309370f667cb0002e270b38340a7e84d4be7505a203eb33b2d9c63ec0d5372e5

Analysis

max time kernel
179s
max time network
155s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
11-08-2024 10:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8a05c8562481ba26865456c25a30284d_JaffaCakes118.apk
Size

5.5MB
MD5

8a05c8562481ba26865456c25a30284d
SHA1

1b47cd62e133f2dce28be562b6b7fa82106c0eae
SHA256

309370f667cb0002e270b38340a7e84d4be7505a203eb33b2d9c63ec0d5372e5
SHA512

b6e838aa93c5cf31219989523d8fe2f55b38cb2c75022ab19ba069c8ebb3ac7ac50d427f2e6b057a36318c97ebb72709d49e32db065bc7220fb388c5a58ffb5f
SSDEEP

98304:IcGmRlmBADSXZmpii8D9bmchpUj+UH5MvE2aDiRGHc2pXcpqZQZqaQzTb:IcGVaD+m4i8ZicayUHaUDKKpXcph0H

Score

7^/10

banker collection credential_access discovery execution impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

Processes:

com.topdevelopers.ashpazi2

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.topdevelopers.ashpazi2

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

Processes:

com.topdevelopers.ashpazi2

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	com.topdevelopers.ashpazi2

Requests cell location 1 TTPs 2 IoCs

Uses Android APIs to to get current cell information.

collection discovery

Location Tracking

T1430

Processes:

com.topdevelopers.ashpazi2

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.topdevelopers.ashpazi2
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.topdevelopers.ashpazi2

Acquires the wake lock 1 IoCs

Processes:

com.topdevelopers.ashpazi2

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.topdevelopers.ashpazi2

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

Processes:

com.topdevelopers.ashpazi2

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.topdevelopers.ashpazi2

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

Processes:

com.topdevelopers.ashpazi2

description	ioc	Process
File opened for read	/proc/cpuinfo	com.topdevelopers.ashpazi2

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

Processes:

com.topdevelopers.ashpazi2

description	ioc	Process
File opened for read	/proc/meminfo	com.topdevelopers.ashpazi2

com.topdevelopers.ashpazi2
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Acquires the wake lock
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4456

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Location Tracking

T1430

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.topdevelopers.ashpazi2/databases/__pushe_base_lib_db

Filesize
24KB

MD5
12074113a3bf41fba160cb650653a676

SHA1
c50b4e953f6356b7d4325700a809f48c77820fe5

SHA256
e0a868df29ec2da78a41750217936d3eea0b696507745cff75622568e7550653

SHA512
7b49ae36ace8656d584e35e2754f6545f8296e66fab2bdf10edcc0b1a36ad80c3f955c54302dd7c3fbe98b6237f5cf0c2861742af7f428425f30af14f7c0b88f

Download Submit
/data/user/0/com.topdevelopers.ashpazi2/databases/__pushe_base_lib_db-journal

Filesize
512B

MD5
1ae12fcf768b12cc243ea261ba4e0e04

SHA1
3146e03d889cefaa16729104d11256aac6006c70

SHA256
564106f0265a40a5ef416f029745446476f8ae9e14e5447251597b4bf1ff08a7

SHA512
3dca56ca2e963ccb7171c293b6afef69f9592896870e704ab17929496e65af0aa4448ab5850f48f5f7e0fd38630aa94562e47cc52dfbf593e8ececbe416f649e

Download Submit
/data/user/0/com.topdevelopers.ashpazi2/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
3fb9478895f2c03c1d7e6a38b894690e

SHA1
c60bc472bd5757fef22caf8d9bff86c4b203fb60

SHA256
05514cfb01852a19ae13a1e9566c6bfaccf78b5e4dde166feb53b036b3a6c813

SHA512
341bcb8be3a362c0edfff07e13fb807e0ccd81c7f29ca94b5f64ff76cd2cb0413de873eb02b59b5f839645fefc478576132b57fb64bca59479f3348c80281eaa

Download Submit
/data/user/0/com.topdevelopers.ashpazi2/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
45ea1fa8a042b048bd90ad3b8691f728

SHA1
6a22e81a34b93d3b3ade2183a4e6a031ab96a5ca

SHA256
ada6b70a18ab0dc8e4329e44491112f53c4f6360123b567134081af980676801

SHA512
99025ab8f4009d0330ecb38b4ce54cc1906b9d372e4cf94d10e1758142f6e0494db6124aad7f699f0adba6f408effdb19b8b10f1a4d55e063cc78f7b7c0b0eea

Download Submit
/data/user/0/com.topdevelopers.ashpazi2/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
f46b217a4857550e3528c14a99f557fd

SHA1
3d9dbcc3237864a62a0997409c44ffe03cee1f9c

SHA256
5e29f30bddf0ed7d67fa9125b61024740262f06700b6e0cbcbb93baa9e195646

SHA512
80e00f00498bf41c9814f94f472abe79d8916803070dcb3fe076f3f4f53a0c0f69d0e0d49ba398fbf0126d0ef6aa926962b9795020216d4b685142a2ba8292da

Download Submit
/data/user/0/com.topdevelopers.ashpazi2/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
53c3b0e43cbcf4eab43d71685837219a

SHA1
b5785f8bf1d764e2f5d1352c65f5dac8a3c2250d

SHA256
1496e145df1e2fd7c75427df6c70037af5257d178a74c25aa7ca05120c386fa4

SHA512
634987ffce5661d30366744e8d1fb9d45ff17cc9411aef8e869ce7cd97be5b5dc23e9ad0e1dc843de08d1af6f19982c549f8c03df67dcd0b3602142cb89bd6d0

Download Submit
/data/user/0/com.topdevelopers.ashpazi2/databases/__pushe_base_lib_db-journal

Filesize
24KB

MD5
d8bcafe7e60e5a479f2ec883b784b334

SHA1
93d820c1e2a94218e31220b4d30035fb11f6d862

SHA256
57f89db2db4e362276f605eccd90065ce8949905c0c9c5bcdb252b10d7d73908

SHA512
6ab00feb08c9ce9691e37020f3311f44c420054c157a2ccf2f1a8dc23362f35a7c461a6aee2ff98e9bfc7d57a2ee88a15b7c5fc79f6b1519063289965b0e5f1e

Download Submit
/data/user/0/com.topdevelopers.ashpazi2/databases/evernote_jobs.db

Filesize
16KB

MD5
90a8115d6953279a6eba13783b228a3c

SHA1
fd52a06e4c67d95def11f9f9faabb7905529d753

SHA256
5245b4e5b60e9e35a8fa0cf2172fdea2866c092851df424eecaa06821143e1be

SHA512
2b9700aa38f6d5b994af776de2c31cf3c69e275821fa67e74a46cc59de5d064ad4018179699a691bab7e2269ba5ef50a57a99222de656943c32e2c240d253f6a

Download Submit
/data/user/0/com.topdevelopers.ashpazi2/databases/evernote_jobs.db

Filesize
16KB

MD5
559522f8dff19b08b89346e347dda7c0

SHA1
ec7cb4b159c40866cda373e97e6b105a25dde290

SHA256
04d467d5dcb35ee7a59545329b506e9d495286f32924bfbe7857373062c5f00e

SHA512
920d0c278f4cfaa77655f187e6c972a39f31f44df95934a3094a022ad0ead8c0fb971a48a782bff220f271ca95737fed57fea38d0ab7d76dd49eff7aa68d0333

Download Submit
/data/user/0/com.topdevelopers.ashpazi2/databases/evernote_jobs.db

Filesize
16KB

MD5
7be9d92606add5307e7034fca201e080

SHA1
171748c9b93e8993ce34e72984c6da8ed396891d

SHA256
0b83be7dc601aefc14d8652171cba6b4b700c0b0b0d695ea6194d4641aafe487

SHA512
553d617a92b2bb14019af64a6f89f6042ddac23127b0793d232c44f20367aaa637036f39a82134a1d7694d10531d286b516c5f9a8342c70c505efe749e5fe470

Download Submit
/data/user/0/com.topdevelopers.ashpazi2/databases/evernote_jobs.db

Filesize
16KB

MD5
a3a39ce8c2178bc6a5fd3010feaaa179

SHA1
a6c1aacad90c8fc3f0be791e4cddce9e03fcf669

SHA256
a230c8dc42a106d73f97d2548da8e5ff3afe4c754adc87b068a5d6af4292b0ba

SHA512
6c20fc57dfd5256b35df5ce03c75b1bff773150ca1df5193315f5f1e4a2c6a0c4be44ef0103195911f0a90456ccaed06b6ff01f6979d8a9f4e071ed9d5ea6a5a

Download Submit
/data/user/0/com.topdevelopers.ashpazi2/databases/evernote_jobs.db

Filesize
16KB

MD5
47080e3bfcf2db9b8620f2faf6c5857a

SHA1
6f63c1851255e0fa99567f047382074b086d38bc

SHA256
dc4f8a73f49d2a6b41ff425fd08b85c1eba5280c438a1a1ff9832e91dfa56cbb

SHA512
e757043d82798926a5ddd716457accf6616894ad1ad79ec832293a1f662910b663239f899bf05a5c8d90fed5bcb093c5529e5bc842fe9003c1d5902f9ed84473

Download Submit
/data/user/0/com.topdevelopers.ashpazi2/databases/evernote_jobs.db

Filesize
16KB

MD5
a766c60d72b3cf806f28b7529f9b125f

SHA1
fedbc8b0de9645976dfd80d127a4f75fea5530ca

SHA256
5c2c486c3d74ade214c66c547578f8358f2e74a8edd218612af85f889724baac

SHA512
d4f6439cf031be66f2c5925cc000340e093625481c124fbd2cbf2378f9a0762bd62588cddb506b706bb31dadb8b813c9b2de7d49b68551869487b61796eccd8f

Download Submit
/data/user/0/com.topdevelopers.ashpazi2/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
dc4e5c900a3dc2ca4369f1fcde92fefb

SHA1
1631e6524be462d6514493dd90077996f381abe2

SHA256
aebc2a60618061a09aa90bca3456bf5f3b99c9f0262155b222a73db1ed44679b

SHA512
3e81dcd49455c3e178c3ab52eb6cdcfb358833f0fd5808d6efdd972d7182b326628d369a18873540288a452bd400e4fc1c224b6e53a4557bce1a03a8f030e583

Download Submit
/data/user/0/com.topdevelopers.ashpazi2/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
cdbb68c6e5728a0fd7e32826674dc0dc

SHA1
687dfe0eb4b8fe8527ae2e695acc309e5f74dc7f

SHA256
ab04b8065e98b5d3452f79139a7fce15d1b95e2742f7f8c6d7a4298c1b505999

SHA512
bbac90a3e4913d73f54f75939f95dc7074d1ba17aaed38204f93bc3b958119e01c7f950892fa70b98b98e78adc4221e72b81135ef90bce421e9daa4a889a5440

Download Submit
/data/user/0/com.topdevelopers.ashpazi2/databases/evernote_jobs.db-journal

Filesize
512B

MD5
eab8563bee099d6e4fd5e5cea18092fd

SHA1
3ad01fd1d167da0a3fad0ebbfdc3c5fd9557bfcd

SHA256
d1642a61533f211a05ad4c8145d58853eef425e92cb71ad15824998a5765e41d

SHA512
e9fe56b39894d314b31429ad2e420c4b12d668264947939fc05f9b990f3b21b1ffbced7b8858e350a7baffd9d4aff593c14b660b9c77bea59514af3b8877a5f0

Download Submit
/data/user/0/com.topdevelopers.ashpazi2/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
71e019c607f8f129052eb387fa9b1453

SHA1
b6cad949e0e15b833679b127f5231094f1cc84ac

SHA256
666183b5b0b4e9a41240aae03120dc85b8a47259dc3a7b0af7e2339797afe6f6

SHA512
0caf5cc582dc811ae74d272fe6a3442468450d4a02dd3cd3c9fee10c7c20e1a8e202f1c71a49259521856e0b04d9c4f2d2836297668b170aaa1d49cc371e9fda

Download Submit
/data/user/0/com.topdevelopers.ashpazi2/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
3c26110e235d3945d91a1996e00b68f0

SHA1
360be98e00da7857a3a0faa99f9ed1b88aec4aaf

SHA256
b9910119adfe3322d560852043adbdaee0e246bfd46e46c3bfd7edb5aec40303

SHA512
cdef8191a45d0f8adef07f7e593a78d3a624d17e9a8c96df8b1ce4c93fc5d2eda3fb530a87f98ea575abe99da6390e67aa5dc327ecce2498e18622bd831ed879

Download Submit
/data/user/0/com.topdevelopers.ashpazi2/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
835d9b936e4b42b5e88b293d02ee5041

SHA1
0f7425b453e8bfd06462532b8de42b59dca3dd12

SHA256
ccec27095ddd519eb3e82fc3e55887079268b00a5789df95c9dc9631b2f4cc34

SHA512
bc2500ae253382337982f8ef94d1aef851b8e8f4035e2589bc8cb92a31629c58a53707efbc6e95f81ea8b0f547fc8affa6ac6ea0b6cc969c275b1b47e4418fd2

Download Submit
/data/user/0/com.topdevelopers.ashpazi2/files/Data.db

Filesize
11.8MB

MD5
785921f5410d43fe1a1f942ee4993df5

SHA1
458ebcbfc053edb65a7a09c00e4ba1eb15098623

SHA256
f6f31b1a71b9df105d2719b2fea258ab17d08a799c8cef9af397569e9762f08a

SHA512
858e96cad28824f383b0e3e4be304018104e54fd9a0e336b07830548bb0e4be04fc8d1a90abbfd06197ceeeeb184bb160b17c4b2bed6302c1358d4f7168bb645

Download Submit
/data/user/0/com.topdevelopers.ashpazi2/files/FontSize.txt

Filesize
2B

MD5
c20ad4d76fe97759aa27a0c99bff6710

SHA1
7b52009b64fd0a2a49e6d8a939753077792b0554

SHA256
6b51d431df5d7f141cbececcf79edf3dd861c3b4069f0b11661a3eefacbba918

SHA512
5aadb45520dcd8726b2822a7a78bb53d794f557199d5d4abdedd2c55a4bd6ca73607605c558de3db80c8e86c3196484566163ed1327e82e8b6757d1932113cb8

Download Submit
/data/user/0/com.topdevelopers.ashpazi2/files/FontType.txt

Filesize
8B

MD5
40361b6fe8d8fd9253ca2ce545dd3e37

SHA1
5056c826788ce582873a175083e2c0ac2a6e6a7a

SHA256
123824ca0b275a2484c11103665c49e018cdcee68b5afac36a4473678db8a50f

SHA512
d0b51da058e0550b651df0cd0ed30ea44962a75edb175515c63c6681f8f392799048f2220e739d958441e5fcca612713112456dfbec8cd1f25be834391dcd477

Download Submit
/data/user/0/com.topdevelopers.ashpazi2/files/lineheight.txt

Filesize
1B

MD5
c81e728d9d4c2f636f067f89cc14862c

SHA1
da4b9237bacccdf19c0760cab7aec4a8359010b0

SHA256
d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35

SHA512
40b244112641dd78dd4f93b6c9190dd46e0099194d5a44257b7efad6ef9ff4683da1eda0244448cb343aa688f5d3efd7314dafe580ac0bcbf115aeca9e8dc114

Download Submit
/data/user/0/com.topdevelopers.ashpazi2/files/setting.db

Filesize
604KB

MD5
9d04b2b6c984b9649acbb2e6086a13d3

SHA1
08f7e4c6d04292d7f194901ee94c02ddbf4160bb

SHA256
bacc1aaf60373cb44ae4bbf55bb09d448ab6e9a8aaea26621105febf48fda015

SHA512
feaf3cfc673d54527b8464fa23b5bc0b78175c9964813d56e07d03a4dae6a7aa297c99cc61e4fc7193d01d22c81a966a5d0073197b238158bb26e85361bd0f64

Download Submit
/data/user/0/com.topdevelopers.ashpazi2/files/unsent_requests

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit