9d1f13408554f3a089d8f06ed771aeff801ad0477fda01b20ddb54c70412b8eb

Analysis

max time kernel
148s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240506-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
submitted
11-05-2024 11:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

345b2d355fba9d16114c823e71b61ff8_JaffaCakes118.apk
Size

5.9MB
MD5

345b2d355fba9d16114c823e71b61ff8
SHA1

6654c3e0a5e79144801e688afe04a37f283ec8cd
SHA256

9d1f13408554f3a089d8f06ed771aeff801ad0477fda01b20ddb54c70412b8eb
SHA512

4da86068d13f0ca5833c5ce2b04fbf2e209e523b80c2236e33c7bd2338726bf7343be435110c2b08b562ff0eebff962793cc44b37538290f0b83c3c2191bd257
SSDEEP

98304:OemGwKfKK+7BNygvtLMsTOf4uXJvUfjetu3vnLC6IsabUn1Arfaur1Y6dsm+2dLL:rbfodNyAmsTOZX14jes3fLjV/gZm621W

Score

7^/10

discovery execution impact persistence

Malware Config

Signatures

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

com.gentongsehat.fudzappcom.gentongsehat.fudzapp:Metrica

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.gentongsehat.fudzapp
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.gentongsehat.fudzapp:Metrica

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

T1421

Processes:

com.gentongsehat.fudzappcom.gentongsehat.fudzapp:Metrica

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.gentongsehat.fudzapp
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.gentongsehat.fudzapp:Metrica

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.gentongsehat.fudzapp

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.gentongsehat.fudzapp
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.gentongsehat.fudzapp

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.gentongsehat.fudzapp
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

T1422
Reads information about phone network operator. 1 TTPs
discovery

T1422

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.gentongsehat.fudzapp

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.gentongsehat.fudzapp

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

T1603

Processes:

com.gentongsehat.fudzapp:Metricacom.gentongsehat.fudzapp

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.gentongsehat.fudzapp:Metrica
Framework service call	android.app.job.IJobScheduler.schedule	com.gentongsehat.fudzapp

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

T1471

Processes:

com.gentongsehat.fudzapp:Metricacom.gentongsehat.fudzapp

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.gentongsehat.fudzapp:Metrica
Framework API call	javax.crypto.Cipher.doFinal	com.gentongsehat.fudzapp

com.gentongsehat.fudzapp
1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4276

com.gentongsehat.fudzapp:Metrica
1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.gentongsehat.fudzapp/no_backup/credentials.dat
Filesize
233B

MD5
5c8f07c386c11569457af4c9c522c17e

SHA1
72c86f6113a3dd0c6e5846d97a80b60ae709e224

SHA256
58ac0514ac05283ce9fc45ef4b4cbeaaee36b34a26e6d764884dd2fb2baef0d1

SHA512
4b767a7d1027b31ca8c36c84413f7759e251d4aa90fcc757fb8394b8fd43208eb7d550cb9663adb6da5796deba61e75670cb178d1ca1005165ac6c4a924147f0

Download Submit
/data/data/com.gentongsehat.fudzapp/no_backup/db_metrica_com.gentongsehat.fudzapp
Filesize
36KB

MD5
4351e8a1d2a72045526b044336c7d621

SHA1
37f3df167e491e7658647cd2b229a6ce1cbb668b

SHA256
30af237c408ef5182366ca09991b2843f103a4c59b637f38cee88036881946e4

SHA512
82301bb61f87db3b9e7e1a2e652935e7e29ce04de3670dce08e369f2227d5d714a0a2afbb9fcee78a47cb6ab96d4e17f3e406b999801cb585796c57920ecb6a8

Download Submit
/data/data/com.gentongsehat.fudzapp/no_backup/db_metrica_com.gentongsehat.fudzapp-journal
Filesize
8KB

MD5
58edd6644caa1984b11a0417557abed0

SHA1
b13f848bc8dfe1261a2dd577379d0585ce922d10

SHA256
0fdae6dc35e584d0d71460ffd51013a5cb9733dbee6699ca6e2884367296088a

SHA512
79aaf01b41309bcb0de7ee1bb57ad64c8051b3448158b8f234eddfbd6706566cdd9a0ba9e98169cd42280176b21c8d71e99fcd2ef082d80973156eb428934651

Download Submit
/data/data/com.gentongsehat.fudzapp/no_backup/db_metrica_com.gentongsehat.fudzapp-shm
Filesize
32KB

MD5
9971ec60bdd11264fe519f11512d5b01

SHA1
172598195dc53912c80505917b2ab5a5cd260ada

SHA256
d66a4a0bf2006fff23c6674b12ae2d9c25d7cfb7e3a120e4b66b501546a1d683

SHA512
a93917fef6979307c1aa7b732f167b0359049ddc8e5b437854b99f2db3931ee7aaf9c7e584e0006a2c2ceed5ba3887560d5394f873dfac62e2fb14a813311370

Download Submit
/data/data/com.gentongsehat.fudzapp/no_backup/db_metrica_com.gentongsehat.fudzapp-wal
Filesize
406KB

MD5
2f380b788e69d5ea67d81aae67d8b5e4

SHA1
ec07c972c5b23f232468c2185374fbc2fe3ea25b

SHA256
3afbe0ddf54ae1441846ddceae2e1caa1efd00274425bd2700469daf682b2eac

SHA512
0768f74a6461a91d2bbe6cb8481e7ebf0e89dc148f70b7294c522d50f324e1f872a7a5ae803d8b465fe980df39976e78a1fbc652aca2a235147a8937a42db6b7

Download Submit
/data/data/com.gentongsehat.fudzapp/no_backup/db_metrica_com.gentongsehat.fudzapp_20799a27-fa80-4b36-b2db-0f8141f24180
Filesize
4KB

MD5
b40143adfcd212f2b8c982738572de75

SHA1
bd34ab258a105f4f5a276009fdb160fd64c799cf

SHA256
a0e08832b91be48f8cef898253217974b368ff39c4a2607c6b259ca3865b1abd

SHA512
11ac07816e682cefbfcb5ff7f22874c790e82c8f0a94a87fe81246027028a0f74108e755632affffda95dce5b6be42c5cd71d2d104081beb6ae5f9eb253d8e2d

Download Submit
/data/data/com.gentongsehat.fudzapp/no_backup/db_metrica_com.gentongsehat.fudzapp_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
512B

MD5
1d61c6c2cbf706919eaceae2bcede069

SHA1
3117a985fe5503120b294471d989390f9c82be50

SHA256
b1a775630d9970122c7fd6ba46b35c07d0bd581078d0c716aa290174e441f2e9

SHA512
72f7f32c8fb67be27a0ab21c6505661137577760aaf8beeeea216f585b966f0949433ca4bc4143170087c13b22f52b8d854ba3ead620dcdeff05bda8086b877b

Download Submit
/data/data/com.gentongsehat.fudzapp/no_backup/db_metrica_com.gentongsehat.fudzapp_20799a27-fa80-4b36-b2db-0f8141f24180-wal
Filesize
156KB

MD5
6c6d6e4fbe187f864b611a53bdc72a24

SHA1
bbf4e145b010e823db84f2db62b4ad5327ad28cd

SHA256
67512be49806ea738c60aa82fec9ba61ba31a7b15e9332b81e569fffdbc56413

SHA512
ffab00d84ff7fe16b731891a82c72e6accc438d560d3457d3ddc48f3b247bdc5254314a81ff7afe22a6428cfa816637e247e1058a14710f2bf3c0883648dfd21

Download Submit
/data/data/com.gentongsehat.fudzapp/no_backup/metrica_client_data.db
Filesize
20KB

MD5
4bcdb8c9ed80008e10c5f2e8960d6143

SHA1
391b1ac390c9079f2d22102574d89543967f0564

SHA256
4e4a5860e35ee71484a664a1f2aae95fd4439faa5f6b9f1e372e91c0c76b564d

SHA512
3f86a7a6890df419a81335a959f78a3071000a3c84a8e75842fa622a82af2414eac9915481c3bc70fbce298dadf43374572f53b96fe201aa66759b857a9426f2

Download Submit
/data/data/com.gentongsehat.fudzapp/no_backup/metrica_client_data.db
Filesize
20KB

MD5
05340e45539d769e59e894e9a093d7a9

SHA1
7809207f3af364d3958db26697bfabad8dba9283

SHA256
d9b786cdd6ccbd6321e6db01ee6498faf887da97429e69ed04fa78d1cad520f6

SHA512
64c0eb4e2f5c37b298585518b00127930a05bd113427eb988d0c8b8534056e77181ef67c76746d05fb2557928c8b8c495016d98c3708606c3fd87f0f102b45e6

Download Submit
/data/data/com.gentongsehat.fudzapp/no_backup/metrica_client_data.db
Filesize
20KB

MD5
44def4f6e42c3ec63f229d23af8c804a

SHA1
f5956d9295778b539bced03215343fd3cf7a9dd8

SHA256
882faff2a0f007164d5dbda7bd7f803306423b5eb48a88b1bb72bde65b77e50a

SHA512
a14770398044635a8a8fc0d59dc95af3a97ae78146a9ace3795d600a44098a5ff7099aa3d0ac40442f8ff8c5d3b5ceecb4b360bf47f3e8c7c902879e2e76228d

Download Submit
/data/data/com.gentongsehat.fudzapp/no_backup/metrica_client_data.db
Filesize
20KB

MD5
dda4e077b87a5d45ed21677ba6bbcc81

SHA1
4644efd45607b19849b84e470d0185b14edaa89d

SHA256
e1bddd9b3a16186a3af537ab387d1ada5f9a8d915bf4aae1ddb6e717c1e707f1

SHA512
e548632327c33d2ce22497227d5d468d092245b95b2dc7aeeab42dcff05042f31b3d2772a0a555373dd9a9bc2e201808186f7d8224b65af450b856160ceeb7d6

Download Submit
/data/data/com.gentongsehat.fudzapp/no_backup/metrica_client_data.db-journal
Filesize
406KB

MD5
02f238a3a25c0ca29491fd2f13cd5d73

SHA1
48cacb54442662b16e079493dac6b24bad320a0e

SHA256
dec7f897f337b128a8fb64cdf7aa7a8d0932272a4c26dfdcb3dd24ac1109137b

SHA512
1a9f8ccbd35b1f74a2a6d2aa244915c6006d1e8b870082533a9f6d15e37fbdb2ee9e34e435f75edbecc82da0d393435a1b8d523662fe5cee5f76ef44e5107040

Download Submit
/data/data/com.gentongsehat.fudzapp/no_backup/metrica_client_data.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.gentongsehat.fudzapp/no_backup/metrica_client_data.db-wal
Filesize
32KB

MD5
eaf26ce02b2ca3783ba0b9b5088fc152

SHA1
0381461fd47d110f0168d05d30c835b2f77876ac

SHA256
074f4746a11a5ef762907ae1122c7cce4ab8f1d4a4cc7136e7d73a5b1794b4dd

SHA512
add4f635d4feea0cd0782aca69bcf2f0cea94b2369ffa3942690f1d98cd958ca5abf4bcdcb3543a12247ec465f922417ee9eab7a23abbe2b7f2f01bad82c1b8e

Download Submit
/data/data/com.gentongsehat.fudzapp/no_backup/metrica_client_data.db-wal
Filesize
8KB

MD5
f52545e491edca877c4a8c6a8f9556ed

SHA1
21498edefd51bf67035c79b9498c3734a50b278f

SHA256
668c8878ce0b7b37186d02fe65b202f1eb8ebf5f4a5c69c2f282251f5bff40eb

SHA512
aa12726bed915296614dabda5975e1b70f114d81c341f5aba84939b1cd8555fdbf266eeab44036156b58e85f9b74f4b510fb73a88805e442c7ceb26b036b3982

Download Submit
/data/data/com.gentongsehat.fudzapp/no_backup/metrica_client_data.db-wal
Filesize
32KB

MD5
ced8ab5b9890e2e42b0c9c906ed34b6b

SHA1
1246c8befb5c919908f3ee34a518e9ed817fa5ea

SHA256
731879848a4cdb767fac7c40ad0214ac2a929252e8276573d8446f14aac24c8c

SHA512
f70368bdc5921fb1cbd9e829418225ec0ccc89f09cc695740163ef24db93ac5e53f7998a0e1f7b8a288695c0e510fa8be2c7315a6384270fb000702111d59fe9

Download Submit
/data/data/com.gentongsehat.fudzapp/no_backup/metrica_data.db
Filesize
44KB

MD5
354447336e9ea8b579e911a54b1c8a67

SHA1
cf5c69aac4f9c6a2e48b7641e21e39695767b884

SHA256
62a3acd26bdb75ad0abe0599122b3d230930d114bcb2ba36b14fe0ccfe029b0b

SHA512
45bfb3fd891080af8fa9d164c5b052b3888bf162b184fa67ccb04a813cf086faf3fc1182691ae684d10dd2594475c1f05c533b32e65966581ea8df586f7d213a

Download Submit