Analysis

  • max time kernel
    179s
  • max time network
    149s
  • platform
    android_x64
  • resource
    android-x64-20240514-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
  • submitted
    18/05/2024, 06:52

General

  • Target

    53757efbebf07aa0dafda582b87b3d8b_JaffaCakes118.apk

  • Size

    3.3MB

  • MD5

    53757efbebf07aa0dafda582b87b3d8b

  • SHA1

    7c5c65fa25fd088783cc44ff08447cc945aea82a

  • SHA256

    fb7aa2aa45ebc2128392a0ec6b060b0c0b0cafe146cedc364e6e0ffa95280db3

  • SHA512

    af88c2858387e61357284b5bfd53c9d817ececbb329314df677e0d51626ebc67872c4d5e405a1762fb5d2dc33f8af7b9b4e60182ab9f602987ccc8681baa5997

  • SSDEEP

    98304:hEWx5GCpsg4yaDwlrNQkeh6cUwlRiDOtywXR3ofq5OQ5PTXWowyR5XNuM:hsCKXDwlrN7ehPrCzujWoN

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 2 IoCs
  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
  • Reads information about phone network operator. 1 TTPs
  • Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

Processes

  • br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e
    1⤵
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:5127
  • br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e:Metrica
    1⤵
    • Checks if the Android device is rooted.
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:5249

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/files/ZPkFS.log

          Filesize

          12KB

          MD5

          284a1568b412e621c1568c59164db44a

          SHA1

          2297c491f98728ba832ab2b14c43b93da3fafc50

          SHA256

          ebda6badef0b2ca84773bb4fbc32cf3c40ec5073e845b06fe0e69501ef6a41dd

          SHA512

          329c5aecb76c79c526925e01f1b221b23f29ca0fc41269168d3d6c27026312b256683bd3e717c9271a8f08972d3145fc14ed3e1ec0e5b6e4132bdb366164f03a

        • /data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/credentials.dat

          Filesize

          233B

          MD5

          31e2a78bad3d5ed9f928b5af6fb1ff55

          SHA1

          14aa4480c7cb3722574cbdcf789a9891917fe6c9

          SHA256

          2545f7f28ebfa511c494a1d70d890481c125502163f48eb65a9224ce1e2f7cbe

          SHA512

          3e7ea9d24c85c1e628b06a5b383b3bb0f17d70fb0f4a85708931da5c9dd4918914d8417451c787854987d5fb431ce5ac174a42147c8642b855b85b162c168178

        • /data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/db_metrica_br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e

          Filesize

          36KB

          MD5

          0de897310970d40fc79a465b85e2b341

          SHA1

          47e524d6885c96158da4771104e3136ce50129ac

          SHA256

          bd6aeb3888d0ea637ba6b8a53434bcf0d81f0c39f24fc88b9fdd632055df099d

          SHA512

          00558f99ed3e67beea648306d90295c9e706a7252055454ce00e7c2cafc3b0f56579b335d293a52a9e7b9c7641c1b9301b5a5c8c971c6cd974eea27060994f47

        • /data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/db_metrica_br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e-journal

          Filesize

          20KB

          MD5

          34f8ac6e90b6d7f5504fb492d71ca5d5

          SHA1

          f4cb7670b2e64a14cceea5145e668714d567d4d8

          SHA256

          e94d03fcbabf4fcc80d859760fc55e087ef9ae53e4c67b7fde722fb15537a2b6

          SHA512

          d73cf8e12151e13f8ee629100eae8f66eb9c3347e1c4fa6371467ba1cdf9ec46533b2fc416c858efe00c46d2487e7661b174ae46c7a7d454b65b867549773d12

        • /data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/db_metrica_br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e-journal

          Filesize

          20KB

          MD5

          7f1dba0bcb3aceecd2ff00b4957c66c0

          SHA1

          4c1105099d4cd038f801f6482814c6e67dd0062e

          SHA256

          9a1a09e85458b155d3076cd5ad51f97a6750ec376e74c176e218119f5cfb23bf

          SHA512

          e7c5f4498c2798b988bbc1a27babc9e80c4d8879cff4892be62e2a4b60bde3b2daefbb23bdb3796273fa548709c0d21f8a179e9806583775ce46b43b635a4f9d

        • /data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/db_metrica_br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e-journal

          Filesize

          8KB

          MD5

          9ecd9b14266004a11e70fbe4ee631156

          SHA1

          eb58bdfd7e070a528b81bb0d44e2729b922c4dd4

          SHA256

          6471666e78fcfc46cb703d305e6ca24c25c2bb690224411c2ad083a96e9697b6

          SHA512

          fb038bb7fc609a23479aa82d980bb23232ba0e50b6d2e386f3b54be161c22af6c4f4125126f2476d4509775c7047df54bedf25c0c6a7094d63baf60f1b6358d3

        • /data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/db_metrica_br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e-journal

          Filesize

          12KB

          MD5

          82363c860ca6ded817028dbdb7a81644

          SHA1

          00163dfa0dad3cc6edccfc70f2adfa202d430a59

          SHA256

          2af7e61a5f1971c96282249d846831d9861f1c565a2f08d15c2f57426cb11b6b

          SHA512

          6fcf0654bb36207ad0857cca2d6581e91d3a798707d276f94562c2e21d2d0c30659407212ae63283fad06992461c0f15c286c53ecf9a00d24ce056090ba36839

        • /data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/db_metrica_br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e-journal

          Filesize

          12KB

          MD5

          7b39b6e76b48e2399baa81638d14d6cf

          SHA1

          51b443317cc09831597c497da5c40cf6a1fb483b

          SHA256

          f8b11d462208ac00a517c4e0569be20fd8d9122c5302364eda7cb8a6a74a43de

          SHA512

          52d6b53cffe195fb8d9297185d28957c536052c40e21dc35184df81777498d539cc254fa76d3d90ac812d0b722048303ea1c4a2e6e4a926277cec35ed4eaa852

        • /data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/db_metrica_br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e-journal

          Filesize

          12KB

          MD5

          ccb059427cfe8d10aa133013d6a9cb37

          SHA1

          8dc4a2818d0f660166a93e711780835d4b234c8a

          SHA256

          eacb5387e65953f93bf5b67f8c5a62f7c9d0e5ad3a62008bea4ccc1090433e14

          SHA512

          c28674e19202a5ba76ef2b5e9b4e26393f2cbbf49a499151d573935273f5772f9a66e79513b9238ac49894f60175855791a8a207f97d8d95d8b4e6725dee2698

        • /data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/db_metrica_br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e_20799a27-fa80-4b36-b2db-0f8141f24180

          Filesize

          36KB

          MD5

          f7b52de081d7c334901d73d828e979ff

          SHA1

          f93aa6cf91bcd57462e3f026ab3065fec12a896b

          SHA256

          5f9fbfd1b5918e4fbeb6475f226d451e77a64a50b2332f954bc36a505562ba8f

          SHA512

          c0f3a5dfb1ef73a0ac5307c68704a321c96a9bec14169172d8adcc0b53cc9ed56f96f09000a97c31bb52dd4a467e771d6454220df64522019dfb284f4b08fa38

        • /data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/db_metrica_br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e_20799a27-fa80-4b36-b2db-0f8141f24180-journal

          Filesize

          512B

          MD5

          de8b719e2733fdeeb1f5bb2c14c10de6

          SHA1

          98c4935f69abe5edfadf7bef64acc12d1f247dad

          SHA256

          0c4d6475fcf6723069adf6650a5190202089c47d50bea7c236b29138611d6542

          SHA512

          feb100d17dd39315773ada3216c0258b9791410a5edee09cc4c02dad91bba1e7a418e8798fef2c072582b6d0ea693c325055354bb400fd5eebb25b880824d19e

        • /data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/db_metrica_br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e_20799a27-fa80-4b36-b2db-0f8141f24180-journal

          Filesize

          8KB

          MD5

          a58404717354e2b91c3fb90a9d6892d4

          SHA1

          08708d10974561d3d55ca7b9d6fa99b8f693891a

          SHA256

          1e1fc6046546bc21db5272967440d333f4ba0bca10a995edb2c04cf26df37cbf

          SHA512

          ea286d917ffff30eb700fbb8ae4748c1430de6028d19994d83eece61322da09de5053ea6662e10d0693b496a758c3c3fed6aa5da14f30552ed302d233d3fcd9d

        • /data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/db_metrica_br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e_20799a27-fa80-4b36-b2db-0f8141f24180-journal

          Filesize

          8KB

          MD5

          ae4253b229870ae253618a723bfa356f

          SHA1

          f80ee25a2e7b8cfaf64002089b1bb90d0091f058

          SHA256

          d0adfe5181b81ce6412a4211fc2b1b5c292939743205b6feb45001deb223a5d7

          SHA512

          885e29a3184aebc392bd300654bf9a548530e1714f4ea21ede7026cdd275715814e0a26083800f842d788a78231c19b0e9a31f515e6a305ecfe09d75ce1a3b87

        • /data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/db_metrica_br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e_20799a27-fa80-4b36-b2db-0f8141f24180-journal

          Filesize

          12KB

          MD5

          1d89fdac9aa2deca5374ac6dc3383374

          SHA1

          3b535d55098ae58c3a2d3b66ec9a27cd24326546

          SHA256

          e8f0b0aad9b2097c558f36f9869c9b4b90ed0eabe1cb3d48fbd2d3e4b8d2b017

          SHA512

          3c175576a5b7d272de91a7b26ea5821df056f5c872adbd53d740846ee7e868317874468e947b0a0be0e5c75af5031dcaaf03c2de511bf0ef32f6f82c10043f5b

        • /data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/db_metrica_br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e_20799a27-fa80-4b36-b2db-0f8141f24180-journal

          Filesize

          8KB

          MD5

          1d4ff046854ccf31d4aaa28897e47cfb

          SHA1

          03fe67c9a378ee8e4064a699041f7bd7268722b4

          SHA256

          69ffc4e0053fed31ea4167a35423ed02899594a5c0a6b642c72f6d3ec37dfc79

          SHA512

          233b4e112a0d9c477ec78e703f601d331ffa9619c65a7b042278167a17c7ce756da3a848da4d41f06ff3ad3596e95326326b44bef494e762afd5d134e0e17d48

        • /data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/db_metrica_br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e_20799a27-fa80-4b36-b2db-0f8141f24180-journal

          Filesize

          12KB

          MD5

          e2fa66ffffaeb82d45bda9dd33528a88

          SHA1

          816e38d69538efe6721a6d45ae607d738f03a088

          SHA256

          bc91a0adf5a47ee2a269fab5a3db69cb6bf90b5a3c16c8f3480b31348ecbe567

          SHA512

          c5c1813fa55cf7b340f5b01ed74ecb044ad1da2bea37db7a23200e180f91ddb4d4495b3bfa38ca33a7e31a179445b0734033296da90a22bb25f095c3f1d8008a

        • /data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/metrica_client_data.db

          Filesize

          20KB

          MD5

          a397e03f19ff76ae9e76eaed83c31382

          SHA1

          e13d27ecef301914a3077d488028bb98cb5485a6

          SHA256

          373f680e8681651a424e724d76d563664d2ac85aab4dfecda445a85af6176699

          SHA512

          3d2dfb3d1715d14362e1165eac232ae957a386f73eda7ce34113b24b25e815f5166ab3b09ec6a50f58c9667e5349e6d32edb77b5e2fb326c128f5cd54b38234a

        • /data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/metrica_client_data.db

          Filesize

          20KB

          MD5

          3d0fbaa526255c4f6ca5150a78a1e431

          SHA1

          151812571f00e034e070bc410c1811a06f1054c4

          SHA256

          b28fed914e22977d19ccce0b14d60c943b30b5dabd79fc615ddf25228f4f527d

          SHA512

          9e8c0f29cef1e4ea0562aeba83f60066e49ad0c7890d958bc7475cb03e5853a5ba442b76b1314f7cd8ad3e1c17a9fd1e1610dff02f9a8c3ebddf3958da9429c3

        • /data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/metrica_client_data.db

          Filesize

          20KB

          MD5

          dcd5d5762cd9b1a4c03e3f00b87eec5a

          SHA1

          5720824b12740b93aa2ea7d209e41e68a102cfaa

          SHA256

          fa7825cf750de26d8bb5f5a91bd529e80ade14d01781c4d48527b7d54d15ba55

          SHA512

          6bbae8144662490fe3c22c301e8d22f9f538503fb3a85a7299f9cf154825ae419311b49f3f0338d3c360da58fcaf09d876c283d466c8fa3f788db093812d3ef1

        • /data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/metrica_client_data.db-journal

          Filesize

          8KB

          MD5

          60209c4258728d23c871280764c42655

          SHA1

          661b126c277e75371293a355e41e6986a002ca8b

          SHA256

          b296c1353940a28a72b546c8c74fdf1c7e7230c1fffa042672108039bcd18cb1

          SHA512

          525a5bb7b1734b95c01d218b9eaaa656b181e26eee601508db8eba91ae19fc721e9687a5350238aeb1c16a1e955f014807f745a25e2c0e0951f8b0a944b2cb8f

        • /data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/metrica_client_data.db-journal

          Filesize

          8KB

          MD5

          0a4f809b8a66db16ff2d12d15e576821

          SHA1

          c32e7240f7416c7a5c9401acdeb4793ffe83c5eb

          SHA256

          b0540ff9ec266c7039d9819daf8993d3a8a56775cd3dc6e0ba7d75304b3e5856

          SHA512

          08b45ab405f8726e617cdd7446a272915772778b2afa7c8c10be43706012f8008613966e6192637201a5de8b5666121c74524652a867dd151c2416ca903cd0eb

        • /data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/metrica_client_data.db-journal

          Filesize

          12KB

          MD5

          caadfdafe99df90155b7ddf4b3116fa0

          SHA1

          d11e70494db87034c5c7b93c31771406a274ede2

          SHA256

          86494a8081335f3a3f5a0a800b63bc91deccbe7999f1f1c7c43754ac2d82b91e

          SHA512

          b5c3c48f5db637fecbf416c1f3f4fcaf737588c6151463e6ab56c0bd6041418f8315946c3b701fe5d72a5a7aff2736a1b55d66f4db201016107dc8a60b363882

        • /data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/metrica_client_data.db-journal

          Filesize

          12KB

          MD5

          20c15cdaf64dfd2dce75227cea214bb1

          SHA1

          1b2f24715d79ea32cb43fcd6ffd6a9e5ce08bc4c

          SHA256

          c48062ab648798956b219162e1acffc6c6c8f24336a1663a6bdfb6a9933ba41e

          SHA512

          54566000bc29df9ea070ee23d9aa0f3b902c4e818d370b7d80b8f9ae00dab731a593e57a315065f269b6811eb95df2717add6fe6d041c9d32e67136a77d50dd2

        • /data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/metrica_data.db

          Filesize

          44KB

          MD5

          875ce6412ae2f8a2903e74fce263385a

          SHA1

          031163128d086c288c174f45d304f30535befd4a

          SHA256

          05dbf43d5dc8bed14da1cc582a015e9460f809e67ac25976224caa9bc8ea3d9c

          SHA512

          a4fd7b9fbb570122ded233e732a4b34d9bea1764ae0d267880c4c4c8feddcdeb45894440528a1a93995484c022ce8cb1404c90b8a9661419e744982f9887611b

        • /data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/metrica_data.db-journal

          Filesize

          20KB

          MD5

          516707266b7cdca78a5f11ad8f8d26b2

          SHA1

          5531b8941526dd2e5d9b4f3d7ccdbc2988ee7878

          SHA256

          5649c832122334ceea18fcae95bfdedab4d920adfae705324b48757288bf16ce

          SHA512

          1439419e32a27fa62fde9a5ee69c5905aec8a6757c4b8f48790dd5856801d664cffee69514a9110e81c59a715d8f654b03de6585c2e14a368be5d490e4538b16

        • /data/data/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/metrica_data.db-journal

          Filesize

          12KB

          MD5

          c214789fce3d6bbfa37196e9387075f4

          SHA1

          5354b94350efc9effe909d09924e8e8a7a55fcb3

          SHA256

          45cd804c3b3e36b93638bf17a1c6e1288522814e999d5f51dbdb8b5f7b516c08

          SHA512

          4dec1efa8c5de754812192e3e76e3ab269d7b79fcd538329456feadaa26833a456030e0196212df05ea702a7435a482bf48c6122ef398971f7a322c97baf0b87