4f8bd1b9d7cc172e5d48a9a021e8df50ad5bca5f937e3ed631296fdf33a478b7

Analysis

max time kernel
178s
max time network
164s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
17-05-2024 20:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5141b301d99ebca907913e2f19eb02f3_JaffaCakes118.apk
Size

5.9MB
MD5

5141b301d99ebca907913e2f19eb02f3
SHA1

0be00f8bef2d9541baeca25207492c83ff255870
SHA256

4f8bd1b9d7cc172e5d48a9a021e8df50ad5bca5f937e3ed631296fdf33a478b7
SHA512

3031f19de984484fee6eb57a7320365eb88e40d4f92d24a7b27f1a1a403c4bdff9c5fcc746e09a3e91a14109251152d4894b9624d34e39f9b74544da3d83c48a
SSDEEP

98304:5fsadOybik4gpS8U90VUJyr53bgOE25JAOPArfT6+F95UHmZkgC:MLaS8U9qUJyVgORbPgT6qKp

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.br.pizzamaker:Metrica
/sbin/su	com.br.pizzamaker:Metrica

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.br.pizzamaker
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.br.pizzamaker:Metrica

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.br.pizzamaker
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.br.pizzamaker:Metrica

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.br.pizzamaker

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.br.pizzamaker

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.br.pizzamaker
Framework service call	android.app.job.IJobScheduler.schedule	com.br.pizzamaker:Metrica

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.br.pizzamaker:Metrica
Framework API call	javax.crypto.Cipher.doFinal	com.br.pizzamaker

com.br.pizzamaker
1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4294

com.br.pizzamaker:Metrica
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4383

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.br.pizzamaker/no_backup/credentials.dat

Filesize
233B

MD5
ad95860026dd5e1698a148c90d29d3c8

SHA1
c355b884b95e50bcddb27c865310b1fad7f03681

SHA256
85c6626c1a474157ac022bfab9133c591bbe15afc776596dc7ed2bd29a9cbb60

SHA512
0369a14240f1c9c5b73ae0c61f0e135652c4c525ca25b9a8fde7cafddaa79e8fdba16429417557eeb61bf1a0567113adfdfcd8dc7b0769f8ef9e7777c182fc78

Download Submit
/data/data/com.br.pizzamaker/no_backup/db_metrica_com.br.pizzamaker

Filesize
36KB

MD5
519e00709c8870eefd5fc6b4d3258a54

SHA1
d02e23933069cd065bd475fd472fa79750330fa3

SHA256
beb8b73efa4fa470baa2ed269a99a166979646304b06329be3f994b96e56dbc3

SHA512
a44656e9bd5a6634a6873ee09e2c20f6bd0b489dfd96b3d73c75ca4706085bd678aa24bc615c2d1a4cdbc3a113a98d5c852ae3b865944b4f85f1251e0a2ea925

Download Submit
/data/data/com.br.pizzamaker/no_backup/db_metrica_com.br.pizzamaker-journal

Filesize
8KB

MD5
3cf382a25f413a4b5d1edbefa2eac794

SHA1
1f745d577b97300fcea27d0e6261fb05dd7f9ebc

SHA256
4fe284ebbea3cf2baf818efad625c2366d485f9f153951fc6b9444ad802cc57f

SHA512
970cbeb3c5a23f078e0ff392d436b8c116f2dbede83ee9d790db1cdb739e19ce8a2e57a96d532199433dd0e99b9538497a1fa90c98cacdc267660e060b06f1d3

Download Submit
/data/data/com.br.pizzamaker/no_backup/db_metrica_com.br.pizzamaker-shm

Filesize
32KB

MD5
2c74a03d472f1e59cbe55d3ac19150a6

SHA1
fe99a87525209cb95c638c1091ad9ee8e1698166

SHA256
ec2e9e6ddfc44922cb64a38e4a5690f4d0d5aaf02bf7938c35a9b63e78a66d17

SHA512
901ef7a86a90c20e9c6b57c10897102d4f55f7103bf1ddeda635a4b8e544144cf5639be8ada3bcea4ee317c62dc01423cd4fd3586f58b8aabd317a4ebcf44f9d

