7123e8142dd776104e99c50968197c8692f0dcb0c5e46bd90f7a21fe84e7af9f

Analysis

max time kernel
178s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
21-05-2024 14:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

63a83244be3f5b60da41412fd7e301a5_JaffaCakes118.apk
Size

3.4MB
MD5

63a83244be3f5b60da41412fd7e301a5
SHA1

ef6eae225470cfe8b853de6bec0125f80b4a664d
SHA256

7123e8142dd776104e99c50968197c8692f0dcb0c5e46bd90f7a21fe84e7af9f
SHA512

0280f57aa486b9d0cfd74d1a7bfb94ade17f1bd4e485c7521085d0fd2487847202ff8a1a10c7baed7950689bfd135a4315d84e76392a9f541c8b612252e91722
SSDEEP

98304:pdGrAdMGjbRROjBFcnBa9vRQGogBB1xFQZth:pkoWOn6RuW1xOth

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

System Information Discovery
T1426

Processes:

com.ninefold.bondisushi:Metrica

ioc process

/system/app/Superuser.apk com.ninefold.bondisushi:Metrica
/sbin/su com.ninefold.bondisushi:Metrica

ioc	process
/system/app/Superuser.apk	com.ninefold.bondisushi:Metrica
/sbin/su	com.ninefold.bondisushi:Metrica

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

com.ninefold.bondisushicom.ninefold.bondisushi:Metrica

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ninefold.bondisushi
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ninefold.bondisushi:Metrica

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

Processes:

com.ninefold.bondisushicom.ninefold.bondisushi:Metrica

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.ninefold.bondisushi
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.ninefold.bondisushi:Metrica

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.ninefold.bondisushi

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.ninefold.bondisushi
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.ninefold.bondisushi

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ninefold.bondisushi
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.ninefold.bondisushi

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ninefold.bondisushi

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

Processes:

com.ninefold.bondisushicom.ninefold.bondisushi:Metrica

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.ninefold.bondisushi
Framework service call	android.app.job.IJobScheduler.schedule	com.ninefold.bondisushi:Metrica

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

com.ninefold.bondisushi:Metricacom.ninefold.bondisushi

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.ninefold.bondisushi:Metrica
Framework API call	javax.crypto.Cipher.doFinal	com.ninefold.bondisushi

com.ninefold.bondisushi
1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4286

com.ninefold.bondisushi:Metrica
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4326

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.ninefold.bondisushi/no_backup/credentials.dat

Filesize
233B

MD5
34c33d089cb348630ccf22092c7afc65

SHA1
181ce8a6564d56c9f8e24bdcd9ac65e5587f819e

SHA256
77ed6b4e14b8af18dbc9a0277d5ae8a31082e72965bc28346ea86df58a2ba1d5

SHA512
98ee4f6306a8dbbfaa6596c943714ee8a992f1c7565782b9e3bf1ce975bbe175e123c08dd3443522a011862b2e239cb8880619c4d7bb80728ef430ca4316a246

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi

Filesize
36KB

MD5
795564ef9ec7e3eb870bf8e828760281

SHA1
eabe2281d9e2f193321418ae88c5f1a082866dab

SHA256
900fa2d3cca22936450f810828ccc9592509b51d4f0d19c54baffd72f76e4fb4

SHA512
63b1f4df8a3e4f094368bb94e8cd9fa8463001e619ae41f6cc418c50a6451862e39c9701f9dc18c305a6807bb05fd265698f1993170b5aaec438338a157b77e6

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi-journal

Filesize
8KB

MD5
d3bdde966aeb69d7ed1480d065059834

SHA1
8f9f1a3506ec389faf344249f1296dadf041eabf

SHA256
2b51e6468b9779cc2e3236332cdeadbc105d71c18b7d9d022a08877591a647b0

SHA512
f4a29f37ca930e615971be97a5884bb791841598a5f3276f17034dc9bfe6efc027432effa43dd81abf56dc4ec760e28fd88cf6c60f84a5256b02308d2b583500

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi-shm

Filesize
32KB

MD5
c2886be462c1966005c6bf6ab7f3c507

SHA1
3b3223f3c92f088adc58ef94aad7548402eaa65b

SHA256
785f54dfb410e39d9520d893fc6a682598f7aff3f56173a1f3e89fbb973884d0

SHA512
3e90e39ba4659076c4b705585e2057e2ad8f666c6552f2397ce4b46876213d87392007896fe3f45411bfaa0b71a6bcfdf860228bcc47f3fe91784a3dffc47319

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi-wal

Filesize
406KB

MD5
b07b87c529650394ac61865ee3518513

SHA1
eb0ad5d1b84ec0dcf0c3d6d2cd203fadaaef9059

SHA256
8e81805f4c8e14d0814094b0b47d187eae944d67eeedf8f251909a680f168f4b

SHA512
dd9a49aa16330a0f9d6035324283fecfdd3583f38b614ae76e3c4573dac4b4dadbf3c55c2de8d8721afdb6b7a3a1e3119ff0ac19e15f18fbdb42c6ec9f1e6ce7

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi_20799a27-fa80-4b36-b2db-0f8141f24180

Filesize
4KB

MD5
468829a36da23a405a769e3cae4677e6

SHA1
d68c34cce9387734936cf53d31bd2e6b96fd06d6

SHA256
790af113e7e216f27760afc205c158d28f52ed8fcf3d6774bf30a81aad7d4b31

SHA512
82f8f12b9c9347869c0d3122447092fedf3885643350f6c1a199525460414e66715d152ca6d5d4c239ee1e3f5744d89895db84333151887409667a82fe6aa66a

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
512B

MD5
b2b234fa161c0adb9afe7177b2d18514

SHA1
7f53e8a52ab124614ee1328f6b6821cabd8104fa

SHA256
3dca7a72ed325a85f8476991700d3565713e2ef7a37c34b026c562b0ec54b398

SHA512
1e9ad5c9b6130e65cfef08e4e88817ae60ee56f909353e905dded330758cac9aedc8cfac7d721fcf5c13006f5db36d3af85e14a7df0d693f1dc6cb425e3021f6

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi_20799a27-fa80-4b36-b2db-0f8141f24180-wal

Filesize
156KB

MD5
48d627841c90b99f7856db5194f469e8

SHA1
fe9ebeb8563d0db29b1441fec3132fb25396be41

SHA256
2fb7cb1a96a26308b409d53e16cea08673fc3b0a7cfa5b5933e245746ad25e25

SHA512
d17d5a585cbed140803564cc47bef936e6a45f4f7d2a14a47ecd0f82894e6d9fb2b8e38cce92849639cc40255b2a95212f6de69119d3a6d7794788ff8049b6b5

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/metrica_client_data.db

Filesize
20KB

MD5
d37c07bb12523aff26fe2dc88a35e622

SHA1
b61a58ca147a6048f1f91b0e8c76328a78d8f36f

SHA256
19a8e46a88f68bd4a4087bd19c27285a8a77fcf2ce0260460e951727ff007564

SHA512
ac8d416bd61fde5599da463764cf7ba9e6a613dbc59cd942a22e33562ceded0ece3382f57bb526a0d5d01fd361ed8161c5d74381d7aa5e28d3b2fce6d9faf61b

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/metrica_client_data.db

Filesize
20KB

MD5
3d6207be2a77ab46628f5bbe30935bab

SHA1
57080a7e68dd7d2d911fca2e69db53584813cb3c

SHA256
d9da507079293b9f4b2aec71b52561792f0e2ba928af3215792d5bfe63fe246a

SHA512
543d56a91575a8020e11d4f1611ff9ebd4332f031bdfc53650137ebb7100612c8eeadd79cd3a91a1374d2a64845dc38aae6a76e3d0181d23277a086d5930977c

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/metrica_client_data.db

Filesize
20KB

MD5
44def4f6e42c3ec63f229d23af8c804a

SHA1
f5956d9295778b539bced03215343fd3cf7a9dd8

SHA256
882faff2a0f007164d5dbda7bd7f803306423b5eb48a88b1bb72bde65b77e50a

SHA512
a14770398044635a8a8fc0d59dc95af3a97ae78146a9ace3795d600a44098a5ff7099aa3d0ac40442f8ff8c5d3b5ceecb4b360bf47f3e8c7c902879e2e76228d

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/metrica_client_data.db

Filesize
20KB

MD5
4c1e96cb3809e865194161dafdcebd30

SHA1
6aa6258256a542582c1b8461878add3d58001e20

SHA256
2d6b6c0b01ea1d488dde7f6ef9f9791d447e5b203c68564c28a91b6e0a97a853

SHA512
f29a1ca44459e97124f75db8a0ee761642e96b07c0d29159590a0fc49b63e72b2a753c673fbc5248ae0a7783f5473cfd076529a0ffbcf00b1923ea07fe9557b7

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/metrica_client_data.db-journal

Filesize
406KB

MD5
711381ab7d3a48f8ab3c69cb21377cec

SHA1
b997e391f95919cee0830e5886d6149c1c2acfa6

SHA256
4e6a57cb102299926a6f25f3ab81f26a550e879e7b68c664751dffd04deffbce

SHA512
4aaf016b7b7251a8aa18886455d47087b7f3150bf3eca0fe18aac7bd741a2368663ebb2b220ad0df96d81119e84a9d3d1958f3d41498bea2242d221389b4b81f

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/metrica_client_data.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/metrica_client_data.db-wal

Filesize
32KB

MD5
1a7a52ac7a8a236c723c5cab5807c9fe

SHA1
2035432f4aca3087155ea59f00323c785f54827c

SHA256
0c56f247282af69307b8599bbd52c0558a5bf4c2140b76fede351ec7316ceda4

SHA512
17022587a4e84a91bcbc65326241a8ac0560f79aea84d04978ec0f9200d3b4d6fbe74e6e6a1ae90c653c683f2ce487c6ad2ffc4b72a677803c7c70f964a06792

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/metrica_client_data.db-wal

Filesize
8KB

MD5
a29c084d025e549ec4ff81db0a33dd5f

SHA1
c04ffb5a0e975af4f136993d5edbf8fd4159a864

SHA256
36a30a3bb29e0f42502509fc9e706e7f54081a640ce6b1253e7306613b62cda8

SHA512
29a860208be0b8d4719ce6822a40eb7adff60b81b2f1310043299c581434481d7e019f28018354f2f78842f2e987a8c8991c88d7d421bd61b1843b3a440286f6

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/metrica_client_data.db-wal

Filesize
32KB

MD5
f37e93ae6a1611967b102228b8ccf4db

SHA1
d63480f6356b9e7ffd6444ac29f42215208d8e1a

SHA256
ef4e95ed6ec85a2012bfe5aa842f55b7a3081b17a4a3f8e8a9c1f1136dfe5c34

SHA512
c14dce018a784ec2468899ae71c5e6061cbbbaf99a3cebc39fb330190850d15df7be6ff3da60b88034e7c266c0a5bccbe7709de998692515e3d4e03c225f6456

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/metrica_data.db

Filesize
44KB

MD5
f39bdc8cee7de9c42ef65299c039b0c7

SHA1
172c555d0954ac797561efea8679f0b60e70860b

SHA256
afb037ed4977367e1db546ed2ab003ea2cae3b13f62450907d312a6a85228305

SHA512
45e4345beab343e0fa3e76e1200e7d1d0fdde81812827e02091b2703afac62a4baa6890a9ee4976f9a4ddea762faf91a097be331ea310482f8fd26a9450761fe

Download Submit