53dd3c6a3f22011bd26c30fc4564245440a9ff6a896b05eed88fb54874060e43

Analysis

max time kernel
108s
max time network
156s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
08-09-2024 16:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d4d655518cafb6af5671f4af0bf1cfac_JaffaCakes118.apk
Size

5.4MB
MD5

d4d655518cafb6af5671f4af0bf1cfac
SHA1

4456cfd49a94861e52a86ec814617cf159ee76ff
SHA256

53dd3c6a3f22011bd26c30fc4564245440a9ff6a896b05eed88fb54874060e43
SHA512

bccbb19c6a08b29e7ac58e9a2c221c3a46f6e89b36863fe4f4204e4dc1384da976398fb26edc3c1af1a1acfdd300c958a2907cad74c5e7dfdf7b9ed76d6cef4e
SSDEEP

98304:FiKLKshAzGGLaTi3gE59oKiLeNWQ0V35AWHAsvP+r/K3S9apLdnmgG:/KPq/T/woKiqNJ2rHYTKiApL8B

Score

7^/10

collection credential_access discovery evasion execution impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	ir.arzanikamran.halva

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	ir.arzanikamran.halva

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	ir.arzanikamran.halva

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	ir.arzanikamran.halva

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	ir.arzanikamran.halva

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	ir.arzanikamran.halva

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	ir.arzanikamran.halva

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	ir.arzanikamran.halva

ir.arzanikamran.halva
1⤵
- Obtains sensitive information copied to the device clipboard
- Requests cell location
- Acquires the wake lock
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:5051

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Location Tracking

T1430

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Clipboard Data

T1414

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ir.arzanikamran.halva/databases/__pushe_base_lib_db

Filesize
24KB

MD5
94380a82d678d9e6aee0d5d077e0a388

SHA1
903391dbf65fa5b18f4de64e3721d4caf42691e2

SHA256
14b5ad52353816f22794999676487d041b5a8e3427393b5ad69e71e2ee84f649

SHA512
7255f780465bde38ce2bac13a631cf0ebc4dabceef266c2f2f556d1d12d856c0c2fa042ac59eacb0b2d79151a476e31317090b59fa7136eef0869e3e84a06520

Download Submit
/data/data/ir.arzanikamran.halva/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
cb06e9c388b44048ba6210058bff8c56

SHA1
300ff97c5537167e567e48cc8afaa4fc966f1785

SHA256
0596dd08812e2a5a94ed0dc95a65ec2068b2b62da31d267f227b496eeb4771aa

SHA512
eb08eacaaf2c3d37c4f7a5113d4a4cf51b7e4c9bd74925506e29ebb68993bfcee71dd703f5f8d273d1380fcf395bdfdd0c135ee0fe6dbdda460a21c3866063f1

Download Submit
/data/data/ir.arzanikamran.halva/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
b8a56d90c077bbeee944721d09190bbe

SHA1
3f42dda2729b2e5fe9dabc664965575c0cf9c4f8

SHA256
209257da29f2f232a3d2c5c5b7e434123579489e62c3f6947ec45eee7c1c596a

SHA512
6208722c301d81795e2fde77b64b12d23e64da093e96485b3f2809021b21fc88a336e8010c87b1f250f72e6765e6d0da7c995787ffd7eaf16699d38a657d9977

Download Submit
/data/data/ir.arzanikamran.halva/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
a9a19b7fda51ace2c3a1c67b255e8968

SHA1
b2a3feb7631cce45ede440b5c103b1f9a2830e3d

SHA256
57025e1992e8a72e43d6155f551d17256506986605adb73c7964888ee5a44966

SHA512
6b67fb364ccb8f6efbb3ad308f11fedf38db6398455ce2ee9b70b8fec9d97a54f0762029a46342b12b12683f68f1b7bbdafdd27c36eafb04c9be30b92bc3c8f3

Download Submit
/data/data/ir.arzanikamran.halva/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
e98bafbffa973c4bb017d81bcb0df5d2

SHA1
386b98641140fd0e7a82f673ebb8e8a95d47ff25

SHA256
7c264fe064bf232d8b0c6a46a8304929742aac68e3e7f4986625b61c37031ff6

SHA512
fe53402c04c6ab062be99bab65fda2be3b7be166997ffc5d93efad461ea094d9f1fed8eb2e58f68278b781d2c028e331f15e98b70efcf1bd280f461807a5b94a

Download Submit
/data/data/ir.arzanikamran.halva/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
a2b2dc2504858c258462c20ca169622d

SHA1
ca5af9d5a338a7c46ee994e4c0d4f6b3338053e1

SHA256
74f17ea933671b43177c2a9be3d7c9706170bb9bc93af2d63cf0b88a0d8184f4

SHA512
133e7abb9c9179415b654559309a30dfbb1d7f2a3578f986ecbcdcaacc32c3ebf891b23aceab0cf75469bf45717e6a039ec05c4980e7deef3424435ea9a35de5

Download Submit
/data/data/ir.arzanikamran.halva/databases/__pushe_base_lib_db-journal

Filesize
512B

MD5
e91c709b6c4bc7ea788c09205831cb00

SHA1
c03470bb78ea0fd9e50f9aa2c3e08c32b523662d

SHA256
0885736c602faa67e44b39995a056ba8a9b2cbeea642e734ff2b2456ae9c6f69

SHA512
58c6458917700aa26565ecd0a3ab3f2722a4ce6e4226dd70f52b06d8a06a91099566acd7dc45cfac6227c21437298d3a12dd3656f72223f68d56112ae537b72e

Download Submit
/data/data/ir.arzanikamran.halva/databases/evernote_jobs.db

Filesize
16KB

MD5
e7eadf02476e5320bb85de3bf5539ddd

SHA1
dc66225896aaf51f9dd46849925b55452fe8eb09

SHA256
f42299e66b49a2559bb25981eefd674e2c90547f761259f61f48429e56f0de50

SHA512
eadaf0908e7f84431d794a347fd4132fe8f89d9b5a7e71c04583404054adb3704435805eb29f2be7ef884f723c5a34500bf783694b41caa7ab3a0024e7576c8d

Download Submit
/data/data/ir.arzanikamran.halva/databases/evernote_jobs.db

Filesize
16KB

MD5
01e0e10d2e7df09fd5ba46fe5e7b4f56

SHA1
6980b59c4474a79553740bb431e2496130f93ec7

SHA256
e3eacadeb71e80127266f241aa8e116f8ddf4d0a9d2756d36d0702fd064181b7

SHA512
ca5a368abf93b177a9c593db5fc1b2190bd07b41dfeaba1d80852234196288652d78a04dc1ca1cf73e88d876e63d31b39089c7df9f71ab724741074211624d4d

Download Submit
/data/data/ir.arzanikamran.halva/databases/evernote_jobs.db

Filesize
16KB

MD5
e7e2991a15b85e6dd75ffae976431f12

SHA1
a3809b8fccf694d46f81edc820b92cb0c39772b5

SHA256
5d339ec09f3c5fd5549b00dada8ab22747107409c833e906139dce6fbb12b716

SHA512
98f013736debed54b9b7d1c2accfc090fad5c9c802098daa3b18cd4758b1b127e7a7e0070ed6fc0359d75b670c2ef325e06d4d52d992496053af2161b92019c0

Download Submit
/data/data/ir.arzanikamran.halva/databases/evernote_jobs.db

Filesize
16KB

MD5
512ba90c31a13204ecc8aff5a6231433

SHA1
33add994f812c94b1be682277a772c9dbb38125c

SHA256
0226a7130e4ab7f7903718c7cf95d71696b28a2f1e877a931eb14638b634030e

SHA512
fe4db0d8e0f5295e699c47b0f3a0f3905e1acc0f78c5ae45a5317e194d527ec150d16ae39f7769760f953c2c78f5dec03e7005951cf75cb74aeb7c0084ee544c

Download Submit
/data/data/ir.arzanikamran.halva/databases/evernote_jobs.db

Filesize
16KB

MD5
00e829076f54c72b50b63fd6de296a03

SHA1
fbeb1b8be863931f98a7c29224a03b89f9616ab2

SHA256
c479f839c0bc15e9a9749cb5a5a3eef4e09c0163160073477f72fa78b2e300df

SHA512
1c6b0bfe980050072927f8d407ca86353098d03502f7194f141d43c045a3f35103261811281f023262f4823a4fd70659d6802b76e126e991120dc14cdf74bbcc

Download Submit
/data/data/ir.arzanikamran.halva/databases/evernote_jobs.db

Filesize
16KB

MD5
c6a8b5dae35b4ade69c467a8025c9870

SHA1
d0c369ad24a898daa4b75e7e073067d08830c420

SHA256
eb6da8dd10f595997513ac4a5ba5003811e13984f357038f78bbf0f36bcb9901

SHA512
eaa9db72f8c7b12a4b4788d69b5b26e418c2a95d4a16536025d376ffaf5225c2316be40db0ecce60e08c5b892b63c03598a1ad6f1f835fa11846f21c72705037

Download Submit
/data/data/ir.arzanikamran.halva/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
a4be0f5948144afe8993917975f68bea

SHA1
78185e116e57230276be87a5e75d98a95bd5b539

SHA256
927ca0067dbd7a20ea34d41d861b1e04c911ba0a6b658831f963a97590ebbbaf

SHA512
1381be5f12b77193f2eda0232028fad3c886721ee5d74ed66376c9284f8119817a2f05b5b32865ad7352bd38fa5711fc7dfa95c9721854a7d14377dd94925044

Download Submit
/data/data/ir.arzanikamran.halva/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
7e91cbd5055d8d2adf3113cd005941c9

SHA1
cb1d9d7f892b3bc455a8877d5ee16598f36ba006

SHA256
38534cf77e2c2221d3185ef01b64800fe654ec081334e9e77f5bf76e47f48c4b

SHA512
000097b96431e23bd94256323a341d8c2d2c892de029e92952226ae3ddf1447776b3513ebb602d6e5d6fb35f7b5370bf52498d1cd6ef7bcfc89bfa3bd6131728

Download Submit
/data/data/ir.arzanikamran.halva/databases/evernote_jobs.db-journal

Filesize
512B

MD5
f8c0d56a3105e7b2f78f7a9cc9f87d0f

SHA1
5d6f27d9b14c4fc8cd10b71f8fa0036b456787bc

SHA256
276ad5151af3c6ad5bb93530241966f79b6b6c82da0ee0973924d3b68ea5bb7b

SHA512
863ec1f383e1a927f745c132070a20eadf2d97ba5a0e32f1a4a22c537dddc6d49249b2cd2fd339cbf396463e57a74775954bd35b725d417fabf9b896987fa1a8

Download Submit
/data/data/ir.arzanikamran.halva/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
50648b892cc5a72bba4dd06f01dbf870

SHA1
4e1c542310ad8ea3baf60f1fb7eb9ad8ed49fd5a

SHA256
c6676ec70b6ab33b1e02c4b80efe0a152ce9b00815c728b0ddfb85d5ef4160d3

SHA512
83b3ebbde4917f12e3d250377d12b290bab7a47c0d7b0d4a4e3718331effe07e312c4e6cf3680f28a12a5ce1eb341e35dc3aef967406235cfc4f08d064a34988

Download Submit
/data/data/ir.arzanikamran.halva/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
60f7df302ba22341b5d6c6520af59cef

SHA1
eceac4b78de8043b9d5d9f0e5892e2633ba0b136

SHA256
dbb7e8db50e1a828aa8b492a032670c72b1f233e30d60811ad9992fb19685aef

SHA512
e907ef825d4ab240966d4e8a0f822154876b62da312b75003d039ade6970dfe5ac7325122f9d2560c8b5bd545c9fa85f9066e44ffcc4a26c108dbce0af766015

Download Submit
/data/data/ir.arzanikamran.halva/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
172abd021e5a13b4d7f597d725886ada

SHA1
b1bad704ccdd1275b9d72bb6be54102a3a9bc73f

SHA256
aebf502a6e9f6db22a521b2e36d0e5e3731232ebfed81ba4e0b51b0e0f14084e

SHA512
56f4e797544dffc8b127875bd6cf6124eae675123276d1d29107984b0983c7c93d48ae43ae9fd8068c416262c92d2c7d7a8ab88d40a3a94ac805e58045c830ca

Download Submit
/data/data/ir.arzanikamran.halva/files/unsent_requests

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads