Analysis

  • max time kernel
    178s
  • max time network
    131s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    18/05/2024, 06:52

General

  • Target

    53757efbebf07aa0dafda582b87b3d8b_JaffaCakes118.apk

  • Size

    3.3MB

  • MD5

    53757efbebf07aa0dafda582b87b3d8b

  • SHA1

    7c5c65fa25fd088783cc44ff08447cc945aea82a

  • SHA256

    fb7aa2aa45ebc2128392a0ec6b060b0c0b0cafe146cedc364e6e0ffa95280db3

  • SHA512

    af88c2858387e61357284b5bfd53c9d817ececbb329314df677e0d51626ebc67872c4d5e405a1762fb5d2dc33f8af7b9b4e60182ab9f602987ccc8681baa5997

  • SSDEEP

    98304:hEWx5GCpsg4yaDwlrNQkeh6cUwlRiDOtywXR3ofq5OQ5PTXWowyR5XNuM:hsCKXDwlrN7ehPrCzujWoN

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 2 IoCs
  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
  • Reads information about phone network operator. 1 TTPs
  • Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

Processes

  • br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e
    1⤵
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4324
  • br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e:Metrica
    1⤵
    • Checks if the Android device is rooted.
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4362

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/credentials.dat

          Filesize

          233B

          MD5

          9889d5b34909b0d27a42d017528771c7

          SHA1

          357f435c6d272a0d3904dfba2f053993841fef3d

          SHA256

          cd2be183670f40ea76a9b0612ccdb478fbd58a62f1a96851e6c320d5e465e872

          SHA512

          ba0cf1ca85a9279f4baabd1b3d4480f5ac3f4549f9ab1bf379e22460be9208e6b74fe3754079f3e0816f33e2fca563fe3df1162b025cdd4fa690a17b7c3c03c7

        • /data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/db_metrica_br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e

          Filesize

          36KB

          MD5

          db706fa2b71207da4facbdf189df49e4

          SHA1

          6682e22eb34a510cf224c889e5c1f0e3d0d07e0c

          SHA256

          d9e651cdcdc340be4518a539287c3d154950175637d7d759d5d38418342d0042

          SHA512

          84feb5b4e2fdff6c6deb4664634e99539e25bf1ad2b0f93df13575595bbcb79219c591d2a62152bb3a27ca35a4b5dc5a8455a567dd99353f4a58878a8067da1b

        • /data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/db_metrica_br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e-journal

          Filesize

          8KB

          MD5

          4c68d3376a22da84ddf3ce32f5e542d5

          SHA1

          1c571f4f1e3105ae021ac4fc96d6edd87c665ee7

          SHA256

          eed5573106266d26b03e9de9baf371681dd6681bea3be10d308783990957f5e6

          SHA512

          fc628c4698ef6252daa6bb4990f582f3b416f2a4cceeb3134d7b0d5fe3c39385dc08a1766eb98f08af9c830d982827da275e28ac1dfb987ad8741cb239207687

        • /data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/db_metrica_br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e-shm

          Filesize

          32KB

          MD5

          13d46f876552f471346946b725691933

          SHA1

          9a25797a072f1f215dd49b0355a3f619311f84f3

          SHA256

          13577c038c8b9534efd6d0e9230226bb16e34477afeeeaa7657970265bbfa409

          SHA512

          3ea5cee2b979ab0b46306a4853e6d6a31263bc121d3ec4eabecb59f3a97153437a7977c95064d9b6cdcda7b12f3aaa09982eea9da5489136b038bdcc76388f93

        • /data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/db_metrica_br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e-wal

          Filesize

          406KB

          MD5

          6be1f1a9dfcae34058962648f1e0c95e

          SHA1

          6650297b5c429b5962bd73a85fd6207b38f0011e

          SHA256

          f809bd73abc4308ff180fdfd9385105fdde0d7e22c7e9730468f06eb857fea18

          SHA512

          79037da4217c9917e12f0a237e892570599d164df8fc2300881210c4571df60b6a9befbd5cb1a018b13792c13369903caf3a4c64bfd6515cdf5b92e1895da550

        • /data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/db_metrica_br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e_20799a27-fa80-4b36-b2db-0f8141f24180

          Filesize

          4KB

          MD5

          a6d24fc4c98a3b483cfd9f7a9a9d5f41

          SHA1

          a5f183b0f7bad231f63b47882abb2d1085e790bf

          SHA256

          978bdb45074f4f6d074606a3cd191e38110d4751d58cdeb59c5a1e65d0e05286

          SHA512

          39441fba12fd0ae59cee3620800bf2318ed9979d40c92f5ce576d7daf97b6db4c07e2be8459b2a8bf01a4ef879e06dae1aeeba466f0e61ef88be0b50555b7cac

        • /data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/db_metrica_br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e_20799a27-fa80-4b36-b2db-0f8141f24180-journal

          Filesize

          512B

          MD5

          4a1f2465b2521730303146f12311a96a

          SHA1

          0f47cc0b3c2cc845b880b1082c3eb3c21e760d6e

          SHA256

          7685cbe6cc20fb1cf4a71e6a57940f86b0471ed5d4cd5a8b341a2346faf774bf

          SHA512

          d966f94480d260b3fd565dd555e24168daa082e90ab7e388734fbaf32aa26e7f8733492857aa898f236f49ab960a3e928ee20c83adc2dbd2aeeb7b8faee476a0

        • /data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/db_metrica_br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e_20799a27-fa80-4b36-b2db-0f8141f24180-wal

          Filesize

          156KB

          MD5

          8801e47d9c3ef4cf19667360cb44893f

          SHA1

          78a15e454761d11987e0604e5c081b845785a67a

          SHA256

          3b6fcfdbf661ec82fdbfe44119e4d766d42062e261d1389155291a777c4b0a3b

          SHA512

          f4cd8dec4710f0eb095e67e95fe79b38dea91335b6eb430751100b814ae51a04ac9df8372ed91f89cfc310e7f2556e225a1d3399daf10360dfbb3cf3d50f7576

        • /data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/metrica_client_data.db

          Filesize

          20KB

          MD5

          17f46efa3218514421361e63d416c56a

          SHA1

          f6bd64de41b729fd2cf844d6166e6d84d44cb979

          SHA256

          90f06ba0dfa31b32d76253eda9628ab1e4faa026c1539f9126dae016b5dee5b2

          SHA512

          e1acda201621cba94479017ab1d086f430b7d97eeebba4c0b1b964da08f2c54ffeafa0cb342be22dc9742382d327342ff811b8434344f3fd7dedc3d302ac601d

        • /data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/metrica_client_data.db

          Filesize

          20KB

          MD5

          c01519cfa9aee7201f2aa8b1b853ee86

          SHA1

          66eb18e3012d7ca9c25a3789d846b22ec23f6e19

          SHA256

          67ef09564f5d5043c43fcf04a2ce0b11b708a3b234a74073f2f8e7ff60577f1e

          SHA512

          07eebabc156503986a2fa5c2da39d006b76f7fe482799aa9be3103ccdab147c374a5a659f7a6305a9b18c0df4594e45d7987c52a968f88946937ed91661fbb59

        • /data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/metrica_client_data.db

          Filesize

          20KB

          MD5

          44def4f6e42c3ec63f229d23af8c804a

          SHA1

          f5956d9295778b539bced03215343fd3cf7a9dd8

          SHA256

          882faff2a0f007164d5dbda7bd7f803306423b5eb48a88b1bb72bde65b77e50a

          SHA512

          a14770398044635a8a8fc0d59dc95af3a97ae78146a9ace3795d600a44098a5ff7099aa3d0ac40442f8ff8c5d3b5ceecb4b360bf47f3e8c7c902879e2e76228d

        • /data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/metrica_client_data.db

          Filesize

          20KB

          MD5

          768ce98454f6c41abdf5cb6f1321a606

          SHA1

          95d7568369c1c436e3d9e455b50124d520d41dfc

          SHA256

          87173641db4eeb19773d75a3111c8912dcd0b1834e41c06383195b6f4f0617c2

          SHA512

          07e06ce861767db23940ca926f1ba6eb720408a613cb1504015fce65d52ff77968720a800f6cb23ce5e23be755313fd5dd9a597d37c976e9d3fe37fb3c2d36b8

        • /data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/metrica_client_data.db-journal

          Filesize

          406KB

          MD5

          6607ad2b8ec6d3fe2a4a8ff64b1968ac

          SHA1

          7534fe0691fe1584dfa3c227778776e6b182d609

          SHA256

          5c0163949ce640dbf0523a50452474d926c908eb5a5036c158b6515edb383b6e

          SHA512

          4fdaee1ea82af2a93b193a0ab083571a63809d9f1cef70826265013d9c152bb18ce9358f0958dfee38781d37870cacd2e90d84206ba129ae0062e4f5acc2ac85

        • /data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/metrica_client_data.db-shm

          Filesize

          32KB

          MD5

          bb7df04e1b0a2570657527a7e108ae23

          SHA1

          5188431849b4613152fd7bdba6a3ff0a4fd6424b

          SHA256

          c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

          SHA512

          768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

        • /data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/metrica_client_data.db-wal

          Filesize

          32KB

          MD5

          5c5a940836e524bd4c177f3e28a5a22e

          SHA1

          ac95beb4590e7cf874562879939dcda5b1ba5180

          SHA256

          dcab9ddf08e64dc446912960f0d68903e4cc28f4c6615b9318748e20d84681ee

          SHA512

          ba3ed5a2a0a9d093205f7237b8348289bc813f94597e5707d984f46d110e8d071d238c45fee60b0ef1d4f728763871ed7bd1a12534876ea7fa55031f3b330842

        • /data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/metrica_client_data.db-wal

          Filesize

          8KB

          MD5

          311b4a6fe1914ca4b7c129212e33da3c

          SHA1

          9ff452cbe12c86c24847ec9f987d611ba6ba15ec

          SHA256

          f409cf152839fbeeabb2a8e56239f0047dee2ec6afcee1c473f4c0fc417211db

          SHA512

          48bc1c7f8fb282a1e8254fe4fc16cd876d86018f3f52b01fb86d1bb6529584989986bf7f578df03253b743bb3b5ba066852e6586c4eecd34b1f764b8206a665d

        • /data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/metrica_client_data.db-wal

          Filesize

          32KB

          MD5

          9e0cf355c51594998582d97595b3476d

          SHA1

          db89b21cf7d519b4ea9102d88b68e6afa40fab7c

          SHA256

          979fdf7ad1eaac7a874fecb6e6f1fb0df196b36e0b4633e0c7b01bc84b424ff0

          SHA512

          fc604bdc1fad8ba29faa85234f6978b1da3415bf206f3eab98602a92e050d52cf57f9ce395e60b08beb0e10a40c4c96f9fbf895f34eb936be8a2cbd813dfba1a

        • /data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/metrica_data.db

          Filesize

          44KB

          MD5

          a03098487e2ce7a4e7c6f76ec763281e

          SHA1

          e927b90e6dfff4b3faf69ecf23fc5e5cd133b0e3

          SHA256

          0ef4eb2f4541ac5ba912650d61222fc71b0cd8432d729198b43e3076e1bd9622

          SHA512

          5776eaa3a9e4ee413a03341fa5215d6a9f76cf71929dd008dfbffd97efd89e8079ab8a07b7307103f45005debcaaa560778ffe481dd790876fdfcd2fc617b4a9