Analysis

  • max time kernel
    178s
  • max time network
    132s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240514-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
  • submitted
    18/05/2024, 06:52

General

  • Target

    53757efbebf07aa0dafda582b87b3d8b_JaffaCakes118.apk

  • Size

    3.3MB

  • MD5

    53757efbebf07aa0dafda582b87b3d8b

  • SHA1

    7c5c65fa25fd088783cc44ff08447cc945aea82a

  • SHA256

    fb7aa2aa45ebc2128392a0ec6b060b0c0b0cafe146cedc364e6e0ffa95280db3

  • SHA512

    af88c2858387e61357284b5bfd53c9d817ececbb329314df677e0d51626ebc67872c4d5e405a1762fb5d2dc33f8af7b9b4e60182ab9f602987ccc8681baa5997

  • SSDEEP

    98304:hEWx5GCpsg4yaDwlrNQkeh6cUwlRiDOtywXR3ofq5OQ5PTXWowyR5XNuM:hsCKXDwlrN7ehPrCzujWoN

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 3 IoCs
  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Checks if the internet connection is available 1 TTPs 1 IoCs
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
  • Reads information about phone network operator. 1 TTPs
  • Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

Processes

  • br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e
    1⤵
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Checks if the internet connection is available
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4548
  • br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e:Metrica
    1⤵
    • Checks if the Android device is rooted.
    • Queries information about running processes on the device
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4600

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/user/0/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/files/ZPkFS.log

          Filesize

          20KB

          MD5

          d01115ab3b3ab6cd76adfbc07994cd9a

          SHA1

          2e7e72949ae2c3c9fc3faef4ff50f29153ce10de

          SHA256

          477bd41c92d45d060b57856b501048725ba8cd344d54d65459d2f6a0d5c38e68

          SHA512

          bdf67bda728f6ba75d0f993d24b0feb954d5cbc369d522ea553400482ccb65ed6c9fb042608d7ecb2940bfae1df0e47a7cdb37409561581c8aa31a774334092d

        • /data/user/0/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/credentials.dat

          Filesize

          234B

          MD5

          cdd17b3fbe5828397d6e6e2af01fa870

          SHA1

          e60bc53cdf015d416df23b81c82652f7153b7dd2

          SHA256

          4b322f8f169f08b96ba13c379c5593171b6d7faa0d62e21c8017be5465549ebc

          SHA512

          0cd3b719ef35b5041ebec67b07f25c5b6ef3a6b2c3cd284b4553f2707e1ff8aec1f177cd21a954a4810ad4a39121f5dfd1014c9a10feccee400498c1b700cc8f

        • /data/user/0/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/db_metrica_br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e

          Filesize

          36KB

          MD5

          545b520b88985b8bb64bcca59ec15fd4

          SHA1

          860a3f4c0976e5854e710eabd3e5341f778de66a

          SHA256

          f4ea3bbf7e3dece685eb6803c9cb3f693fe6093f32ce891c3d04da5905a23f03

          SHA512

          e2b09f594b3d39e84e797dcbead38c2b6c393dcce0d6f2096ef0a68452d35e625e17529f6c2901d50278879af4b3c0d39f5cdbd24620e09524cf5d3cdaced7c1

        • /data/user/0/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/db_metrica_br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e-journal

          Filesize

          20KB

          MD5

          9f4a8b3a13f38ac517d50e19603cf3e3

          SHA1

          43bdaff3950cc0b15721866314b8cdae23fb058f

          SHA256

          faf37eeb87ccb9e03704c27836b5ddb1021aa66a484acb9e2c5d67cce9651596

          SHA512

          70d36ae163fbfdfa6176136fb01190e67ce0291d97d996d4fbb46aaab10b3f3ae2f502f99f95731faa256df07b9b41cffa04889a4ee78d3c2b96741cb0f8cb72

        • /data/user/0/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/db_metrica_br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e-journal

          Filesize

          20KB

          MD5

          2b871328183129407c2e10357b5852c1

          SHA1

          15845f3e426d6edc3ee835cf867d461cbc3e439a

          SHA256

          41aa595ecb8462954bd4ef53d99eb3726d3739e501e29b28fdc11e18f5e9c0a9

          SHA512

          1d833609de66a63e57ea2995163c0abfd102a39feeeac9985874ffcc3831104b2bfb9dccb1bec476c9b8560b78e6154476ff4bdfa2a88d455d5bddc6b25a7eeb

        • /data/user/0/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/db_metrica_br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e-journal

          Filesize

          8KB

          MD5

          f6a5d7237aec5651611b74d3df1616c3

          SHA1

          3c0a9d870bbb8902c029a79f4cb93e9d98c6f386

          SHA256

          1e641a8afb0517ea2c26bca53106fb2f1a01703475a9ae5703b892f0a8792140

          SHA512

          d429bdf0a24b6d522dbe8f24fcee4b3de81faf27ac40b1c8874d98b9203687ecd623b51382fffd4d41024a507ffdfaec96cd2e55789280d270d8786a26475e82

        • /data/user/0/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/db_metrica_br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e-journal

          Filesize

          12KB

          MD5

          ccd3c94b7fa1fcb968524499112a2886

          SHA1

          d3c84950e7a778150568b446c2ade6da93eae191

          SHA256

          d4c6cc311f8655fbab57a4653405cc03362c371672b623fcf97f3877ff920fcb

          SHA512

          15d53a144ee8a2ed4876a53e7234e73f001c8bf09de03a1108de78fc7c37832e0ca42276a6926ed0013457e9db1086459f819824cda3cabe6f79718fde6f6151

        • /data/user/0/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/db_metrica_br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e-journal

          Filesize

          8KB

          MD5

          bfd3f2a6fb8ad031eae68c7806bf01bf

          SHA1

          26b62e3f264ca2d1d2429b39552ad30a7cc5b0a7

          SHA256

          88586b811fd4a304c331f83a558ef14f67eac8e0353a63f8971d56f465395b2d

          SHA512

          a37928293026628a02a4b5c3bbaa4d1bec7b2d3c2e1a2aab7a0dbe9b4cfcb696fcec2fc5632128d868df1933a672500af6972e3aadaffb5cd523038fb23cbe85

        • /data/user/0/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/db_metrica_br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e-journal

          Filesize

          12KB

          MD5

          5361cf313f7d9603d2c4eeb01bb8b1c1

          SHA1

          b990c966b4d5e76883b9bda5cecef36d266e87dd

          SHA256

          4ae631b4708fef87c19881cb363f8ebff9d375bb5a6c00a055c12feb25e144fa

          SHA512

          aa26bfc89992d195dad715bd1744cc7496c067c09da13e9d73870f920b4aaeaa62c3e6801220e5841f9a5dbb0fcb358aa7ed1d5eb106eaff3342e6cc89699287

        • /data/user/0/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/db_metrica_br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e_20799a27-fa80-4b36-b2db-0f8141f24180

          Filesize

          36KB

          MD5

          a6c6cf43689e7a6f4fc02ea75b8abc45

          SHA1

          d08e2a5c561359993ccb06c433aa2e239a99d64b

          SHA256

          89f05a6f88a7db775d7b74e712152741a6e4f61764a08093520107dba210cd13

          SHA512

          c56774e5b8fc129bb6ac400b702641297f1514d2d624942fc4e5e5a348af28a4209fdcbd24615103d9ec32223d206027690b30b483f0590a76c1c52c97a25183

        • /data/user/0/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/db_metrica_br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e_20799a27-fa80-4b36-b2db-0f8141f24180-journal

          Filesize

          512B

          MD5

          1f9ec41dc40f7318bd99bc785331782e

          SHA1

          0ae68af0c915def98db1f04955eaa4d6b5f58b47

          SHA256

          cafcf6530ee2ec28bab65aab7ef0dd3a86dfa3d8963502deadb017c9759f2031

          SHA512

          8ebd014be38a71906c287ed3f51a3d7e70e6381e7a214c40e6e3725f0dfb321584100605e0d51282568fd0631854a45f765aa0ab3f7cb7c91a88eeacd17deae0

        • /data/user/0/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/db_metrica_br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e_20799a27-fa80-4b36-b2db-0f8141f24180-journal

          Filesize

          8KB

          MD5

          c170f196da644505a0a76164f61341fa

          SHA1

          b2ce8fc04f68c5f4e7758541efae53c3335c45b0

          SHA256

          9fe839b7fa7779954e2dbba2c332023aabf958e966b44c149ec417136965d7e9

          SHA512

          a414e2f63591e444efa1fa5460ec0a13508cd64e66acff38caaf3d11f73403e705a9b3c2bee88f9e2b57f493f296ae2ec2282f1ff6471d1fa3ab24c194933d00

        • /data/user/0/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/db_metrica_br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e_20799a27-fa80-4b36-b2db-0f8141f24180-journal

          Filesize

          8KB

          MD5

          c6a16c37ffdc7e4ab9bb99de18457324

          SHA1

          e3a8593452e1edd1a259e4f626032138afe59a49

          SHA256

          6b31042439a99d7782f72ebf8821dc2a330435b962b1a7839ca8dbce4cc75049

          SHA512

          3b9cd8b10f15f5155be5fc0cbbddcb34dfb9782e69c362a81376e6b565b835a47ed7c0a6636feb3e6f12fbbddf9124dedfe7f4d39ffae2097a7a5c002e42cb71

        • /data/user/0/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/db_metrica_br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e_20799a27-fa80-4b36-b2db-0f8141f24180-journal

          Filesize

          12KB

          MD5

          b983a7a38d09bf20f6c27a5338edf580

          SHA1

          383282f05832f797a2e40fa46df08d5849207eb7

          SHA256

          8830edd3c6c57df8c6723e3a86aed867ec0066212c6bb8f7dc9f54e84a338b70

          SHA512

          8951b1e72128c0aa453d6e304d6a6d9fb6070831f001656cc7aa7a219aa6eb58ca2e01542d14a2e628661646c9b0fc73dc5d97908f90b5e54d093daf76ae1e99

        • /data/user/0/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/db_metrica_br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e_20799a27-fa80-4b36-b2db-0f8141f24180-journal

          Filesize

          12KB

          MD5

          b7bb41665e9f0ca527232c96b221d71e

          SHA1

          634db5502433b471402b7509545dad23063aaf6d

          SHA256

          dcda0194756d3653774fd5d617fdc6823414ae1210bac456e4abd1d06373ade5

          SHA512

          0b2eb828016dc8e5f12b39cf6e5fba9a32f6adc1c6e62d9b06444d2e1d1ad43ea7ef7be77b0a0b1d31a62ea0677b5027ec03aaeb68769cbaee676e5f14da38d7

        • /data/user/0/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/db_metrica_br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e_20799a27-fa80-4b36-b2db-0f8141f24180-journal

          Filesize

          12KB

          MD5

          006e3352665de20ff9583e332bcfad69

          SHA1

          3060bfb11880c2b9e59921b4d7a8121f259914af

          SHA256

          acfd2c6b487af4255e482855ca11a7ec4e5d74839d1e1027be9dbc47db490f91

          SHA512

          b77457a6b293d547fe251fb8c264d5a77463538ae669a5ab9e1dfeb5b14bc95c59834651decc0f127ea90968ec83d89cb482ff83905cae7609350be0bda35d69

        • /data/user/0/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/metrica_client_data.db

          Filesize

          20KB

          MD5

          ff90fa2e87630d4dcfc05d076c764fb5

          SHA1

          d57dd67049f4877039618a7918d993a489f4dec3

          SHA256

          5d8add7cd65c138a1596b936345715068abab4bb499ed4101864f36d91cf3b9a

          SHA512

          05d859d0eaebe30ba0f0588f247b372146b83cd681067969213cb4a33245a723d74b8c4d63e4b4cc443a213aaa0608d71ba0e0b8c036e05cd2f6dd71f46c44b9

        • /data/user/0/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/metrica_client_data.db

          Filesize

          20KB

          MD5

          e5639b469346d3d19c79ae3bdc2f4a9a

          SHA1

          b4d9041b94176f65417e63e77f0f324b81e8dded

          SHA256

          cf283c9f2c282ef339f1ac0c4eae7d6f44f86bc1744cbf8a9b5703edc7368aaf

          SHA512

          273aa09cf7f4de26661bbedf2ecd180b5adb537022cd824d2185beaf7eb1784bd1ea1f1f22c01e4762729bdefeb81964f1a47f13e90b883beb27ce7c8d1f03b4

        • /data/user/0/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/metrica_client_data.db

          Filesize

          20KB

          MD5

          5fcf42232b95a9cee71978c6cd36ecc4

          SHA1

          dac92fbbbef0cb069cee96b1b148b890cb0da024

          SHA256

          31658800ab11d03469287fd2f6978d67db170015b3afbf59f27bf856b2577d4d

          SHA512

          7ea0d9a0140619e4b57d6944ce9b163673348f1ab84ce1ceab8a5da23774a1261bf043e24dd808cc7aada9a1fa611c8acedb7a3bc149daf417d077f8ae279dbe

        • /data/user/0/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/metrica_client_data.db-journal

          Filesize

          8KB

          MD5

          de7ce06d90017ac331d943943a9e75f2

          SHA1

          7d6f6a630059c132e83b4c30c985f86989f888e2

          SHA256

          726419e3eaff9ec111b13d1e6fe78412109ddf01217da2614d744dacf5f788d3

          SHA512

          6c5e707323e061181fd11ad524cc743b24393a8de579b019a352d42853252f736e4c132e49af272f2e33de25aca16141b8504e54fc871f17eca8d880a4e88e47

        • /data/user/0/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/metrica_client_data.db-journal

          Filesize

          8KB

          MD5

          5f6e150c8d0a80b53673f61d0dccc759

          SHA1

          683bd6ac4b66ce0d8f8ad4d7162e0cf2f681d6dc

          SHA256

          b63030373c93f49c018b3baca554428b42cd5f8429a2b89355e14c7c8c6ac5ca

          SHA512

          eae7e28d5d80f5b42603150d1a28f40900f6a504d65b6c79e8e1af708401a7dab4664995c84a9c3fe6cf1c0f7d6c3179882f43e0bb636bfbc428576f6c071169

        • /data/user/0/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/metrica_client_data.db-journal

          Filesize

          12KB

          MD5

          053880a8528e8900d142d08a31cc19be

          SHA1

          c6a21ad85eac3d41306b6a5f9059fb8609d02bf3

          SHA256

          6d70ff1723bcfe6624e98f38f1eb575824733dab50c205adceb79305e5a9d7a1

          SHA512

          622df63196448b4ccadf88eed708099ee67d7d3a86f53678c33c1743c1421100b507866fbabd8a97235fce88f605012d14c163b4a08a7c3b1e3add86b92c442e

        • /data/user/0/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/metrica_client_data.db-journal

          Filesize

          12KB

          MD5

          768050edbca1a86f95e3bcc9ff1719c4

          SHA1

          12aa545c67a781600b1da6e03cb875f1173a067c

          SHA256

          8e24d6766899408c5e3cc9bf9ed83c3140438ba2e1120e4c6e104937ae69fd4b

          SHA512

          47ab86d8c4d2c2cbc79262863c6e5bcdc433f95bba259d30ee4a3ad2e238e2b5c41bb08dc9076b6032ff53415faa3b71efd12a87615ccf9a9d2d1365c326c966

        • /data/user/0/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/metrica_client_data.db-journal

          Filesize

          12KB

          MD5

          e06241deb0595ebe2e39863bda48f0c7

          SHA1

          5162597f355514e4fb7733c42c990db393552fbf

          SHA256

          12a11c8791e36d7a0355b0d9f0f959e6cceb20aac9287f686cbcbcf62160ba05

          SHA512

          e8502752c599876515a3dfa1bab3b23f833d6965a9aa20ed620e93cf53f5f936bc684754b2af594d358edfa2971858969de986fc958455716183c8f735ce15b9

        • /data/user/0/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/metrica_data.db

          Filesize

          44KB

          MD5

          28f2a9104b76e13c2346bce579edae6f

          SHA1

          d85a4268019f079ab4871321d0527dfceb19595a

          SHA256

          78f82c1eded7322580670fcfb5d2bfa5665390db955cc77b8f6780ffc106e975

          SHA512

          b80fc1f8bb7d59baf8af75c47b84653e73e0e51945f3065d3c4ad3178000771b83b3a51571c80d5f6ae8818412079325a51fde9e383ccb0084a3f3388e5067f4

        • /data/user/0/br.com.app.gpu2106988.gpu79a7d22621e70fca54183d905532514e/no_backup/metrica_data.db-journal

          Filesize

          12KB

          MD5

          07b5530a4cfea6d360f41126d51b9918

          SHA1

          8d708c06a8479589e06cb1a177806f51d2fe8968

          SHA256

          5eece641439e6ee86913d6203415ca91b508b38c919a46169c7f111149ff7a7a

          SHA512

          47737afd459a7c329e18385c6124531b66fefaf93e1e467918840f5b7ed89a654453d55f386cb9153db0c7f3a3551f9ce7b09c1c7ca3689490b2c8d013faf1c6