58f161cdf468811e0d061f12136a1f7981427adf2651351597e995473987f45d

Analysis

max time kernel
139s
max time network
148s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
25-07-2024 12:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6f97af07bb256b736313e842aad4db36_JaffaCakes118.apk
Size

5.2MB
MD5

6f97af07bb256b736313e842aad4db36
SHA1

ca462c6d18fe44dccf269824ac04a76dcf12eb9a
SHA256

58f161cdf468811e0d061f12136a1f7981427adf2651351597e995473987f45d
SHA512

8f5eeec6e84bd162af6808165e26b771cf6b3132bbf35df9179ed14c29d580d1cd98333b65bf1acb1cd07de800651b34b3a409caad2563b15db5ad6fe0f9c14b
SSDEEP

98304:o0tXvi8Vf9IFre/jled3eidKKnjy1MEHD8ddHFwITf3vcwSnFRTmTMCu:oOXvigSrgjkeP1M7d4Mf3BAIICu

Score

7^/10

banker collection discovery execution persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

Processes:

ir.mizansoft.parvareshkaktus

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	ir.mizansoft.parvareshkaktus

Requests cell location 1 TTPs 2 IoCs

Uses Android APIs to to get current cell information.

collection discovery

Location Tracking

T1430

Processes:

ir.mizansoft.parvareshkaktus

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	ir.mizansoft.parvareshkaktus
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	ir.mizansoft.parvareshkaktus

Acquires the wake lock 1 IoCs

Processes:

ir.mizansoft.parvareshkaktus

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	ir.mizansoft.parvareshkaktus

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

Processes:

ir.mizansoft.parvareshkaktus

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	ir.mizansoft.parvareshkaktus

ir.mizansoft.parvareshkaktus
1⤵
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Acquires the wake lock
- Schedules tasks to execute at a specified time
PID:4614

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Location Tracking

T1430

Software Discovery

T1418

Security Software Discovery

T1418.001

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/ir.mizansoft.parvareshkaktus/databases/__pushe_base_lib_db

Filesize
24KB

MD5
3e174b2bd92633df5aef63b2341e87b5

SHA1
e1b0a422648c64d76ad1efe5f4759a3c5b941b7e

SHA256
3b467238b4d06ce3f3051f93e52ad3295d86efb11440ad619b759979bc635546

SHA512
49fe1f213ec19e34a8c33e39e7f07bd8b6b314a4d95aecdb2d422d27d2229b27cdc2fd4b4c652e1cc49c515999fdef7aeb90ce7503e24ca1e08e23a511d3d3be

Download Submit
/data/user/0/ir.mizansoft.parvareshkaktus/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
1a2e993e167e6ef4b9e78509c50015ed

SHA1
7092df7deebdeef3f4917a44d67fc8e46604d65e

SHA256
7a0a15c52bec386746377adf8057ed4bd01c93b938c81d15c8e78e327b66325a

SHA512
f5f6cb7ce04340f52d7db6314043a21513de219e9eb2bb3d6fb98bc62cb1d28e36d85f3369b86a96e2eefb3a9334326e76102ee0f3330516b9a0857488604edb

Download Submit
/data/user/0/ir.mizansoft.parvareshkaktus/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
86910890f801942a80eb862418b1fb3f

SHA1
90f3860f8679ecb487109c18e20fa7a76bddd11d

SHA256
c4068ae674ac31abc31c6e39be7c1d7651571c2f0c7045f00edac7d01ebd70b3

SHA512
b6d1d4346f28e06deebc8509bae68d6327f724fefb84a4d0cba06713d4e362f95d8abef7dc4ed6f46ef156ef290e6717fa351a681df908ad569f6ae7e251be3a

Download Submit
/data/user/0/ir.mizansoft.parvareshkaktus/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
ef30b55107d0b52a29f919492e284da9

SHA1
d26f0174152621ee374f606b72c01e55ba25af7c

SHA256
ff74082f306621e2003366325571bf7a13acc7ad3f26750e6d451f2552928753

SHA512
c379dbba776b56b8c704c55a2928bccf6e04849d98aecfbd8503fae1adeb634794e3455dfb6860d012f269cb43b809ae05303a8e69bf78b433be09d0f8a50c4a

Download Submit
/data/user/0/ir.mizansoft.parvareshkaktus/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
3c2077b0c9addbd07b797c13db4e661f

SHA1
9e9d61749226a3b397ebaeb37fa12f06d8e99e11

SHA256
142971e231d5bf6c956a6e8fe9095b048af9de702b85e4af5747463e1a6045ff

SHA512
445200e9bd66e1e497658be744ed9db88acfcde2a489373115082abe42eff8b637ff92431d72393df3638aeda6497464d7cb56b10fe780ef3d7d52c894c76969

Download Submit
/data/user/0/ir.mizansoft.parvareshkaktus/databases/__pushe_base_lib_db-journal

Filesize
24KB

MD5
0d19ed13b6d7a6874329b566c68a8688

SHA1
a286a55f24398db578297c8549b331e5c06e21bd

SHA256
39cec4022287a4a39d590451b791253f0f9f6130d94ded25bfef7796aae1f72b

SHA512
ec866471a77b5f7d5574b24a23740b52493e2ed9fa8b1579a5a17178708e1ceb27cc91b8ae8ce95ee98f29bde2e6dbe36dca74bcc05d73e1fd529d5e87d03952

Download Submit
/data/user/0/ir.mizansoft.parvareshkaktus/databases/__pushe_base_lib_db-journal

Filesize
512B

MD5
0eb8d41020994a95c82da2c8bd7b7969

SHA1
bb28fe1355be409bd7ee835fc7927ea8c34474f8

SHA256
97da3f0d8425072f428f1564efc859f18c6bd7bca478561bc2e533fdbba14bad

SHA512
af4862fefefbc2025adb2211840b4b4dc58fbd04a62df9780621352f6800f7ed7aebfea333161982fc3868560ba54a2cce3327a32c007172d980b50037dc891e

Download Submit
/data/user/0/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db

Filesize
16KB

MD5
67a95effb90ba8130d98778b3045b75d

SHA1
f768f3e4ae48707dcf4776af98a64ede3279ad60

SHA256
4cd28d7e3fe0bdf5b248d1873747e627c28c2ff441b48db6423d3af61e21ab43

SHA512
eaf26369f73fc2b84ac771456dbfd11c60fda784048f24d3e706f27765c3ae0d7dd0e09c5cafbb915a5474be1717aef4c3901055b382b7f9a04a8b46cf1d75da

Download Submit
/data/user/0/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db

Filesize
16KB

MD5
734302eefc97c52a4858bce6ac5a2fda

SHA1
3638f54b3780255d96dc158274209d433b02ab66

SHA256
061ac4ccc61614dfecb99ac2dfa1585bb3c18456f242dd7c7948af872ac825f4

SHA512
902af9e497a8adabfba965062ec67698055b940f725bea938539c06aca865f3a8b232e3d9c4212218981cd3592189c5b49c45bea94097c818c8e6da5776fdeb3

Download Submit
/data/user/0/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db

Filesize
16KB

MD5
daa13b0d327e9d9cc6ffc8a283958db0

SHA1
597e66316be9bf955f0563218d41f8bf5ba7020a

SHA256
70dc4fc00e9e97e3ce96357a511cdcf8613bc31388aa2ca26786cb906ef458bb

SHA512
a9ad3232803ee3a46f8138668adb7d7cb3e9846b6425677b778320c423e79ff6c6f9d14fbc8f1891b87522ce5890fa16acd7a44fc9f6f6be0b4087818bb0d370

Download Submit
/data/user/0/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db

Filesize
16KB

MD5
11464849dbc0e99244387782b32be195

SHA1
c7631d41a34b171eb6b3cfa9eb1d355cc97e251e

SHA256
d3f91840ac083e18424a937a3989acc7a1098f2992c1253522eeadb89364ebad

SHA512
82229580f8791e1e2aeb752c69f915a22944bbfaba4607ed4f76e9835854492f6512c175c5aadd17e4cdd1b5f68cd391a355c9a9edcba59f90825121b3b20b97

Download Submit
/data/user/0/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db

Filesize
16KB

MD5
47080e3bfcf2db9b8620f2faf6c5857a

SHA1
6f63c1851255e0fa99567f047382074b086d38bc

SHA256
dc4f8a73f49d2a6b41ff425fd08b85c1eba5280c438a1a1ff9832e91dfa56cbb

SHA512
e757043d82798926a5ddd716457accf6616894ad1ad79ec832293a1f662910b663239f899bf05a5c8d90fed5bcb093c5529e5bc842fe9003c1d5902f9ed84473

Download Submit
/data/user/0/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db

Filesize
16KB

MD5
be73485ccfd2d9932542f82c18b68852

SHA1
67da5c59f2c25370bc07e1ecbd003cdc060ae474

SHA256
f2db79c7eb0f852712ba03474f57fe623fdaa10e35d5cfb48ebe7186f6b7392d

SHA512
e8445604459a7897b8239b34762212ad8e54a445ebe9f2b537c1b03aa9a8440d9e8316e598e4487f4d17e2cb7d8a3b0ce96637f0a3814d1f30ff36fd425c73fc

Download Submit
/data/user/0/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
a8bcb5e712309028494d53d9f9a36803

SHA1
1d68138ec645ed3bc072589b13b4e36b4585d942

SHA256
2a8f5086834f3da920c161f5e2a66be8a9ebd2f8390dacdd20afce119f1dca97

SHA512
9f9a9439b8643fd2df36e1729bb7bee7c5b3614c2c9d3aaf952dc89c82f8d585ebe076a40047e54ea1d820022b19267bc0c844802e4061ccc02d56635b7c3890

Download Submit
/data/user/0/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
2d2daeab5ac1222157de11b8f01df1e9

SHA1
882b8537f6d895850d2e8f955c703a612371f519

SHA256
aa6aaa541a63d6b9a16d0e95972b4a930ecf33ad58e39e54e12d69ae6af0abf0

SHA512
5685afb1ae19d70611b3fc5189054184664ab0c66642b95501347c7504e525a8881e45a33d126328ee4b0c160003b74dd010073b3a1bddc80631a34e0d379fb4

Download Submit
/data/user/0/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-journal

Filesize
512B

MD5
cd7b5506952a7b89a3be69714c02e90e

SHA1
7c21a738db3e832b26a52e5afaf784611e4b15d5

SHA256
a9a1ef97950a065711f3eabdda1507d102deba672ad7d88d8c2aff2dbe1520da

SHA512
455c01d1ccdf29be4c89275d3b4f18f6a4b0a0c4bc1dadc5ddc1dd03f5f3c172c4ee98ca49e5cd78409848afb1f08b75f72b0b9c6b24fa7094aed4d4f804a1c1

Download Submit
/data/user/0/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
9f9a76c7cc95e4e35b6ce93d225ff708

SHA1
531b4abfc2256483d4b5288b1c237cd72764ef8c

SHA256
6b3f04d4d6c7061198847481fba10a805322b58a16a0a9b23ca24aaaf537bfce

SHA512
bc41bf0603610ab3cf87da4f4e92d8520d8fbc50e9202aee6dd35e57bae1b68cf6f904b6b6e25d1119dc0620afbab162af301f07bc44457715a8ee2519e2b9dd

Download Submit
/data/user/0/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
21c98a5b26da177103ce1aef8cd3649e

SHA1
2338d6a6ff4cec2780a183885d1e3853c6f798fe

SHA256
6b82504ec5c9696d49d5521309d42bd3d93780def3233a7588f0df5545574edb

SHA512
8a6a755e9a165b037c71be097807ddd8b21f97f9d5db69046935214546a1954860336598e6b7ebc0efad2c5b6b3d85c095414e20942e0ccf5e41c9b747c605dc

Download Submit
/data/user/0/ir.mizansoft.parvareshkaktus/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
b20e44e3e24bb6508583589084e5c276

SHA1
b4263a266abefd2088abb30f3038075c3eb4786a

SHA256
9cd4bf9126322d71b59b00aeac64c295b2c377cb1df3f8bb04c848b27d23e2dc

SHA512
4c91d5a575feff94af72da0f4a41524603a9c42a51f0d300888c42e10c8dabedf8858b3f089c16387c3a11f1c9f76430aa93ab539eba2b4150016ccb869fd846

Download Submit
/data/user/0/ir.mizansoft.parvareshkaktus/files/parvareshkaktus.db

Filesize
240KB

MD5
5d7be72751c19f05b932a5fa4c136354

SHA1
d3e5a6ffec59bdc37dfb5a2d84fbd604fb25f34b

SHA256
0bc318bf2590ad63a249dea5a9f0390b41aa6b5768a2cc3c49838a9f2b1b28fb

SHA512
38afd0d0e3b87fd33fb27a9bec2cae033efef2062a535675e63bf63137e226012610207e79e401f6628b338b67d330b377b5f97ac141b6b2e53db0b2c2f4d44d

Download Submit
/data/user/0/ir.mizansoft.parvareshkaktus/files/unsent_requests

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit