eab0d4680d5d10e93cad7a5e0e3927639cf

SHA256
dfd35fbcf4e45343e8038a7d8d0ed63adf1c7b32cc9dd495463039591d6023d1

SHA512
1c541bacf8faa4c5ffeefba6b0665ad9c291e56de605abd41a83d819b881399e065ac0ee8395d4b31838ff6f03d8751f560445f9ecfd192614f1189edf3a1cc7

Download Submit
/data/user/0/ir.arzanikamran.ash/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
7d6e68b5d3510e1ca59a1c48d9a53d60

SHA1
4252f02de1a53932d0018a6e9a9e8fe2619ea9f6

SHA256
f6dba1c07855f35a73941b87bcd64f085bdcca618efe4fe93421923baa609b68

SHA512
f84f592f8acbe7845c5b35769f7148537a5c5e2b7601f17a062781f5377033cfcd5a54b5c0ff5faadab504a1a36bbf16fab2b021f8dedb994dbc3fd18675da53

Download Submit
/data/user/0/ir.arzanikamran.ash/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
8d3c9d1641fef7f8ac0dd0a42261e05d

SHA1
ecfe80707394f4acfafc09853fff4695bfc016fc

SHA256
f5c4025419521de6246c3f16574a4dcb7555aef5de8c5dea0eee2aa86f4e883c

SHA512
59e831e22e92d108adad1af67a31655353fc831ab61d1ce2af3ac5f94d45099cad32646db9a4b39cf49baf2d4bf33681b1381c55f95f98793dc1849f7e23407e

Download Submit
/data/user/0/ir.arzanikamran.ash/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
e882b77f9866847b39701b69c9063aa1

SHA1
db3b573c6eff8755f31218ba73e6b697b3640c73

SHA256
09a52b49d56003e0d1661b20189cb7d8904e6a53c68dd2d44c9edd8d74bf737f

SHA512
d593ddee1516e8266c3579efacc804f0255c859956dbc8119da990eff2659d1aa6efad01152a231dcbefe7c31210fc33f62bbd1e2642654c4e902e6af4758d26

Download Submit
/data/user/0/ir.arzanikamran.ash/databases/__pushe_base_lib_db-journal

Filesize
24KB

MD5
8fb39fa628fafeaef61865311385f80f

SHA1
bcf13aed7590fbfdfe1e4ee12a59c53e668f58cb

SHA256
9566eee056eb83ad3f1b9b7abbf97d5c49d648473329511e060802c414650ce8

SHA512
d44115dc7e11767292b2b8bc3eceb3f3f70cf0548c7e7362cd3c7465240546caa74cb1286e397742a46cb1caeef24a396ed692df80bb4757d48beb7c623e4462

Download Submit
/data/user/0/ir.arzanikamran.ash/databases/__pushe_base_lib_db-journal

Filesize
512B

MD5
ffda83dbbb1963cce13162aa6245597e

SHA1
b368a0f11cbf3577a9629f55c612040f8899f6f6

SHA256
18811a08015bf81275ca10f5c792af2623a78443ef3c6f03bd0c617699c43699

SHA512
78aa82fea2bc6651ad137ea402218fb98032ae84ebb246b295d074a3cc223b4b476585fbddbfa05f9fc0cd5113e0165606a4177226bbde50e91a65a4a6783f06

Download Submit
/data/user/0/ir.arzanikamran.ash/databases/evernote_jobs.db

Filesize
16KB

MD5
f791685357e95d15c803dc11beb12224

SHA1
ee31bfed1f38af868fa73dd383a0368206c1c598

SHA256
39ad7d7f83620062105bfbe68204526b49dac45cdedd368b6729ed8bb6a63bd5

SHA512
711bf83dff74b3503868dfc021589a55f239002a3647b5e6bbe14d5a2e6faeeee6aae4b4772d63d5276decfd3fac7f176520565caaa9d0ad5d58d218e0c9ff83

Download Submit
/data/user/0/ir.arzanikamran.ash/databases/evernote_jobs.db

Filesize
16KB

MD5
ba47904d9cc9778e24a31f66eeee279d

SHA1
370757155caa3aa6cc79070416796fe8e55dbd4c

SHA256
81b7f2448b6cea0371cdf8192b6ef1f93f37b91910e5e60bef6dffa050c720fb

SHA512
e0dbfedc27c0052177d1fcc004199c4fa5cc9bfc5514dae307718437bbef413ad0fa95d7192642c45f007d8afc57ffd204e89c353fe15ba864e257cf08271dd3

Download Submit
/data/user/0/ir.arzanikamran.ash/databases/evernote_jobs.db

Filesize
16KB

MD5
fc2e6f7f02e8d90cd7a4b361c9e2d8bc

SHA1
fa4f0494df142215f5bf1cb8f6419967f9d18c2a

SHA256
6d1283d2c65db30911d2186b3cb8b76c65d3df64bf9db83428b9d59c920002bc

SHA512
967fc36b96f9485fd24b3088a154ca20aa061b79367411351d23a3e72c1258046d978fe5ba21e217702755916148e3f8962bfb367cce5b294f9c364425f92ec6

Download Submit
/data/user/0/ir.arzanikamran.ash/databases/evernote_jobs.db

Filesize
16KB

MD5
fd336a2c126f4a2dd8a205cd37b435d1

SHA1
d03b3125e8d629438ec101e23da4219069a8aa79

SHA256
bc1d2a5c63475b2a552247c052003c950fe33032ffca144295984ccf30135b51

SHA512
7555cd10b5d61ff9ce55a65c06314d4ee182a67c31b01ec8bf18b409c27ada1f05d23346888e92719ef9f4709de885c0de9cd8eebb766029e4fc6b1ba6da7a3c

Download Submit
/data/user/0/ir.arzanikamran.ash/databases/evernote_jobs.db

Filesize
16KB

MD5
47080e3bfcf2db9b8620f2faf6c5857a

SHA1
6f63c1851255e0fa99567f047382074b086d38bc

SHA256
dc4f8a73f49d2a6b41ff425fd08b85c1eba5280c438a1a1ff9832e91dfa56cbb

SHA512
e757043d82798926a5ddd716457accf6616894ad1ad79ec832293a1f662910b663239f899bf05a5c8d90fed5bcb093c5529e5bc842fe9003c1d5902f9ed84473

Download Submit
/data/user/0/ir.arzanikamran.ash/databases/evernote_jobs.db

Filesize
16KB

MD5
99a78a84e992e057dad84991f2ca1af4

SHA1
5f5d9358fd30fdba72d7cc1befd246a5d0d7f422

SHA256
4a12b50e7abe69e5cf5848ea0523986e9682b4d63d501aff1390f97c10cc7f95

SHA512
c7b71f0a44a7817a635c9f525e0529ad509ae9ce7de3d132bfcf1def1d602a4c66a6f8f316dc10ec411199a9589ff45d9be7c8b6caca5d0772aafe8442c393dc

Download Submit
/data/user/0/ir.arzanikamran.ash/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
adbacf26dd44542100d5dd2a1ae7bab4

SHA1
3d8f31f41e6e9fd44c2d063541e93b70c146f8b5

SHA256
963dabc7482644a75bb3f41ad2066b06f904b55bdcbd71b666aa12f800f8b326

SHA512
e85cf31125ae47cddc058e640ae0ba3ac2edb20e1edec9bc88e731948a3b8a96074b5fbff953e354d1e8f1747f1b78d17acd6062bdbea49a2e77f33e85c9ccd2

Download Submit
/data/user/0/ir.arzanikamran.ash/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
14089c3f1c0b775f01d6c90349a286f9

SHA1
36a4ad008ef738eae4d8a6b9a4c22dfead839589

SHA256
05323a4fe23d5bb0b6dd9f92331dc6493123440c70ac31ed1390e763ca1c4bef

SHA512
d20a0589475085b6e733a5fa860ace004f3f23e7fa43e5b852158974d0dc7d757a3178e6489d6df1d926ff3a59c6dce517026f7bb81fe226b0c457a7bf572972

Download Submit
/data/user/0/ir.arzanikamran.ash/databases/evernote_jobs.db-journal

Filesize
512B

MD5
ca8705556d27753e1a5a63e9477e5dd4

SHA1
7506fad19c40980632a11e8bc3f845c511b920ed

SHA256
7b3932a3878f99afc5481a79d4cdbadd9b43a5904839273b73cfbcef4904325c

SHA512
2a03af6ea63df3a123b34389ed11ccbc442acaf683682d7490d5c38a5eb2aba65f1c366229e182c65a0d8093013b5ffb853eef5cd61baffd9065542381e1df53

Download Submit
/data/user/0/ir.arzanikamran.ash/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
e8c1111c0440f63d95d55a8f257c4f85

SHA1
8afd2652f0eb7c9b6f933f23f28504c938ba4361

SHA256
aaeafa316bc351d85344876d825743042cfb83953a4a2837769868fc1b4a9928

SHA512
8eb8673866f5413a76c3dad15caaf7c3e4859c11fdc5ae29169b3cf69aa64a5ecc20c9cabb8a6a94b23270c731ab58cb38f05923e6ff8feaf9028bebd11b0f67

Download Submit
/data/user/0/ir.arzanikamran.ash/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
bf26a1968c3b8575b02b035e6d2fb4f8

SHA1
8fb05ea0a8938efd7f30a08cd0b25f883f960731

SHA256
ab2fe1946ca17d930255f3f24fa0bc1d5ad5d1b55de0a26ea3fbc3796b64c25f

SHA512
da1cc207284d4199a9b424f52b52a015bf6ea3e47566c36d5008e11236c8b2c4015a1198f7c29a5b6415652850b00cbd798e3c2e8335f911d2a1c0abeecf064a

Download Submit
/data/user/0/ir.arzanikamran.ash/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
59ecc1a8d90fec9b8cfed79405ac9eb4

SHA1
f65e860b71c15a794438c0989696fb14fc956b59

SHA256
7f0c4e486df662d1202829271569d8b5a765ed25c8f0d263a5e2d1c72b91ee25

SHA512
e688ebd05cbb8140224edc7ec9dd56c7b2a6b717e7dba3db7c279a4948df42f93d131291cb4e2197210a57db25dd91efcb343d9ad789330b7a746dc5a247f17b

Download Submit
/data/user/0/ir.arzanikamran.ash/files/unsent_requests

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads