48d6e3eab1db452c8ce06895827044c3c7be19091ce74016146131dffc3acc85

Analysis

max time kernel
47s
max time network
144s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
28-07-2024 06:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0d6de13394efc4cb03959454c48b49dc_JaffaCakes118.apk
Size

8.0MB
MD5

0d6de13394efc4cb03959454c48b49dc
SHA1

7ac0488cb2479b0051b0ef1c2d5c2a0e6911497a
SHA256

48d6e3eab1db452c8ce06895827044c3c7be19091ce74016146131dffc3acc85
SHA512

1ce8b56a14d26a9b100f6d66432c631e590986c6ca197780b91cd495e5a32c584ce50c42942bb0a182b05915ab9404244b6c77fd2ace0f61d527984549861288
SSDEEP

196608:OuM2r2ziokc8DhYz7bk3eFmc/HMTEhT49FnwhAVBJ:OWDoYDhu7bk3eFmc/HqIT6OArJ

Score

7^/10

collection discovery evasion execution impact persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

ir.ronak.soupha

ioc	pid	Process
/data/user/0/ir.ronak.soupha/cache/1582435991586.jar	4996	ir.ronak.soupha

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

Processes:

ir.ronak.soupha

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	ir.ronak.soupha

Requests cell location 2 TTPs 2 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

Processes:

ir.ronak.soupha

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	ir.ronak.soupha
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	ir.ronak.soupha

Acquires the wake lock 1 IoCs

Processes:

ir.ronak.soupha

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	ir.ronak.soupha

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

ir.ronak.soupha

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	ir.ronak.soupha

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

ir.ronak.soupha

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	ir.ronak.soupha

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

Processes:

ir.ronak.soupha

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	ir.ronak.soupha

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

ir.ronak.soupha

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	ir.ronak.soupha

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

Processes:

ir.ronak.soupha

description	ioc	Process
File opened for read	/proc/meminfo	ir.ronak.soupha

ir.ronak.soupha
1⤵
- Loads dropped Dex/Jar
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4996

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ir.ronak.soupha/cache/1582435991586.jar

Filesize
9KB

MD5
e8e0527a01aefdb89afd2c508f131da1

SHA1
f1103e6b260c657ceb3d95f1b023af3fda8b133a

SHA256
f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce

SHA512
fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

Download Submit
/data/data/ir.ronak.soupha/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/data/ir.ronak.soupha/databases/__pushe_base_lib_db

Filesize
24KB

MD5
1fd9d36e8683587330130da9b34d42aa

SHA1
16fe6b184dc1169721438fc3b3e6c326dc184a93

SHA256
7a3581322776c7abc19f3430f06d336a927e193d3313297e00b6c654c4e1a389

SHA512
ef8c31235c796da93b5ca6c5cbfd7c9977474104e39249fc5b7ec8746a15fd79f7cdc4c25d93ee1afb46e5ebf79466a96cf9f668af22258fe9672187d3cd4f69

Download Submit
/data/data/ir.ronak.soupha/databases/__pushe_base_lib_db-journal

Filesize
512B

MD5
e008132b31d516b823005a9ede530fde

SHA1
e35243bd977287dcfea921bd39c1920205c8b206

SHA256
7d3e68dc34e4a035e213d5ffaa0c0d497148de2e4efa8e21771adf114a2618ef

SHA512
75e9916fdfd3962ffeb09812c4b4a68a7e22e14a38aef81eb9f7c75660e72e4dffff47ef053b4b3660b9ea78adee4ed809ec6aba4304fb8b41b8d091de3da60c

Download Submit
/data/data/ir.ronak.soupha/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
b7033ea3a0922e67d7d23b1095c04c66

SHA1
f865c9e1c81c6d57c128dae190a828188296a6c5

SHA256
cd56f711fd17be013f3009c80ad72e6e0370c7dcab80cc0666b59ca1bb917c3f

SHA512
46111076407190a5b53e63b7d423c8658619beacff20b6ebc58c24622b3ac12a0254676273d1ab6e8c5c6d4753a0ec26cb741da0786c49e20aacc36a11c38b25

Download Submit
/data/data/ir.ronak.soupha/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
5be9990aa15e8b4f9fabe141d75bd6cb

SHA1
284fc206da90e5e6838cd8f1d856f72fb6911338

SHA256
16554231a77052325f8dbeeecff6a3e0dda9ee994f2c23ab5d8c4afdfa49da0f

SHA512
f91b61238828da30339b052ce737cf1184e095df61b277d72a5dcfef3f90fe0d8779516aaad9e2adb77c30a0f6aa230190232784aae1c9621c7702a8322cb1fb

Download Submit
/data/data/ir.ronak.soupha/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
35fcf0d35567992dd12995005763766c

SHA1
1a3e90602d7c411b6b85d737a0806d60858b577d

SHA256
50534adf1eb3564b366eef502134b6b93fac263ff733901356f483f953733fbd

SHA512
eafd98cd484d841f5c77c786a73327b96b522e375f37c321f89e37e8b5f0996d73388c8957de0405416f0544f22474519239216f0b84cc20f0de4af1c90338d0

Download Submit
/data/data/ir.ronak.soupha/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
06107a68a96fe6ebe9c6ecd38e502bf0

SHA1
f87414c6d2261aabcc63d8dd60ab6c7a3c3bd057

SHA256
6526226442ebc98b5101c00dc6e84f11600e93b3b1c44e4dd715c5d6099fa426

SHA512
0e63a6ffb5826ed7abb6851f33b4322753da3f239df023f64025c1d0aaad2cf2fe7dd6523e96e6318ce6b101669819300ff3109a03b4866a6215e900abd07eb7

Download Submit
/data/data/ir.ronak.soupha/databases/__pushe_base_lib_db-journal

Filesize
24KB

MD5
b297268671cdb5a84d8e830f702b177b

SHA1
84fb9a75cd7f64e8a3582167e74e0c022a9a7dfb

SHA256
604ac2761a2eac8189715e4548beef18d076ed3a686a6007aa73469e9b9273a0

SHA512
9d5b58a41223e4f0c82cbda28fcca47027e418336066384ff02882a829dbd8229ebb7c21590a1b7ad721cc92f02e456d2092cb83a120ba06c6ad64978319f1b3

Download Submit
/data/data/ir.ronak.soupha/databases/evernote_jobs.db

Filesize
16KB

MD5
636748249c91549407c935b47979c5c7

SHA1
01582da4053affea89683537adf8a3a27ef4b2ed

SHA256
60572a67b34ca54a4b81d8db8cf5f00fe953430d3e1ffb795d65e70aafb6add7

SHA512
16535aff184fab627d97d944a939a4db35bd98c2850bd4f882c02bfb4341ef1bbe07c59ca5a6b0e264aca4078d3aa8d037c3acb5985ccc8feb02deddbb224f2f

Download Submit
/data/data/ir.ronak.soupha/databases/evernote_jobs.db-journal

Filesize
512B

MD5
9988ab40bfec64f97773456be35ab29d

SHA1
4dd614a75c353fbb5fcb2f48d051823fe4a9a44e

SHA256
eb4ac08b862abf472aee327f149fc327f8a90c916fe5116eb194337e07473614

SHA512
044bcb5359cc08259dee3e469030779b075ad53e496b42aadf20104f79499d1c66bb259055599ebced1fd22a7d55780674dab30fee216c4a10f5ca85c25525cf

Download Submit
/data/data/ir.ronak.soupha/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
9e6182933678052a89160b1bbf19f845

SHA1
d0e92047c4d0adf2bf2bc6a114ba1523e2f0de7b

SHA256
90284e31170115a39bd5000af58d0ff51f7a63612f8830a1151df72f5673b424

SHA512
fe9930effcb5a5c3e244b943fd436fb307eed6b654775bf8d3fa650fed2d223e4c4e04bb6421e28785b6b214427ad994acefe5c7beb8658d12a4e427db0177bf

Download Submit
/data/data/ir.ronak.soupha/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
1c199e0d102d1c625e33fc0df33bdb4a

SHA1
276424059d830be3ed993435fac125f35ade452f

SHA256
c2612cab85a7c39c40e9e595267d5473909884aa41185714541564b7cf9ddb11

SHA512
3c06b997d1cec9b382f05d4b87c7891e0b013e27781baa478104192f18ab0208aaa87493a536ee441bb78765eb9c43ea84ce61400870b18f7775de03f75928f8

Download Submit
/data/data/ir.ronak.soupha/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
f6a4303fcba156f1edfa207deec92ba8

SHA1
995cf43a926730f6f60806d43dfb66db31f28e55

SHA256
558247c4b8a26d89e51c4e44f327a5cd7e622d73689fc3be38870d732d11d7cd

SHA512
61209b23822361d1319d59995a0ecc4ffc2db208c39f1e81f2123d1e3ca79374335900b910d7837b562311fab6fca6795547ce4cee6f31509b0b2aa481331081

Download Submit
/data/data/ir.ronak.soupha/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
aa542e37b698d1b4151c8ba8cba1e41b

SHA1
5a9ce764709df34f8c14bc1813fbefe6459254d0

SHA256
aeec29c2fc7546dc0c781b0595c209f3baed81c6d9ad40e3b25f52adce8a9407

SHA512
8398d1f1340436c602ef3315d5c8b326ee753e88bc7a9b56b07148ffc658c68a71fb84c1a1426ef8f4494108e21f732be9a06fb344a9f4b042bb1ad132762f6f

Download Submit
/data/data/ir.ronak.soupha/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
a9cf478887bb35aecc82115f3ed21e8c

SHA1
802a99d6e28dd2b756c44fe8a7ceb2d90badc04e

SHA256
9b368ac56a26c36e098efe7cb636b3daf91af978dc2d85e0ffa6aa70cb57fcdc

SHA512
cd693363ed4b080f1bd29c2367a0f8e01ca058b20fc702791ad35ac357ea179eae1fee3710d74ff3a4b9aca1c7de8ce94d36ca089698c0a3e1390837583fe71d

Download Submit
/data/data/ir.ronak.soupha/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ca27f98fb26c985bde816c5201ed4b85

SHA1
1bc17e994f19d9988365c3ddac5500cfd25de5e1

SHA256
08d9e2643cbb2580d3a7ee9a940cd01e243367e925b42b1ef93dffb1f8699fc9

SHA512
fc74727b4850b9d510966efce9ddc730875143433415b1bc19819e4236128b931cb515d64e6fbe72441132fd62a88d5aaf56b89dae64e88df54f41efc8e89ef4

Download Submit
/data/data/ir.ronak.soupha/databases/google_app_measurement_local.db

Filesize
16KB

MD5
bd09f01e5dbed940f1d5fc895d0cc383

SHA1
e675aef3692c8c4e7b752e0c696792475e9ff9bd

SHA256
a359279f69783b91d6591b925d0737b1bdb17825151fdc83027349db106e6074

SHA512
b55ffa3bd2198ae6488d2a328094158fbcf489729a319432bed9e7a7b45a0b6f8384be653f665fccd0aae35a5594dbe460373f1c148e4f9eb6e3d1c1f5273872

Download Submit
/data/data/ir.ronak.soupha/databases/google_app_measurement_local.db

Filesize
16KB

MD5
1d9f0683979d64b00940f0a2ec31350d

SHA1
f395e2d9b91f424b017e13a9c9822934f4ce93fc

SHA256
5f9ef4f38dd7f9f622b0d1363e3f2d01e7875810ae004ca236f67cdd10b12127

SHA512
cc9717fc75e140da868f1fce4448e69b72ae8f0234d82af85b02e5c5d8d12e0462b24ca32630231579b5ec9c0afde8e4dc3e513aaec9230bb0eb763d21ef90ac

Download Submit
/data/data/ir.ronak.soupha/databases/google_app_measurement_local.db

Filesize
16KB

MD5
9340c6967c475f0b63680ad6a03d9d2d

SHA1
76788fde4d2f97436acfef4fcd9c9d65c7fb667f

SHA256
9546e6471164ea5c1a232090a4afc0113b6d1e60853b8785987117557bbf4d64

SHA512
23f55d0c42486b1c6894224cf584d20ded563eeeaca5ed3c19356565157c4a38695e0c2376c1c4ac0dd54ab556a387171f531131a2bb657aa518bb2651f8b5ee

Download Submit
/data/data/ir.ronak.soupha/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d2845eee747d763d7fcd0542c31e4578

SHA1
e3c77884173f1d760fc4af130a3572094aefea10

SHA256
acb3d51741d0541bede39514a7eb7329b793164de404bd840abc165ce01a1314

SHA512
8e116650ded8ca5087671390b11811512c72b1d235fd8228d7e6952dacaf4df79380e6f0be1b5568ac831696956a615f6ee0247d138c271ed042e91cf6b6e218

Download Submit
/data/data/ir.ronak.soupha/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/ir.ronak.soupha/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
31f99957e59e12f15ac9b720e1e24558

SHA1
d2f7c3db875e92e35760b68d7281c0114e717911

SHA256
05bce8be23f95e81d6f16b89c609aef1ab0ebabd970ad8b2cade1085b90d2dd0

SHA512
a4e3f156223b0d3fb6f60f3db5d976046d53336768eab6aa6c52631c3a68b7b9c565aba9b86f81a055d54451fad84ca952206975ab69f79a577751cbc34de76b

Download Submit
/data/data/ir.ronak.soupha/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
a67f02c10e19ed23a1853ea3e22b921e

SHA1
4910f82e5a72ea3adbb39c56f49c7599cfb9a98b

SHA256
13756ebac66a54470875f24123c50f8ea6f61c47f1d53250d66722769904316a

SHA512
561715237dfb9331c4d00ab1d41b0b9838194fd5bbb7bfd9d220a4ad9e9fc4135931758494cc4a0f3d9392b17ac96468056207cc57e312a55c83e0199bc11447

Download Submit
/data/data/ir.ronak.soupha/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
c2e8b4e8670ba29904d55aa9d947165c

SHA1
aeee2220789f611e90d06f8c4339a2d604150990

SHA256
fe5f94a84bbdf8f30cea0d89a56565ab9c3dae49c27e258c736daba106dcbae5

SHA512
d540c1ffcc221645efde387855821217a5fe83a843122963036f1015aa916ac1d5a5f4a201a4a0f4eaa97b22c8a6d26051f80856a136b5a811cf5c8d44f806e0

Download Submit
/data/data/ir.ronak.soupha/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
89c2ede547581d489d9408740cb479cd

SHA1
5e25b435ebda1a7bc3929b11a07c5ad518725546

SHA256
793173e1cf4b7818b048ef0b030d88b7c90755d6482a0755c182e2740b076e39

SHA512
c840084a605803057885cdb0a544b31f99114bd451815933a6f133aa9cdcdcb53fc86d218aa72467b081ccfcfb37dcd11000c33bc7dd1f76cb56192d17759669

Download Submit
/data/data/ir.ronak.soupha/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
4a900018520bf5d7100c53fe5abb6177

SHA1
225257063f600f07724d143658d2f25f9e9be3f9

SHA256
7253ecbf7bd56afb71f2ca6e71ac9efa9fbb7e7e52eb8402bb5ea2bd0720d53f

SHA512
5481b28503b5eafe5c0231c35de9d28d55f5291358e153d1b8489391449c20ae9c7dc8f12c66143787faa435467150c6863623d2a5e8200a4c402cb568d51f3f

Download Submit
/data/data/ir.ronak.soupha/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
c4bb9c23e7b835e3319a7df61a7d0f75

SHA1
4e0762d459d67ded598650e28c06e9d2a8dc7313

SHA256
f6b4aa44b548c8ed3895b018880dd91f98080cb9796c4ccdfe1cf8b7d9986ddc

SHA512
5a98e8961892d06d9c11e411181ea330d65df0127e149075a1ddc294253ebc8248feea8d5acf8f46eeff80918ade17f18bc3841e838f11a8d7c7e7283249b57c

Download Submit
/data/data/ir.ronak.soupha/files/info.db

Filesize
11.0MB

MD5
a2a16102ccac4b96a5decf6bfd2c441c

SHA1
6dffa35ff59a6ce6c8283c88ac94c29a6af22e0b

SHA256
a68c5a7ec46b9854dca0faa15a64bb5b998d7828199859968a353e7a5076911f

SHA512
4d540a031f3546c45a259abd95be76d09e819ad3e68f3a480b81a80c319eee40eab605217e7c795a3f980d0e21fcb60353273caa343cdd7f198bc4aac9792424

Download Submit
/data/data/ir.ronak.soupha/no_backup/com.google.InstanceId.properties

Filesize
2KB

MD5
dc7474dae2c33e5cf86692c7edae9fe5

SHA1
887754268509b513a14f31600a5252acb575dc02

SHA256
5062e17c5a0321b0cc460c3c0f28471c7b7f9ce40ff0183d9941ab22aae3b077

SHA512
2a08a161f34dae91ce5750d15ee5f7907549065062b755d81eb6c0d8cb3e23b8dab6661c3be649862b2cf3e66d54806b320a32881541aa477ca210e604721517

Download Submit
/data/user/0/ir.ronak.soupha/cache/1582435991586.jar

Filesize
20KB

MD5
fde2ee00cbd121cfab5290b078aa3ceb

SHA1
e2b77d5320e155e413d040a8c20020962065b2f8

SHA256
2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685

SHA512
a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

Download Submit