58f161cdf468811e0d061f12136a1f7981427adf2651351597e995473987f45d

Analysis

max time kernel
38s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
25-07-2024 12:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6f97af07bb256b736313e842aad4db36_JaffaCakes118.apk
Size

5.2MB
MD5

6f97af07bb256b736313e842aad4db36
SHA1

ca462c6d18fe44dccf269824ac04a76dcf12eb9a
SHA256

58f161cdf468811e0d061f12136a1f7981427adf2651351597e995473987f45d
SHA512

8f5eeec6e84bd162af6808165e26b771cf6b3132bbf35df9179ed14c29d580d1cd98333b65bf1acb1cd07de800651b34b3a409caad2563b15db5ad6fe0f9c14b
SSDEEP

98304:o0tXvi8Vf9IFre/jled3eidKKnjy1MEHD8ddHFwITf3vcwSnFRTmTMCu:oOXvigSrgjkeP1M7d4Mf3BAIICu

Score

7^/10

banker collection discovery execution persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	ir.mizansoft.parvareshkaktus

Requests cell location 1 TTPs 2 IoCs

Uses Android APIs to to get current cell information.

collection discovery

Location Tracking

T1430

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	ir.mizansoft.parvareshkaktus
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	ir.mizansoft.parvareshkaktus

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	ir.mizansoft.parvareshkaktus

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	ir.mizansoft.parvareshkaktus

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	ir.mizansoft.parvareshkaktus

ir.mizansoft.parvareshkaktus
1⤵
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Acquires the wake lock
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
PID:4260

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Location Tracking

T1430

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ir.mizansoft.parvareshkaktus/databases/__pushe_base_lib_db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/ir.mizansoft.parvareshkaktus/databases/__pushe_base_lib_db-journal

Filesize
512B

MD5
538110330202604b1a37fb16130a21fa

SHA1
2cf140f9bf3a43814d0706f6eb7de84bd9ef217a

SHA256
a8737048ca9513af30008c541a961cc8e2820cfdbea9909f74342f7375bd719b

SHA512
6ccb1f8044b30b118f04d9ff1bed42a976a5952b557ef86f6fc75fa379ea59791bc6da80623108b1681ce5cab617cf7e5c441d3de144c96db50d7657ce7ac684

Download Submit
/data/data/ir.mizansoft.parvareshkaktus/databases/__pushe_base_lib_db-wal

Filesize
156KB

MD5
18dbb8a467ee1f3550306068b70bb053

SHA1
5ad3d401c1c5a94d5c3bec0a3eb55037b4766e75

SHA256
1ee2a6ea127202ea90b7029bf88fd17117bb62b9bffca69d5e0977e493d7bbdb

SHA512
90dcb2490f08e34bd7d99a6cf557c2cf76f3969901794357d94fcf393b33276c5926fcbe7e7d46f5e5fc4311886efe34efad2e802c6487a1fe11acd3e8336bef

Download Submit
/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db

Filesize
16KB

MD5
69601f8e3b1e064b967562ca31f20736

SHA1
d738558363ff3fae116da770fc84c95005b09e07

SHA256
8bd0ed016ff8a3d801b6a89e9be3424eb5b719a578e5ff05e9c473d8b7095717

SHA512
8cd01833bc87bce1c5aeef70632760b896792135528a833944e1b8d77faf4300f5ae6dd93b9a1c066a73286a0694340bd26aff9352d861ef41c77e69514e51f1

Download Submit
/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db

Filesize
16KB

MD5
d30d3a36a77fbf93e9096744810b3c4c

SHA1
660ac94f3334e5f847a7173c63c21cdab083b5a1

SHA256
160d99748f6802a722dea8b1660bcf48c63156f331273d776788edc700fac0fa

SHA512
cebf4cded1aff9c07a073bc2bbae2b4d59e3d26a63aa7b1619288afaa3f270dd0e23b5df7bfc58d930154897846ed9d6ea588c06aadae07991e269a4c8235376

Download Submit
/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db

Filesize
16KB

MD5
978fdf85b8448e3a7c9015e51477eb49

SHA1
793bb88398dc9457935a4416638d5ed3974baf19

SHA256
8f72919eebbe45ed6d33b7b763d7e45d76a880128aee9aa5c29d28ab79689a92

SHA512
852b2d3e2607c96625e9bcd454c702ccec6a0f07aba3410976d6400ecd2d48ccc92d93c8ce7fcc87a622d04357bd6805a996f11d339ca7fc3eab99c0e991fe38

Download Submit
/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db

Filesize
16KB

MD5
9b2caa51b9327dcc3b6463b0e3a76c85

SHA1
a7d9abf90664640ddd03210b754c4c02ff57263f

SHA256
0a0d5de82d7fabbc5d5bf2c9d8dc5920760614be91d15b6e04ced507faef02b6

SHA512
29546108e74402a615d37e4b1ba51bbb1ddd21e74b18a10f3500b4c1b3197f321ed1799cfd8e3b069a00ea4b2d397ef0e457fd764e2938f92599c7d9ec414bdb

Download Submit
/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db

Filesize
16KB

MD5
aa1dfbc04d0f9541a9b2cba2d679d6bf

SHA1
4bc0f4707af156087c330f2fd98230b3eed38a78

SHA256
df553d785b5802d3ed67f068236b5a0abcbd60fb5668e7cc82df304cd7bfb5c0

SHA512
4127b4e9d8ce8011a58bc759249cab63032d9bf1420ca46e921f7b482605d19e49fc0ac1df9a0c7c98d4b39d7527185cf25bda35bd2bd1e1282e972c066822dc

Download Submit
/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db

Filesize
16KB

MD5
81c5364af84cb258f4c2bfc5821603e7

SHA1
1b55f7b245a799638a39dc30752fce04f1cfecc8

SHA256
cf97a8e060e5bccd2157f0db0a493b14c58388a0953896d545ba6acd2b70b82d

SHA512
874d621d75451d6948727b4af164c91afd36da4240cc4cec7a99ed94f95f38839b13bc0c9df62f7f13d07d06b102ca124194ec1cc6985027d12259a7dd4fb39b

Download Submit
/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-journal

Filesize
512B

MD5
153f4697cc8255ea831d2ce158dd9a4d

SHA1
4e53f9d187dda20437d59cc827d620b790d9926c

SHA256
9de20d93a4534e4c9a6d5a6250fffba2e384e9e462535446156c497ee160fc16

SHA512
2b7c09a4f60ece25522574b8c90f41135f929cb0ddbabaa95e0cdb773e81bbf13865cf8bc22b89f632f1237fb22a307c945ec01531d6143396a7a82b85e7fad5

Download Submit
/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-wal

Filesize
4KB

MD5
43e0b2c2d26139ac065e4823be49fc8b

SHA1
7df33a1cc80b42eaafa6533fa645aa39c62b1cab

SHA256
fba31f842ca288507d7fc525ff09cd48ff166301b9e066e22b7fc0f7b949b612

SHA512
5ac282ccf99a31884fa7fd0e29b86d344ad2acb7b86e8b150df27d3882497eb39f6aa4cd43bdf478b812f53a1101bc00c3683884b47c2e4a341139919de52527

Download Submit
/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-wal

Filesize
4KB

MD5
da23bcd39c3cc8d13d19248e0a09f179

SHA1
678963473276afb207e1c3e0127f794773d33f87

SHA256
6ac0eb6f409021b15f2ccec57cf6394b1001ced4f0291517ef9767194f7557a4

SHA512
942b1888f195828ed461396f22f105f6cdd863e5499224c33e32e9f08e423fcf680d8cca332e701e6862ad8b297f04a6812837bd43f737ff8928d37261fdf4b0

Download Submit
/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-wal

Filesize
4KB

MD5
d81029f4cc39ffb95e0afadf6c24be6b

SHA1
8c4170d93b97a70523603fce66ff3a1ea2b53da3

SHA256
d5d16dfbd4fbee7cc2c7a059efae4a14e55f20f0123546502d01ca029beafc3b

SHA512
c2894307abdb21a27ecf00e6712e013c1bb3e23c727d4ccba18b5eea7d6fac155767280bc1c79f40cd9baca5c7a1b726d906df4908137fcc77cc6655b3949bae

Download Submit
/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-wal

Filesize
4KB

MD5
1119cc410e0a8a38b0aa7db34ba2572c

SHA1
2849b51d799b40e9145af01f13db0509ac105ace

SHA256
2277be81d16821da1e438df6a7626c46c6d63374f7c74cd6c7a796e42637c68e

SHA512
1ad821e5e8fcbd15fc1eb91eb9050729667f6453a5d971391335ab97846407f367fd1cb27587950aa8d1dd17cb4e5b5b7a6b472f7266d64ce16f4e6fd2acd8b2

Download Submit
/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-wal

Filesize
28KB

MD5
dabd7c6d8e20137df0694eff1defa8d8

SHA1
d5875b3efb46e641a9bdc949d7c18e4aedcae16f

SHA256
01381e7ed89d7c4a653251cd49bdf90c97f86475b52b6bb7257059476360dfc6

SHA512
c46f8c188eab32fb199a6c68a6e73dbaaf40d123dbc57c00921c341e4a81a4c1c68ad0b882ef264e3c32e7009797e2d089dece9a7a97858cddc719d03da212aa

Download Submit
/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-wal

Filesize
4KB

MD5
a3ecd6bc2e0c5fb908b8f15c8f042bb4

SHA1
7fd4201460f0e19cd0066fadf3d85130bb5789d4

SHA256
50a44a415415ffe5f8ea010b60f4d219a7f3f79156343273cf4713494a96f177

SHA512
3609952dd20235d8f8c89955b92ee1c33ab63b3736ffbaad3c11f594d50090b488ddcfe99b276110fc7cc833d73384d54998cf76a452e29fc50235e56046f459

Download Submit
/data/data/ir.mizansoft.parvareshkaktus/files/parvareshkaktus.db

Filesize
240KB

MD5
5d7be72751c19f05b932a5fa4c136354

SHA1
d3e5a6ffec59bdc37dfb5a2d84fbd604fb25f34b

SHA256
0bc318bf2590ad63a249dea5a9f0390b41aa6b5768a2cc3c49838a9f2b1b28fb

SHA512
38afd0d0e3b87fd33fb27a9bec2cae033efef2062a535675e63bf63137e226012610207e79e401f6628b338b67d330b377b5f97ac141b6b2e53db0b2c2f4d44d

Download Submit
/data/data/ir.mizansoft.parvareshkaktus/files/parvareshkaktus.db

Filesize
4KB

MD5
b25970f02db671c22b66221ff8c9e39b

SHA1
c592ba793f0006288ee9fe867be171b5d3f3dd93

SHA256
cd232e45e78d6ad700ecf11f6b6ed8e0eadec475586ef9cfae0b4bf1dc8a7ba5

SHA512
e6274aece21b54027c3905cf1f8a8c660bd590444c92e2443ae258f7c6de08535d7bb4056fed29e063134b815d34a7b579cb75a6a2033ada966d9dd8f55f9fbf

Download Submit
/data/data/ir.mizansoft.parvareshkaktus/files/parvareshkaktus.db-journal

Filesize
4KB

MD5
9c507b439004d082cd65394e95cee186

SHA1
efdcf936503e79b1afd3cf40835ee33cd6293df4

SHA256
58975920da190d9c1e806757431cadd8c3766fe1fa44fb04a3e21bca089a70ea

SHA512
191fce96e4681c378dbbacf87e6db9e75af311179b5e499d5b592c44a94c3c2cd529c27aae1376fa658607ac5c5876b7853956676a95bc68ed3ce1283440e3e6

Download Submit
/data/data/ir.mizansoft.parvareshkaktus/files/unsent_requests

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads