ffb4f97737b00408f68dfb931fdb315caebdac8c498e32a1b9d2f07eb60ba71f

Analysis

max time kernel
153s
max time network
179s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
29-07-2024 01:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2f3e163667c22e4fdaa9d3e5ae62f95f_JaffaCakes118.apk
Size

27.6MB
MD5

2f3e163667c22e4fdaa9d3e5ae62f95f
SHA1

9ca5ec8fcc987e4140e84152476f46afacf7a546
SHA256

ffb4f97737b00408f68dfb931fdb315caebdac8c498e32a1b9d2f07eb60ba71f
SHA512

2dd48092a06e68654e6f4e2949a38b413bbd6fd7f1c034962b7ded2de85d927b4e071eb071a7df6ab72351eab8aabfba5792446a54a94d1c268e1e943389213c
SSDEEP

786432:FeTZSBIqOMxTVUFasocVgvH9xFY9Yp8nYdz:zVOwTV69VYH9oe

Score

7^/10

banker collection credential_access discovery execution impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	ir.hanif.sorood

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	ir.hanif.sorood

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	ir.hanif.sorood

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	ir.hanif.sorood

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	ir.hanif.sorood

ir.hanif.sorood
1⤵
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4468

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/ir.hanif.sorood/databases/__pushe_base_lib_db

Filesize
24KB

MD5
9ec9385633c80f3828688c174cbae53c

SHA1
f3fa62b298b8cc815d6cb1eb4f3f9261e8ad84cf

SHA256
c1af84c355b4a7532ab9a017b8c46e003944f828391edec5afde2ccd9b25c0d9

SHA512
f59ebdfb48e08edaada412cde588dbea0cd9433f2942d12878826d367396d8161eac096021ecd7a02b51cef3489db2be6d3df8b776db46dcb1738235bed5daf0

Download Submit
/data/user/0/ir.hanif.sorood/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
94539ab0233dd2cc592d827e7fd0f069

SHA1
b0e8a6800911ab8a5eb9ac9dafcee6da7afe7274

SHA256
6437fc1b6d0df3cefebad6d49ce290a5f17900d97cd5182579cbc86c6174fbcf

SHA512
3b52d583c62d0fe04b84c3aa64dd31d07535db5a55187f2d5940b0d5a31bd32bc8faba07d64900694d7fd2b98a3a746f39a67e01622ee4ae253185d931e36c50

Download Submit
/data/user/0/ir.hanif.sorood/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
fa94700449dc6be990ad6abd2622938a

SHA1
a3bb6b4eafaec8851ebcc6ac799f0e1150486186

SHA256
e21489360a48e534b713e83c4d98ae0e7375c32a37755bb37ea951787c6a9cfe

SHA512
890f8411298fd9fdab77706ab6fcf640eab84201352be1815f73efc40558700726f64f4ff110324db144e5148d485c94cd89c29774bf9a0a7156a84a784def67

Download Submit
/data/user/0/ir.hanif.sorood/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
99195b1e1b64500aa8871a6ab30190cb

SHA1
9008a834e43f14e91a069ebcb913ff3b1e0df15b

SHA256
d4a3202781c91d7a66e42d607e47fa8ca1b595d1da8030e1841b953d157b9695

SHA512
fad9b629427c0508518c43ae85d58103779e225e06e74211235b3e729d45f649d8f8f1a48e620ddd8c541607d48686e5790d0b316f3968e3ce643b73a4c4a65a

Download Submit
/data/user/0/ir.hanif.sorood/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
cc8c2e36a95691f651e647fbb9a17a3e

SHA1
7ea2d06510f087382a7f4d4b04b7596a209bb438

SHA256
1f2549d15eee0140f41f6e13657e868691ba9bf851547bcd5c21c649ef59b525

SHA512
09ca34bf86ead41beeebd85edc089a9f750920581e57dd5f54b2f5682c31ed3910d0b57d31683dd6ff6538d92bf751beba9d71836551e16b7f304a4a1ebc50ec

Download Submit
/data/user/0/ir.hanif.sorood/databases/__pushe_base_lib_db-journal

Filesize
512B

MD5
5fd21555fb3b5c3451324dd1c7269b38

SHA1
718206d10b1876303d2920734e0d00d3e1aa2c1e

SHA256
39490ef76a5a8b26e1c55088fa10432919d086a8aeaea2760f123e1c84405aaf

SHA512
9d51ff088bce64ec209f8a448fba81048b9fef079d6611ac17001556e0f35443ac1fb62579fca60d91ac098c640398ffad06e42859838bf2e2f1ebeaba77cbdf

Download Submit
/data/user/0/ir.hanif.sorood/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
aab2ff639916166316eaee5f61da94fd

SHA1
3902feb8ed3be5e03e4917b1866dfcdd0fff7dbb

SHA256
e21044d31d3a7bf8e51a9ca315e8976e6d39acfee132d374b401c2fad4575072

SHA512
711f16b1618ba8bf7441aeb9dc7477f03e57bc60bd36326e8150c4025ce38ec57b2232f0cdc4b6e32862a0a464f9c2341b235b9a855261b732adb3371be62a5f

Download Submit
/data/user/0/ir.hanif.sorood/databases/evernote_jobs.db

Filesize
16KB

MD5
0ddc1601b2c0717c6612e82afb7e8028

SHA1
8aa9768f1e1af2bdd676b72600f24e10f745df1d

SHA256
ac51c164b8607073a9aa59d382506912119d453da7ff492bed552d6453229186

SHA512
c2f427cfa3bd7974a830ca8f74048522f100f7c83818e04ebc30ccc5122464ac048fa5478c375ef86a513c462dcf1bbf4d6ec1be426f1875b2b2814ac20438f2

Download Submit
/data/user/0/ir.hanif.sorood/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
b858eb0f8bde0caac000ad08494e614c

SHA1
2c0c54af153c49ef84c5f13cd001f0bfc003e219

SHA256
9e916d5fb51fc90ac4cd7c2be408d6b5504c72664f214cf14fe06b160cee23d5

SHA512
9ce8ca42bef6d1d306d4030a64c25d3d3696d19cf064b4177458bbbafc22145785ce422b4c07b1438442533e5460b55075575baa572a523b83676d49ca98f8ba

Download Submit
/data/user/0/ir.hanif.sorood/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
cfae537bce6cb3f1266174750783a10a

SHA1
c1820aedf1660bd0453b578cd4a9e3bc7f464911

SHA256
14c20abdd536407bb29ebfb9c32fc50e5aa0de2f7d685f715051b43f2750bbca

SHA512
0cab19def0d6dbdd72bccdd4b4f14547830451eec4c5f6526f17d16e76d57ca6eda67f1c88c0072a65aa49f7211a09f4ce8f5094910e25873c5287711003689d

Download Submit
/data/user/0/ir.hanif.sorood/databases/evernote_jobs.db-journal

Filesize
512B

MD5
2c25966a86cf520fea983ffbc39e6fab

SHA1
104fd13db0383253bc022a0710a766f8890a2143

SHA256
0038e96ffca9847938dcbad349b29491bf49e7f77404d59e073e3025bb29dab4

SHA512
6eca3a5e73bad90dc874bead5a744d5e03eb05ae374697d205e956f3022d5f7b2071c374221ad345c7ccd4747b8d44ce686fc36829bae8188e6a18c5378517b5

Download Submit
/data/user/0/ir.hanif.sorood/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
3a39bd1c0c87828aa906bf1a5187e054

SHA1
3aa175b9275afcc72c174cdf11e666817c37cc4c

SHA256
a8b0c07aa3f2658e0fa27c2f409f9a1e23853f40ef90d59478e44295f8dba5b1

SHA512
77963440b8bbf7c2b7385a18f12531d0e2d6f20b70339dcafc5d306da1806fd5b5d1a20364496ba36a1bf1ff22e6f7319bf23003042a7926cf0343f03b42c1d8

Download Submit
/data/user/0/ir.hanif.sorood/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
bd381d884e9c266da9e322a41438b6de

SHA1
7dfe96ece4c6084c5546595ecb334e4ce5ba1eed

SHA256
3ac66c4de0296dd52b6c46e15c96cb5fd8295bd6f96972fd7d89e517b29a34b2

SHA512
fda56505f7c62a69f411a36471dd156dd75be62e5a53a242287fa96ec57dfca59145b6a2d369b6109608c2e576fdbbea1a9de082813aceccb76895dee0051256

Download Submit
/data/user/0/ir.hanif.sorood/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
96d451dce4fe58201d8cc8c1d9be0c1f

SHA1
bac1ccb69d84e36b0f52937995d162c539f376a6

SHA256
6bbb9da0c6d85c37659e589a6f1c3701be2a3861786d2aced68ab1e999d15f70

SHA512
26deb95f7054762e9e5322e29e1688d4d80318f40175af0a73fe25526af5d0ce173c4994d6cdbc4f782f890e495391726296250f7a87745309c75f6ecd9433f1

Download Submit
/data/user/0/ir.hanif.sorood/files/fateme.db

Filesize
10KB

MD5
76a9607cbd81d189269108d5d3978b67

SHA1
6252846731172191b0b007f239f7766aa9eac193

SHA256
d7f7669da00c806e8f4679cc16262cba7a232940bc900d80a496c11cfcf7fb3c

SHA512
6bdf400d39f3a4c5cd212056c6b29dca3b33ae4126e952e752b8d9fa18b6d5e4e5bcd39997fc7f3bd0d4f5761e924fada86b036e01716be60c414066b4aa28bf

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads