Analysis
-
max time kernel
134s -
max time network
142s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
13-08-2024 15:21
Behavioral task
behavioral1
Sample
93a47aaae5bd829dad05c02c7252a676_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
93a47aaae5bd829dad05c02c7252a676_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
93a47aaae5bd829dad05c02c7252a676_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
93a47aaae5bd829dad05c02c7252a676_JaffaCakes118.apk
-
Size
14.5MB
-
MD5
93a47aaae5bd829dad05c02c7252a676
-
SHA1
b61b94662be0e4a0c2402467862ef0157ca0f81e
-
SHA256
6240eb972c593af5f5baa0fcaf20e09cf798abc2e226b148ff5d56b8632db31c
-
SHA512
6b80e09e6f7fe67ce1169f1f0b347072d17ffc5c2f34a2367349fb5dc202d282733228683e7054d4bd42431b30539b5224da4eb3baedab639b34092ef9584be2
-
SSDEEP
393216:M35GJyKnAoFArC7FPhVAo9uuNwGplMPN5woU3pAerTxAs5DdhtrsXB:MUyAAoCrIeuNj2N5woQKerTxAs5DhCB
Malware Config
Signatures
-
Checks Android system properties for emulator presence. 1 TTPs 1 IoCs
description ioc Process Accessed system property key: ro.product.model ir.miri.deser -
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/ir.miri.deser/cache/1582435991586.jar 4250 ir.miri.deser -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses ir.miri.deser -
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation ir.miri.deser -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock ir.miri.deser -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo ir.miri.deser -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver ir.miri.deser -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule ir.miri.deser -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal ir.miri.deser -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo ir.miri.deser
Processes
-
ir.miri.deser1⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Requests cell location
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4250
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Execution Guardrails
1Geofencing
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/ir.miri.deser/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/ec455893-f2c5-445d-8843-f8c8fe3762da.jobs
Filesize278B
MD54aa64f11a41dd99b96d912246f97ee88
SHA1a2c01931c4a1350ded36a6647a693b10b30a0d61
SHA25606bafb9af2f14c1d0da60b6dc3b4f7bb8f5295c8c04664dbe902b9efae3e2d7a
SHA5124da939039a1be59eb7d4818f1e560acc16d2beada6cf939c6ad4361501849d31bae1f3e8e169c0b2ae520b0b2f7d916aec8a91fcfcf11222d5ed48fa9287b4de
-
/data/data/ir.miri.deser/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/ecaf9ed3-5fdb-4a33-bbf6-53532202a97b.jobs
Filesize179B
MD5ac58f99a1b179d71e8621412ad31c6a1
SHA1b51fdad95876f5615735c2ab411031ff67d5e946
SHA2569537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb
SHA512faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b
-
/data/data/ir.miri.deser/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/fb30957a-716d-408f-9a53-170009a31676.jobs
Filesize176B
MD5f56f328eea1d5c96a1b96dbbf59488df
SHA1440c784cacff61932e2f61580b7cfdc3a4943c95
SHA25690949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918
SHA51236e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb
-
Filesize
9KB
MD5e8e0527a01aefdb89afd2c508f131da1
SHA1f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34
-
Filesize
4B
MD5098f6bcd4621d373cade4e832627b4f6
SHA1a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA2569f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff
-
Filesize
512B
MD5f2707df47220ed254ca58d04fe248152
SHA1b2e654a65b3146d13c73c835aadb2291ba516a56
SHA25634588ade67840169f0a6e4723a3667fc883cbc4f94ca094acde780278099568a
SHA512460270e85c93170e3fb449c325db595fc4f97a074c48a21664b2bc8f6a4c7c7a19bf205c61271f0d84d24f3cba2adc391feca0889e543da5690aba6b28971591
-
Filesize
56KB
MD5f2e51bb861864ec1bbd83af3b19f5586
SHA15a507df39ae5742556c524554266ccb4c9aedfbb
SHA256b341eae6067496be525c6e5b9e99235866226c48fa55b5148ba9d5fc73e095cb
SHA5123ddcfdd01d0ab446b98c647eb323c3800b7abdc092cbbddc926b813c80ef96e8e07fd0479c9b3468c88677c907bd922cf3ec1ca81959d0141236d83b37cb89e2
-
Filesize
24KB
MD51f347cea6a53594be878e35079bdabc4
SHA1ae24631f83d3c875dd678040baafb5e64fc6ba6e
SHA25646cc2cd48a3621ce276d0927dfaa0e367261e740d6c248c48fa48b25be769fd5
SHA5126f09f140cda839271dcc15857faa5ec7fed65afabd0ed53164744e0b15c145b4fd0ae3f6ef0ad01cdf4eb612510f7f150ea72781740a9c6d67ed1075e5e026e9
-
Filesize
20KB
MD53660f9c33bbaf26c25e71925fce1e87e
SHA18f42e3ab22709dd6e019670047e47dafdae79c4a
SHA2560ab9f744cc1bcb928c0d13ef906559bf0a3378ccad50283786c29578669e26f1
SHA5126a208552603dcf572186fc03f0d4eccef96f335a5a2e97933518e4077ddfa02623ee94c01d93ff869a586d786a2aac77ef4b1559a7b793a43b86115a2f9d192d
-
Filesize
20KB
MD5caec7ec2a0d301ac0f219676c352f82e
SHA1b6e45018a413b4dfa77d6cefb3d8001bbe053d9d
SHA2566d0b0bb99659ddcf1dafd74e20dfc11d2a66e5fa309a4a7a5e7c8b68c0fc7fa9
SHA5122c6c47042da03e9b4cb18fb21067a49491e14cb08f53c0fe4d7445118ac9eeee29928e23802e4f9b4607083888874ba525498e45536d43d481620aceaa48e559
-
Filesize
20KB
MD5c994037c80632109ecb9f0f960db5c03
SHA1caafaf2a2fef4f542b544a902d66caad58adbe22
SHA256a5fc5ef14d6c036574f719e47670533f686def2f7cfbd6f20db663a589700a47
SHA512ade28a12c2758287925ad38ef8792b79a7818d7c338a664577cca969574a2b74b30f478d2a070750ea3c37aefa3fc240bb0c9d1dd89ec6c1259fe35f857754c8
-
Filesize
512B
MD57d82b54f5bb9d16b906e6c92b96117f1
SHA16c727e1fd74ef7a60571953b84a457f094351cdc
SHA256ebacbd82d330eaedf401962ce46d60a0f3b9e02c2370e4dcfcce8f08a203d661
SHA512a0381ca9767b7a221be88662d27a9c0a3f45f37df1569004d3da89b125cf4e849f02bc9d85c0e79f721108830065198aa86e77c1eb38d7d80c6e0e5c62c2528b
-
Filesize
40KB
MD5002e987d1593275acf8cab8076c343df
SHA11bdbb9c59af04629d2c89088459330ad526e5806
SHA2563b439533f649ce6f2c0fb326e06ff18715cdbc27cf908601ab24b234d246a8e3
SHA51243f9f8358642e461c1c956e78016396053342a24126bbe270ae9d5ced4d471f2325d148c37046779c53678f3440a293fae2d5b2cd7add09c93cda41ac812f2ff
-
Filesize
8KB
MD52db4e83021dccafa3e8ba752eec856c5
SHA18d636bad3e061fa443e65d79ba06ae317759add4
SHA256287b4d637fb2490c9838e34fec177be3aac5bd45deae6fa8b31c349c8f636741
SHA5126cbb7c0cb6662393d1df86ede976d87ffe3979f549dee3c672102645de03df5790e4d5b54ae18211c75df17b95656fc57cd30502be0948a598ace0556f9988d0
-
Filesize
8KB
MD5cafe11550dc7a2d9bfe33c9a3b2d891a
SHA18bfcfcb6d6c47103afe3edcfa931d9bfb88993f4
SHA2560dbb5c023496146aac19726c6af9e041bd6c9455e6ba99817bb6448c4a8b358b
SHA51223107077bba8c9d29e7d9cba49eb1858788f19ad7c655c6de844709d207c79ca334590b0b0629f744ad350e5a5c93d80ec57e7b90c17eefca8d60431850bd037
-
Filesize
8KB
MD5c3884544ae95ab45d7dc2e068cce2bee
SHA113c9cc354b23f154ae3bac537993babed26151e3
SHA256cb67a18522b4850a4541ee206e1c040f83cb03c427614728716176d83022063d
SHA5127f08774e0260b7fba7cd99a1ef3727c9d1c62fef171997b7961a367c354017ef0053f0d9b82cd9b371a33cdb20e2c063f984757e8f2a7a6bcf8aade5fa5d53ac
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD50f75e55ac0e1e5ae17c7952e47c23ef4
SHA115bc5a2d4aceb433cf3399c7d037d7e36d20ac8c
SHA256711e32dc0964fb79b528977b15a5231efc3db0949236df419525f82353566c8e
SHA512bc066bdefc145842c68ecaccdceab1a2b1b315a17bffbb8a36f0a3a2ff477026786ebfb4a319603b3083f01f9fe1d445caff45a6793f58ee3f7bf8338d85404b
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
136KB
MD54e8b0096e76eaaa7dc10abeef9af44e9
SHA179791a4c39c1cd3186f4794ba083ba5a3ad4a249
SHA256c06f459d46d0f1773468ef4032bcfd3638d75eb54a746b9fc3505d2b24fd86e4
SHA512838a820049f9d391df40a45e26e1edccc4edc6f7427f58d7b224e4015adefdf747a8b8255d3da76a201f96d852b0254b994f8c9fc3883c764771e9016abb614b
-
Filesize
512B
MD53466d82aab560b2f321cd29e75d5d65a
SHA17ae9e5db9b779a5ee1ada69676c5e77aa5339f50
SHA256882f69ca8299f234600298f4fbde37fc0bae585b461584a7051424675e5ed686
SHA51297c5c6c0c194af7a5dbd43f90ba329869afe34e3530568d5df23bc4b7d7c840cad689906c77e52a6f06410d7faba959660bb3ac1850503a5df8c90050700b421
-
Filesize
104KB
MD5f1d28ad567a8ccbc838ef1df7cc2b640
SHA1172482ff389aeaa7e62ee289aff47d290534c815
SHA2563ef13ff451c95700f26fe245919d0294f89c987fbf75b3734ab96e59fa03fab5
SHA5129fcc3139eff7b9b12efaf2e3f4095ba5e97a42da24e0cae4d07e2fbbd116ebbf07678ad3dfaf103fc5f9bbf7a42df779e7c69c829cdabe64c851bdf29c757e4f
-
Filesize
16KB
MD57237409e0640cfab7bdbd429bf821a3b
SHA14c3da934842f8d4835dfe2a9c275a300e5123309
SHA2565c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f
-
Filesize
16KB
MD5b7eb5042f4d882fa8e8d14f27e175d6e
SHA137efd60091ec70b97f4b58bdb312192bc42dbff4
SHA256517720e4a54e5ef49a03e88855ea917147b4008c1d72719675b2953aa3dc9dfd
SHA5122d984419859029c0b2c745b4a64919ee019b3b96d2313f3dbc3dd409295050ba7620c8e9c8e7e9cd49959f261bf13bfe3c5c4dc4fd3f5622e1cbf5e42ce55059
-
Filesize
16KB
MD598044635eb7c1c4501f159a21b1b9241
SHA187b95b30fcab31f672607e0af21cc9cdb1c4bd3d
SHA2562b5000da3789ff003181dff354e67f1f51f015d886fdd44ac2741cb4dba8991b
SHA5124a043243cef66dd7e512e8839dbe567d837c0048e1d5aa1b7a0c901c7f1699840fff6964512b2c96c613a88f5865a5492b143af47e5a0ed838256dc0ab7db833
-
Filesize
16KB
MD53334865767bc99ec6db07da2bc8a7670
SHA16fd974402978bea96fe9175d18f250d3b2e82b27
SHA256cce08547df90c53cf54aa3895b5966a26131e0a304033df7f5e28ac47b50a707
SHA512f385e02f446bfc66c48f6495eddee574f26dea1dd7dc3ee3a7aff73429342916d47f9a69c2509a1170a24c00798ef6784f1bd9ff0984d470af65033505d2b069
-
Filesize
16KB
MD56e5ad2359202eb379e415d9dcf60b3ff
SHA1c0966b71cf2270a2414b756d94be68707706316e
SHA2562b7da1cd42cbd2719af99725b1ee5669dea9bb23a95b2d45c268b9406f607664
SHA5122f7b0287f4347e88751b70aca3ec58842dd264f7b65d4ddece177a4a3c6c536772b2f39458227f31c32e4f9bcfe7add2bb3977d685f045a4d9d7d2fa8203bbe2
-
Filesize
16KB
MD5ae40eed41112b3a4aeebcd6aade5f5f2
SHA17eb0be0aeacc160ed4e8ab173d9b42b204be6de7
SHA256ef05bab1a95992ea26046167012f1d67767d18e08f60e416f659027fa0b41855
SHA5129cc6d59cb015beef6527c185ae271a12e487fa055761c525d8ee946d555fe56a631662efb73270f44d65dd02ed95012849a8572297f5c5f7ca040dd362427d2d
-
Filesize
512B
MD5dcfb0cedfd96aa6b0183c896f5f2babf
SHA1c634609013673876864dc36e5eca4626c535c39a
SHA256045ef6b5aef24cca96cfcac0b1347e7d1a4a5c8d32b79333cd788e2f4edf7615
SHA51212cc0c8eb8aad8d5ad4fc945056f4ad60c24ecca5d2b1f1738fcc2a45d120a5c460ab5e4efa952c8594b7271097c13117c654bc5a25a350fbaf5aef00d682e32
-
Filesize
36KB
MD55dd51c713c0ae02c5d523e46cd22d72c
SHA1971b54681b76142f802b1ad80916dbbc9e869363
SHA25642f76afb5b53edc80d7f73a289cf634eb3e57a17deb4f469da13962565604766
SHA5124cc5cd80ec9aa9941b275dd09b5363e4d9685ae786520a21b64f3c08fb17934a895c5c6f1123e73d9afe61ed35f8f5b034f06711b2bfc86ac91c33aa6cb5b628
-
Filesize
4KB
MD56a8c431ffcca7758303d40e5c725f22f
SHA16a2c9ab3070850f01ad24750efd41a97eed868df
SHA256ecbfcf41d2f1e5608bc4be2dc8469376be53bfcb7cedc6896ec9afeb96b6611a
SHA512f16cdecbeafc95ec0fc0d3280addec0d80eb2f2f721714135a9117d7c10af6396d44bf4cbd91cf0b15a1f2af8a53c43e05290616f029375d8a4d08fece8dfa77
-
Filesize
4KB
MD56a6133e896bbd36c20417c8c12e134bb
SHA13de156a49ca40c48bbcd0a0e2add662f2e4f890e
SHA2566295acc21ed9af56116e2f3828ee1b294d6a2bb38c61da1cbc9bfd980f5d414c
SHA5126111133673a2dea5ee5eb303515a38d2295c32710b6364264daafff40c5fd0da597cb2963c754a6b794beb800ed1d40c019a1be843f8074c44df584ada45acbf
-
Filesize
4KB
MD50a7d6924529fb3301f53d05f4bc81c94
SHA1c558bd8c0c3baca0e7d6e4412457732d5164e838
SHA2561761debea2f738ca1a1dee3a39b9f9cb3a427a8299dc6b88df78c3fcc40997df
SHA512c99d2b94b5658feeb5f783a6943a286a542a69f7bd5ef1c2ac1631ef2d9bb9833773da1fa7b41b03859663d96ed66fa9dcd6524ae393bc1b265c45368fceaf4d
-
Filesize
4KB
MD5b4bc02c7315c02c8e08fafaf8728613c
SHA16ce3812f047e3bf194dd2073c917047ceb8b1b17
SHA2565c228d71126832501c81efce7b38d4cc39f86fb971a2e875c750233153026876
SHA512e2411e4f4c42c1261cc11e87a73b9bbf16fcd51da2a059fc4ebf5c8b6bbe7875df2ac3ad306217d9d0524d4c555a9fbb60da64aeec1ca126b1a27071f823d9f0
-
Filesize
4KB
MD5dfda910318d03a55cbe3f15b96d210aa
SHA144f5d4e354577b21a6118c87ddc05155668e2d9f
SHA256e4d9be543654ba2b2ece1ecfa20dcaeccd757815588f4ce18399722076a5ae5f
SHA5121a1d0c729282e3ee662b00cfb13e0d37629f10cda6676ce210356b44e363426f14c3d7c03b7d2f8152ec0a91bc953169993247f7df226f7d0f0b108a9d43dc43
-
Filesize
11.0MB
MD5255e2aca7224ae1a9995e3cd8e65c45b
SHA1c371898676987dfe6813cf4426a817c13653be66
SHA2565b9cfd511c352da2649e4b4f104200dd76b3ed760d6cf868ec30a1df2895f66c
SHA512902001cfce1d6a4f75cc95fec351741c9a42d2c46b7a0518279536b5dbcc62b37afd41df9cb8a0ce9503ed90a79d1991232e6e5fa936b2e1fc33354206961853
-
Filesize
1024B
MD5188e9889c2f31f3da3db067daaa11095
SHA19240db2635e9cf9cc30e74fb38e670dd15a8de10
SHA256b8d73be28c100da0ba7092bcb85582552e47d3422709448bbd486775160ecb14
SHA5121d4469d337a6d495c8646b4d7ba926fc05df758c02580eb72ea238d7bea9324e7f7cadca7cd4636f33a68ee7d56c6ba39ec24d0410f82aa93c226aa3d4b0efdb
-
Filesize
1KB
MD51723e67686fe15b6892a4c581fcd92e5
SHA1d738f1b894570ba2b4476caa8914625000ca9548
SHA2562e18d17ad25a438e167c8cb4d7bbd3e1974e139899f1aaf7c3e0ed209279d151
SHA512f6c4e2002d2a58daaae58e5807f9966832833f2fb26a43339728883cc28e9739275c195cc3f16bdb7b0f322ea8dd16eb8989f22495dda44d40ae802ce2795f7e
-
Filesize
2KB
MD5033725b50c10e773db1190297946d6bb
SHA19868ce1145b9f80a3bc30194e74957432952414d
SHA25694c4e729e2a652a6b588a4f0cfa88a87ff60972f1e2c12e522278d49c80d3721
SHA5126546978070bf8dccf001d4399c38777e1e09c9024c9ae9e233c2d011e578a4b716ee29e886295f03ef87c57ab7c12650e1b91412a6cba7931272110fc2a80e63
-
Filesize
20KB
MD5fde2ee00cbd121cfab5290b078aa3ceb
SHA1e2b77d5320e155e413d040a8c20020962065b2f8
SHA2562897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56