Download Submit
/data/data/com.br.pizzamaker/no_backup/db_metrica_com.br.pizzamaker-wal

Filesize
406KB

MD5
2e22d5a3b7a5cdfe6a60c306f9561d1b

SHA1
79c5a4d2421a4d94854a170b05692ed4b7352a51

SHA256
2455c0232595e4034056d9b1f8e3084d122adfff29741415d1eaedea455e1b14

SHA512
e42581a72323514d8b5cd3bb3870acdd5974f1e45817576a7c5ba1563b63f19912708c42f44c9e25b2439afd9398e133ed981618e57469f349cfafd1849bd7f2

Download Submit
/data/data/com.br.pizzamaker/no_backup/db_metrica_com.br.pizzamaker_20799a27-fa80-4b36-b2db-0f8141f24180

Filesize
20KB

MD5
70960254764f664b392331021d63f019

SHA1
b642f73475a1a813aea80bd6a3c04a3767dfc161

SHA256
4233f014763475165d51442fb0766ffd8993aab26760515432bdb4457bb27d9f

SHA512
027fb57da5ada070a5de6c084b77e795e4ab9e8ac9cba1087c1247950e1af5d74ba88a3676ef85acf4a0ac91842ae52300bb23262b69d2e8ca5072e3b2b1bb5c

Download Submit
/data/data/com.br.pizzamaker/no_backup/db_metrica_com.br.pizzamaker_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
512B

MD5
bbc8e136c60653b1c196e7b1c5957d16

SHA1
f667bfe292886416186769d3c88391058b030ee1

SHA256
5bd2ed7899b3a383eb1c35a0a9fa8ff25c7e1fc5c3ad8f77ee092860bc01c041

SHA512
7afcad0c753e7511b700ad2e650353e320c48255047dff6cd29e76c888a1131552ebaaf500ad5e8baba02c41ce4b7e8474b22a207b2312658a425742c9424009

Download Submit
/data/data/com.br.pizzamaker/no_backup/db_metrica_com.br.pizzamaker_20799a27-fa80-4b36-b2db-0f8141f24180-wal

Filesize
181KB

MD5
29a65ecdc88bb880000c73d5f0799a5c

SHA1
f748480ac93bd9a5a514de1222231848cc9f1339

SHA256
6586441dc0048b812d12fe0989979a008b85f17c0dacb20dcb170d52dafaa03a

SHA512
37b4fd4aa59ca3bd67dae3a63979afd9b88e5a042a45600409e180266027d262ce66c6c00654ceed7fe822dc27079f3f62882b01a9c53bfdac089329a73ec1e9

Download Submit
/data/data/com.br.pizzamaker/no_backup/metrica_client_data.db

Filesize
20KB

MD5
325d44d9834d3bfc2f0ec2e1c6b19df3

SHA1
ab1c9d3595325ee36b3c18ad8c7b7c5adee2dce9

SHA256
e92b27e50ce7980c4c8a2215720dce0665e5cbc91ae10436cad99c024f9ab45d

SHA512
3517bd0ede5cc2183740541f304871cb9218310702d0741480f5ebeecf8bf9804684ab9e0c78dd12b845a8039115733cc85b9ec489c5be95c959527e67cc438c

Download Submit
/data/data/com.br.pizzamaker/no_backup/metrica_client_data.db

Filesize
20KB

MD5
178a6ee05d83b606d2d86dbe3d4f46cd

SHA1
aa76b1aea8784fd80dcd42d637edba14099b8834

SHA256
fc60f27627b5ba275db4a2f99272d707f94763a05c9d2a6aa683e80e15ead513

SHA512
7f71373deb7ade3c342cdb9b688619146363172458b7da0b46e99f9fd23145294ab58060d57bf774c0be11c3aa3269db6c920311d5994734e0fe9fe6944925ef

Download Submit
/data/data/com.br.pizzamaker/no_backup/metrica_client_data.db

Filesize
20KB

MD5
44def4f6e42c3ec63f229d23af8c804a

SHA1
f5956d9295778b539bced03215343fd3cf7a9dd8

SHA256
882faff2a0f007164d5dbda7bd7f803306423b5eb48a88b1bb72bde65b77e50a

SHA512
a14770398044635a8a8fc0d59dc95af3a97ae78146a9ace3795d600a44098a5ff7099aa3d0ac40442f8ff8c5d3b5ceecb4b360bf47f3e8c7c902879e2e76228d

Download Submit
/data/data/com.br.pizzamaker/no_backup/metrica_client_data.db

Filesize
20KB

MD5
29885deb9fd11668abd491ed26e8bdfd

SHA1
1965c9877e48f02c0935c8e956e296166719c7f9

SHA256
2b0411df11f86d1c866d8191f2d1af3952e9ed1b392897de4f5f56673fb425be

SHA512
b55084f41e37cd27b328cffad782c66e2d77f44cde2eb93cc8a0b5abe1227d646411013da1a77f3bdf827f9f2c635f1bf43b3bb8bea74cc51295d3c056083b8e

Download Submit
/data/data/com.br.pizzamaker/no_backup/metrica_client_data.db-journal

Filesize
406KB

MD5
eb91eaa132a2058239307f6ff5afee67

SHA1
f932285e6ef0c172d7980d12259b75599cbaa9ed

SHA256
4718602fbead77136e015a465a525b4dcf9f5b4c52195cd73884dfff3bb67618

SHA512
d7fde974e87b67a673df2f96daa3dc115831acd215e80a36af3ace065257cc45904d5146f946b52e6b154a6fb6fd4cdd369415791374c7f1af91bbf65ced1ce3

Download Submit
/data/data/com.br.pizzamaker/no_backup/metrica_client_data.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.br.pizzamaker/no_backup/metrica_client_data.db-wal

Filesize
32KB

MD5
7199caea6bc139d90d0a29ae8d48fec5

SHA1
715f77312dc55be37a3d8994d8390e11e7b8173f

SHA256
7d412db2e6a95dd674b84f6ba24772ac347854a56c8bf6635fdab2e816dae3ea

SHA512
f6acd87f8c911429880619deade28b43f456cc40f0dc37ed6a8b0ef4a7b61fb15a94fcd0df58a58a78f7ab8df24ed02ff3c45d207d433cd304b96f51dc5c87e4

Download Submit
/data/data/com.br.pizzamaker/no_backup/metrica_client_data.db-wal

Filesize
8KB

MD5
75868761c2879a836ce7cc6f18fee18e

SHA1
998188ae1974b967dacc42a32b18b553f1860f71

SHA256
9c52f20b783b054495c8c0010f34e2a7574ae4c46112d8d05341b0c6a720829f

SHA512
238777d0eb0ea4a38854b9e677b88d0956b9a15609abe0e8d002142b2a1de7cc3e6be9f55e28216ccaf5f24134c8bf01d066b63db1cca411bf5443a2435facc5

Download Submit
/data/data/com.br.pizzamaker/no_backup/metrica_client_data.db-wal

Filesize
32KB

MD5
26335d4c2e3564541125f1f124630757

SHA1
71a526ea2ef69c5c1ea257bd25e37aa2184549af

SHA256
3f52a24ded823592782e8e5c2feff3f22feccad2f36ecdb3fe989bd0bf4e2753

SHA512
b2d9b44fdb8eebaf1c6366480df524dcde008cd7d53212aa0978b085729a0854b4bfccb116ff27f4f44a6618c8b6f0529e8e1a453f26be8e938ebbdc16f7a91b

Download Submit
/data/data/com.br.pizzamaker/no_backup/metrica_data.db

Filesize
44KB

MD5
341c20c9cdf662bbb43430d0c93c3e87

SHA1
078b4f037e1d091133075915b258110d2a76a484

SHA256
a181e1cdd35a113e44de3d39c0ced722c24700aa7b887d051ebea02d55af6b24

SHA512
cc3df2419eb1c2f69b67d09deac357a23e73d561d94c7bdc7c5cfde648c72c8fd5d8900f4ded3b68b1a03610591efc2b5fab329f6407880478dfd7de00aa495a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads