58f161cdf468811e0d061f12136a1f7981427adf2651351597e995473987f45d

Analysis

max time kernel
29s
max time network
178s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
25-07-2024 12:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6f97af07bb256b736313e842aad4db36_JaffaCakes118.apk
Size

5.2MB
MD5

6f97af07bb256b736313e842aad4db36
SHA1

ca462c6d18fe44dccf269824ac04a76dcf12eb9a
SHA256

58f161cdf468811e0d061f12136a1f7981427adf2651351597e995473987f45d
SHA512

8f5eeec6e84bd162af6808165e26b771cf6b3132bbf35df9179ed14c29d580d1cd98333b65bf1acb1cd07de800651b34b3a409caad2563b15db5ad6fe0f9c14b
SSDEEP

98304:o0tXvi8Vf9IFre/jled3eidKKnjy1MEHD8ddHFwITf3vcwSnFRTmTMCu:oOXvigSrgjkeP1M7d4Mf3BAIICu

Score

7^/10

banker collection discovery evasion execution persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	ir.mizansoft.parvareshkaktus

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	ir.mizansoft.parvareshkaktus

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	ir.mizansoft.parvareshkaktus

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	ir.mizansoft.parvareshkaktus

ir.mizansoft.parvareshkaktus
1⤵
- Requests cell location
- Acquires the wake lock
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
PID:4997

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Credential Access

Discovery

Location Tracking

T1430

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ir.mizansoft.parvareshkaktus/databases/__pushe_base_lib_db

Filesize
24KB

MD5
a4e797af5194eecba5756b37073d3204

SHA1
32015288e7706c133ea3f77e3dd1f275ed1e4bf8

SHA256
60cf013cdfd3d9f1a736635cf1186a6be30d8e1da30501422aa76829f11b5ed8

SHA512
8fc2fdd67b890e0c40fb300c0a4fd96c7a306d49ab868cad7230faa88cc4ba1be2407df0deffd4a3e50a954694f31175f11e43e48c86c415498982c2d09bb3e6

Download Submit
/data/data/ir.mizansoft.parvareshkaktus/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
c948b739c29c2ba40ed9da9b30dc2059

SHA1
bba26f820fe8e734e9d5731f0be8fbafa8d25a3a

SHA256
fed2f5fbceeee810ade9eddf7d9b06919e6f6a02365aa164e8de93098a3d1d72

SHA512
3518f592e8d37f67563485b7ebefca9b578645c12b39ab23683d708399a01edc18026bf6e1740e4531035a6aca4227827b28546fbcb74514eaf60308cac3aebc

Download Submit
/data/data/ir.mizansoft.parvareshkaktus/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
94186e412612732b073949bbd4483465

SHA1
9dd4fd31afc785d8ceca8cccbd795ba69f9560bb

SHA256
947707df19536ed38d8261dad77a0db7df8847e8838934f0ede29217d6ee81a1

SHA512
61d3e66b4754316ea9ee2b5e7d664cada0da20237a68a1454ecb81580cc7c36340e28be86da9758199402fc43b63bf7d2a0842f8b2fdefa47c307e5f124260c4

Download Submit
/data/data/ir.mizansoft.parvareshkaktus/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
568c967f341de94844dc7b546f419521

SHA1
e51487d3ba302d96a4e2b1adf1a0a02361c39d0b

SHA256
54ecc853b483755d6c17db756589fa6a1d832f0d0bc3242ca4c6cd5221ab9a53

SHA512
9f21f84a0a6d2c98e42eb51c45ed478a209b52d6e29d1c2a0be04f424901f3ec6f57dbedd90bc2cc6893283e58e184612a97f191d0cb1097e8bbf2ff3e875126

Download Submit
/data/data/ir.mizansoft.parvareshkaktus/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
7fe7581fd390e01b2d7656558c2290a0

SHA1
11c2d2f37f2175592604fe8fbcc87746639a4ed8

SHA256
d8db4c585b772354f350e7d6660dd0ed8c64923054172b04d26b4b3de08fd52b

SHA512
156f3387bfe3813abf5d59b289d42e2964b5cd6f28caf7ba87b47425727952e4c18132846daec579caf9737d5cc8bbfb26bcf3803db8adb8162892cc71bcf3bd

Download Submit
/data/data/ir.mizansoft.parvareshkaktus/databases/__pushe_base_lib_db-journal

Filesize
24KB

MD5
5a72b9c54133b5a26f9f4b981f7d90de

SHA1
dfc98d742cc858c19299cbef7bef979bc4ba6947

SHA256
ea9affd3fb496276a2b9e0a549597a84128176470141e39a0573adb85a34b029

SHA512
dcaed8d89734f2909b087e2ee376f882860a04822b5e2c25fd762131755234a23a909d8bc0f9962c2fe33f67379d9894f237b739bb69e2977e011fb547cee204

Download Submit
/data/data/ir.mizansoft.parvareshkaktus/databases/__pushe_base_lib_db-journal

Filesize
512B

MD5
182bdb93ed0f0a0fb0a2cbbb6a886081

SHA1
b38f4a3d6cd52fb0c5461ce1688fd6be25f59fe2

SHA256
1234791403c0237e2280de8bb8ce32f396e02dd60c12f166081323b8a4839017

SHA512
1512a1219f5cb5b08210b9e53a90201774ca0582b6cad0b5631d524741ab0617aba7605f496f42f26ba6f8afbb91706dc3184bec7a4f3f8c97340dc64beb8d17

Download Submit
/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db

Filesize
16KB

MD5
e6adeb0f8f512e4c3115730b042a5d5b

SHA1
572bff35c10db589d2c8c1a38fa3a90aa4794296

SHA256
b3d28c2012a723028f9ef77319adc2beebe2ce44285caf61aa8ec27ff172e6df

SHA512
8c0d592a37617d2d1f574e7ee85f157e448e824f92cad533ea8e5476f13313793965ea979b0ae1a2377b287804301beb407b2daa834e6eee8204216eb31207da

Download Submit
/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db

Filesize
16KB

MD5
d87f009e773d046ddedc8630e670aef7

SHA1
2e5c72baf7e098f10d2a76cd15eb8017a399c586

SHA256
e22f9df500c5de4070bcdacccad034f91c89ba0001cdeb5c40a5ad379394682e

SHA512
283d8e58d2e1930642959fbc08f4619f3a2dba788d6f88ccf1c999b052c3af03ff2e6a8278c1cb3d09fdbf1156a7755a08b410007903dc27c701d0d60617c760

Download Submit
/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db

Filesize
16KB

MD5
f9d2261af99fa061faa1e1d173cba804

SHA1
4562bab2c6d92848455672195914e8d83f0062d2

SHA256
0ce4da81d3717aa18d92355d3e230ba4b0caab65219bf7dd0bf7a3e17e7fd270

SHA512
435a326795bce22d1c2c36b82715b41515770b57b75a0af29357359817292324f2e174906731033cf94652a72d02db1a99e6f78a782001804eaf4d6a8bad912b

Download Submit
/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db

Filesize
16KB

MD5
714a6d77a9e2573d60f91892032c16fb

SHA1
fc7de9b4fc5ab0c94584f626e05d7a70d8f5a8f3

SHA256
a315d39b18459d0e739c7d2b8d3db1d20cb32ddc4bb8d144db380b929a80b87e

SHA512
bc0311cfd8d80eb15eb8fbb5561c2ea46e02ba6613f06398cc6127b566706ae888362214a7e915aa169f1395ee84c062df1bd7b1af096d4b81fe9441dae7aef0

Download Submit
/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db

Filesize
16KB

MD5
00e829076f54c72b50b63fd6de296a03

SHA1
fbeb1b8be863931f98a7c29224a03b89f9616ab2

SHA256
c479f839c0bc15e9a9749cb5a5a3eef4e09c0163160073477f72fa78b2e300df

SHA512
1c6b0bfe980050072927f8d407ca86353098d03502f7194f141d43c045a3f35103261811281f023262f4823a4fd70659d6802b76e126e991120dc14cdf74bbcc

Download Submit
/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db

Filesize
16KB

MD5
8dc71c284372a650a2cf3c636732360f

SHA1
bacc4683e0cf47c5a1f3a0e044baebc9eb2de872

SHA256
474ceb2dfc42b23ac127105b7048112b2fb1bd78396389245bef9f0684a87e9a

SHA512
207f2d3fd8c87fd30861a1073def22a5a86757058b98925af941ed9e9083e09ead0daeeed236eec6779da56665a5e080bdd28402ab35e7cdbeb09481e18927af

Download Submit
/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
9bdf78782c005e7fb1737e61db20cf18

SHA1
5be747d6dcd47dfde43962dbaf0564b05e40d925

SHA256
7d4d77b76382681f1ac56839c9b4ee239741cc72b144b60e4a174c1700bc84f6

SHA512
b4758ba6329739631acdeb38255c70a5918c5320f7aeb6b7c8ea4ebd5068d3016ab924eff5f39733a2440aeff3fd80f9bb90e4dc051bc776a796ddb94fea1f3f

Download Submit
/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
38e11da7218975c5d181841e378ecd6b

SHA1
9b0626d4018adedf148dc5d74844b7057e1257c6

SHA256
199e57e83cb47c5f753cc6ce89d87da27d83aedec85ac3faa06d9091ae9902d2

SHA512
d6c8b0fa3cffb931c2a364b6846143496fefb14a3843b86e76f1b601c24e88fb5bd62447388f8a194eb2ad992f69c0f92ad2a8295426c045020cb2a9ae93526f

Download Submit
/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-journal

Filesize
512B

MD5
4ea060486ffebac83e25dce7eff87b26

SHA1
85ae4ddeea9efed582ef530fc67531b674e3b6fd

SHA256
c93bbc8c451528bbb688f7d2e46042657d3a460789ce46cc7b16ab77a9e6d5e9

SHA512
7b215e31857ed8cbadc4e680adce043a44c882e46ccedba7fd0a2bc56b0d5ddb70006676c319d8ee30825b0c2ec5693cad604e008de7c3e1b094b292aa0bde25

Download Submit
/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
7e07c5aa073f3cdf8724f19156735ee1

SHA1
d96a3a3e6804ef48b7f2694820337370bdc472bd

SHA256
730eac8e6d8bffdd597f54e700a0f6ef4ac3b4499ebbcf955b483afaa25b47b7

SHA512
612a74e4dcfdf0c251f18f5772d40371fc4b914be3dfb68e2b613b4d787ec8484372a19cd9b3779bcc3aa64b2c9843fe20b0f7f30eae6256f4de6261d39a270b

Download Submit
/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
812311c1291df597f82c7b0424cf1eeb

SHA1
243cf84b2745270ec789d36872dd39044ab0ed6e

SHA256
b10328f6bf584f9d3305030ac38411ccb56c0dbbd565b12697eaa1be4e67eef6

SHA512
43604108fd3d5d971b3274475dd2c3682b42139d4108b1909f23205af2dc66e49269da3861e3f9fbd576e5586155a757c07688742c66d2a589a892f28cd9b2d2

Download Submit
/data/data/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
5cf80968502bc447986b050a6a355e33

SHA1
cfa405cc1f150e6495e0138774215d9ed2e8147a

SHA256
ba70350338789cdb26055fb5ce1541b7aefce64181da44272e5ce0b65c69a7cf

SHA512
08f3d17485583dd3c8426ab7f29c67c6705121fbb32f76653d9d920ab04637999f7ef5595dee2f315972ef8d7cbc6f5fbd4d36052c17710b5f6e38ca7c2e1010

Download Submit
/data/data/ir.mizansoft.parvareshkaktus/files/parvareshkaktus.db

Filesize
240KB

MD5
5d7be72751c19f05b932a5fa4c136354

SHA1
d3e5a6ffec59bdc37dfb5a2d84fbd604fb25f34b

SHA256
0bc318bf2590ad63a249dea5a9f0390b41aa6b5768a2cc3c49838a9f2b1b28fb

SHA512
38afd0d0e3b87fd33fb27a9bec2cae033efef2062a535675e63bf63137e226012610207e79e401f6628b338b67d330b377b5f97ac141b6b2e53db0b2c2f4d44d

Download Submit
/data/data/ir.mizansoft.parvareshkaktus/files/unsent_requests

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads