ffb4f97737b00408f68dfb931fdb315caebdac8c498e32a1b9d2f07eb60ba71f

Analysis

max time kernel
45s
max time network
176s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
29-07-2024 01:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2f3e163667c22e4fdaa9d3e5ae62f95f_JaffaCakes118.apk
Size

27.6MB
MD5

2f3e163667c22e4fdaa9d3e5ae62f95f
SHA1

9ca5ec8fcc987e4140e84152476f46afacf7a546
SHA256

ffb4f97737b00408f68dfb931fdb315caebdac8c498e32a1b9d2f07eb60ba71f
SHA512

2dd48092a06e68654e6f4e2949a38b413bbd6fd7f1c034962b7ded2de85d927b4e071eb071a7df6ab72351eab8aabfba5792446a54a94d1c268e1e943389213c
SSDEEP

786432:FeTZSBIqOMxTVUFasocVgvH9xFY9Yp8nYdz:zVOwTV69VYH9oe

Score

7^/10

banker discovery execution persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

Processes:

ir.hanif.sorood

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	ir.hanif.sorood

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

Processes:

ir.hanif.sorood

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	ir.hanif.sorood

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

ir.hanif.sorood

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	ir.hanif.sorood

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

Processes:

ir.hanif.sorood

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	ir.hanif.sorood

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

Processes:

ir.hanif.sorood

description	ioc	Process
File opened for read	/proc/cpuinfo	ir.hanif.sorood

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

Processes:

ir.hanif.sorood

description	ioc	Process
File opened for read	/proc/meminfo	ir.hanif.sorood

ir.hanif.sorood
1⤵
- Acquires the wake lock
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4219

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ir.hanif.sorood/databases/__pushe_base_lib_db-journal

Filesize
512B

MD5
3fe71d94c1287aab2d4d04d05a666e35

SHA1
3d5723dec4ea971682d81032615973d07f69d242

SHA256
927c7f708f527ae79574712c5ae8fe85dba7df4cf6db93468e7df5b309cc60d2

SHA512
c05b2d547075753260db8ebc9b1c30005bea45ece8185ee762f815bfb44e266bb79162b0ae114b9b31c410e1eab09d8209e0132d8eb0640c70dfbc8be6c4286c

Download Submit
/data/data/ir.hanif.sorood/databases/__pushe_base_lib_db-wal

Filesize
72KB

MD5
84df59bcc75f9aa3a033942e19c7a9c0

SHA1
9b471b4ac3a81e39f99f5e0c47ec10fac964af23

SHA256
960f7fd866b07004bf77e35e5e030444b670bd2b5e2a01f9fcd7ad9d67d80bfa

SHA512
c32c09e514fd723e61bd748ef06843f760601d1ee5c579a28fb092001dd98fda7b151379ade29fd360be1f8912aad7c947778d1be54084752887aa1ae350aa26

Download Submit
/data/data/ir.hanif.sorood/databases/evernote_jobs.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/ir.hanif.sorood/databases/evernote_jobs.db-journal

Filesize
512B

MD5
e2c0279aefc39ab106c2e30018cbfb6c

SHA1
f31a62af43aae08074149d10af88a2c621f84e36

SHA256
a0bcfe2966f52cab54e3413a3b51339cc1e1600cd49d0868430f19e15a2797a8

SHA512
6cf20370ef41159cb622a074a249dfe2e3f2ce632e8ba486b2134cb1103a2a9bb003ece18cc195aaba1e7400c36fa804819cbaf757f868244565950ac1daf469

Download Submit
/data/data/ir.hanif.sorood/databases/evernote_jobs.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/ir.hanif.sorood/databases/evernote_jobs.db-wal

Filesize
120KB

MD5
78f409e57885198e55a539d245e87753

SHA1
1ca14cf5ffa7d493a7269e83d9eac613eba7147c

SHA256
bfc38e31cb04fe1d3b418618a2207fbbffd9f627c9d3021d998a36306adb9d7f

SHA512
48202b0c89b6470ec87241ad1b7a8d62eebf145419bd6cf8474075618c7398bf35b2c4a7db4bb6f47edef284e42b47760f55d72337e6abb6bdfba8289578e534

Download Submit
/data/data/ir.hanif.sorood/files/fateme.db

Filesize
10KB

MD5
76a9607cbd81d189269108d5d3978b67

SHA1
6252846731172191b0b007f239f7766aa9eac193

SHA256
d7f7669da00c806e8f4679cc16262cba7a232940bc900d80a496c11cfcf7fb3c

SHA512
6bdf400d39f3a4c5cd212056c6b29dca3b33ae4126e952e752b8d9fa18b6d5e4e5bcd39997fc7f3bd0d4f5761e924fada86b036e01716be60c414066b4aa28bf

Download Submit
/data/data/ir.hanif.sorood/files/fateme.db

Filesize
1024B

MD5
3751770fde1ff9c18c36ede88691d6fd

SHA1
4319738992e3f1ef228cc2f1fbe177935555919e

SHA256
46c7fea78e4947248f69260ed2af06dabf3667f84fc8e82725503d912ad65c43

SHA512
476c51d69839f05092172e4fbe3c6845c29c941ab1320a79d3e0971ec11023f893b89a6082211be1d7524f0fd1fd44d6c3e36d89b1e4fd7c3a95c5ca662be564

Download Submit
/data/data/ir.hanif.sorood/files/fateme.db-journal

Filesize
1KB

MD5
1cb3b79322bccc95cfd0ac2d4d8d0bb6

SHA1
faf1751f15f4fdb9710453b6a04ca69663d0bd40

SHA256
57c1f2f66f68a490bb6a781f6b42dc953db0a59a391f8e0e2f1043b7816f7ea6

SHA512
e8991e8615606919c9f1d7a2d37443fd6a9ed731da5bc3dc2b61e8ebede1a97d0ed27645a0f83aee3931e3fe898f78d00736941b174d3e68015867bd6925d3bc

Download Submit