4f8bd1b9d7cc172e5d48a9a021e8df50ad5bca5f937e3ed631296fdf33a478b7

Analysis

max time kernel
179s
max time network
144s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
17/05/2024, 20:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5141b301d99ebca907913e2f19eb02f3_JaffaCakes118.apk
Size

5.9MB
MD5

5141b301d99ebca907913e2f19eb02f3
SHA1

0be00f8bef2d9541baeca25207492c83ff255870
SHA256

4f8bd1b9d7cc172e5d48a9a021e8df50ad5bca5f937e3ed631296fdf33a478b7
SHA512

3031f19de984484fee6eb57a7320365eb88e40d4f92d24a7b27f1a1a403c4bdff9c5fcc746e09a3e91a14109251152d4894b9624d34e39f9b74544da3d83c48a
SSDEEP

98304:5fsadOybik4gpS8U90VUJyr53bgOE25JAOPArfT6+F95UHmZkgC:MLaS8U9qUJyVgORbPgT6qKp

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.br.pizzamaker:Metrica
/sbin/su	com.br.pizzamaker:Metrica

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.br.pizzamaker
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.br.pizzamaker:Metrica

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.br.pizzamaker
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.br.pizzamaker:Metrica

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.br.pizzamaker

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.br.pizzamaker

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.br.pizzamaker
Framework service call	android.app.job.IJobScheduler.schedule	com.br.pizzamaker:Metrica

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.br.pizzamaker:Metrica
Framework API call	javax.crypto.Cipher.doFinal	com.br.pizzamaker

com.br.pizzamaker
1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:5179

com.br.pizzamaker:Metrica
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:5293

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.br.pizzamaker/files/ZPkFS.log

Filesize
12KB

MD5
d396c903d189a37f9479688609115d9b

SHA1
b4e5b9ce1ce45bc5c972f78e553db35267d3692c

SHA256
fc3193310bee8002c5e77dce4b2edc3eeeb421927ad174d5be6a11e879ea1de9

SHA512
ea2fbdf5ecf02e18fee1026537e5769bfd9056e7f4cc50236d4dc10f654c922a3bd25fbc8b57d64b5e3085418813cd409efd2152796f03d1525bcddd4ee3c3aa

Download Submit
/data/data/com.br.pizzamaker/no_backup/credentials.dat

Filesize
233B

MD5
4230ce0e5e8c791085dab382f26d95ee

SHA1
459731fd52758e57285600983301d9c4f9e4f8f2

SHA256
7bb5830fbf992a9e301634e20e49e2f3bfb2f85f5e9a82560fb073a9acd75c99

SHA512
f4937e51c9089c5bdb50c9808cf88c50a0d08a2a712eb55d59cabdf1e92b894864bfe27244f2fd20925ed9322a81ad543c8176d2ab9d3731996f4f28728974c4

Download Submit
/data/data/com.br.pizzamaker/no_backup/db_metrica_com.br.pizzamaker

Filesize
36KB

MD5
0eeb4019a0a957b7f9b9285cc1fc86be

SHA1
ce128fb16c1c30fec453be1143e464d8abff1d16

SHA256
ee5a3ea0a8f3bcec8923af71264ea8399cfd0b7a86d314fe95d80cd47027409c

SHA512
3af7b544106bc6d6bfba17e699b71dfe3de085732a8085305126a545f31e33d324b1538678c7709efdae75ab39a4b025a08cdc5c39018b287aead7b02c52b191

Download Submit
/data/data/com.br.pizzamaker/no_backup/db_metrica_com.br.pizzamaker-journal

Filesize
20KB

MD5
0f5a2fae283ebee5acff85b802b95a18

SHA1
08fcfdac179147e6a3c476ab61d2ae5736dc7a59

SHA256
6fbefda3a1aa3bb207cbd44b80024e075f6e12ef7a41f0566595dd5d5bbbdbc5

SHA512
4d65a0abb99ca11dff725077ce4b13fbd3e09a9289e649010495b2f7dd83f4c874bbf55cad58539ee48fd976effd5c2525c79233ccb04cf048db4a22c4fa597c

Download Submit
/data/data/com.br.pizzamaker/no_backup/db_metrica_com.br.pizzamaker-journal

Filesize
20KB

MD5
6cc8b1480a9f84086f4d1fdfd73c6435

SHA1
70862d836a4e33d5574c3121f0c0adc40e67b41d

SHA256
f53eba985b032defc2eb84a3abd22871ef4069946fd9bb67ada223c1e7a0eede

SHA512
f71e6430a05aeb511c932c6f2520584ae4b48447e185b2d27b30050813bf85426698a18998ae49073d23fa96a9f0d4e3cb717aa7ca40b4027c0a019ccf375f7d

Download Submit
/data/data/com.br.pizzamaker/no_backup/db_metrica_com.br.pizzamaker-journal

Filesize
8KB

MD5
676a07b57d5e783c538fa6937cf29eeb

SHA1
34be813192d2dc6478861bbb1442469168a6144d

SHA256
522d8fc25730473c557c346c91cf315b27af9c70abc92bb1b0f2fbca5de17c16

SHA512
bb252dd77f5b7cd2103d98254078b6afce4434e9804d20bde3e27acd26956bbf290ca81700ee60bb8d15824a8827c63ffaecb483d38725ea25aedbdf5994d88f

Download Submit
/data/data/com.br.pizzamaker/no_backup/db_metrica_com.br.pizzamaker-journal

Filesize
12KB

MD5
395e6d8198e889d00abab8e04a791d9a

SHA1
b5a6996375566a3c8fc34e986f73a7d7cbcd7d5c

SHA256
fef9b16a7b94fd14b452ec4850657a68c27952ada3366850784702e18cee2aad

SHA512
87e8f3b225aebe6f461ed00914e715339d7944ccdb1a92d7531efad31d8ebe9caae7e64e66f2033ee24e72e08e6460291911dc0fa05dfbeede01bf3d4b042c38

Download Submit
/data/data/com.br.pizzamaker/no_backup/db_metrica_com.br.pizzamaker-journal

Filesize
12KB

MD5
776d2549656050af1ce0202c50d23061

SHA1
6c8232c5cc243a44a08be297e34ca1ec28da17ce

SHA256
1da7d98a1d5e6c613e574410b9bf31a270e725774c227647b8d60b0470ff93ef

SHA512
4cf45551a8415f8b562a5471cad583c6f7d352b061b9b0f0f6ea252a152d6b635e9e941901d8ff65995794cacc5796a50ba61b83282d6ec6c2c69d6764d67ca5

Download Submit
/data/data/com.br.pizzamaker/no_backup/db_metrica_com.br.pizzamaker-journal

Filesize
12KB

MD5
479dec1fea2ec69312eaa153de0c8d6c

SHA1
1d778f12cb40eb96f5e8479404b22e52cb762e83

SHA256
c2ba9e93a5a0d2ef6e3d84a765de95ed81947cf6c74bf58eeec97fa4aaaf1253

SHA512
8d0c3fa1c68f9f2de479dfd54fbac4ad4379ba533d204d952c709e7c36f78e81ef3ae4e75fe6818cbb35ad8e64f4d90c79e4a6198c9de5149e00634da72c3ab8

Download Submit
/data/data/com.br.pizzamaker/no_backup/db_metrica_com.br.pizzamaker_20799a27-fa80-4b36-b2db-0f8141f24180

Filesize
36KB

MD5
9c838d4a0dc6c0f8329d23223b40d2f1

SHA1
7a8664170d8b61758f39bb31d7de84f099a31c3b

SHA256
0a8846abd035ebbc792f8637604bac9a6adcdf795ecbf9c81b8fcde40f77b8c2

SHA512
9595164050dcf939b67f7fdd0d0736d79454d7420965073ef8e8999b002fe1f76fb8196d100f9b82f25cc8ff95cbf9f76e47b6b98fb373b77143491766882288

Download Submit
/data/data/com.br.pizzamaker/no_backup/db_metrica_com.br.pizzamaker_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
512B

MD5
d3b46ce9aeb6779c4b3fca1015e555e5

SHA1
51242dd4bfa9a653ef4e321ae203597d1b07f4ca

SHA256
780838e98b3dbed78230ca8f06ba8e4ef6ab10765f2ce3843f68f3de024c3c20

SHA512
d327b4f4b12f9c78be3af1701ea47502b276d99d7535e5187f4c23d36796fa16994d1d46f3568cc9e28c6794719db85bc6e85abc42d78c884529fb848ecb6885

Download Submit
/data/data/com.br.pizzamaker/no_backup/db_metrica_com.br.pizzamaker_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
8KB

MD5
526bda4808e265ea552767401b0eb6e8

SHA1
9685f2aec6128d0db1599dbf115237634aaf7a8e

SHA256
d92626eb066128914d8a729b1ff4a47459c1df5874d5c8d67d41b8a241c6c2b8

SHA512
1d0eeac3faeb9bdd0647648b9581c4bde555efa8abbf1f0ea1461cf41e65748da899780510c0833d51ef833d864334469e408319458d257520cdfd9dce5b98c2

Download Submit
/data/data/com.br.pizzamaker/no_backup/db_metrica_com.br.pizzamaker_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
8KB

MD5
b49911a865ccbaed8db9ea9b45cf86e3

SHA1
4d4a62310982a79a7f79c66076c3fdda2e8405e4

SHA256
c2792afed27409c5af99823390a9c19e73edd6b4a9f3bb001f9dffc48766179e

SHA512
3167a9d294917897f7dcebb1fbfe0fc306cf6e4a8f28355d778409ce7acb7e44b156fec63ec183d0b25777829941746c5287c4e5efc6a83571c89a04bb8cf6d1

Download Submit
/data/data/com.br.pizzamaker/no_backup/db_metrica_com.br.pizzamaker_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
0ee64e0742a2b90fa8a3cbf58e41088e

SHA1
4e5a7dce73353deb04df76958934b79d099298b9

SHA256
fd56edbf8a3516e4eb96084228a611af4e1ae5d6da1dbe8d86ea87a11ef49345

SHA512
741b51c3cacad761bb395c9f214c706e137a0150485c04485a0a5301d671238fb46737f0decb981f296b6404b99a29b611dc7ec63bf21ac048c69f724346a8a8

Download Submit
/data/data/com.br.pizzamaker/no_backup/db_metrica_com.br.pizzamaker_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
bda8cb25893dd31151d1830ecb6294b6

SHA1
b50beccd77c0e6d82b1c24b23fc1b93c993d1eeb

SHA256
30af8ae66e1a1a782c083d5012aa7a260b5a08fc8f780d1f44cc1d6bb4df1f27

SHA512
38e179c59ac0f709e75e58368c40683957fc41599ac4fc2ae2b876fe13963bb097980f64659fd63ae360a8e3919aace35444c7a637d5e5dff6918ba3cf88d43a

Download Submit
/data/data/com.br.pizzamaker/no_backup/db_metrica_com.br.pizzamaker_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
788ac00883a519a0297db3c8cc62e012

SHA1
407db2bef11bc83b04610c72ed1ffcdd0db13772

SHA256
1b222dfd928fae21227ec370a3b77a31cf6eb7a9b68d746b249246829b5173e3

SHA512
b227ea12339a0cc080fad77a3d88cdf87a368259e9ce1e026b9c0242218018bd13b4743412143c5fe5160739e06c85cf17182b1a217d73819c5483dae79cbcff

Download Submit
/data/data/com.br.pizzamaker/no_backup/metrica_client_data.db

Filesize
20KB

MD5
0777e8e63354dc2262aef3fec2a087c0

SHA1
6f4ea0fdd10e91fd48f6e2ec59c9c731eb4a99ad

SHA256
b0dec1c47fc22f23ff8721fd968b976da6514942f11070a49d7f93ca946ef5a5

SHA512
d4274ef6743fa0e5c20631f1cf4b5376a8d69d1a1f49f0367f5507e19d6e076f172203f830652e0dcdd52eff68afd6f309eadab5b8f6010a124c665b97a99206

Download Submit
/data/data/com.br.pizzamaker/no_backup/metrica_client_data.db

Filesize
20KB

MD5
89037a00eb158e168cbce9b871b007d1

SHA1
a441d16044acbf98d96d6c89c179fe25ba4606e5

SHA256
31788d10182d77e1b72cac1498426b52678e82d47c700362e7f346b8361f2dd2

SHA512
8ea0d0f8af19a56a7bcc18972f87b4c0c612f1a9252a5499079efd2047ff0994b6b2baa4b4cc2fa4f244e894e605af897afae3d76b5e6d6630e98fb52112d02f

Download Submit
/data/data/com.br.pizzamaker/no_backup/metrica_client_data.db

Filesize
20KB

MD5
3154c132f6c0ef6d23151580444221d5

SHA1
c88a96c689ddfa9cdd9509fa2de51d8dc36176a9

SHA256
fee3ada2a4a8c0bb873a0e29dd3b701d234400935bec0af332dec79b140140af

SHA512
c1887f7a6cdee9c17752ae58c2dee57d272187d609b9b6760f352eafc9ea0f441ae0560a83f9d94cf3c230e27da1c5b68906e958b866a3b61afe2f493c7a308d

Download Submit
/data/data/com.br.pizzamaker/no_backup/metrica_client_data.db-journal

Filesize
8KB

MD5
49100bff1c74c26d0b33b5cae098b39d

SHA1
2bb000e356e83a4b5088ebe05a8c8705907cd56e

SHA256
660856aad674447021ff520f4ce0f3083fa70dfda33c45ca0b173bfe66b98931

SHA512
3425a3cb6f7a5d3f39fac038f94274120831b5ae269a566ceb44dd1b8b016f5ff5bb96ed58af4d20d48bac5c34771091b3c124629d50dd6685bdbee51a6be953

Download Submit
/data/data/com.br.pizzamaker/no_backup/metrica_client_data.db-journal

Filesize
8KB

MD5
e1df6979096817c5599e008f98e77469

SHA1
4c04eb2d30a83eff6334975520adc991bece499b

SHA256
ce093578a009235cec77a0513aded9988d6654b644b8cdc92d1e4c7d57ce851f

SHA512
bf0528300b1077cf6064ab4359a6a16a7c005bddbee15bf743ca60d535c44040ba83abe0089bfc05fed237e0c99832a6eb2a960240353a26d5d84e26d4b62e2e

Download Submit
/data/data/com.br.pizzamaker/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
168f1f362b236f91e150a360b1f03545

SHA1
dd7dad3156cd49cb6623835f0271947332a07adc

SHA256
4f3ecd71c8672263cc21fe1d3e0ec9687ba5dc250f6a69b797436a2831a83b68

SHA512
932f99132450961e689d646dc9d5ccb49b11b81c4e1fafb452f6a3dabbba54be6ae47eccb46423f302705691ab4b249ecc327a4d4266723f3ae1dd35272689dc

Download Submit
/data/data/com.br.pizzamaker/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
c838dbfb17ac5300381b920dbcc686a4

SHA1
9be34a5a9fb16395aa4534a0580ef9b50eba0c20

SHA256
4393825d099640bd5131d0baf19ff9ce686ea7ccdef82aee6303e909b2ba82c4

SHA512
3361d271b3072319bd7c70f8b12cf07bc4ca1d00cc15a45ebf4e4e07229ef242c04492ca7baf9ac6fc87fa619d74f8f82c34c7b5a47e532400deb920687ddd9c

Download Submit
/data/data/com.br.pizzamaker/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
be2fb8ed00e14da8568ebbc98df5812d

SHA1
669f04787772bfa24ec4d6cf4e0a2206806a3fd9

SHA256
d55b1f173ea164381c627dc95e1a3a9e3a0f723df6445e4292d9e38c60d95c77

SHA512
38b73ae7d5a630103c5654ca5fcd225f534c41f77356bf2854f6d1bfeed2c12629e0480e036aaf57a2fe9669290c0dedc08e48c2b4da1cec7ccd9c4d3199f4f8

Download Submit
/data/data/com.br.pizzamaker/no_backup/metrica_data.db

Filesize
44KB

MD5
6dc70c2c1356c9d5e39fa681848346e8

SHA1
cdad4e36c9999d61ecdbb9cda69f723cd64536b7

SHA256
959f5f4ede5481543e4730590a9ef9f8463d94d31d1af54adf4bc4d413395e61

SHA512
501865d60270510687d4e390a36b729e9ce75eee77238da19e17fd89adb1fe5d9a57dceaf1eccc72bdb5fb726c699c33a65077cb23e2408c07e7d038367cfb23

Download Submit
/data/data/com.br.pizzamaker/no_backup/metrica_data.db-journal

Filesize
12KB

MD5
f6054c7c96b48e177d6cde4c68b25642

SHA1
7eae5808d33fe283db9144f2349dd3468325481c

SHA256
28e0ef372ae17e62e51613f930e94b81567ec327dac9238535f0c30c3d7d70aa

SHA512
abdb5517e6c6c0f841c8797001e490c72dfead2f2cbd873911e9926656e3fec1ddd9d5075b5fe5afbb4411aea7e93c115f0644775d1393c64cf87c739cc642e8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads