e0fc902bdaef96b3288cbd9b1741d6e4e436d0ea5c6e91258c22f4298f7290cb

Analysis

max time kernel
178s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
20-05-2024 11:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5eea667fc528af9867cfa8cdd05948d0_JaffaCakes118.apk
Size

3.4MB
MD5

5eea667fc528af9867cfa8cdd05948d0
SHA1

6215bffef1c0aa8c9a05e5fcb6d1fc6c01db1bee
SHA256

e0fc902bdaef96b3288cbd9b1741d6e4e436d0ea5c6e91258c22f4298f7290cb
SHA512

f0137c14242a2471e6df50a88b9600b772a2783dc9f682b15f8e97318d27d8be64f48880572cc20afd29427416e52d10e6c5c91ed8512c2a021370e0fcbde016
SSDEEP

98304:pdGrAdMGjbRROjBFcnBa9vRQGogBB1xFQZtb:pkoWOn6RuW1xOtb

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 3 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.ninefold.bondisushi:Metrica
/sbin/su	com.ninefold.bondisushi:Metrica
/system/bin/su	com.ninefold.bondisushi:Metrica

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ninefold.bondisushi:Metrica
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ninefold.bondisushi

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.ninefold.bondisushi

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ninefold.bondisushi

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.ninefold.bondisushi
Framework service call	android.app.job.IJobScheduler.schedule	com.ninefold.bondisushi:Metrica

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.ninefold.bondisushi:Metrica
Framework API call	javax.crypto.Cipher.doFinal	com.ninefold.bondisushi

com.ninefold.bondisushi
1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4641

com.ninefold.bondisushi:Metrica
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4691

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.ninefold.bondisushi/files/ZPkFS.log

Filesize
20KB

MD5
d01115ab3b3ab6cd76adfbc07994cd9a

SHA1
2e7e72949ae2c3c9fc3faef4ff50f29153ce10de

SHA256
477bd41c92d45d060b57856b501048725ba8cd344d54d65459d2f6a0d5c38e68

SHA512
bdf67bda728f6ba75d0f993d24b0feb954d5cbc369d522ea553400482ccb65ed6c9fb042608d7ecb2940bfae1df0e47a7cdb37409561581c8aa31a774334092d

Download Submit
/data/user/0/com.ninefold.bondisushi/no_backup/credentials.dat

Filesize
234B

MD5
f808f08a9518ae9e4831f268fcc021ea

SHA1
3c3fe387077cb8537b6608afba26c0bda12652fe

SHA256
3b3159b6cf784dc5a7ec64a2455e303d6e62a503348de1e6c8b3d2925bd539f3

SHA512
8b28df8c90ebb792f85ef101111bfc13a5a4db07b4bec0faf76c9e48ec7ebfbb169f5c94e9154e1933ce2aa8924905c58352d9018af5720f3fecb9b02b10eba1

Download Submit
/data/user/0/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi

Filesize
36KB

MD5
23204f20607408be021610b0001c35f1

SHA1
e6c21540675c0828619b46072c1066c7c08f659f

SHA256
eaf195e13f4d9b688569b3b80ebb4ad129715e96db4688c495d97ea82e3a55c2

SHA512
d9ac95b8f058e346948989fbeb48e79b64c7c6856d639f3323843201dc4b2e9044f37703ff320594015087ffe83481b62e5af935ff83d70ddb980e92ad397d2a

Download Submit
/data/user/0/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi-journal

Filesize
20KB

MD5
095f9fbb11e9d7cf01af639130a45ef5

SHA1
3a5dd7854beaf15fdcc7a08f1ebbd3a9b7f88938

SHA256
4f3f849409f0528b17e14911a620670e8b68bb89dc4640c0261944c25083b462

SHA512
48ff9ba06596f9da53365943da58d4eb0103efaae3f922911fbc9f039d38b2240527010c7463e8b990924d8d8cac2c6e76b53e930efe99d9c120e2233f36028d

Download Submit
/data/user/0/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi-journal

Filesize
8KB

MD5
997495519b63dd01a553d25e46496d4c

SHA1
28f48d8dadcb9f28f358fb284bc8d2fc3acc3a53

SHA256
70ea8b183604b2fc377921a0a49d68d19b0a4b57c91d1a9775148df29063dba4

SHA512
30c5da84b4010405cdfbcd2e9a26c4859797cb204a83dad50bee3adc68160f611eae6fb00f2211af099de4e5c1522a6002a028415ffda870cf1383dd46404708

Download Submit
/data/user/0/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi-journal

Filesize
8KB

MD5
e6dc2b31aa82e2d6b13d6ecc53bda2c1

SHA1
7db12cc4d281596088f5c085d7d363b6ee29b66b

SHA256
bcb4d2ba85c28787ad26ca8ae80dbe5081843a2f9388ccd432acfe655cfcbc31

SHA512
7c54bb2e11510300a71d58b4c018376458d1c9e970cfc597feaac0a01b541a5383643573f5b11e59f9ee714b6d9817c40af14e734bd9e649bb8932d9f862859f

Download Submit
/data/user/0/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi-journal

Filesize
12KB

MD5
2a70bfcd6d13a2efaa427b8bbd9b0ed8

SHA1
1191f2a2df13ea35d25dbecfeb408788498213e9

SHA256
1ebad243e35db7e8c87a20a64ed726c648fe12fb2e28660017f1f96b72f7be99

SHA512
b6a1907f889bf52910925336160e372fa678cda4cc3dba1b722153c1ee47670bce965c64b4f670df78aa2c03e510be087edc87d70ea3d98dd42e495c8dd043b4

Download Submit
/data/user/0/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi-journal

Filesize
12KB

MD5
69aa91c04c6d8baa21fd528ea893f25f

SHA1
3f803f845934b9959ff1cdec04f577dd0eb6de86

SHA256
fc182a0ba959be28cb7535153680fa9d28e91d449a9fd7ae98448b3ab4fe839f

SHA512
8496c02b51270702a88cef2e7ed00ad3154d62b71100e124110dcbcffbfc7fd97eb108f724c962dcd4995619933280544ddf12041e23ecc8ac11afd41d5ce59f

Download Submit
/data/user/0/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi-journal

Filesize
12KB

MD5
940778e5dfefc1023503b6506aef000a

SHA1
102b431f742eeccf45f5ea1ebb00b326064067c8

SHA256
9f3c59387120c7141bf8c9222b91e50ea16f8fd458ed6602016a949799cbef61

SHA512
7fd6ba9edb73971c421236de9e0b81b82c1e849997cded4d9238ddaa00627660e41a670650b477c2067c6e28fc9d3bdd125203e3736f8259055160f77c20963c

Download Submit
/data/user/0/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi_20799a27-fa80-4b36-b2db-0f8141f24180

Filesize
36KB

MD5
50cf465e0a448437c338f1d396f6e816

SHA1
cd8b033a04871fcc7ef5325902536dc452331646

SHA256
d67d9617ab35719ea52f1798b197ca73cff85aac9defa32779c7f6de8c23f171

SHA512
1433d5ddb6ca4c6f29c2c38b29d28d3fb3b991bf7f7073b7108a94aecef7115be3bbd496edb0ef751739e8bd44f743975880232075d958d9d7c7d47d96530a2f

Download Submit
/data/user/0/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
512B

MD5
cdeb15521d69510645aaa347b82bd245

SHA1
bd00a2205ddacb4a5ba74cf5d9437ebff182dba0

SHA256
1913b3ce1f755e650227fc3529494e4ecf63343362810cff9d601f2b74dde680

SHA512
bc4405422d5a37a83c0feb470443022f95957f8b3418ae191cf7dabd1c61fb189fac2d2bffbe261b429aba4d744d8888b4492fc4d3cd36b8617165bb33ef2462

Download Submit
/data/user/0/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
8KB

MD5
5de619070554ac0a04d002f866d285eb

SHA1
d4b866e7b41f8ceffa794214cae8f425258ca775

SHA256
c7d542a1a3797ebc92327208811b7f5e58f26ef7316606d58b77537585c896e6

SHA512
ba79340e8484df327c856e7e748c9b04dfc3eb9f193929f5e231252cf5f8c2661f73a9de4d7ad85a311055afdd811b95292a37f8b8676d3321fce8a5ceb3fc71

Download Submit
/data/user/0/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
8KB

MD5
8263bb0a8a46405f3ecedae1265b160f

SHA1
f450c2edb9c2789830b176b6495a0d376e184d6e

SHA256
09800f61e186e0e9c2d23bfcf3eb909f3b72caa99de7ec42b08614307ae5bc83

SHA512
272c39b315e984e7c875e94c6c8bd0b6d1f3eb091836110fcef4fdc38cf9a0904430a41de5ad7c66c6e24da174cf4b9989a19ed0fd662bb4b96c859f633d16c3

Download Submit
/data/user/0/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
5e11e58eade7b5f8dfaa1aec563892bd

SHA1
7fe77b97cbe4f628f49c97d19ee0d9da05abeca0

SHA256
982e6665329280826048e5614987095ff562b4203086229215bfae638d1d4bc7

SHA512
5f6b2cee3d7a096ac6ff6145a9fb2121a09365518df5de7e7e9ebf9e012a242b6a481066f7f813e3c972bc4781ce648992f1ceee6fc7bd11708a5948043e019e

Download Submit
/data/user/0/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
b993bb2d3e6f9eecd282cb8a590dad07

SHA1
2098cde38e3c7f128f2eec5fac68859a1588fa6a

SHA256
e26fb1a73406119f56042fe0bb31ae13d295683b7dbdec11bdb1bf24ef1aab23

SHA512
055d674bf0df9a82a29b09ac17b17c028a86a069aa5dc63a8fcc0db5339f74c422acf12215648fa9d00424b3feb9dd1629fc3744765d2063e236c46581366a6e

Download Submit
/data/user/0/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
1dfe03f12a3af9da15a891bb429ca681

SHA1
0d039e54911594372375ae1bc44d16b31740730a

SHA256
697eb1d9091c33a37fb5cda4a7b568573b02b4a2d4cd39998d3089f759c4fcd8

SHA512
709b0684288743114a0238c48987174097f3de9470dde9d43af66cba4671b9f5790081b4d1a41a80a348c04b158a8e59102befbf3578612f65fdff93a3861f13

Download Submit
/data/user/0/com.ninefold.bondisushi/no_backup/metrica_client_data.db

Filesize
20KB

MD5
61e7bd5de3fdf3b4e23326664e9fc347

SHA1
64457d18ee8100af6c32b48ad64486d83513a5a4

SHA256
9098d1eac9b87fef05a5cd14a41d7fb75216031cdf51d5205c110001429013b9

SHA512
e11d064c2f5e3e9d1ecd311df89b2366c52b3d41d1b2314e8034f67b3485fe2c87d8ac03a4f3c96cb0de85a98f8f26448abb358715c9f1feb63f3d189c775d10

Download Submit
/data/user/0/com.ninefold.bondisushi/no_backup/metrica_client_data.db

Filesize
20KB

MD5
e5639b469346d3d19c79ae3bdc2f4a9a

SHA1
b4d9041b94176f65417e63e77f0f324b81e8dded

SHA256
cf283c9f2c282ef339f1ac0c4eae7d6f44f86bc1744cbf8a9b5703edc7368aaf

SHA512
273aa09cf7f4de26661bbedf2ecd180b5adb537022cd824d2185beaf7eb1784bd1ea1f1f22c01e4762729bdefeb81964f1a47f13e90b883beb27ce7c8d1f03b4

Download Submit
/data/user/0/com.ninefold.bondisushi/no_backup/metrica_client_data.db

Filesize
20KB

MD5
1e8c7b034556cd4f02e6f7abc72dca89

SHA1
d88eafcfd2844935ea862d16aebe396a32756d54

SHA256
75df7d2a87bf5299258dd22f6f03c278eb0481a7313b5cb740a7a2c61d960064

SHA512
f4553239058cc42144d4290a88339cf4a2ba3beee2dea86b1ab41305744ec46aff3299b7708e811340c20ee2c9dc4f0b5fcdad4b4db37f89c40a0b529ace5410

Download Submit
/data/user/0/com.ninefold.bondisushi/no_backup/metrica_client_data.db-journal

Filesize
8KB

MD5
2f805b260eddb047a40d159c1fa943e3

SHA1
466183c29be45db72c657922b5ffa58d8be67a3c

SHA256
27bfe8b6621cb369df888843cc962ccdb2af89aeb2fc5104a97e32b73db3bbb7

SHA512
5fcbd326241d1e9deacf267a9bd1f472aba3dc7f2041fc7d568504d45398fe31055fc21c768296421676f25f26c9a5256e8d8789da93835cac53e8ab00fe2dcc

Download Submit
/data/user/0/com.ninefold.bondisushi/no_backup/metrica_client_data.db-journal

Filesize
8KB

MD5
4d20ec175ab5eb211b486dfc0461ac8d

SHA1
64bcf060e518a1c6a4367b8a1ee3fd2b7111f8dd

SHA256
9ef18b22e64cc787616cd18fc174a2b4c6e852f9bdb0b6734a813fa6fefbca3d

SHA512
31781efaa563346b06a2a7e7719db1a687a7966e0c89a16449f0b50dc93094fb53158479e4cfbd13a0d5db7560ad3c48ef91a2952b34b1793ac40fccd38cf8e0

Download Submit
/data/user/0/com.ninefold.bondisushi/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
bbe0b631476951d715fac8c1989acab9

SHA1
ca448f40edd2e82aaf4f7487606a6cc74ff3a758

SHA256
156076b5b78ed3a474cfc74b5a9a05b43f37fc3c069e8a8df7c3fad4c2743ebf

SHA512
50dc7c8380dfb98ff5262b446d15a68afa7381c836828307c9ad004965e9347aff9323231c096cc325aa22470118a1900c080057337b03d2d181e39023a199a1

Download Submit
/data/user/0/com.ninefold.bondisushi/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
e0208c701348746154c64ace45a76579

SHA1
0d7e7c3913dbcd9a0f680080f1ba7cd2232efd3f

SHA256
9ba1173ed009767a9df181122eef52171c1b1d61b7ff1bf83e52cdce094b42e8

SHA512
d18e4691b715885cdb2b55ab59a3287fc621eb7cdd6fff933b8682bea60bf3fd3bbeaae5ee2f8654580fac05d7d0db1323f00846a312a33def002647d29b40a4

Download Submit
/data/user/0/com.ninefold.bondisushi/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
85613072b226b20d493507680958a948

SHA1
19b3a44846aa91e21d04c23a4edbf5af63a1e8e5

SHA256
d1b6ff7b077e67660001c5c133c9c3f52052d0b6d35d34d156b5a81d6d1234d4

SHA512
cbf6edbde38181faad579363547e71d5ad66064393263b8643cf63ad2634f6b2c8fc10d47b65926884998d33e1bba0afda2e7dabfff66b6c05b789972e73d929

Download Submit
/data/user/0/com.ninefold.bondisushi/no_backup/metrica_data.db

Filesize
44KB

MD5
087933a8e70f259f1c7b231bd48bc7e0

SHA1
1a69eed4d3694bf1d04ad8ef3fcc029d9e6a280d

SHA256
b4d00a8c9aa0e8768af860b1fe5a7789bfa34fe8be155b413861661d391040e1

SHA512
cf03e3e0c0b9d318ac47ec43575d04b418dd0ee23fd92ea3764fdca8149cb33deec9ef4128279e7486dedb71270423d1298dc262a9f3055de697e0a2827e6492

Download Submit
/data/user/0/com.ninefold.bondisushi/no_backup/metrica_data.db-journal

Filesize
12KB

MD5
666e9fc2b819ff4349d950cabc334495

SHA1
ec446ad93e2fefc905f9ca3b30a26bead7fe63d3

SHA256
87c30d02eec137556547053ecf07a67b378f8a76c5c9db6703e089e00af6e50c

SHA512
2c253e040f5b235cd93d2331ad276c67124f45c69665b10b6beeb77bb19f3063b42ad31c5ed02f2999c926daf67511e7778a43d23da3bfc65e248b6f40771598

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads