48d6e3eab1db452c8ce06895827044c3c7be19091ce74016146131dffc3acc85

Analysis

max time kernel
105s
max time network
183s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
28-07-2024 06:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0d6de13394efc4cb03959454c48b49dc_JaffaCakes118.apk
Size

8.0MB
MD5

0d6de13394efc4cb03959454c48b49dc
SHA1

7ac0488cb2479b0051b0ef1c2d5c2a0e6911497a
SHA256

48d6e3eab1db452c8ce06895827044c3c7be19091ce74016146131dffc3acc85
SHA512

1ce8b56a14d26a9b100f6d66432c631e590986c6ca197780b91cd495e5a32c584ce50c42942bb0a182b05915ab9404244b6c77fd2ace0f61d527984549861288
SSDEEP

196608:OuM2r2ziokc8DhYz7bk3eFmc/HMTEhT49FnwhAVBJ:OWDoYDhu7bk3eFmc/HqIT6OArJ

Score

7^/10

collection discovery evasion execution impact persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

ir.ronak.soupha

ioc	pid	Process
/data/user/0/ir.ronak.soupha/cache/1582435991586.jar	4489	ir.ronak.soupha

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

Processes:

ir.ronak.soupha

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	ir.ronak.soupha

Requests cell location 1 TTPs 2 IoCs

Uses Android APIs to to get current cell information.

collection discovery

Location Tracking

T1430

Processes:

ir.ronak.soupha

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	ir.ronak.soupha
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	ir.ronak.soupha

Acquires the wake lock 1 IoCs

Processes:

ir.ronak.soupha

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	ir.ronak.soupha

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

ir.ronak.soupha

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	ir.ronak.soupha

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

Processes:

ir.ronak.soupha

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	ir.ronak.soupha

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

ir.ronak.soupha

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	ir.ronak.soupha

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

Processes:

ir.ronak.soupha

description	ioc	Process
File opened for read	/proc/meminfo	ir.ronak.soupha

ir.ronak.soupha
1⤵
- Loads dropped Dex/Jar
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Acquires the wake lock
- Queries information about active data network
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4489

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/ir.ronak.soupha/cache/1582435991586.jar

Filesize
9KB

MD5
e8e0527a01aefdb89afd2c508f131da1

SHA1
f1103e6b260c657ceb3d95f1b023af3fda8b133a

SHA256
f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce

SHA512
fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

Download Submit
/data/user/0/ir.ronak.soupha/cache/1582435991586.jar

Filesize
20KB

MD5
fde2ee00cbd121cfab5290b078aa3ceb

SHA1
e2b77d5320e155e413d040a8c20020962065b2f8

SHA256
2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685

SHA512
a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

Download Submit
/data/user/0/ir.ronak.soupha/cache/~test.test

Filesize
4B

MD5
098f6bcd4621d373cade4e832627b4f6

SHA1
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

SHA256
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

SHA512
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

Download Submit
/data/user/0/ir.ronak.soupha/databases/__pushe_base_lib_db

Filesize
24KB

MD5
ca6a15aa47c10bbf822d2e9358942e92

SHA1
8852dc89984594a20877b08afebb909fa7a77013

SHA256
caf90b3ca6113ebf4083ad4dafc0fe6cdb4e1d074e6dcb92a843476cbe9a1e33

SHA512
3dc37285ffe5b9a4dd5d396cad0749974e5a7d947227f27ee7f0840a85cda3ad766152550b1b21a4a2d9ca74704fdac43ad57f2e1c404947981761ea90fd04a2

Download Submit
/data/user/0/ir.ronak.soupha/databases/__pushe_base_lib_db-journal

Filesize
512B

MD5
2c3de51c7bfe7cb6a8a40ce473c2ef7b

SHA1
b178eb42da369ad88896af7c05309ab4a1f988db

SHA256
41b42ac528f12ca198981e7eeb81917d26133b5ce9e0ff327b5b0a3a43b5dcea

SHA512
49df3855f1164e13c855e08d87e1f733449b6cb99428c01b2a9002f052fad8cc1c1d0e13b7d20a2297d8dbc0a3042020020458bed112e4170023520e9e636c23

Download Submit
/data/user/0/ir.ronak.soupha/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
469dca9bf62de27fc6e12996a69f3ee3

SHA1
31d2673a40e13c64b7c703416a0e179551ab8b91

SHA256
4a18a8b7c5c8cae9debfb0a1912cc9c934abaf83a8a6377a799ea353799afceb

SHA512
d1998567d0d6c2df3a4af730e6b05c67b6a5dfcd7a1fa399e722a5023dc1553f4e42b47dd7b4736f1281810e54479c94822628658402ac3114ffdb7af2578fe0

Download Submit
/data/user/0/ir.ronak.soupha/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
e0e35fd2b57120415682d33b6ad7cfe7

SHA1
d0af67dda9db7c61b940f124b2fb208294049cb2

SHA256
c80110b9f5ad2ab9ba5cde27e2ab3068f477536a0337eae681d81193a1ad1634

SHA512
ded440b267c239318ebedf61bf8bc0c77d9ae793ea2cdcdf9e3837c87b6d8db71fb9c14e82adf05ddcefaef1eb330febadf553c00c8594dfacb9395de0b7024e

Download Submit
/data/user/0/ir.ronak.soupha/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
2b3703c8b01ea2e31ca4c36c3d2bbef7

SHA1
7ef2829e02781192acb1b77a1a268abdce820855

SHA256
5253293481f6e0ab3bae6af3efb47fab7c6cf606e1337117a0bba1928d1829c7

SHA512
d97c01961ed1abacce78b1f3ed979a662a82478664d9c8ddc564b301a3d21cfaccdb05ec7be0b631710009afada83d3ba74e7f014f437464ccd0acc5d8224a29

Download Submit
/data/user/0/ir.ronak.soupha/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
6bb85277d9d5bc45a4f01402d3825f68

SHA1
22b9e1d6a52cdc06f7d029b5f3214c9b86e673d8

SHA256
188cbe1af2f5e1c2b7f79385223d60c920c396a203c5903eeca560598bc0a108

SHA512
04675381a48336fce18d63402b44a2c07fa7e35e67d132a6d69e11ba0af8cf7063e14d8a9e7d25e1cfb5e6fc841ba2441b7c3866123c00c8fc3adf821ab45538

Download Submit
/data/user/0/ir.ronak.soupha/databases/__pushe_base_lib_db-journal

Filesize
24KB

MD5
c27515fc6994ac92544b59be944f8db5

SHA1
2e26705f3c0cf799a2b53b861672e87d77043b61

SHA256
f84e7699c2549eec06ca6a89414c5e25039afe29fe8e019aeea56af42c16ba8d

SHA512
ee91cf7ee04e520b0cc2609330eeca732678e3f5dea9be94f15e0c0d56ce6a993c14f2395f66e1387838d46ce152ebcf970fdf7c99a5184ad50a28560f3e2f11

Download Submit
/data/user/0/ir.ronak.soupha/databases/evernote_jobs.db

Filesize
16KB

MD5
97b1fe13c4fcce301b6e90ba0760d66d

SHA1
845cd9fc7582c56f10e118d371d1618c575b7c0e

SHA256
5c06ea920f857a74464c34177dce9b9a6b33cbc581fe2b798c63fe2816e6356e

SHA512
a459f443a064025b1a10e6fd981057e9c0f2ff32d801b7296a8f3e0b088e9d8000523cd7d575c0edd4d5b4b60a8d00224565c3bbeefc6cfb2fb04268bc6f3bee

Download Submit
/data/user/0/ir.ronak.soupha/databases/evernote_jobs.db-journal

Filesize
512B

MD5
7701a2e320f1128e58a7fc66afb9ea0c

SHA1
a47e9a40e916c2d8565cef93a707bf2f841ffa9c

SHA256
8547eba9cf6e10e121d8cd1dc4fc8faade40feb7c994fdf4ae0fd454572934e8

SHA512
b32ad5df50939dbf1e2c12011624e4086b017614e52bdb6de4534a1f3c1ed5b244282ac3953eb08c70a3e020c35563846d853315ef621d8e10f966f0f03610ae

Download Submit
/data/user/0/ir.ronak.soupha/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
55c331993f559e97dbcf90d4aa63add3

SHA1
be5786472f3d9857b798ca1a5671f4b59c9249d5

SHA256
8861584096fa98278ef4782f38384e9d058db5add2376730c58604112c1df7c6

SHA512
edd6ea520829147cbababd7bc295257381214e52eec540d04c587d5bddcbae7acae19ef367c66115253dca59eb87fad2c4c5e1865201b935b4d80b392ec3a835

Download Submit
/data/user/0/ir.ronak.soupha/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
1590b8a31f4d4a97f346a2fdf3ccab52

SHA1
6bbcec6350307a575ba6a8e2546e4aa7c54d9b9c

SHA256
de39cec412cc0a34df4064770dab6359b50b0f2d3715a5321952c6f7ed75f48e

SHA512
d41441889809e57a4c5fa6b6fc7b4b51e6e0f23060c98589f79a3c3697bfb9948ab2346ca39228491554d25275cfde4d4dda0e828df864587646087f4b623f64

Download Submit
/data/user/0/ir.ronak.soupha/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
c274f5f3bed806467cf58a657e1fcc24

SHA1
1e62932aa765111277160eb7963ad2338d82783e

SHA256
8812210cf660debfcfe9164cbd36cf0aa756347c8baa306e941b3aa10a201c34

SHA512
629902addf4182c91fd705506039619eb1a8de563d466a9ff511cced66e07ca9036ced239f262ef366a4207947a44a7dcc778e9585159de7f1d4bb6f23819ae4

Download Submit
/data/user/0/ir.ronak.soupha/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
267f869c45f05ded8d3beba248aac271

SHA1
78fd318805fa867a809e6a86aa8579faf592e471

SHA256
053f33437dcfa75c15645eed4b338a36d2ebf87b2a8144687b6d115140c2d652

SHA512
455e0f2980a4d580553f5d656ee1c829b066fe01fcf00b133f531d1a6467a812018c10cfbd137e01617732acf697cc1c7afbb115452b6d78f8c32c78c043f2d0

Download Submit
/data/user/0/ir.ronak.soupha/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
d02f42af176df48f173fd95d83e7d743

SHA1
1f1a14078232f5c7cd15cbb2b54f1b33639e33a3

SHA256
aa56d573f1fddeee8aaf81f2ef1e9b3907a9d2d13b15628896ef78d37e84cc96

SHA512
3a240283b9120004b9dfe0827879ac7d4052a300a6cf86d636d7e409045da66c7bd066a4f0f203ff564d5f4e07b3fd0808b07b65723ee35a1ed62f54bdbce251

Download Submit
/data/user/0/ir.ronak.soupha/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3b7fee0cea78d4b9be2fdb4ce5a5b3aa

SHA1
e4178f312a8537818a2c2e915e0b64ee002c7bfd

SHA256
af2707c892968d09acfd3a78f69ff53db53e882a2b19b4ac57d3df6881032182

SHA512
4808384377edd57593a6186fe9f3623a561e6bcfc4dd021853f05581aa77bc26d7051931590527804e5311d6cf46301d88a8cc3f61ce837698e8a4d0751360bc

Download Submit
/data/user/0/ir.ronak.soupha/databases/google_app_measurement_local.db

Filesize
16KB

MD5
34a0f3384815cfba6444ef3d17c8205a

SHA1
f53608b2c41401b134af3b1fd32f92b9ce2dac80

SHA256
4f65287281992e6dfc41bebf5317be61836d236cf34f4eaccf096fdfaedd7100

SHA512
b924b16a8913292b1ca7873a29d91f20ed0583c22d9253de64854d6c4ffbd3b65aece4d3095c7d8c213727258b7961bf92ed99f3a194abd011369ba22fd2180f

Download Submit
/data/user/0/ir.ronak.soupha/databases/google_app_measurement_local.db

Filesize
16KB

MD5
dbe584f28f83cab864f892251cc1cb18

SHA1
c321d03f1f0a93818c01b7030ed6a48c374d0185

SHA256
c02860e5b828d7fd845c35da3f26f178eaf603735d32b1ce9fed7654d8319145

SHA512
211052427a7b1c4eb64833a8bf1a096b043199744e859787805894b6e5e72ff820100154455c6915500e23a8a3c2a3dd9312c8c452bcf4d51d6852a3cd15e56a

Download Submit
/data/user/0/ir.ronak.soupha/databases/google_app_measurement_local.db

Filesize
16KB

MD5
1c3b6d509aa3eea8608a0d17c5c5a259

SHA1
4f06f9ad4d2836f95fa315faad346785b316a7f0

SHA256
d644ab4425734df48e52dfdabf1b4b157879c20ae3d3bda496c4f1bfe0a82855

SHA512
ff1216d0ccaff92bbd72f56035f75ffadb17166b5bfaed558b52fd7493f8a2201d7e96fdb7e5881351e6467eb16a3404c384435071c20fedada53f7a2f674f4f

Download Submit
/data/user/0/ir.ronak.soupha/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e11508d350c851e5ff3f545f75b13340

SHA1
db5dca6efba82aef45e193a1b812cfdb80883e06

SHA256
88d8c9eadce4fbd9b93b7400b96dbc534dc0d221f79a8a1a38e456e06ce49f6f

SHA512
0e3a2cd80b52f60fb1c070ac99cca14d4579499f1bc498818c57670fc4e79d9c75ecb06a3cd2df16510a3649203a613ea8489fe999cf9475b8558980cfa9330a

Download Submit
/data/user/0/ir.ronak.soupha/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/user/0/ir.ronak.soupha/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
6be84593b26c58a2f4de858ecf6b57a7

SHA1
5b152330fbc503de9ce0c5a33fd58e02ea145a21

SHA256
5cb562e1ffa0fda4d4caba1ee02e63fb262d9b2385767d4f39a7cbf68c3d654d

SHA512
c15dfaeb892857b166e348ccf4dd39f1f320a650227a153ba6039116226cdfa6437f2fcdea8f7958f67eae93c589289a64b2c1c34721396eb43544bb13217285

Download Submit
/data/user/0/ir.ronak.soupha/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
ad81efb48cecad472de0c3b512fd8b1b

SHA1
95db9fe1bf8ade0d5af00ef13674f9505c9d1520

SHA256
b2a4f1fda5e239ff3abe98172935315dec2822b393f343399423d38817f373b9

SHA512
6943186c7e568f3e8fe55d00d23b7554fe0f4cd692187b7cef4c6a4f559fffa9fea7ec892ce9cda5bb0ef37fd6d63f853408b3f0cdc65d0ab4f304bc56e3225e

Download Submit
/data/user/0/ir.ronak.soupha/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
601ad7fd19e91005985faccfd3cde269

SHA1
7e2196fcf3fc69cae198bd1c0a76223ce21b4c8d

SHA256
070803739b21176d302460b20c4774d34deceabf07d3ce1dc39b15615cafc248

SHA512
c4e61abcbead76fea458671b27e721eb4cce514920b3c61fad40482bb7143b0997ef5ea3c8ee42f0d6a5e07f1a6e53f8bdcb29c1ac708a82f0d2b72255267264

Download Submit
/data/user/0/ir.ronak.soupha/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
b470b1f568a2bd61fa84e820aea3d4ac

SHA1
e63629c012dbda7636ea652c1041522677a4bdc7

SHA256
ee2b786c27b2480b38384637f39743cb32e8d067ef14ff1c782efcc4e7c499d0

SHA512
fb721c17ce09c239227ef40c5fb21da6521bf5ebc8e2bf44e083352d34e3cd98de6d6b82348093a5dc1245c9d19d0233f752c4e2a3a24fa0dc8414fb4f6f0c8d

Download Submit
/data/user/0/ir.ronak.soupha/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
dfe680b596277977f105a119423ae12e

SHA1
a19430f5f16039162adc43deb4fadc2599336e8f

SHA256
bedf939f65dae0133656b265c6a89e0f6f1066e6deb62c1fa32fe529459d75ff

SHA512
73ec6694aeebea783643d526c2d98d3a9cfb228aa29504baa41e4a29ad00997287c6e8150105361c31258bdbddbe8f3836d1ac25c9c7bc7e1e77d1db050d9e3b

Download Submit
/data/user/0/ir.ronak.soupha/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
c5291b756eae32659185f9f24aa5fb37

SHA1
8c146c64cefe73070ffd9b2cd020988d811ff395

SHA256
486f4fa57b192c07fb37c159e018335b2c3d5090a2bc7b30bb9e6636bf07a667

SHA512
1102358ac8c8ca8752b0578e6b2df29787a3d949fb3c25de290d517891365c31011c5a9de47687a1760feb4883a2d349cf3f10a6facfb781f2a5f95100a6cc4f

Download Submit
/data/user/0/ir.ronak.soupha/files/info.db

Filesize
11.0MB

MD5
a2a16102ccac4b96a5decf6bfd2c441c

SHA1
6dffa35ff59a6ce6c8283c88ac94c29a6af22e0b

SHA256
a68c5a7ec46b9854dca0faa15a64bb5b998d7828199859968a353e7a5076911f

SHA512
4d540a031f3546c45a259abd95be76d09e819ad3e68f3a480b81a80c319eee40eab605217e7c795a3f980d0e21fcb60353273caa343cdd7f198bc4aac9792424

Download Submit
/data/user/0/ir.ronak.soupha/no_backup/com.google.InstanceId.properties

Filesize
2KB

MD5
d3fdf0ed9297a7c1028d4e68e41f5672

SHA1
f6f1d60fefcf190ac19402a45d9b3e9b761b1dd9

SHA256
4d46ac1a36d37dfdaf26cfcf053970b71449a332c0338f962cbf44aa4e0591a4

SHA512
9e4112bb17fb1a73b89177710b2572381f2c043c0084feae37b5bb33800723500831b6aab85b494537c0818b23996b064904d63a3852fb1586e98972fbd045f6

Download Submit