9d1f13408554f3a089d8f06ed771aeff801ad0477fda01b20ddb54c70412b8eb

Analysis

max time kernel
154s
max time network
165s
platform
android_x64
resource
android-x64-arm64-20240506-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240506-enlocale:en-usos:android-11-x64system
submitted
11-05-2024 11:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

345b2d355fba9d16114c823e71b61ff8_JaffaCakes118.apk
Size

5.9MB
MD5

345b2d355fba9d16114c823e71b61ff8
SHA1

6654c3e0a5e79144801e688afe04a37f283ec8cd
SHA256

9d1f13408554f3a089d8f06ed771aeff801ad0477fda01b20ddb54c70412b8eb
SHA512

4da86068d13f0ca5833c5ce2b04fbf2e209e523b80c2236e33c7bd2338726bf7343be435110c2b08b562ff0eebff962793cc44b37538290f0b83c3c2191bd257
SSDEEP

98304:OemGwKfKK+7BNygvtLMsTOf4uXJvUfjetu3vnLC6IsabUn1Arfaur1Y6dsm+2dLL:rbfodNyAmsTOZX14jes3fLjV/gZm621W

Score

7^/10

discovery execution impact persistence

Malware Config

Signatures

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

com.gentongsehat.fudzappcom.gentongsehat.fudzapp:Metrica

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.gentongsehat.fudzapp
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.gentongsehat.fudzapp:Metrica

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.gentongsehat.fudzapp

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.gentongsehat.fudzapp
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.gentongsehat.fudzapp

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.gentongsehat.fudzapp
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.gentongsehat.fudzapp

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.gentongsehat.fudzapp

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

Processes:

com.gentongsehat.fudzappcom.gentongsehat.fudzapp:Metrica

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.gentongsehat.fudzapp
Framework service call	android.app.job.IJobScheduler.schedule	com.gentongsehat.fudzapp:Metrica

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

com.gentongsehat.fudzapp:Metricacom.gentongsehat.fudzapp

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.gentongsehat.fudzapp:Metrica
Framework API call	javax.crypto.Cipher.doFinal	com.gentongsehat.fudzapp

com.gentongsehat.fudzapp
1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4898

com.gentongsehat.fudzapp:Metrica
1⤵
- Queries information about running processes on the device
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4961

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.gentongsehat.fudzapp/files/ZPkFS.log
Filesize
20KB

MD5
d01115ab3b3ab6cd76adfbc07994cd9a

SHA1
2e7e72949ae2c3c9fc3faef4ff50f29153ce10de

SHA256
477bd41c92d45d060b57856b501048725ba8cd344d54d65459d2f6a0d5c38e68

SHA512
bdf67bda728f6ba75d0f993d24b0feb954d5cbc369d522ea553400482ccb65ed6c9fb042608d7ecb2940bfae1df0e47a7cdb37409561581c8aa31a774334092d

Download Submit
/data/user/0/com.gentongsehat.fudzapp/no_backup/credentials.dat
Filesize
234B

MD5
db2519e5155160a63257b73d27f44783

SHA1
e57599cb5ceaeb516e0b058ad40627d12922dac0

SHA256
40e5e30739a1ccdf90cf99eacdd86b97a41547fae06034e1ef8b5a1670a6ece7

SHA512
64590963d37782db89c54ed7f12b0fd97f63aa0c51dedfa755a23dc455af2cab5f8b921dbf7610de2aa58cc5686f787ea4609301e7c1edbeac6240a75c10fedd

Download Submit
/data/user/0/com.gentongsehat.fudzapp/no_backup/db_metrica_com.gentongsehat.fudzapp
Filesize
36KB

MD5
ec461c2a72ebd65b582a28d47078dede

SHA1
6a7cd9d2d96fe05d9be5081ed3162fc8ca67a6f9

SHA256
8e07e1624e804314e93c5ebaedccacd586abd76b44cdf2670ebbfdf4263acbd4

SHA512
172a133375890bce21cbf6b07e10a40de65430a57ef08a96ff09fb778d91fd0c5f2167221547d24ee0df6de777dc266da0a82153bd1f9c41e2d53194a83bc714

Download Submit
/data/user/0/com.gentongsehat.fudzapp/no_backup/db_metrica_com.gentongsehat.fudzapp-journal
Filesize
20KB

MD5
66377c61f73dd7194b212430f4173fe8

SHA1
911f5c504e221313627b120b85bf7ced464e451f

SHA256
9713a46c678530e0fe15af3771190a6843e584b94ffc4442857a7f0cf26e2568

SHA512
131f00d145fcdb0b080de5e1972714912c033a814b3d7df4ec8614c9240d8b1cc49bbf2c2a735363b5b416a7fcd98bae0696fb92e47314f4c4705a6152ae0752

Download Submit
/data/user/0/com.gentongsehat.fudzapp/no_backup/db_metrica_com.gentongsehat.fudzapp-journal
Filesize
20KB

MD5
73c64dd6558c27b39b6c8fbfdf8f8152

SHA1
cad1c7e63536ed00db021b65d5724f3a8d5e93af

SHA256
d560d0b1024ffc3d43bacbd5aabd6b362b8db529b4e6d1f19e4930a1933bc5b3

SHA512
72bc8972ff0857e1a6520908fe68e2ec89d3ae05a1a6d8e50ffed7e7e20b78313840e2c46c5b51353b89e8278e7e170469a5ddf239f9c5317256226c8626464e

Download Submit
/data/user/0/com.gentongsehat.fudzapp/no_backup/db_metrica_com.gentongsehat.fudzapp-journal
Filesize
8KB

MD5
95e69b942721fecb81db9c605f55e70b

SHA1
fdc04f2d7991f3b39f9fc529453f28e8abb5c89b

SHA256
111564d58a83a25cb2e4dc90751893d5cb52a9bd64cc71352a8953daf720218f

SHA512
2971ec32333baeb436f3790e05fcc7b7638565ecee5eacfbb0be86631f2451d37cd0cb1b9e0a67eab5209c09ba3748d3172ab80b0c93878b130ad9d952370a0e

Download Submit
/data/user/0/com.gentongsehat.fudzapp/no_backup/db_metrica_com.gentongsehat.fudzapp-journal
Filesize
12KB

MD5
8150339a7ba1f97bffb240883b877e27

SHA1
1a3b47938b9cf3e209e22b0d04dd87bb9bc863ef

SHA256
31210ba59b3d0627903be377de8347fa604d69a182711f0535f761a78ff60e09

SHA512
4e10bc289424cd02e52175bc3cfe163780c4ba6096d08eb2e5d28302aafe1d5c555ade50a6c3564ed8982484aa5f9ed6ab14492c74c4bc1071324648351bd6ec

Download Submit
/data/user/0/com.gentongsehat.fudzapp/no_backup/db_metrica_com.gentongsehat.fudzapp-journal
Filesize
8KB

MD5
810203b4713318d90a8f450778b59bd7

SHA1
b61c405ef0b4e1163f24500f8b33e8f78e772e26

SHA256
d3e51d8dee1a392cdc63f444cd60646acc13e4cd91dc1bdd5c5ddadc81151b1f

SHA512
c3fade87455306adb5b3fc55b3a810ab961b405ada0959f8865cee992a187262488bbfcae1e6462f4ec43fa58cf20145324310c12e12276278bdbe001a57f4d2

Download Submit
/data/user/0/com.gentongsehat.fudzapp/no_backup/db_metrica_com.gentongsehat.fudzapp-journal
Filesize
12KB

MD5
d92066030a909e8f0a50184bb429bd18

SHA1
f2f3aab77b4d09dcb410ae5e91d8e14fbfc8f52d

SHA256
15fc3523f8d57b989b45d24ca732f2cf2beb85b699e02837e54ed22ebe562c37

SHA512
5542f228c51fe3432ad57059cb9e33f7af7fee8e2979a4fea7f7c4f5eb13af4e333232f6489030b1dedb2d5a3d6822f679104d476853b80c4b4f12c87a92aff9

Download Submit
/data/user/0/com.gentongsehat.fudzapp/no_backup/db_metrica_com.gentongsehat.fudzapp_20799a27-fa80-4b36-b2db-0f8141f24180
Filesize
36KB

MD5
a65bf7600f8dd89f7536b11ac84b9828

SHA1
bd52c667fa9f5d60c705f1c620e50578cc4fc849

SHA256
59ab6d5bc676e9b18fb8d178d517001b5e3c02f4dfda9dba5acb7f3057d459f4

SHA512
fb69ff1d910e82bee1227fb4a9ca8665ddc71678b890b5fd680b38f5a3ced4054b1619569fed047376a2a96215f29693d84b8f4e3756050ff69accdfe10ebe14

Download Submit
/data/user/0/com.gentongsehat.fudzapp/no_backup/db_metrica_com.gentongsehat.fudzapp_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
512B

MD5
8b1be758e7ec775b5f8910de1ba5dae4

SHA1
729a0cc59ae3c4418b0b9dbe464b4a4c7ff7c244

SHA256
c88a407c549606650f008b9ab42bb678833cecc5420cd882946c918802628d49

SHA512
ae8b2fa95692eff75cf42a58f70f5713a9e9d82f5ce74204d1acd229fa29505687f7f1722d17e64dc58268ebb3fdf76fe9865a2ebc7c2e7013dd71fe33316db5

Download Submit
/data/user/0/com.gentongsehat.fudzapp/no_backup/db_metrica_com.gentongsehat.fudzapp_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
8KB

MD5
81d3e587536c2e77ee5ae063267b5125

SHA1
cb716cbc85a8d84fb8d029acf69ab953eb74dc86

SHA256
c6d52dd719ff99bb4e2e914007e7c6c4d48a1394340508e837612bde919ffe6e

SHA512
d7d7e7ee2dee2bde68c7f6a3cbd8b85453fe05824977cebd279bd025d5ec566aa2198bfe3227eb1ccd23c20b63bb71fc3ea55cbcd7f8305a8904a11c90e2c34a

Download Submit
/data/user/0/com.gentongsehat.fudzapp/no_backup/db_metrica_com.gentongsehat.fudzapp_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
8KB

MD5
6eb5520bcb8ab1e96539881970c6aadb

SHA1
c75575395170f3cf97753bfea92a03c76d09f11d

SHA256
010060ea06745b2f105f1c0ae0f371a4988b7a44ffb04def6b369f43533fb1b0

SHA512
27cd8e7eb31bc495287ac4991b8f3a7a74ab8a78f2e003f4de03ab02044e194ea8fc75569974ff0db8dd37081a9f7b633761f952bf816443e0745d29ec58a966

Download Submit
/data/user/0/com.gentongsehat.fudzapp/no_backup/db_metrica_com.gentongsehat.fudzapp_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
12KB

MD5
ca3ecf97756ca7dac893c7c120d60b1a

SHA1
bc34286af922d2fe4fe4f7cbac1c49d8ea3003fc

SHA256
75e3049c15437a8031d67be213d736d4f15dbe8c60e86d730df0c852c702edf8

SHA512
052a5899739d32bb3cda8cc6160385259d58ec7159758b2949c8573c0d0fef84020459042f9944a9ca99358f2c4f33b1215586a52c673f4a993a6d1492b2aae3

Download Submit
/data/user/0/com.gentongsehat.fudzapp/no_backup/db_metrica_com.gentongsehat.fudzapp_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
12KB

MD5
47bd78c03546ef3bae83be020a17ac09

SHA1
54727cc7ed18f69fcc4bb40512f739c893207536

SHA256
e0787ee01b2ebea7560b5c38b09da36b6ab676d20426983722d312c9fb3697b1

SHA512
2999b0888095924f179baf711327c076c30b57c32dcfedf86d5c0c7949a1d860f0eb36bbf870dc490c4235c2424fab5c39cfdb9ef516eddd4f5b89844b74727e

Download Submit
/data/user/0/com.gentongsehat.fudzapp/no_backup/db_metrica_com.gentongsehat.fudzapp_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
12KB

MD5
e7a2698f9368abc6891b8236f0598c2d

SHA1
e1fd2bbf50b6e6bf62c88183f8d1ca70b25d4ac1

SHA256
cc16c78dc99626e1ed71e440e7db60fe1759b65fc5a341c299b2ddb6eb6fe274

SHA512
0181b88ae4a3629f453427e07a1a3b3fe9d1b06e7b9262501497a5b7dd39421a329d18f5f593c7d69dec8083e5ce6d4e994b672c383cb9a11299cd65f8d45fdb

Download Submit
/data/user/0/com.gentongsehat.fudzapp/no_backup/metrica_client_data.db
Filesize
20KB

MD5
4f0f9edb64a5244577544a7fbdc408f7

SHA1
8bf2a2b2bfdb419bd62eaa9e3ca0e1f5ac1f031e

SHA256
a1e0f828e0bfb1f64098eef52c08b079bea95d178e080d933562a48b49f8a7ec

SHA512
b2d25942c2cc17dfc6818698349dc0d103f6ac905756a19f66b36102c9d48673d8803a201a3728192832c4949b45d5387c731a52fbd5a5af9f779cf380e05074

Download Submit
/data/user/0/com.gentongsehat.fudzapp/no_backup/metrica_client_data.db
Filesize
20KB

MD5
1784bdbf77cdc69ab0b638135af364d2

SHA1
f044b35111ba549bd9728b711a9469e6ea507b62

SHA256
3c1ddd56adb2bec374c1b40ffc334ac26aa7af1a9cfe9abc0851e4f7d0e11dee

SHA512
e0b4fbd444d4806524025148f196ebdb0d427fb8f9182c35fc710c230b68e8a971487acdfc1b761a8f52e8392075c11b245e485ce9b752ae3639ae33f767080a

Download Submit
/data/user/0/com.gentongsehat.fudzapp/no_backup/metrica_client_data.db
Filesize
20KB

MD5
e5639b469346d3d19c79ae3bdc2f4a9a

SHA1
b4d9041b94176f65417e63e77f0f324b81e8dded

SHA256
cf283c9f2c282ef339f1ac0c4eae7d6f44f86bc1744cbf8a9b5703edc7368aaf

SHA512
273aa09cf7f4de26661bbedf2ecd180b5adb537022cd824d2185beaf7eb1784bd1ea1f1f22c01e4762729bdefeb81964f1a47f13e90b883beb27ce7c8d1f03b4

Download Submit
/data/user/0/com.gentongsehat.fudzapp/no_backup/metrica_client_data.db-journal
Filesize
8KB

MD5
c12c7fff4fb22480b1ae0c7d512c0f25

SHA1
21e481a1d6e4d9e0339075c2e4f2f909e5dee684

SHA256
f6a38d8aa82d3df65b317c1d8414b054c42f51ea8436a1bc40302eaa9bd09cca

SHA512
a9b1b1ebe7036c1ffc055eb3289489440ace3d02357cb79c838504ed22772b5acc44182df5c481987c62299305d21b0d8d0fa0c20a03b3de2f25f81256decedf

Download Submit
/data/user/0/com.gentongsehat.fudzapp/no_backup/metrica_client_data.db-journal
Filesize
8KB

MD5
97f43733a36aa1d1a2f36ca6ca024d03

SHA1
b404a76ef8aeb8f24d5e24e505f25b64c709c1c0

SHA256
78d452ea8c4d02e903cf95ce1c6aa7d983e5844fc3feda999766e9dc60c7d1f4

SHA512
85e5cef537c1c7af26b8cee535d5d5e4b9af4593d3242f71259bbfde7766414e8737716f0800102f05d568ddb397e7ad01fe9528cbb8125b04f40593d10a8385

Download Submit
/data/user/0/com.gentongsehat.fudzapp/no_backup/metrica_client_data.db-journal
Filesize
12KB

MD5
badf9de6ccd4fd5507fd23a8da41a28b

SHA1
7ec855faa6761e1648e1a875d9e427299d7e6ab9

SHA256
f2983b418b6787ca03b622ceaa824127bbeecf990f43af877b5c9e96d2fa69a5

SHA512
8bed797eb5fbda17cae96a7dc764ddeedccd9c64ec6dcf3f4b20a21ffb8dfe358155e14f5c0784a04b81acc6a3e30edfae6b6ef2896b460b4f86ce8f4f1367dd

Download Submit
/data/user/0/com.gentongsehat.fudzapp/no_backup/metrica_client_data.db-journal
Filesize
12KB

MD5
7192ef1adfcd761cfa5daeb0fa99d3ff

SHA1
99d2c878e22397f2a2a3123713b0000e26b1193e

SHA256
7b08ccbbed147abf9b523b73768a794f39c2dae9cf818ca0512a99c2afa502e4

SHA512
87b61ebb063f351fcca60d01144c0f2e137d249077b22966e54ff3615a191a04567717af004bc10cefd51754869fdc85656284ac2768f5852a180de1b2526b9e

Download Submit
/data/user/0/com.gentongsehat.fudzapp/no_backup/metrica_client_data.db-journal
Filesize
12KB

MD5
1359cc6d4e8a6c7a2714d2476ecdd3ab

SHA1
b202e7b4ae5409231dbea9fe53a986c167234e08

SHA256
4218329d99b99153b2b03ccd8dc82a88a3ab0c6ff8daa30abeef9eb4ed7e79e9

SHA512
01e559d31e6e02fc09e9bb55a16520488bcf79de9b6b087282868255d030bd492d54f32c10ef8cf9a02b1669042b437c4b57665b26582d696a832227a32a1475

Download Submit
/data/user/0/com.gentongsehat.fudzapp/no_backup/metrica_data.db
Filesize
44KB

MD5
bc8d6199454571afb1777274dd74afcf

SHA1
41b8f874c5539faf3febf68afa14dbfa8bc363c6

SHA256
d9f1fadf87b5da0684397ae60a8ebddab77a4fe08de54d8b8496a494e35bce84

SHA512
33232ac835918a98828c6cd00216905eeddb9bff1ee0b5c11037c7866f679bb97821fec46d438a754fb80accd8813ee73fca6aa71de9caf485dc0d8418172dff

Download Submit
/data/user/0/com.gentongsehat.fudzapp/no_backup/metrica_data.db-journal
Filesize
12KB

MD5
3e8950dc3fa944f08e3ef08e8ec68883

SHA1
9583686fa2b7dac9ae82138a74f7d6a22db8df9b

SHA256
136da456cf0b1a210979b83a70eb08e41f2b5ca5a3fa20c52441a3c9b8aa7f0a

SHA512
9f74b70f2344280e63734f2d8049c5c991ce6270a1dac57b3e3815760b686689038825d1eae1c82793a5b71f595504e3f2530ec7aa1fac5eebea6402185693ff

Download Submit