53dd3c6a3f22011bd26c30fc4564245440a9ff6a896b05eed88fb54874060e43

Analysis

max time kernel
111s
max time network
145s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
08-09-2024 16:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d4d655518cafb6af5671f4af0bf1cfac_JaffaCakes118.apk
Size

5.4MB
MD5

d4d655518cafb6af5671f4af0bf1cfac
SHA1

4456cfd49a94861e52a86ec814617cf159ee76ff
SHA256

53dd3c6a3f22011bd26c30fc4564245440a9ff6a896b05eed88fb54874060e43
SHA512

bccbb19c6a08b29e7ac58e9a2c221c3a46f6e89b36863fe4f4204e4dc1384da976398fb26edc3c1af1a1acfdd300c958a2907cad74c5e7dfdf7b9ed76d6cef4e
SSDEEP

98304:FiKLKshAzGGLaTi3gE59oKiLeNWQ0V35AWHAsvP+r/K3S9apLdnmgG:/KPq/T/woKiqNJ2rHYTKiApL8B

Score

7^/10

collection discovery evasion execution persistence

Malware Config

Signatures

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	ir.arzanikamran.halva

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	ir.arzanikamran.halva

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	ir.arzanikamran.halva

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	ir.arzanikamran.halva

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	ir.arzanikamran.halva

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	ir.arzanikamran.halva

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	ir.arzanikamran.halva

ir.arzanikamran.halva
1⤵
- Requests cell location
- Acquires the wake lock
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4248

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Location Tracking

T1430

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ir.arzanikamran.halva/databases/__pushe_base_lib_db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/ir.arzanikamran.halva/databases/__pushe_base_lib_db-journal

Filesize
512B

MD5
66616365e151b048bff5170b9611821d

SHA1
ca2721f9f5a90cd40a7eef298bb374ad03858ba6

SHA256
c1adebff8756bb4ec532d9e501546358c115eac4586cf165f8d48a88f4dfdf1e

SHA512
f0c53d808caa736d2af12f0c7b66c694802f8b0b676bf4c8d6443969327b617429d4ca5582f1ce0dbdffa1a19242d3d685a8f26af620bf8610ed7dba8fe90ea8

Download Submit
/data/data/ir.arzanikamran.halva/databases/__pushe_base_lib_db-wal

Filesize
52KB

MD5
c4b3ac19a7ef6bc62699ffb7ba245826

SHA1
2a402b4f652172baaffb77dfc63dd1fe3faabfdf

SHA256
f1e9db59ffa068f8479e850270b92c465120ec86370bd326fe8b0e1d443ce5bd

SHA512
b9856777827802a43af9c8910b513a874b87aee35cb73d7601d7a6eb93fb0052de1027d26f4919f95864d68d99abf9d1174a45a7fbfd32983384c87b699a43c3

Download Submit
/data/data/ir.arzanikamran.halva/databases/evernote_jobs.db

Filesize
16KB

MD5
3e09eb897278dd26de8f2cd2f271bddc

SHA1
b9089c9c68b3b178e0fb2ebfff1db87e783edf9b

SHA256
a49d0db6a310513ff243a91f82f76183dfa97f9450cfdf04a945a8a020a03b05

SHA512
26f3e4379e242fa80be3e6eb91f6a002ff21c47dc4c9fdf9b1d2f63d100f5fbdf68cc7b391a614a0d99b3114948402480730c5717bf79c23b67fe588f7cea5b0

Download Submit
/data/data/ir.arzanikamran.halva/databases/evernote_jobs.db

Filesize
16KB

MD5
e99f75f2a080184897d4ac989f8888c4

SHA1
5c4d92eb06267be11e14104b68b8921d21f3b183

SHA256
9f9c9bff31237ba5cb1500f9ef5cd2b7cabfe3d7e1771acc8a70d11f9947a963

SHA512
c1e0c4785e310a0402368da260e58917305310a7fadb6d5cc216a5c1329896640898d593b8a943a8b347f8b498bdb3e7eca7426fc1a33817f1d4939c699046f2

Download Submit
/data/data/ir.arzanikamran.halva/databases/evernote_jobs.db

Filesize
16KB

MD5
bfbd8a16feced4f4e67038b507a60fae

SHA1
8e089f2d8e86470f74c7c7b526f661b4fe020b66

SHA256
e9805cc8e64f110376ea0ae6a4e53be843df41f86bfb6094c6b35ca88b4eedfe

SHA512
ffd9244170b0d57e4e5290860e07b7e4319f30db2c9c116491c6eb436a648119dbdbcd167d9ca50a53641670f209a3283c676030b4e5c63f85190779f21e4f1b

Download Submit
/data/data/ir.arzanikamran.halva/databases/evernote_jobs.db

Filesize
16KB

MD5
978fdf85b8448e3a7c9015e51477eb49

SHA1
793bb88398dc9457935a4416638d5ed3974baf19

SHA256
8f72919eebbe45ed6d33b7b763d7e45d76a880128aee9aa5c29d28ab79689a92

SHA512
852b2d3e2607c96625e9bcd454c702ccec6a0f07aba3410976d6400ecd2d48ccc92d93c8ce7fcc87a622d04357bd6805a996f11d339ca7fc3eab99c0e991fe38

Download Submit
/data/data/ir.arzanikamran.halva/databases/evernote_jobs.db

Filesize
16KB

MD5
f6fd09b4c546f0010cdb8443ff046108

SHA1
3fc96bbb7a1720828feb21d04df7cde62f4c3bc3

SHA256
40b1f1067532e58988ae6b9e062e81a545d0b49a0534994301807c2f77a86396

SHA512
57abfcbec61b7ffe4547cc6a478d81d5500e83b74baf47464d010a0b3bdd72e1f5b63a262d35929800090dfbe40ac442768d7ba29c792d01a7af3c13e01d9337

Download Submit
/data/data/ir.arzanikamran.halva/databases/evernote_jobs.db

Filesize
16KB

MD5
05029f2c1221cb47ad1774b876d65031

SHA1
d0124b63d9f2ee39044e91553de1bbd29b1c3d83

SHA256
c40468a452e86a0b726520bef3d5e01e3745479de5f650f4a958e77d2e1c3baf

SHA512
e6c80f6f36289c0ecc95066f8c5deabf2f4708eb72f0b377a40d76a31b39594dd6f38f834356cba1339c50a1a9d795b19f46bd83f7b8c386a082831984cbc439

Download Submit
/data/data/ir.arzanikamran.halva/databases/evernote_jobs.db-journal

Filesize
512B

MD5
633ba67accf32dcb6a673765d7fdcdb8

SHA1
5d852af75b750a2f936da00c38de985ec9a66188

SHA256
51bc03e982bf65932a921b83219223e45512f8c38e205ecc5a60f4ca1c10950b

SHA512
29c88914f405551fda10f392ae3b482e64b23a3ce5637922ee2c9dfb4d401a4543ba3848db2bd9890797bf54d0311952bc81ef44a5dd8b46a0cc15cd988cfae2

Download Submit
/data/data/ir.arzanikamran.halva/databases/evernote_jobs.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/ir.arzanikamran.halva/databases/evernote_jobs.db-wal

Filesize
4KB

MD5
6aaea232953e49ea5ca01277186e5c3e

SHA1
2dfce17f95a9e8a3633d678bd07880b5b897be74

SHA256
da7e7449640e2606c6005c1744fb73c4c978e3a20639f5a04e84f04c1897875f

SHA512
eb63b3fd13fc41b5a7913e4ed590bd551cd23b9e86d977d07a67138810c9fc12332e68d8c4a06883a09146430095f281fd55d43641072cfafc58342ec4756321

Download Submit
/data/data/ir.arzanikamran.halva/databases/evernote_jobs.db-wal

Filesize
4KB

MD5
6650434c0af4c795483aad56a6fefc19

SHA1
f7c826027648dc5ee1aeada54cf9dc7c06fbd397

SHA256
518319829d6ee2fbf12adbd27dbc47a96e2d5eab5cb55752de9116c63e6f68fd

SHA512
748290c6a1829b9fbdac9ede9b2e98b3207b8c75707f6c1ea33488945c5ba83441c39fef7124738f60d983865ca5a99d87f51972be1469024deb8212114772af

Download Submit
/data/data/ir.arzanikamran.halva/databases/evernote_jobs.db-wal

Filesize
4KB

MD5
2e98480a2d1d8c51606e10d24af23e17

SHA1
1ce8bd346144fbcb872fe281c6769122d1258cec

SHA256
ea7f49502678378375e0befcdcf109831dc9abb16efa00c8b4cfd2c5510b2162

SHA512
185127ca0018939e0288350a03c93a5739adb0d1f85a1aaa84e8b7b56d59c3fce098dfe3d09ee42c374bc637650e2878e9946d0c8aceb4b1aa9a12d19a820ae8

Download Submit
/data/data/ir.arzanikamran.halva/databases/evernote_jobs.db-wal

Filesize
4KB

MD5
496f5513929bef2dde47ac91f1b21e6f

SHA1
399e59f47ca5143c2faa054e66e1544a0ead28ee

SHA256
077e44a3e92d1fd1cc757858114e060c7ac399eba487f7d0095ab251a0f62ff0

SHA512
d626174a479f15a72b41e4342b2164de2ae63f5a07e9363bfb18770ea4dff1a1d208c593f8a9686a81d6e518227f4ce4cf18a356b1d4d5506c5ded336d03325d

Download Submit
/data/data/ir.arzanikamran.halva/databases/evernote_jobs.db-wal

Filesize
28KB

MD5
19a74d62d583852fdbbf15bde669becd

SHA1
d015ad6644d16f0c7a3bb471940354d4c452bf0b

SHA256
c9a0955c383676e94c262d5be4cff186e69502f41f715822ce6e6a956c83629e

SHA512
75fb79a81ce875adfb71de22b3ecf5c07db4b94cdd4f6db59dddabd44075732c2f0d16dc6bda40d054befa58e33ce3b4c48b2bedfc5a6930d2c754ef2efbbf0e

Download Submit
/data/data/ir.arzanikamran.halva/databases/evernote_jobs.db-wal

Filesize
4KB

MD5
fec6685cb9713004444a93af949e2aa1

SHA1
3e50757740e50374668944ea161c1069baa5fb0d

SHA256
7f1c3a7fd3df86d522e6813cc01a11b78f1719d6c512930a632690df69e60bf0

SHA512
353436d517d1bd673d8a7dd864898ab6a1df0af81cc7ce11b357c4c6bbeb0a46ecd19a9933a7b6d78c9de9f8c1f73d694dc401c6e12f150bd8c236166ec2ff11

Download Submit
/data/data/ir.arzanikamran.halva/files/unsent_requests

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads