629ac13774ea6864e9c9927b8998b563cbdb31dd5704dbed6747503a8cdd916c

Analysis

max time kernel
108s
max time network
147s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
11-09-2024 10:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

da3173009b85442122927b50567a2b3d_JaffaCakes118.apk
Size

4.8MB
MD5

da3173009b85442122927b50567a2b3d
SHA1

986c2b653926c542c2350ea9a13e297892752b53
SHA256

629ac13774ea6864e9c9927b8998b563cbdb31dd5704dbed6747503a8cdd916c
SHA512

6544e7f007e4953b0b009127796c2bc392b73ed23f17d58d8a4b0731d4c370c7df1125dd148356edb562e76464df383b3f48b363029505105a1af882a544b70f
SSDEEP

98304:g5YqfkQM/RgHjEyJvO0pMiLeNWQ0VNn020dd0JYu7F32otPs/9apLdnmgk:SfE5gAkvjmiqNJ2N0ty9F3nmApL8L

Score

7^/10

collection credential_access discovery evasion execution impact persistence

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.alirezamaku.pizza

Requests cell location 2 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery evasion

Location Tracking

T1430

Geofencing

T1627.001

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.alirezamaku.pizza

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.alirezamaku.pizza

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.alirezamaku.pizza

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.alirezamaku.pizza

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.alirezamaku.pizza

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.alirezamaku.pizza

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.alirezamaku.pizza

com.alirezamaku.pizza
1⤵
- Obtains sensitive information copied to the device clipboard
- Requests cell location
- Acquires the wake lock
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4966

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Execution Guardrails

T1627

Geofencing

T1627.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Location Tracking

T1430

System Information Discovery

T1426

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Clipboard Data

T1414

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.alirezamaku.pizza/databases/__pushe_base_lib_db

Filesize
24KB

MD5
6b1181c156b220483d00f2866599e59b

SHA1
53a93acbdfa6bfad72464baa15cf649e8e5f8769

SHA256
7b840777678ff43b23e364b8e9abf8409e729abaef54e86ed018715da717b90d

SHA512
9e22bafb1bd666711e0e55f3500df5c76a5acc11ec723eee0e87f3adeb2eef011a4b29abd9a8c40a1e85da876ec808e29f95dbf2af337efbd6d96abe7e3f2708

Download Submit
/data/data/com.alirezamaku.pizza/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
efbef8f66547f56e69c2df9c0d4a1293

SHA1
631f22f12fd575048c2d96d244f99033fa53a6fa

SHA256
64737e0ff9d0eb91234beb3d872c19db0676f5b219f97776788568b7971c0dff

SHA512
076d3d3261a6c84f5b97bbd5932c4ced94356862d607205663b08912938e0766a611d098c9918106039e238d46ac8589343846ce180833b05b82107b1c0c4e76

Download Submit
/data/data/com.alirezamaku.pizza/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
278122195b8ebd227bca12ef591d6776

SHA1
2125c2725087721635fcc1a1fec9ba225aaec9ba

SHA256
7334a7a128837fd7b17659ba6bc690f82115c65db1705c287f9af62abec17e75

SHA512
3c6ef29c6b501523478685a299c1a5d8fe469f0d955aafbdfaed0736ea374d26e852688cb76942bba134438748d4e97a22c8d31781b4e227afcd2d3ef4188c7f

Download Submit
/data/data/com.alirezamaku.pizza/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
3f374e4b2504d10f42345ac7cb3079a9

SHA1
f55d921d1a42a884dc9675351aec7c1cc3bac883

SHA256
933fa9f3bed4a10d43de35cde2d78382d0120d16f4a73f6f0286a409a38fc203

SHA512
17388a25c6713e7dbb21b63050ca0d9025f61fdb9f3e6312515b4f5e28f77404317802c7ca56960ef33e27433a1f42e7e98af748178f44ca74809dba29a37041

Download Submit
/data/data/com.alirezamaku.pizza/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
8b1ed637d391c9447369fb23f7446746

SHA1
7c5523a5f875aca1d1f54f52fcdb9063263b049c

SHA256
da0c8f41ec13790402e384f2aa2c698b1529d58633c9d4512ca0aef6dbcb3e17

SHA512
1d4f112d617892edfef8375660335afde66c0efa3402d15f6c37d7ede946261a7bca7acb0efa639945cdcfaf21fab4e795a9d2f2e0b5a165886e944ac64468ec

Download Submit
/data/data/com.alirezamaku.pizza/databases/__pushe_base_lib_db-journal

Filesize
8KB

MD5
879336ad806e94413a43e2bebc3df247

SHA1
74322f7737c4e0995048bbaa570450aec830a4df

SHA256
5f4fb19e6a8426e0d304c1b3aba278a5ba6b03e5396c90ad3092977576118541

SHA512
cd700ef0846ba8731dc34ccc81599c14f366f2d58aaf089d388a12284205c52ad2549c4ca316dc193e56f55c63b8e412a9b6ec68583394bbf145ccf4909379bf

Download Submit
/data/data/com.alirezamaku.pizza/databases/__pushe_base_lib_db-journal

Filesize
512B

MD5
2c3cf2627dca3d4cbf9ab0616c0ec1b1

SHA1
d9bf97e7ca5fa14cbff70820b0922d84b89e339f

SHA256
5a101a18b32a5d4721c35ff62a64b3116185ba9beec7e8b7f3caacbcd3b776a7

SHA512
061de4e81a9b103cd11c13d7f47b20fed1ef7fc2d15096956210dfaf4fad21b70d8e23911906792340729aff0ad69578df78116dcf660c5409580df3d04c3fd9

Download Submit
/data/data/com.alirezamaku.pizza/databases/evernote_jobs.db

Filesize
16KB

MD5
ff51d8d28fb281ff5c858db616ab2472

SHA1
3876face66adc407b3bcc6d37c7b3634d14345d4

SHA256
d2737b65a2c7adbf4607fae673eede699650b59214b71dce651deda96b4d48b8

SHA512
88efd13e9cc4b7fdd9917dbd568e836ba42f8019ebdef661921d35fbc9ca1ac7a5bd62672eb8a9365e188f952bed45c478bfc5326a0753c1b63c98ef31f26645

Download Submit
/data/data/com.alirezamaku.pizza/databases/evernote_jobs.db

Filesize
16KB

MD5
5fab203325ba9012342faea9f8eb2671

SHA1
7063414a28b15f992256436f2457dc216fa72b27

SHA256
eb596c2fc5c9963cf1ec627f4757ca52a0cd1479c0a2a6c3a0e96b509f76f68e

SHA512
f81a9656bd01118aefda64481cd05a7b5818c7ecdab5698824d1d4b95f85e75d940dec06f014a0e9ef85472126488c116ccbe409f94bb6b4591f2e7385a31345

Download Submit
/data/data/com.alirezamaku.pizza/databases/evernote_jobs.db

Filesize
16KB

MD5
2e99b395e4e4a2e531fb7abef31b66f4

SHA1
4d9c8e4f83a363070290489670999ae4864c22cc

SHA256
06ea80969c2c8f046647a3522aed6fb978ee3373fc53439b48f16f8fbd7cbfb8

SHA512
b829c4371352551a45deed5a70eb92ab1d6f02a787d69352da1725c13a9e71e7d619eb84e57da1894f4943e56c8f550c22207048b2ef1f7d370d2f4e7ed70753

Download Submit
/data/data/com.alirezamaku.pizza/databases/evernote_jobs.db

Filesize
16KB

MD5
be5c784b131b630993fed0547d5bf706

SHA1
98e477eb201e2414753c9568126d5beab6ae4a64

SHA256
106cfbffa3f0acd2f56a9e15bac04291545fee00fb5d82e5c0115afd19f48f37

SHA512
e6ff18fc97fc388e0e0432092480771693979089f043480e625ece668dd65d379f805e20a3e299b8fb31af3d0fad459497b30ad1a4057201b981e046bc20efd8

Download Submit
/data/data/com.alirezamaku.pizza/databases/evernote_jobs.db

Filesize
16KB

MD5
00e829076f54c72b50b63fd6de296a03

SHA1
fbeb1b8be863931f98a7c29224a03b89f9616ab2

SHA256
c479f839c0bc15e9a9749cb5a5a3eef4e09c0163160073477f72fa78b2e300df

SHA512
1c6b0bfe980050072927f8d407ca86353098d03502f7194f141d43c045a3f35103261811281f023262f4823a4fd70659d6802b76e126e991120dc14cdf74bbcc

Download Submit
/data/data/com.alirezamaku.pizza/databases/evernote_jobs.db

Filesize
16KB

MD5
546582477c2afb795e7f31140001a569

SHA1
1344acc136f83ae326e3d70eca07e9d95bd7cc15

SHA256
ebe8efdd14b99f532686f9e85deafe5520e7046301b08449668e0e9719497856

SHA512
a187b2541d3bcf01eb52aea9beea0185eea33273de55229e7fc67f102b4eb0b5668acdec4d814042fd30ed87199fa9eddc1b48950833113f6764eeb46f132e6f

Download Submit
/data/data/com.alirezamaku.pizza/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
056d21419eedd9c0acd65cb337873dda

SHA1
2064312474313050224886afb9ea9e632e4220ad

SHA256
551257e4985f6a5679890b33c89f2db2cdfb4fa32cc0634e57431e97a3897f00

SHA512
2e6134aef44c5fc979514fd2ab59557357089e21869cdef6783d7669e770a738b57c4c6f7d142fcc1fbdd120de24a43b4667cf18c3284401cc8f70b5c713367c

Download Submit
/data/data/com.alirezamaku.pizza/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
64b6522340e99d77e51a928003998e37

SHA1
8b04887dd51e0f3d50383ef49a8f5f97d28a2e24

SHA256
c6f0a1280e875910b5fb763666b8bdf3e82266c63a0ed8f0d788e623f9b58252

SHA512
be20f8570bd46a2f8ebbfdce227f33f83fb4dd21ad9216deffb59bcaaf9f3bdd9cdc1e0b37743942a9b21baf3de644584a3bde38984fe8952bdddaf2129b7473

Download Submit
/data/data/com.alirezamaku.pizza/databases/evernote_jobs.db-journal

Filesize
512B

MD5
5747c1def883d6d4ca499686221088e2

SHA1
5cd0af5e9b366f244af7a8b818168f88da02982f

SHA256
7d44b5b8a7b9dc6a169c5e48ef0c10a54212f6b331af939b9e5b4e8cea5e72c2

SHA512
4ac7a887e8fcb56ee40fe266256b075539929602c5549e6b507b802cab0d2960bdbb7454790c8b4990823af9cfe9bd2191b552a3b9fe19614ba90cc2bd7d7bf1

Download Submit
/data/data/com.alirezamaku.pizza/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
acdda42004bb02ef4b5b3d1d563e1943

SHA1
4a5e4523efcf180031d7ac28090354db9552f690

SHA256
26eecf31eb7fc9cbf7d56fad8bb4ed6dc67eb59d55cb58cac63ba093af96e5a4

SHA512
8a017bb4316a34b23f1c2dbc3efd6e4b11a219be8b59a28d01c22364ac7521ea50c03d879bb84342fa50d057ef7241f56f2d276249ed40f644792fb810ebc0f2

Download Submit
/data/data/com.alirezamaku.pizza/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
cf6da445f7ab3ff9bd2c82611f2768c4

SHA1
54437ae772e88efe6c68832b143d671460596ba6

SHA256
256da1a55dbde406efbce11fa4242bbdf3ca4a001cb083236888cda547a72998

SHA512
a0e0bc1e13f1b559ebd99d93bc0c3fe2683b60fe1bb76e63974dc2bac2598e942f91bc36c49fc851d7c9ba48447e48ea8352aa563ed03780d283b47a16e39232

Download Submit
/data/data/com.alirezamaku.pizza/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
aaedf6a8a301edff86e959e5fac3d74e

SHA1
685ec3b65ef0954cc00de6c098b18e50209590eb

SHA256
d0786f44e0cb5ae237e9634d505b5c1973820477b353002b2dbb1d4ced3e67d9

SHA512
4421cb3aca60418180ee437c6c7734126e0e939e280e9bf8b7f012e3577cfa13f34317df36a5e0578ef7ae804c65e9d9b6816fb3051e3dfd3bcb6d96696922c8

Download Submit
/data/data/com.alirezamaku.pizza/files/unsent_requests

Filesize
58B

MD5
0d210bfb2a0e1f1b4c082a6a0f79de07

SHA1
bb8ed9e364db79d1d9f2fcde3f15091893222faa

SHA256
988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

SHA512
536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads