5ad64a6117b913444409c5a50500d8cadcab23acca6b08e100b379308dcc738f

Analysis

max time kernel
28s
max time network
180s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
28-07-2024 16:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

17b550b857afa34e22de97352e5e4bcc_JaffaCakes118.apk
Size

8.5MB
MD5

17b550b857afa34e22de97352e5e4bcc
SHA1

023d949c000d3f2a4ca8175e5123e5fdc81e0bdd
SHA256

5ad64a6117b913444409c5a50500d8cadcab23acca6b08e100b379308dcc738f
SHA512

175934d6d62c4c3d8d0b85079ed092413fcf9740c127405d1172450866f57f6b8ad5040aa9282a0a0a878ff29c78011f6cdd03ad17ab5324850889242bbc3368
SSDEEP

196608:lEnQbsmMdsETgq+6dDylRy9ErsGsS50IQ68k0w4IiqNJ758kApL8u:uQtdEsqxyLy93S50IQ68k09IiqNhCTz

Score

7^/10

banker collection credential_access discovery execution impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	ir.barfin.anvashirini

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	ir.barfin.anvashirini

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	ir.barfin.anvashirini

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	ir.barfin.anvashirini

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	ir.barfin.anvashirini

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	ir.barfin.anvashirini

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	ir.barfin.anvashirini

ir.barfin.anvashirini
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4949

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ir.barfin.anvashirini/databases/__pushe_base_lib_db

Filesize
24KB

MD5
2087dec0c5f04ddb20b8e9c1e1cd4bde

SHA1
d6e4d1fb4990742ff73427a497901d7a01601f3c

SHA256
20e44d8b0416eda33634401372c86b4e5fa8f96582cf8297b3921583568f735f

SHA512
066c13337e6237b7ee00d00d78d9c47b522021435e3924bbdd26001c92cec625d3953201d73dcd79e177a7e0c16f2f6001d7356f409391281382dabd3db44a70

Download Submit
/data/data/ir.barfin.anvashirini/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
b44c916ed068ddef4091957446eb3089

SHA1
dbd81f44367b42ff81d3b4173df3db1e0bf7c231

SHA256
2840ad6168ee710d75aaf76cfaed73ff9143fe6492ec32fdb6c578a11d6366ca

SHA512
ceea32f9e624013dff7d46779f35c6ee84e4c1ad97389b0791e09e79425e73b77fee3f9257869a17c3cc1151e900f18a4d77a114b95797ca925a371ddb7e0e04

Download Submit
/data/data/ir.barfin.anvashirini/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
46b28b568d340ab1d9d5a66f50e55135

SHA1
4eae06a8b74bec9c44383f2c8af39bcf9d357836

SHA256
aa0af45c63827103ab57151b7a218301dc1362c745a37c47dc8cd9ff1d1b28df

SHA512
3ce5917bc8432b3af9bfeb809567f6871a2c676bf52ad546b00c03b9a91c83e5ccec770f1328b7c61fcc151de5d91d334b2821f4f2f564bfde73749baf654679

Download Submit
/data/data/ir.barfin.anvashirini/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
4fa9406e98d13bfd54eaff48c59ce6e8

SHA1
da30d12869446d7b12fbca7577888829e70e63fc

SHA256
6f733c16bef857e3e2f729f0a44ed0d13c02517dd1f581d40aa44e1660136f72

SHA512
ccfb7e2854392c6b580bab616cfa3135b1baf421607388d250cd736352e4ab6b0c03441c1d2da2b7d0608cb237e458b4fdb6cf62cfb7ccdeb0e916bb6d88df69

Download Submit
/data/data/ir.barfin.anvashirini/databases/__pushe_base_lib_db-journal

Filesize
24KB

MD5
d6f4dacbba259ecb4d8b4068181008f0

SHA1
d5bd773c35336c9768873f16b4a4587c5ee2018a

SHA256
6917cd7a23c470d46dbae44a490b4beb44a7eca95839a912d5b9f1a7c5bb45b8

SHA512
790b5f9be3c8705bc61ec147d317967f233ad9bcd2923ccb972ef9de0290cb4ae0180ff05b6f3faa92e0ef285b96abd12a50c78f36c2f03c4d6b0ce80d0ce300

Download Submit
/data/data/ir.barfin.anvashirini/databases/__pushe_base_lib_db-journal

Filesize
512B

MD5
9954d2728c52adde67ca01f8f5a1f503

SHA1
e148d728a8145fa1572311665ce62e44031d5262

SHA256
106a9b28e5f89441529f8f253cd9a812b076891b73a983d49c2100faa496b10a

SHA512
767b7cdff083c67184e78174920f0a895400b6daa3d7158a7a390f95977d0b8e956a0e93d75bef306f6d53039a892a8683b62432e69386603734356e2a27a620

Download Submit
/data/data/ir.barfin.anvashirini/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
98eaddf28aacaab3ca9fc464d38f9902

SHA1
88f629b65fccf85b00b32fae10d9be0f7c81ae25

SHA256
5415d81eee80eff8d4ed0dac608e706068ab9a815326e3806d3f879b2585ed7b

SHA512
cfbd5400daab4a65a18ae8e524c8170b1ad7880e688249f3ea8cacf2b93fca581cb40335141019ea3238f861f92499d1d804ede55ce45123a9262779f39ed67f

Download Submit
/data/data/ir.barfin.anvashirini/databases/evernote_jobs.db

Filesize
16KB

MD5
da5d94edc2a7bfb3f0fd4d8ef40b9da1

SHA1
d3c90d335ad39a405ec538f666edb94798fe2538

SHA256
7901bc1cff232eb003b6fa16148a5b5f1cee8118f746774d7ad02f1f95d02b97

SHA512
5cdd60b0114ba874b55da685e88168241a66f3a39baf80c7e927014b3fb425841bf344b24e28cfa44d5bcbffc4344975b2a3ed32b40c1048312ee0e77677a529

Download Submit
/data/data/ir.barfin.anvashirini/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
ee29875a040715684eb7a617a1b116ba

SHA1
400c70d5e5492298161be98657a05eae66fcd7a6

SHA256
13a882297f21f403ccf74da38b5eb51d7f19c9d6e702adc6788255085d784f99

SHA512
2a75052f289c1992b47f177864f357b3b4ec8e12a604690a2f8057cd163fad40266519c62f0133863e88e33d8a1938b8154baa763a92ee96ab21955527bf53cc

Download Submit
/data/data/ir.barfin.anvashirini/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
b273b0942298210d0c65c3901f9caddc

SHA1
b945cfde85214e2409d4c16d760afd3ea3b749ac

SHA256
8e7a17f6368323d20d190a2333da09738a2e8b56bd719a44855cb4c4135e3a8f

SHA512
7e16ab390b8687f10e8c6230f7dd3d290ffaa8da9bbbf551b0f41b07cf22d1a603db7082572a19230c3f3d97e73daf7e414127948a819f535fe8b92fff3c4844

Download Submit
/data/data/ir.barfin.anvashirini/databases/evernote_jobs.db-journal

Filesize
512B

MD5
c03e5d9e51026fa6ae44c34ee5ac158e

SHA1
f79bf15a853563f0b650f6d75005ec44ded3fc79

SHA256
99f67fb9c00e97bcd498f48a623809c1560c2857e0b3fcc67043b6909908e775

SHA512
1e49612861ccac6f46e57f216a47861c63dcdcc3d1858ac4f2f734135fcf3ac0052fc015f48291b09a17bc261cc5fd648c7017482b27d71aa13e65fe4ff5b852

Download Submit
/data/data/ir.barfin.anvashirini/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
2bb43e5036d2365c3ef1ee0841c8ea5a

SHA1
2f7bd3304613c9a11e194d208ae78e02eb5ca82b

SHA256
e6436567274b6d0f15b0a357c13a9ee40c5e8651532d2329a481258818543404

SHA512
ced31231efcc48e4e7ac483dae09cd2c35a1f7cbadecfac838ae9130f4b78ba8606cf29bde228d43c16d7fba1bbdab6dac46d13882725a7efd6611cd70ace6a6

Download Submit
/data/data/ir.barfin.anvashirini/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
f2ebc1e5a9e8ecf7d1dfa3ec0d7bfb2e

SHA1
8665ca67b6c56f12403a81b8d2cf3df4f1e22cf6

SHA256
d16724d0580328dc42c8f5b98c7e377845d803206b680bb9c31e7cfe78c5736b

SHA512
c2fc3d7a7db1341f9d8772d760015be5b09859bcdf3cc78060594278c86b8a5ebf2f44ff23cf0cd40ca3722c9662f35beab968c003de7a3956a1381e4d802cd3

Download Submit
/data/data/ir.barfin.anvashirini/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
8f66fc9cea3e9556be0bccba6223dd07

SHA1
c760326bec3e44c1ae73bd9f9c9a8958699beab7

SHA256
f71d1afba268628f6939a686c9410b028c65d5a4243fb33eb4cdd81eff85878c

SHA512
06ddaf809ce348081c2c23c691ff4abaa29a241fc8f25cb73a7b21a83f3bf45436f1b3be61ce061d545c61a3d39852aa7e51bd2dd7bd216ed832ad12b216ceda

Download Submit
/data/data/ir.barfin.anvashirini/files/unsent_requests

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads