53dd3c6a3f22011bd26c30fc4564245440a9ff6a896b05eed88fb54874060e43

Analysis

max time kernel
144s
max time network
161s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
08-09-2024 16:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d4d655518cafb6af5671f4af0bf1cfac_JaffaCakes118.apk
Size

5.4MB
MD5

d4d655518cafb6af5671f4af0bf1cfac
SHA1

4456cfd49a94861e52a86ec814617cf159ee76ff
SHA256

53dd3c6a3f22011bd26c30fc4564245440a9ff6a896b05eed88fb54874060e43
SHA512

bccbb19c6a08b29e7ac58e9a2c221c3a46f6e89b36863fe4f4204e4dc1384da976398fb26edc3c1af1a1acfdd300c958a2907cad74c5e7dfdf7b9ed76d6cef4e
SSDEEP

98304:FiKLKshAzGGLaTi3gE59oKiLeNWQ0V35AWHAsvP+r/K3S9apLdnmgG:/KPq/T/woKiqNJ2rHYTKiApL8B

Score

7^/10

collection credential_access discovery evasion execution impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	ir.arzanikamran.halva

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	ir.arzanikamran.halva

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	ir.arzanikamran.halva

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	ir.arzanikamran.halva

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	ir.arzanikamran.halva

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	ir.arzanikamran.halva

ir.arzanikamran.halva
1⤵
- Obtains sensitive information copied to the device clipboard
- Requests cell location
- Acquires the wake lock
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4444

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Location Tracking

T1430

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Clipboard Data

T1414

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/ir.arzanikamran.halva/databases/__pushe_base_lib_db

Filesize
24KB

MD5
fa1e402d9d2736e75954fd915b063970

SHA1
dad3bee4c846a5279567cc4e899c64f1eab87d9f

SHA256
05c0d49e629d3e39596fbedc796163bf236f86dc65f186e6351372a7d229caa7

SHA512
d4351985fc1a1677f6d537e99b6ff4b8536783a1eb0a747ac2f870d763e179f8651a0a95f53a228b6c2aa19cc42e14468d13e2fbea41e597caa5d781a75cf7c2

Download Submit
/data/user/0/ir.arzanikamran.halva/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
38c3c6e2c01dac5784ee7d601d3ce784

SHA1
04a2966f1a5575c26d7d3cef262875bd6e5ec332

SHA256
0f01ecf839a13059977350378959447643f13f8dbed5b1b926681443c04d5662

SHA512
db0a369c289f85c8a186a59bff840e57a78cd65bbca93dc2b88a36d32d0100d29ac9ad851189d0e4d082339f14bf45a9fed404d064d1730eb0f28dcbe7024c5c

Download Submit
/data/user/0/ir.arzanikamran.halva/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
368ba9dc0692c07403a04340c0729347

SHA1
8222d118718adf318475747eb81187a446afde6f

SHA256
3a5b5cd0e4fa88672b118a15fb318c84725087c37ec493340e9398a2ecbfe4e5

SHA512
a649fcaa79e2ddc46af46b02614244bc78def51a8e3b164f40849355c77293ad9b6277ae60eabe81c291b1d03c4a037aa85e2a491fccabc2cf390e2f456a7545

Download Submit
/data/user/0/ir.arzanikamran.halva/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
a61fc111b030438bbdd9e49507bc6751

SHA1
62429936f168119ee5a8e42df5fa984d059856f3

SHA256
46ce40882cb447c85964eb75d1d9d7003380cd2ce218c2ca045d6e3ad5b80a98

SHA512
38f68d19b055c43f571f8e45766108ae94822feda8b833b929733b39d402ee2446c7ba938e66183112431bfa7dd35a2a9c8f0ac4e3690f02c2e598eea5202bc0

Download Submit
/data/user/0/ir.arzanikamran.halva/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
dc3053619081812b2a866c2b2fb00e0d

SHA1
73b784cadb4547517839977f7daf277cdfd3a5bf

SHA256
65207c773b65248bcf1a64f439a797dc6bdef79f5cacdb2e138b2c0c1b32315b

SHA512
6f0ee58ffd6e4a56c3edc868e38f90be8a6b101991e67aecb4aef7bacae364e36ee634576a0f56fe8461ccf4d006422ae9eaefd96d2d576f046ab50a23fd70bf

Download Submit
/data/user/0/ir.arzanikamran.halva/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
22e7a52ee7f502cd37e448c6d14e73bc

SHA1
eda6cdea8a3c054614b53b98128a237de5a34e8b

SHA256
04e423ba883ab6b2fcd8c429a9abdbf512dc64d32c0f4ba422ade4531a8172c3

SHA512
59483d12c25397ee1a9657297326a5db52d7931cb15e37a3d0c0c1d467c19496232fdd45786d7c9a42dfebe6c219b7250340d0152ba68be9ff5b976a4a85e800

Download Submit
/data/user/0/ir.arzanikamran.halva/databases/__pushe_base_lib_db-journal

Filesize
512B

MD5
b0665199e4512aaa99dfac87315d50fd

SHA1
941f2e3a8855f56fe6cd3b2c0bcb451be58d297d

SHA256
b5d814395bf6f98461275ae5c944df97db96560401d399b81e2d761f4c5f8a03

SHA512
f5313300a77ae86f622ea3880c3b478076296eec685ae22267900382ff24335331db8ad1470b2ab8b77005004b75c8a8b42715d20eb8231855d4ecd6f643058e

Download Submit
/data/user/0/ir.arzanikamran.halva/databases/evernote_jobs.db

Filesize
16KB

MD5
ee03142a07961f892bc049a09c593c0a

SHA1
e1178a2cb0434b3e967e887972fe781195ad94f4

SHA256
0aff9514e83fd73b189cdd927a29c5c33dcdecce52fd2855cfe139b46aa53e27

SHA512
46e80e87c8eb2257e38b81ad6df7b1ba0adba4bb8486f4d0228fcba442c5b9689aad37b99c590aaef0a7de69c89e00f326da9e716148a8dda6a5b9d87e48027e

Download Submit
/data/user/0/ir.arzanikamran.halva/databases/evernote_jobs.db

Filesize
16KB

MD5
1fbb651dd0cdc34c23f44704039f5e0a

SHA1
b863f00827dd27295703261fd858d43b7d9b6b69

SHA256
4c77471ef8f8a6b4d969dc32e9431e8178b79aad4e1c16620eb819a8eb9fe659

SHA512
b481dcf22305a5f5efad1e1e9cfcd71111b68cfbc6acd419aee45ab1de7b0ed6e03fa51cb3124109076254cffadefb8f80742552926dba6f3cdceb5e7e0f8a71

Download Submit
/data/user/0/ir.arzanikamran.halva/databases/evernote_jobs.db

Filesize
16KB

MD5
159dbc50dc8a54cbe6474725bc7c6186

SHA1
dfa7e76f17dff88029953628ccf347232ff6287b

SHA256
ce9fe473f9ca181d17fae259b7c52342129b8f5988434daff2da58535dbc71ab

SHA512
ef42263985e39799eabf464443218b3e5145176067827c74ab822b7cf41ff87d0480629d1038ed101c96dff672b6a9f2e35f5b4035280358418d1541fa48ed2d

Download Submit
/data/user/0/ir.arzanikamran.halva/databases/evernote_jobs.db

Filesize
16KB

MD5
8c019eaa287e685b5665ad8456c4377e

SHA1
0628c211bb25a348293fa6d0e066f2876f1bee6e

SHA256
8ecb2e837709feabbc0bc6b4f7606ac404f0dd3b6f4077025ad7f4567a064e67

SHA512
487effcd6ef43bcb31b1a5855e2c1f21f9ca7df1fee33f506e87491a68763ebde6430334617f5509c500e75803c27653ba60de6e6e8b78abe324184090f65c38

Download Submit
/data/user/0/ir.arzanikamran.halva/databases/evernote_jobs.db

Filesize
16KB

MD5
47080e3bfcf2db9b8620f2faf6c5857a

SHA1
6f63c1851255e0fa99567f047382074b086d38bc

SHA256
dc4f8a73f49d2a6b41ff425fd08b85c1eba5280c438a1a1ff9832e91dfa56cbb

SHA512
e757043d82798926a5ddd716457accf6616894ad1ad79ec832293a1f662910b663239f899bf05a5c8d90fed5bcb093c5529e5bc842fe9003c1d5902f9ed84473

Download Submit
/data/user/0/ir.arzanikamran.halva/databases/evernote_jobs.db

Filesize
16KB

MD5
373d534d87a954a3aec709e70fee9ff6

SHA1
8983790a4455deaadc8a452638b264ea702d8c78

SHA256
aece176a5596c400c6a58464ef3e2a38c470e425c048a47d51723eb9f6af9eee

SHA512
ae0a41db143cf401ad5aa9679a2a90f5ab5e55373be057a69b979039ea92078d52fea187fc12c771415b916ef8d0c35f6b6ce112bb1e15192714d6790af175dd

Download Submit
/data/user/0/ir.arzanikamran.halva/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
83531c0e0d5f86161e07550eec63283d

SHA1
3305ffc441a7433d2cb83c152982881c07891c5e

SHA256
14373cf032b58323a76185100df4c5d77d0401b1cfdb4bbce1d379cd4008d754

SHA512
2cd1a02d1baea51bbaef081068ae65901a9ce29c75ebdc840812ec4ea4a403cd630917fb700031733072e6d8c2a23de7aa01aeddd04a3b55513dd9b18c3e5d53

Download Submit
/data/user/0/ir.arzanikamran.halva/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
fe613b9a492627b8e3c580a3e531b743

SHA1
44436ab9e4d4249ca1c2a2737de95d5abd7f2023

SHA256
c5496e39354975023c31d41e8d2d08d31b9a2b63fbb062c463e55c736f76bccc

SHA512
968668564561fcc2a047117044221a44a05e2541a21be9db0bdd5c0bbd33be7102c540eae6c8fa2912f401620be51fe8ff4aea8f02b123af5700ec40d06bbacc

Download Submit
/data/user/0/ir.arzanikamran.halva/databases/evernote_jobs.db-journal

Filesize
512B

MD5
f001d6abfa6336c9af52e91daf735053

SHA1
1f78b8f4f952359c9153c1dc4de62b25d4189c6e

SHA256
81232e5034d62f8c777cc079279c7946393be9faef60b4b57ab3da803a260f6a

SHA512
0254ffed9b05639b88d54f45d02a756c4fbc75a63a3675f4a2aae0a311ce0f882b355c9484c4e6b42a00caa64408d6a9be3e913feb66dac7b648b6651312dfb0

Download Submit
/data/user/0/ir.arzanikamran.halva/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
ff43339b50f7d286bdb2a67987f95c1c

SHA1
49dc41300f423d986e21703b320c1b84d113299b

SHA256
2c4c4fd732a6a133f8a65af5a4dd03cd2dce6ebe48e3279ced968dd3eb916c95

SHA512
b09e2d9107168ec04c944cf37bd9c53f06b2d7b0e5e8dbf344e62b3a1d1bd7137b9c06a00f78203ef5b8f7c5e04d4f5d4d33aa6a1ac55798e37ac70ace9682d2

Download Submit
/data/user/0/ir.arzanikamran.halva/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
f4cfd915e0d62e869329d7a2d93add72

SHA1
0530af04151269e06f4dc8e75dc099770daad374

SHA256
a4a235994f4c454503b43c39432fcd72db53d2485b831801982822d9b87462e1

SHA512
120e463093e85ed0aa9c5c4b79821ee8f90d01d3a749b73714d0c2d70a7216b2182d53b1158458e3b54cae589badb72ad84a29013f53f8d3ca48f2c11ab16a16

Download Submit
/data/user/0/ir.arzanikamran.halva/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
d7c8981a98d216a3735d13d08259668a

SHA1
0760cb0a41705d60c0ff1e5f535138474f25389d

SHA256
3209802c1aef2cae8509bf92a8ad1f5333d8e8d7111f26447c716c2f0bc1c022

SHA512
24d77ac99afa568687acbfa4d3613bed6a0f17b7f38ee397febf03d62a25cc83cf7881a4a4248b2768d2b537ad0f3c1fe5fea4c778d43847b8fade614fd4c8df

Download Submit
/data/user/0/ir.arzanikamran.halva/files/unsent_requests

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads