Analysis
-
max time kernel
178s -
max time network
131s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
18/05/2024, 06:52
Static task
static1
Behavioral task
behavioral1
Sample
53757efbebf07aa0dafda582b87b3d8b_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
53757efbebf07aa0dafda582b87b3d8b_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
53757efbebf07aa0dafda582b87b3d8b_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
53757efbebf07aa0dafda582b87b3d8b_JaffaCakes118.apk
-
Size
3.3MB
-
MD5
53757efbebf07aa0dafda582b87b3d8b
-
SHA1
7c5c65fa25fd088783cc44ff08447cc945aea82a
-
SHA256
fb7aa2aa45ebc2128392a0ec6b060b0c0b0cafe146cedc364e6e0ffa95280db3
-
SHA512
af88c2858387e61357284b5bfd53c9d817ececbb329314df677e0d51626ebc67872c4d5e405a1762fb5d2dc33f8af7b9b4e60182ab9f602987ccc8681baa5997
-
SSDEEP
98304:hEWx5GCpsg4yaDwlrNQkeh6cUwlRiDOtywXR3ofq5OQ5PTXWowyR5XNuM:hsCKXDwlrN7ehPrCzujWoN
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
ioc Process /system/app/Superuser.apk br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e:Metrica /sbin/su br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e:Metrica -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e:Metrica Framework service call android.app.IActivityManager.getRunningAppProcesses br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e Framework service call android.net.wifi.IWifiManager.getConnectionInfo br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e:Metrica -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e -
Checks if the internet connection is available 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Schedules tasks to execute at a specified time 1 TTPs 2 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e:Metrica Framework service call android.app.job.IJobScheduler.schedule br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e:Metrica Framework API call javax.crypto.Cipher.doFinal br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e
Processes
-
br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4324
-
br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e:Metrica1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4362
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
233B
MD59889d5b34909b0d27a42d017528771c7
SHA1357f435c6d272a0d3904dfba2f053993841fef3d
SHA256cd2be183670f40ea76a9b0612ccdb478fbd58a62f1a96851e6c320d5e465e872
SHA512ba0cf1ca85a9279f4baabd1b3d4480f5ac3f4549f9ab1bf379e22460be9208e6b74fe3754079f3e0816f33e2fca563fe3df1162b025cdd4fa690a17b7c3c03c7
-
/data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/db_metrica_br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e
Filesize36KB
MD5db706fa2b71207da4facbdf189df49e4
SHA16682e22eb34a510cf224c889e5c1f0e3d0d07e0c
SHA256d9e651cdcdc340be4518a539287c3d154950175637d7d759d5d38418342d0042
SHA51284feb5b4e2fdff6c6deb4664634e99539e25bf1ad2b0f93df13575595bbcb79219c591d2a62152bb3a27ca35a4b5dc5a8455a567dd99353f4a58878a8067da1b
-
/data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/db_metrica_br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e-journal
Filesize8KB
MD54c68d3376a22da84ddf3ce32f5e542d5
SHA11c571f4f1e3105ae021ac4fc96d6edd87c665ee7
SHA256eed5573106266d26b03e9de9baf371681dd6681bea3be10d308783990957f5e6
SHA512fc628c4698ef6252daa6bb4990f582f3b416f2a4cceeb3134d7b0d5fe3c39385dc08a1766eb98f08af9c830d982827da275e28ac1dfb987ad8741cb239207687
-
/data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/db_metrica_br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e-shm
Filesize32KB
MD513d46f876552f471346946b725691933
SHA19a25797a072f1f215dd49b0355a3f619311f84f3
SHA25613577c038c8b9534efd6d0e9230226bb16e34477afeeeaa7657970265bbfa409
SHA5123ea5cee2b979ab0b46306a4853e6d6a31263bc121d3ec4eabecb59f3a97153437a7977c95064d9b6cdcda7b12f3aaa09982eea9da5489136b038bdcc76388f93
-
/data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/db_metrica_br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e-wal
Filesize406KB
MD56be1f1a9dfcae34058962648f1e0c95e
SHA16650297b5c429b5962bd73a85fd6207b38f0011e
SHA256f809bd73abc4308ff180fdfd9385105fdde0d7e22c7e9730468f06eb857fea18
SHA51279037da4217c9917e12f0a237e892570599d164df8fc2300881210c4571df60b6a9befbd5cb1a018b13792c13369903caf3a4c64bfd6515cdf5b92e1895da550
-
/data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/db_metrica_br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e_20799a27-fa80-4b36-b2db-0f8141f24180
Filesize4KB
MD5a6d24fc4c98a3b483cfd9f7a9a9d5f41
SHA1a5f183b0f7bad231f63b47882abb2d1085e790bf
SHA256978bdb45074f4f6d074606a3cd191e38110d4751d58cdeb59c5a1e65d0e05286
SHA51239441fba12fd0ae59cee3620800bf2318ed9979d40c92f5ce576d7daf97b6db4c07e2be8459b2a8bf01a4ef879e06dae1aeeba466f0e61ef88be0b50555b7cac
-
/data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/db_metrica_br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize512B
MD54a1f2465b2521730303146f12311a96a
SHA10f47cc0b3c2cc845b880b1082c3eb3c21e760d6e
SHA2567685cbe6cc20fb1cf4a71e6a57940f86b0471ed5d4cd5a8b341a2346faf774bf
SHA512d966f94480d260b3fd565dd555e24168daa082e90ab7e388734fbaf32aa26e7f8733492857aa898f236f49ab960a3e928ee20c83adc2dbd2aeeb7b8faee476a0
-
/data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/db_metrica_br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e_20799a27-fa80-4b36-b2db-0f8141f24180-wal
Filesize156KB
MD58801e47d9c3ef4cf19667360cb44893f
SHA178a15e454761d11987e0604e5c081b845785a67a
SHA2563b6fcfdbf661ec82fdbfe44119e4d766d42062e261d1389155291a777c4b0a3b
SHA512f4cd8dec4710f0eb095e67e95fe79b38dea91335b6eb430751100b814ae51a04ac9df8372ed91f89cfc310e7f2556e225a1d3399daf10360dfbb3cf3d50f7576
-
/data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/metrica_client_data.db
Filesize20KB
MD517f46efa3218514421361e63d416c56a
SHA1f6bd64de41b729fd2cf844d6166e6d84d44cb979
SHA25690f06ba0dfa31b32d76253eda9628ab1e4faa026c1539f9126dae016b5dee5b2
SHA512e1acda201621cba94479017ab1d086f430b7d97eeebba4c0b1b964da08f2c54ffeafa0cb342be22dc9742382d327342ff811b8434344f3fd7dedc3d302ac601d
-
/data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/metrica_client_data.db
Filesize20KB
MD5c01519cfa9aee7201f2aa8b1b853ee86
SHA166eb18e3012d7ca9c25a3789d846b22ec23f6e19
SHA25667ef09564f5d5043c43fcf04a2ce0b11b708a3b234a74073f2f8e7ff60577f1e
SHA51207eebabc156503986a2fa5c2da39d006b76f7fe482799aa9be3103ccdab147c374a5a659f7a6305a9b18c0df4594e45d7987c52a968f88946937ed91661fbb59
-
/data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/metrica_client_data.db
Filesize20KB
MD544def4f6e42c3ec63f229d23af8c804a
SHA1f5956d9295778b539bced03215343fd3cf7a9dd8
SHA256882faff2a0f007164d5dbda7bd7f803306423b5eb48a88b1bb72bde65b77e50a
SHA512a14770398044635a8a8fc0d59dc95af3a97ae78146a9ace3795d600a44098a5ff7099aa3d0ac40442f8ff8c5d3b5ceecb4b360bf47f3e8c7c902879e2e76228d
-
/data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/metrica_client_data.db
Filesize20KB
MD5768ce98454f6c41abdf5cb6f1321a606
SHA195d7568369c1c436e3d9e455b50124d520d41dfc
SHA25687173641db4eeb19773d75a3111c8912dcd0b1834e41c06383195b6f4f0617c2
SHA51207e06ce861767db23940ca926f1ba6eb720408a613cb1504015fce65d52ff77968720a800f6cb23ce5e23be755313fd5dd9a597d37c976e9d3fe37fb3c2d36b8
-
/data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/metrica_client_data.db-journal
Filesize406KB
MD56607ad2b8ec6d3fe2a4a8ff64b1968ac
SHA17534fe0691fe1584dfa3c227778776e6b182d609
SHA2565c0163949ce640dbf0523a50452474d926c908eb5a5036c158b6515edb383b6e
SHA5124fdaee1ea82af2a93b193a0ab083571a63809d9f1cef70826265013d9c152bb18ce9358f0958dfee38781d37870cacd2e90d84206ba129ae0062e4f5acc2ac85
-
/data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/metrica_client_data.db-shm
Filesize32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/metrica_client_data.db-wal
Filesize32KB
MD55c5a940836e524bd4c177f3e28a5a22e
SHA1ac95beb4590e7cf874562879939dcda5b1ba5180
SHA256dcab9ddf08e64dc446912960f0d68903e4cc28f4c6615b9318748e20d84681ee
SHA512ba3ed5a2a0a9d093205f7237b8348289bc813f94597e5707d984f46d110e8d071d238c45fee60b0ef1d4f728763871ed7bd1a12534876ea7fa55031f3b330842
-
/data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/metrica_client_data.db-wal
Filesize8KB
MD5311b4a6fe1914ca4b7c129212e33da3c
SHA19ff452cbe12c86c24847ec9f987d611ba6ba15ec
SHA256f409cf152839fbeeabb2a8e56239f0047dee2ec6afcee1c473f4c0fc417211db
SHA51248bc1c7f8fb282a1e8254fe4fc16cd876d86018f3f52b01fb86d1bb6529584989986bf7f578df03253b743bb3b5ba066852e6586c4eecd34b1f764b8206a665d
-
/data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/metrica_client_data.db-wal
Filesize32KB
MD59e0cf355c51594998582d97595b3476d
SHA1db89b21cf7d519b4ea9102d88b68e6afa40fab7c
SHA256979fdf7ad1eaac7a874fecb6e6f1fb0df196b36e0b4633e0c7b01bc84b424ff0
SHA512fc604bdc1fad8ba29faa85234f6978b1da3415bf206f3eab98602a92e050d52cf57f9ce395e60b08beb0e10a40c4c96f9fbf895f34eb936be8a2cbd813dfba1a
-
Filesize
44KB
MD5a03098487e2ce7a4e7c6f76ec763281e
SHA1e927b90e6dfff4b3faf69ecf23fc5e5cd133b0e3
SHA2560ef4eb2f4541ac5ba912650d61222fc71b0cd8432d729198b43e3076e1bd9622
SHA5125776eaa3a9e4ee413a03341fa5215d6a9f76cf71929dd008dfbffd97efd89e8079ab8a07b7307103f45005debcaaa560778ffe481dd790876fdfcd2fc617b4a9