ffb4f97737b00408f68dfb931fdb315caebdac8c498e32a1b9d2f07eb60ba71f

Analysis

max time kernel
47s
max time network
174s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
29-07-2024 01:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2f3e163667c22e4fdaa9d3e5ae62f95f_JaffaCakes118.apk
Size

27.6MB
MD5

2f3e163667c22e4fdaa9d3e5ae62f95f
SHA1

9ca5ec8fcc987e4140e84152476f46afacf7a546
SHA256

ffb4f97737b00408f68dfb931fdb315caebdac8c498e32a1b9d2f07eb60ba71f
SHA512

2dd48092a06e68654e6f4e2949a38b413bbd6fd7f1c034962b7ded2de85d927b4e071eb071a7df6ab72351eab8aabfba5792446a54a94d1c268e1e943389213c
SSDEEP

786432:FeTZSBIqOMxTVUFasocVgvH9xFY9Yp8nYdz:zVOwTV69VYH9oe

Score

7^/10

banker collection credential_access discovery execution impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	ir.hanif.sorood

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	ir.hanif.sorood

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	ir.hanif.sorood

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	ir.hanif.sorood

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	ir.hanif.sorood

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	ir.hanif.sorood

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	ir.hanif.sorood

ir.hanif.sorood
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4969

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ir.hanif.sorood/databases/__pushe_base_lib_db

Filesize
24KB

MD5
61ddc2df1a2e968fdba7060d395526e8

SHA1
7654263543a8643ba618175b687524e52a58278a

SHA256
18c68ff0f8c859ce81f3519af61d95818e5ff85ad3bec5c8484519fdb904e147

SHA512
de229a546aceeadf97107457b082f0b749a5a835f8196f7e3778a2ce255f9b67c2b3ee01e388230e4413b36027f69864df5ad96298ed18ebf80444625d83b10b

Download Submit
/data/data/ir.hanif.sorood/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
11cde0f7e76c88b42e46680656cc64b2

SHA1
830f4e7e0e121cc1ad5f810cbcb68ea387d49740

SHA256
94f5598be756ce01f501b4276d77bacb8d8264a66463b99af45bf086eeee41c0

SHA512
2d0dc98676b451fb94cb20a32b2a23f021aec4fff2919876228e99f78dc6ebacc25462bcdddb31a43976c01f4d0a6cd2e2ed6bc8e77fa3fec65e31b5bcfb567f

Download Submit
/data/data/ir.hanif.sorood/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
6ca1118c5212ad037c8ca7a9a239f1af

SHA1
6cccca56ce403e4c8dc8b4d8b1866f37275cb24a

SHA256
71d43b297e1f529f59fb9c6d481dea28b3a97bef9598304aa18b2ee1652f21bf

SHA512
1bd8a92e735a3974160116cdf5db8d3897d7d12ce44a7e5bf320ddd2809002993de8a26673f95b4792228bf00f82a644eccbf0487a066a817f9611f68fff93da

Download Submit
/data/data/ir.hanif.sorood/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
c695c86f04f2bc87e28557f43582df2d

SHA1
e7d41961643894d97180f2a022b374bc5f7d47b3

SHA256
0e36f11de4a5957de99836df1959fb20c18bfa964a337c9c011592b3701d5d75

SHA512
42c3c71a1b65823dc0186effeecc8f1b5e663d09ca7682afa1a6589ae03153efb87562553ac682be44859276cfe4923f94c5bd15c482a87c897f7f2aae982fdb

Download Submit
/data/data/ir.hanif.sorood/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
f1bc523366b6cca6ef81fc38c288b9fa

SHA1
7396a3c776e1fb09a056a1f817820608fe241cc0

SHA256
27e6b1cda87b62c2c95266d0732c4bcda140154f3ff8f99e65f0bb38c1c99a65

SHA512
a298f4180557519172ed7594fcd52170c498e9e900f6c9e185b8834c34cdc2a4814e7055884d963fd70e5395b6cbf9fdcb776ac84af31ce9153a30bf16fa1e55

Download Submit
/data/data/ir.hanif.sorood/databases/__pushe_base_lib_db-journal

Filesize
512B

MD5
4b724bdefe8dcf1b912468feb4a43e87

SHA1
66e19dd6dccac55420b5fc1cb4daa5267f1c00b3

SHA256
4053ebb57680d6f82c22a56ab4a6192059ae6365856c43b2ff20bf06404b4721

SHA512
fce252658f85ac2b652af32cb4cd5e32db45f5fabd313f8faa05f7187d44b6d537b685fd25e3ff3e0407d445d00ffd813da47e32bf46784ce74b2d573a2d0f54

Download Submit
/data/data/ir.hanif.sorood/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
bb8af920f328f7a141578160acc83454

SHA1
bbf1d0e137aecc26e8f42892c451124ef6cf9b16

SHA256
38b6555ccef953c6bfb65735aa187296d7032e6e476c38dcd6382ff57b7197d7

SHA512
153e3243c1afb4845d94bb13e74f217f7de6febba0a50925f4659abb96e0cc2cede5b37fa75fab9be058e895a65d742d5fef2f1f7ac99bed91e671311b6c1608

Download Submit
/data/data/ir.hanif.sorood/databases/evernote_jobs.db

Filesize
16KB

MD5
c63ffd4504bc6257974af22f2222518c

SHA1
69c4c09edea3fb93b30f323ce4008aeabc697b13

SHA256
8bdadcdbd481b1c0e9dc4652ac4382009742ec81280ef9e0c05d328410d027e3

SHA512
1f00161fcc760d33a094db78a942d4d2b70b1d59f66147c42b22ebd889b5a8a48e28e84b74326ffba6c2ca1c128669a74e3b6f03a827d71382a2d65ec9812320

Download Submit
/data/data/ir.hanif.sorood/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
5f86cf7c6ed96736eb3cfd41f476cf3b

SHA1
5b8a46e9aa96042800b6456346abbc44373776a4

SHA256
7d0d05239ec78fb42bdf8ce90d6cab03eebb0ab28647a770eae71791d47fda10

SHA512
1a1d2963ab5b9da7f1edfd17d531d6920187fc09d4337e7a7c9a4499cce12a422c4034003a8e14cecf6da38ae346c4b35d31ae2737c77fc300993dd65d99505b

Download Submit
/data/data/ir.hanif.sorood/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
98f4b5a1e43c3ff07ae528d32e29e010

SHA1
2f945de916e4a97883c2e2793850ef7d500e6c8e

SHA256
b2e9167424c71dcfd7e4e066e1811aa0847e1350290be58d30e89c1665ec4620

SHA512
a55c4bbc26528896fbc566091202b88537e61c0292a095c047715ed79c43b4b4c510b6af7d60423070a9fff4072867f1a9cbd3a18020af389ff43253ef01122f

Download Submit
/data/data/ir.hanif.sorood/databases/evernote_jobs.db-journal

Filesize
512B

MD5
26e8713f13ee3a0e8ff68a31825d7919

SHA1
1918a1ca79797b55c81cf5d906d13d5450278b86

SHA256
4adca3cc15dfe0d362d42124154bb0afd981d075469722aedcc8dba7b7542690

SHA512
25a4ad94dd0b2a42cc3635228663a91338fc9ea2f594443b0bd65ea674b31014945e192de9b65678a6de98e6e87bb30508b01fdb0b36eefe33878b4cb5f343c8

Download Submit
/data/data/ir.hanif.sorood/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
1b9a9dd0650be2bd29d3ac34aaefea48

SHA1
a3c6c6adda1430396bcc2987576cf579d323184c

SHA256
1e3d99eccedb6913082f790940072df9cb09ca817e02064c6353486945145b29

SHA512
29af64f70054f8b71d2d93ee04aff41f20c0422344b411458435a69dc02fcea0f561ca5ff377bf9b87b2289fde752d849aa26fbd50495cfa9de4ee1fdde64050

Download Submit
/data/data/ir.hanif.sorood/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
e494d747ec2b816fb4f37887549c48f4

SHA1
a68686262f64efc14273ba4d223965d04cc60146

SHA256
92438a0a700870b3cb6ffd27367625c2a4725e7e16450c44c1b65c5b43e56833

SHA512
855a52262357505c6dc0c524a04c8fdce320c260907beb9cc6918d3d072bbcce3a4707dbb9ac16e8455facebd3705da9434707785201ce03e7568649ed3a4ea7

Download Submit
/data/data/ir.hanif.sorood/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
872ad668c35dbc63c99d65d7f3259090

SHA1
e9bafff62082b1ea98e302b9026d556c39e8488e

SHA256
43624e9fcfd0fe7a6da4d8e9fa0ea3a154b30654a0cea8c032be850a8d04c0ac

SHA512
db25d53cd8307e17eab34d4887f6160c918a50cdb67cc500b344bc3e8687c499bb50cf737382b767598be928e64a47a6ad33a6fb6a0e8fe8270664cac3369c14

Download Submit
/data/data/ir.hanif.sorood/files/fateme.db

Filesize
10KB

MD5
76a9607cbd81d189269108d5d3978b67

SHA1
6252846731172191b0b007f239f7766aa9eac193

SHA256
d7f7669da00c806e8f4679cc16262cba7a232940bc900d80a496c11cfcf7fb3c

SHA512
6bdf400d39f3a4c5cd212056c6b29dca3b33ae4126e952e752b8d9fa18b6d5e4e5bcd39997fc7f3bd0d4f5761e924fada86b036e01716be60c414066b4aa28bf

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads