5ad64a6117b913444409c5a50500d8cadcab23acca6b08e100b379308dcc738f

Analysis

max time kernel
129s
max time network
184s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
28-07-2024 16:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

17b550b857afa34e22de97352e5e4bcc_JaffaCakes118.apk
Size

8.5MB
MD5

17b550b857afa34e22de97352e5e4bcc
SHA1

023d949c000d3f2a4ca8175e5123e5fdc81e0bdd
SHA256

5ad64a6117b913444409c5a50500d8cadcab23acca6b08e100b379308dcc738f
SHA512

175934d6d62c4c3d8d0b85079ed092413fcf9740c127405d1172450866f57f6b8ad5040aa9282a0a0a878ff29c78011f6cdd03ad17ab5324850889242bbc3368
SSDEEP

196608:lEnQbsmMdsETgq+6dDylRy9ErsGsS50IQ68k0w4IiqNJ758kApL8u:uQtdEsqxyLy93S50IQ68k09IiqNhCTz

Score

7^/10

banker collection credential_access discovery execution impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

Processes:

ir.barfin.anvashirini

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	ir.barfin.anvashirini

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

Processes:

ir.barfin.anvashirini

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	ir.barfin.anvashirini

Acquires the wake lock 1 IoCs

Processes:

ir.barfin.anvashirini

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	ir.barfin.anvashirini

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Requests cell location 1 TTPs 1 IoCs

Uses Android APIs to to get current cell information.

collection discovery

Location Tracking

T1430

Processes:

ir.barfin.anvashirini

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	ir.barfin.anvashirini

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

Processes:

ir.barfin.anvashirini

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	ir.barfin.anvashirini

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

Processes:

ir.barfin.anvashirini

description	ioc	Process
File opened for read	/proc/cpuinfo	ir.barfin.anvashirini

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

Processes:

ir.barfin.anvashirini

description	ioc	Process
File opened for read	/proc/meminfo	ir.barfin.anvashirini

ir.barfin.anvashirini
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about the current nearby Wi-Fi networks
- Acquires the wake lock
- Requests cell location
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4510

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Location Tracking

T1430

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/ir.barfin.anvashirini/databases/__pushe_base_lib_db

Filesize
24KB

MD5
de3b97f66de8eca0159c68d3cc6fa01e

SHA1
d433361913544ea6a40be998c23a3343d65a8e1e

SHA256
24f168de39a4baa1250ee64f23fb3c0507b75afd2219f6fed2092966fb950df6

SHA512
baa74f7217297ffdd249b1ade21d3dfc2f70ba3d3e4c4c093d4ed67cdc902c97aed757848c58c21a74320f83377f3b0664319489b7005e1a1539b276f136a582

Download Submit
/data/user/0/ir.barfin.anvashirini/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
c273d529175f2b2e2c339ccede8c002c

SHA1
fe96f3c5cf62549bcf72e741d9227e001137c5c3

SHA256
e49aa8552561386e16f53581dc8afda03a73cbb21dd02c5d55da112f39f3a5b6

SHA512
dd9bd507838677b3878a4aee000538e574af03160fd9b6b854993c5b730d5ad9b560ba1af6a9e89115985941de167c1ebc0fd20b4a2d887efe2ae826e3c2700a

Download Submit
/data/user/0/ir.barfin.anvashirini/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
52d195f5d2f18ceef919a7b20851276b

SHA1
023694c3116221b98265cdc64dbbecc53d04d925

SHA256
b6b84f0987672851d8da26624f5f468e5775ddf55ae685f99be45978566e4d9e

SHA512
3844dd33f6d823aab62120d32e7f1ba50985b63858d4a59caf95c37ed13d1067ab5fbaed58b6dd5d2eded4e726a2e4c3aafda367eb6ab8699284ec8d8cdadf48

Download Submit
/data/user/0/ir.barfin.anvashirini/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
309e3e47baa6583b60d9eb13a94fd95c

SHA1
cbcee9d9fadcee4d4c8889dbfbe393d22bfa218c

SHA256
7d79fdadd682355160673d57f3dda3e4fdcc5e879c874ee086abcfce319c17d4

SHA512
e74e3c0edb61847b2d7266af944dd0517e54efc843257551b12b4b9a45655b2239dc904b9e68d6c6232d46c26885032c8aa1d7ba4017f3759ce80303df8118b3

Download Submit
/data/user/0/ir.barfin.anvashirini/databases/__pushe_base_lib_db-journal

Filesize
24KB

MD5
978492a5f393b824d65821e3076cb21b

SHA1
80916118af09dd9f86055ee241a36f6256b6d796

SHA256
d4a01dd9d2bb13ef6cc8b9f174cbce288e4d0220777ee96a63eae6c846096da5

SHA512
a1e87479b27be10764f9d6184352069bbf48e2c5b3a9538d886afe2352867297ce139796e12b1995bf282ceeec008f2b8d7cc704c3ef2be94ef1516840871182

Download Submit
/data/user/0/ir.barfin.anvashirini/databases/__pushe_base_lib_db-journal

Filesize
512B

MD5
00363e2b72b771ff52a0fa243f1082e3

SHA1
4ceecde5970983c947d4aa8663d8d7a3014f09a1

SHA256
9da71e50d9800b348298fdeea323310fcd5729f466c9f9ea301526e9671df6fd

SHA512
3d7754c402aabf79123978892cdd7d8b120f4aee26d38a1ebe97093b7c4ccb192a829ee595ed815d3b5dbfded4eebd4393f1bf7547767369ff74cdfb5033f245

Download Submit
/data/user/0/ir.barfin.anvashirini/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
8dffe35d967ee5007c7c1a70bbc9f1fc

SHA1
203149a88012ec401a9864a01a8612ffc6cda14d

SHA256
77ace90b94be02f6af2ec5f03dee4f67581503f9d2e2fc9c77f20ed46eddf5be

SHA512
7d50a00c6e96e63f78cb82e7c6501a5e95c2b50d02f2ed9d13f5c917c48d0ed5d8b91da6832caadc8721638d41757ec411803912c6b9dea40aaeef27ba060392

Download Submit
/data/user/0/ir.barfin.anvashirini/databases/evernote_jobs.db

Filesize
16KB

MD5
70fd19784e6ced3b7e5042008c026e47

SHA1
29bd83c781eca2ab4efcac6e686168c4493b0ccd

SHA256
2cf8bddd094a3119c22be06aa2c20619053822ae653987d55bbffdd162d88f9a

SHA512
3b682ea6dc7651baabd1d86f39b1e82d4e42aef8ed8edf237c158c6755abfd5dc209c0449d6fc77410c3bbc12e864db9c406330a7910dc6b7e22e54808c05ad7

Download Submit
/data/user/0/ir.barfin.anvashirini/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
0c7b2a6366b11aa19a10a3a774e3db5d

SHA1
acb2608b92a8b4205ece1334f08a203c18d16eb5

SHA256
2479039b0de9e59c86ad6efa15824a03fb6ad090989bb37f2b51c4e32801ea11

SHA512
818a864982d60f8db26fdd16ce839009047dd7541e750f6de766b63f786c81e873581c47b3facdf6fe96d38cf543e176fe96025ca6b253ff1fc3a05969525eb0

Download Submit
/data/user/0/ir.barfin.anvashirini/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
c13d157275a44b8f5f2e76353f626927

SHA1
cfb095458502878352163675cb916c747d4c7c2b

SHA256
c40659edbc6813a254f707981d6fa83f35bc4971c0103326c2e539cea0a01803

SHA512
aa6be0f4197cca5a7d6cf44c92a46b45cb26aa3437d55fd219f65b8fe05dc03d566828c3c2e05aaffbe20b5a8f1dcb4bac8170f2752ab9e3271f32e9474f3a9a

Download Submit
/data/user/0/ir.barfin.anvashirini/databases/evernote_jobs.db-journal

Filesize
512B

MD5
1847a21c468c95e79224ca1b86650c38

SHA1
16cb791ceb664d5e7b8af0d445d7ae6e52d9a6c5

SHA256
b2413ba7d523683b02b68382439b2592a08208f9db8364fe17c8646c591229cf

SHA512
a7b730e642331ef28a4d2ac89cfe6edbf7268459d194ce0c87f6b440dfb286d3be282ba897187400fba04f1a80c0cae79c1acf201624691ee70725cbca7fe08a

Download Submit
/data/user/0/ir.barfin.anvashirini/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
0b888ee5041b7a674875c692c6fda30c

SHA1
9b8276c1992103d1e779e20ee6e6f157b644ebe6

SHA256
16bc62d2333809b23fbdf2b2de3960ec0f929c30e3b5ac4cb0d8f9f8f23169c9

SHA512
5eb2b106616bada7bb3054b30087f5c4ea349476e961dc65fcd05f5fe1327dc70a085dc2fe4dbbc6fb76ec094bc9b67d7a6180f546d8fcb41de1742a92eac62c

Download Submit
/data/user/0/ir.barfin.anvashirini/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
b1dd08a604c342bf908561b939a408ad

SHA1
17a370836954143c008eb760f722ed346e735f60

SHA256
bf9637b446f8669f6c91b60e1d86172d6234a7e90e60ecf3a78db2ef5baa2d65

SHA512
be50def91cfc349489a3692d92541a5987142561af3827e721ffa8b1f58456867ea9bb197a99fbf325fd200f8dcbb59e2e06073e38a3e8ffa7ba5fcd09443b83

Download Submit
/data/user/0/ir.barfin.anvashirini/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
5411c59ce96b4a5b624aec15dac512c5

SHA1
7abc76a2334fc84baaa21cb4e7c04a0515a0a76d

SHA256
3aacdfe09e0a5756e0f2c4ebae7551884bc9327c2595dcba193dab944868d21f

SHA512
3b8a54a65fcd627785b3686dd5fdeaf9073a8f9ba1ea3b69b4e90b132568f086ea295405c43b87d2508e19019171fea671c645bb0b8327681f3a9dc844fe207b

Download Submit
/data/user/0/ir.barfin.anvashirini/files/unsent_requests

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit