Overview

overview

10

Static

static

10

d4aca9745b...18.apk

android-9-x86

7

d4aca9745b...18.apk

android-10-x64

7

d4aca9745b...18.apk

android-11-x64

7

Analysis

  • max time kernel
    126s
  • max time network
    152s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    08-09-2024 15:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d4aca9745b1df836541488f9ba87381e_JaffaCakes118.apk

  • Size

    17.7MB

  • MD5

    d4aca9745b1df836541488f9ba87381e

  • SHA1

    9d2430f0cba9aa83b00c4607e2bc2cd91c9a2158

  • SHA256

    5bc8e6f99911ef55bd375a08f2023d62c2a3a29d10aeb7938fb843d9074b691b

  • SHA512

    2b5b9864472c5c672b39b9c73c59e90c66bc06a97187ebd682deb830d9d8f21bcf440e1c3d1fe3ffe8202e796ecbb1f564ad7967055a1bbeaeb0ce0ad071e620

  • SSDEEP

    393216:lRkM6oA9/wSg90/JJlGKI3QV8D3r13bxsrXIJoJl/AqaIv+EC3I0JAus0L+BQDQg:lt6/ng9OHlGKI3QV8jr1rxWYyboqHq3F

Score
7/10
collectiondiscoveryevasionexecutionimpactpersistence

Malware Config

Signatures

  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Acquires the wake lock 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • ir.ghazae.mahale.gelan.d
    1⤵
    • Requests cell location
    • Acquires the wake lock
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4221

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/ir.ghazae.mahale.gelan.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/20c55ff8-ec9d-4e3f-bd93-1330fd99d0be.jobs
    Filesize

    278B

    MD5

    6b31974cb3218d0d9076b8c32e5da39e

    SHA1

    b9e68f44540c8ad1df809e17cd815c97d85704ad

    SHA256

    8bffed837f3dd30b64f71602bdbe83b7a8fa59ea861afb1feb8976c08f2d54d4

    SHA512

    b84628513fd7af0a6c9c69ebad0db1c95922b54a0807f8cdc908f713fff7a5c8d6b0ca4d90dfbdc55ef5c7e3d1944444563defea7b0dfbe78cdc250a775221c7

    Download Submit

  • /data/data/ir.ghazae.mahale.gelan.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/8edeca43-c565-4147-bb30-2daf248ec192.jobs
    Filesize

    990B

    MD5

    786835a00c2a16e25bbb769602479fdf

    SHA1

    aa90764fb6c757823f26bf6bff8984e233ae1d2c

    SHA256

    71437a937b3c1bd78c659f8bf6fd4f93d96204cc50f053b8fdf2fd7e9d9765ec

    SHA512

    a877fd5e06042c8833d57cb5bad6d34fbc1db5d00dcb4457da0095815df4ecedbf39e82d9ec0ba396d88f95dc1fdf446311cfb26781dbd8bfddd1ceeb035e63e

    Download Submit

  • /data/data/ir.ghazae.mahale.gelan.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/934b36db-29fb-4f6f-a731-2736a98d3c31.jobs
    Filesize

    179B

    MD5

    ac58f99a1b179d71e8621412ad31c6a1

    SHA1

    b51fdad95876f5615735c2ab411031ff67d5e946

    SHA256

    9537553772c29c4303e606e458fd9598c14f1eee3cadfb446e241638bee3ccdb

    SHA512

    faf45d5eb4b890216e6ad33825ffc02cbc57914628e625164f9cbdacd5962ce8ca8f473ded2f56eb4d4006fc7cafa9cff8c9f76655f17f83f38d3e89b8d7e67b

    Download Submit

  • /data/data/ir.ghazae.mahale.gelan.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/eb2a7557-40a1-46c9-8223-9a80a13df1e2.jobs
    Filesize

    176B

    MD5

    f56f328eea1d5c96a1b96dbbf59488df

    SHA1

    440c784cacff61932e2f61580b7cfdc3a4943c95

    SHA256

    90949c83a3d90fc0128f0d5df662aef3699971ce9e63ab067382f970cbab8918

    SHA512

    36e370cf16dac8b173fa182960789974d4087a7b607042000118ce518db8f1eaf93cf4f3be42c1c26ab53e87ff54da33b4c57a3a15e5cd47f2c2b66efe8b3edb

    Download Submit

  • /data/data/ir.ghazae.mahale.gelan.d/app_com_birbit_jobqueue_jobs/files_jobs_default_job_manager/ed4ad77a-5333-4fe7-b36a-1c4f2c41c5bc.jobs
    Filesize

    810B

    MD5

    de24c08d7322f31ab22f6944b6f22f75

    SHA1

    51712c3dc771a43e947c87f8d6ab1c1eab772d69

    SHA256

    bccacf18f1a7dd2f3859c09024029fbb307b4daefa1513b56e1969413e7b9007

    SHA512

    301e8298b6613cfe4f7e9f94376d6e722d698d6415e789b5cd9c0831678c776346ea6bb04dabee5edb24b2461524af64fe7873c019132a68cc813365e787066a

    Download Submit

  • /data/data/ir.ghazae.mahale.gelan.d/databases/__pushe_base_lib_db-journal
    Filesize

    512B

    MD5

    21523c038d587060f1e60ddfb5ba7bab

    SHA1

    dbcaa0654ebb67c3a3e3cf1d14042fec70a84397

    SHA256

    16ca912771b71ba4cd777990b4195e83bc27167d275f06b28c2f30cc658f5149

    SHA512

    bd0472c801d257779602361bc995d97cdf93889a7dd0a153afecedabef36b0a6e96e4a4b0d891c9a479b1e7b40fc090a1464b5440f79811a632b412e7911633b

    Download Submit

  • /data/data/ir.ghazae.mahale.gelan.d/databases/__pushe_base_lib_db-wal
    Filesize

    56KB

    MD5

    ed0df5d34a861f263b8cac1485d7e39f

    SHA1

    6b1a3f6212f0fcb65f25f7d919cc064339ccba0c

    SHA256

    e99129cddfe8d46ce0710fc48516a21240b1b68405121ae6244e34ff9f25f41b

    SHA512

    8cc3e05ed70e5a1cbae6bf721863039fa143e0e13fba332a5b7e730f50e96eac11278d2e6a6ef87b5a37930abb5ac79d265ce7161bd74c61fb84609161ddbd9b

    Download Submit

  • /data/data/ir.ghazae.mahale.gelan.d/databases/cheshdb
    Filesize

    20KB

    MD5

    2e3f3b4f9454a7275311d400e542605d

    SHA1

    74a62bfeaecf7a126f7e0e1489ef40392375361a

    SHA256

    c7c3ea2c8fbc6b322031bcdb64f82ae71fe4a321e499da485dd2300aadde6f30

    SHA512

    01b5bf47f6da18b5a5a548b2dae338ef53a5e2bcacca784bfda503fc2d575d1646bc7cf3d90bb62addd99c9e75dd94d5ed0bfb91fd247fb1657438fe3769d70b

    Download Submit

  • /data/data/ir.ghazae.mahale.gelan.d/databases/cheshdb
    Filesize

    20KB

    MD5

    0d6b3f45f07efece410d2fb8b5bc0d1f

    SHA1

    a7295623ee446080f644d94768c5434c365977cf

    SHA256

    f92f227a771a0fcb4245bacf314be0efd7916f5fbbe777ed444c8dd5072c7f41

    SHA512

    f122ccb51d1c2b5cca94b09cbd0c9e469672c19de8b36e84c687ed77f29c99698fd6bcedb04a2d33a0a371ebde6faa5a9e9aea4114ec27df13e5a63af9a4047d

    Download Submit

  • /data/data/ir.ghazae.mahale.gelan.d/databases/cheshdb
    Filesize

    24KB

    MD5

    1f347cea6a53594be878e35079bdabc4

    SHA1

    ae24631f83d3c875dd678040baafb5e64fc6ba6e

    SHA256

    46cc2cd48a3621ce276d0927dfaa0e367261e740d6c248c48fa48b25be769fd5

    SHA512

    6f09f140cda839271dcc15857faa5ec7fed65afabd0ed53164744e0b15c145b4fd0ae3f6ef0ad01cdf4eb612510f7f150ea72781740a9c6d67ed1075e5e026e9

    Download Submit

  • /data/data/ir.ghazae.mahale.gelan.d/databases/cheshdb-journal
    Filesize

    512B

    MD5

    a29133e33d78173de28e892c1ec5f910

    SHA1

    3e3c21d6d42c02c3f2ab6b8e6efb54d0538365ed

    SHA256

    3d0748968ac3c4a4b34d44df2b2a7c57c3027d538b2fb64f1eb0b8ea9c1029b9

    SHA512

    65510a8c2c68cca09f18eab3452a4fc5b428727b4715043addca51f19e14210c7cd9e6bcf75ccce02cb6430f8bd301e5415a30958c62dc36fe1efe6cdb4c299f

    Download Submit

  • /data/data/ir.ghazae.mahale.gelan.d/databases/cheshdb-wal
    Filesize

    8KB

    MD5

    458619c9aa69914b79404c4a7402ac40

    SHA1

    0a21ef587a01452e644ae5b54cefca6e26d1dcee

    SHA256

    b09bfd1fc191569f60139c33ddecf01bf91fba54a9424f05f75301e58b118ea9

    SHA512

    3d6c5a08ecc62d9bdeb3563f8f3513a70d360e48ef4f77d31d6de07fa1c3791d1c58789e543f13e8409ce0dd1c5bbaf47a455af6f26712a3a3c2e295c5f1b4d6

    Download Submit

  • /data/data/ir.ghazae.mahale.gelan.d/databases/cheshdb-wal
    Filesize

    8KB

    MD5

    af500adb3ed6c10e2c40df9de2a3a134

    SHA1

    92b4fda5bef0062fbdf02cb09adcf9f3bcd7a551

    SHA256

    120305283ab61d7cb9ce404449cb7ffb0ad96b7e08f4347aa2e01dfb8ac89193

    SHA512

    06b3ca82108b77c416cfa91730f6f4138eafb1d0320844ba44ba4ce68bacddf7972be74c600faf439221fab2d598c9e88283f01282e1d7453697a906f9b0bdc3

    Download Submit

  • /data/data/ir.ghazae.mahale.gelan.d/databases/cheshdb-wal
    Filesize

    40KB

    MD5

    012130ef548910df27c815342424ebac

    SHA1

    394c467dcb9cca5b87a28486f856ef02ecd0ff19

    SHA256

    91890eb8f6e65c0097a9a08fc20fa8ffece2a84734d9394cbdfe10c5d453b0c7

    SHA512

    3fbae636772bae9511778b5af382e00d5831c23386dcbe482db3572abefb899bed20b6d5d566b3d70ef977e7fa8656c772b99327ea2c274bb44ac6a7d8d69f37

    Download Submit

  • /data/data/ir.ghazae.mahale.gelan.d/databases/db_default_job_manager
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/ir.ghazae.mahale.gelan.d/databases/db_default_job_manager-journal
    Filesize

    512B

    MD5

    61a99781b7e3749b9a6d957298a0ccf0

    SHA1

    42a1f24778d13d97d60991da5f5d0b25a40c0355

    SHA256

    f97296c79de384ac5accec6c4798e1535298bc2a62ae263bb10be31a1904dac1

    SHA512

    a670b3a4b3d62937dc5184432aac82f47785a429de724bf671077305c991d7fcae7e0d9d26b04566f282c163a9377c49fa0230c53790c8d80ece0815964feac0

    Download Submit

  • /data/data/ir.ghazae.mahale.gelan.d/databases/db_default_job_manager-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/ir.ghazae.mahale.gelan.d/databases/db_default_job_manager-wal
    Filesize

    217KB

    MD5

    2ece221f004a47a5ff3ebf2d71ad83f1

    SHA1

    dd6fe092fa061213dc9dbab3bc86e2e32d8d6769

    SHA256

    a80c985ca98f74e16085e59769396bb59971d84192b6a741b2e39fa63f2133f0

    SHA512

    d77c3bd0cbabdbac97ed82314d7fc266cbc9009e4b39c586d7d5615b1f57677a9ec6766b0916649f0d03349e954f77de0e19997148fa7d05d1d4cf2dc660f0dd

    Download Submit

  • /data/data/ir.ghazae.mahale.gelan.d/databases/evernote_jobs.db-journal
    Filesize

    512B

    MD5

    c0b41de2059252e7849d1c8f7b7c9f0b

    SHA1

    1f8ba97d965c465d8f5d7c8164946ff6df346cb7

    SHA256

    4ee187778688cde7fe1e038e97fd7a7da284c9c56c4491c15a93b034d9698e60

    SHA512

    7e1388d83b7ddf842ea111d99602ce442fc9d13a970661677e0d1d668a9d4a2f3c9a97067071858401b241c24cbaafcd38e87c41f95d84a9aceaa8912a91d510

    Download Submit

  • /data/data/ir.ghazae.mahale.gelan.d/databases/evernote_jobs.db-wal
    Filesize

    104KB

    MD5

    e7b7283ae5f9f4aa9a74809ca5b60539

    SHA1

    5d2ac8f97a94973a1cff75588fa1cd7dc8304709

    SHA256

    b96a662d925e9a981cde663eca57e53d7394098cf16c7cee0f4144c52d841e3d

    SHA512

    7b55a4d85a26509965af58fd97c9b3e7c5be5ac1a79ac8b890b2553dc56973925f47d18d9a53ee489ac8d68a7bb44f1511afea619b4c6a165a27062e3b381686

    Download Submit

  • /data/data/ir.ghazae.mahale.gelan.d/no_backup/com.google.InstanceId.properties
    Filesize

    2KB

    MD5

    4c29534425a50cf8354243fd3464fbf2

    SHA1

    9ad4d8be8db7018fb536c087f8dff4eb25400421

    SHA256

    83281013bf74daaa4b38cb1eb4dbf9b13946087528ca7694986b64d3bba2b49e

    SHA512

    10ba567f19dfde4a1d6acbbffd4191143eaf659d358ae9f3a14d082bfc36df2e21ecbe015361e829a41cc58113058b379b3f66c379efe04555facdff414b2d84

    Download Submit