7123e8142dd776104e99c50968197c8692f0dcb0c5e46bd90f7a21fe84e7af9f

Analysis

max time kernel
179s
max time network
143s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
21-05-2024 14:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

63a83244be3f5b60da41412fd7e301a5_JaffaCakes118.apk
Size

3.4MB
MD5

63a83244be3f5b60da41412fd7e301a5
SHA1

ef6eae225470cfe8b853de6bec0125f80b4a664d
SHA256

7123e8142dd776104e99c50968197c8692f0dcb0c5e46bd90f7a21fe84e7af9f
SHA512

0280f57aa486b9d0cfd74d1a7bfb94ade17f1bd4e485c7521085d0fd2487847202ff8a1a10c7baed7950689bfd135a4315d84e76392a9f541c8b612252e91722
SSDEEP

98304:pdGrAdMGjbRROjBFcnBa9vRQGogBB1xFQZth:pkoWOn6RuW1xOth

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

System Information Discovery
T1426

Processes:

com.ninefold.bondisushi:Metrica

ioc process

/system/app/Superuser.apk com.ninefold.bondisushi:Metrica
/sbin/su com.ninefold.bondisushi:Metrica

ioc	process
/system/app/Superuser.apk	com.ninefold.bondisushi:Metrica
/sbin/su	com.ninefold.bondisushi:Metrica

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

com.ninefold.bondisushicom.ninefold.bondisushi:Metrica

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ninefold.bondisushi
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ninefold.bondisushi:Metrica

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

Processes:

com.ninefold.bondisushicom.ninefold.bondisushi:Metrica

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.ninefold.bondisushi
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.ninefold.bondisushi:Metrica

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.ninefold.bondisushi

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.ninefold.bondisushi
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.ninefold.bondisushi

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ninefold.bondisushi
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.ninefold.bondisushi

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ninefold.bondisushi

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

Processes:

com.ninefold.bondisushicom.ninefold.bondisushi:Metrica

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.ninefold.bondisushi
Framework service call	android.app.job.IJobScheduler.schedule	com.ninefold.bondisushi:Metrica

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

com.ninefold.bondisushi:Metricacom.ninefold.bondisushi

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.ninefold.bondisushi:Metrica
Framework API call	javax.crypto.Cipher.doFinal	com.ninefold.bondisushi

com.ninefold.bondisushi
1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:5115

com.ninefold.bondisushi:Metrica
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:5169

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.ninefold.bondisushi/files/ZPkFS.log

Filesize
20KB

MD5
ea9c2dc01d788f2ed7ad6a455e32335a

SHA1
3da6ee06226734e9a402c3ef2b542af3b509b6af

SHA256
ddcb0e1970efc2dcb42a4dd328ef8c10f3512b39a47277d5b075fd3b92dfc3a7

SHA512
5b834f25f6f8afea98eec78cf8e148671ceca48aee8019e09308389c1f336e47e55666fedf66e09c97e827c375ade0fad635b98686ebd2f72240108670d25e76

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/credentials.dat

Filesize
233B

MD5
921532f5be31e310da6ebe167a3e3c98

SHA1
05ca1d03af873d150f728a544f0779371b943d51

SHA256
097326ad113f4d8f03d60d97147b4f35fe85d3cda7953d0bff1e747e242406c2

SHA512
91179252e92b270ea1d57d9436d2571506d1dbd4ade095db0b9360d6a09f8770dfaa66264648200e0feb1aa567eb796d51ef8b310f0d9ade5830bad4283d75be

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi

Filesize
36KB

MD5
58312667359e673cc0c7726ffd893bc9

SHA1
4230fd7ff1b58916c7878ebb5b3ad681ca65d707

SHA256
147d91bf4bfd6c72c2a31f714e8e7420dcacaa4d689238f72fe949235ca21c4c

SHA512
81b986f7979fc786c2db43a67b9862eb1a9795cea1519282a43be40ce802e85f32932d0fe9b3d3dcdc89f43bf24ec21a076d5b70dce5f12a2a9db74f11c0bbcf

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi-journal

Filesize
20KB

MD5
f9ae57d1d17c9afe457100fd607bb907

SHA1
e2ce2e2a49cc47eb6aba615ce5d77f0bc250d5ab

SHA256
aac24e4778799e015e1c4ea349b1d1fc1064a4fa6ee0b2d7fab38be4112001f5

SHA512
e6d7339a6b1efecce83c588c12974aa0d097b7077671a296925c534450ae45844f507e570e682eeccbb1ad01200c8e0691d68d71aa64f1b49f5562b8b65ef16d

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi-journal

Filesize
8KB

MD5
59830bb82a28c80716ef442df4f292bd

SHA1
412e4ac42f157c852345f7f104c8b0e202b10b26

SHA256
0c8cefa5963e6e858071a0465ec38d1913ba980fc933e17035af300176724e7d

SHA512
a635ac6e3feaab60efbbba9f6c9c3dd4dd1f9cd21532d1515e791af6a122333f54386ede47fc44c17fa1c6fbef1b5f3ea2d2ced9ecbb2821c3b2c39a31a72bec

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi-journal

Filesize
8KB

MD5
772ba50748d61adf035baea9aa6487c0

SHA1
f3b2c8dac4969ad2418f548134a3432e0bbdf171

SHA256
8d9fce423a721e54410d578aec46fde8cf5232c607b392f4538988453716a921

SHA512
ee44f94027912da602e1348c6797ebe8a8c8d0a91aa613f5d1442eafc0ed45182d83c53ff52d066c7697d12159de0cf3d8e6048ab4bea0b63506c3cd7cb40d20

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi-journal

Filesize
12KB

MD5
d865a50dcce2e56c565111a122c58801

SHA1
26012e8a70ead0882c55f9fe1ef212ac0a6d20da

SHA256
14a76dfb2d80b1bf2cbe421995fc0505f7946df1896c5fd1ea03869bd7c06902

SHA512
3a9a18764a5558768a5873e1aaf018958c5b9396bad1c0da1fd4718a0d41a5bd49d1740d313c097b0ad84594d88afd0d70d2182538c4a85bbd673588270ad27b

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi-journal

Filesize
12KB

MD5
7d19808f72a5ac883523fa605e22e916

SHA1
c8f676dc4929ebbc184973260fff57fe399ff051

SHA256
f21735d15a1948621f925dd1ccc28a70148c1030c041fdf37773385d8f153f3d

SHA512
72bcd413a0d2a634cbb4f0d5506eab1692f015bb0c7db510965fa36bc7d90a9a1c43bd140cde64dc6687915d5dc33bd0efa7ab996ddf8180c25c2dcc4d3bf0be

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi-journal

Filesize
12KB

MD5
a0fbf50c4ca66ca9036dccfc75d292a5

SHA1
7e8b995851e5d6da84b86ca171f3fc535cb31504

SHA256
24897d01a919f63126c92820227b537472b99c6ddb2713e4e95b843a7a0f1259

SHA512
9b4a191d8faec11e85af1c9d4c47e3d1eb1417737be3916cf4f54a32a7fcadbd82e39855ee64398867f85a62aeb9fd656637faf706d06a9b4294904a5bf1ef10

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi_20799a27-fa80-4b36-b2db-0f8141f24180

Filesize
36KB

MD5
ec92e926781923c053587bedd863bc79

SHA1
01d625d3687880a594717e7f65c5879242e31dd8

SHA256
4021173106c3ea3f74bdc85837b965009cb293e11d04c3adf3df5d67fddae8d1

SHA512
85cf2a7c76b234b2c17c117418865b67c96afc96d4e5348a7fb20a6a65d580a479d8473c1d03e8b02b06d9fafb2cdae5469522b7d988016dd95b452aa3cfe7ba

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
512B

MD5
8c501b2def40645669545527f18bcb84

SHA1
995d0a5c3e3471b231490a2cda3e299eb955518b

SHA256
78e67fdb8c489b91bef8afbce41b8a4db5c945c560bc3cddb271500842d91809

SHA512
5b8d807facbefc615a940acea0451b7ace29e9d59ce26458782d58426eb19235d1da31d565cd62b2967018126bf386927e2288f2bbaed4d724090a8bb0a8f329

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
8KB

MD5
0fb1efc11a39b3e853dc230e31caa212

SHA1
a4b86f988ef25c46243585a66e8e89ef4b91c1bc

SHA256
556e566ebaade75a327695c2f66b79317dfc4c5e0455f3df581c871c26b31531

SHA512
562db0b698555f591baa632b18014177d16499dac211c6a3e82799805391f6ed82eddc18340a6f70d2866b1443e7787a8f696d7640cf76fbe1f36efc8fc8e620

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
8KB

MD5
ec773ec752d1c8e73875f344d3d550da

SHA1
8725fb5bb291e79f1d5e9aa412897eda8cb21200

SHA256
28c516cbb478bcd0f03b51405192f189f2b28ba9a6b1d36bd97dc6ae655a2b44

SHA512
85d9a821497c493cde25dc0df1dafeec2f339b9514385a6a27537ba58c749eb23dbb9ae5248f1f66162e6f8cab9c7702a5f06f1afe5bc292992e6af33dd2204d

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
1536ef2bbfaa09958a0d131f115cc650

SHA1
122a40b6f7865e36120a6a74bf60d5c9c5a077eb

SHA256
96c2aaf7bd4d66321f621297336e513fbc80a858c2448930ac25c988b78cd5bb

SHA512
8081a9eb4c91cfd2f83018d8a0215a876a46240570bcc74606a6635e72e99503f9a1ead04d1fec1ed0f7f5722cd4925c53b7c8f833ac136b76632bb9f72951d3

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
384eba798180697170f247087166e0b0

SHA1
0fdfe87b043afc2cb963572817b5472da08f1982

SHA256
55f7019bd68961edb6ee586d793b14545edb773a9a4581afacde0ddcf3a42488

SHA512
1dc72fb3df700e633ccd78e64d2ff179d8c737dda459d853577dc383b89e8d31b29b74f261fabf015f3f3f210e7fd1178f5ae28780c1f788e0f749e7d2eb6067

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
959873cae485ca835556dae81537ba62

SHA1
1f12aa4eb8e08f1b192754436ccdd02f4fea2dee

SHA256
eb9c6dd4207e63feb9ae0cf1a080ed588ec61ff462babd6dcf59f9dcc5b31636

SHA512
e4b15cd49a7336661c0d800e8832b5fc7f021462f221ca57cd5fdba8ac9c3a272a5facb4836def0038c2be1670b0b861ae1da6b29bfc8679865998a1ddfa8a05

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/metrica_client_data.db

Filesize
20KB

MD5
0145499d6bf8cb1ff0f122af4955bc94

SHA1
ea93d25d2d1f9ca7fae87dd96ffb9d17050ad731

SHA256
69f34b370bb0215e64754ffb6162e52496b50d3e3dffd811e528c328ccce5a1d

SHA512
0a8be5c96ee409610de24442447e3ab9b22046778c8d545fc49f440bae918ed16e95e4b8653de6294054eff6852bbbd1ef11c80dabdf4817ea1ff6f9a069091b

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/metrica_client_data.db

Filesize
20KB

MD5
484df068dc370197c0e37af4f433f772

SHA1
5d071329bf5182e60b2d268adca542901d492001

SHA256
3ebaaa9fc7a9245b413f62f91d9e689d468456dd4b6ce2408bcd2003cbdbfbd0

SHA512
587e7b68f2c167d39dd50744f2892a461a67cb073e8cf9f6eb2ab752e07841440dbe212af32958248d15af5d4001e7fa12f86cad62578ef31999355a86c3b0b5

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/metrica_client_data.db

Filesize
20KB

MD5
daffab736c170428a2cb5a9bc7415d24

SHA1
8c72c0f4ab11ea152253a60022ab6b9c6102d490

SHA256
d725f3bdba47d0d814ba6c717342ff366f79dd5bfe9a49e9a4f3e15490dc5548

SHA512
8e846bd40fb40716d588ccda86decd00fd99de452bffee72a351386dd04f9877456addcd94e5b87c6c1256796291ed80b22c7f4d448a7ee97b384ba03daefed3

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/metrica_client_data.db-journal

Filesize
8KB

MD5
809e61d1d292b5b78647208fc434aafd

SHA1
3795f8b70b4e7dbb82b055eaef8f81fcdf5a758a

SHA256
b2ac19d9fa839de34fcbd543fcff90671ace2c30bf4543c099e9e443e7f7dadc

SHA512
0c6acb02b9de8b7365e693405ae14f63b5f1ac270c6f0cd106d5ef20b2b4c15c4dba206f06aeea8d8977290a3a2260fd2e4db5132d2ce0d1b2aea4c964bbd616

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/metrica_client_data.db-journal

Filesize
8KB

MD5
1b72d16b6c3b0d2f49d9432a99ef27b9

SHA1
0d2273f5f630df583b1249a2e90710abc433cfa8

SHA256
ecb4f971ab120eef37c667ffbe2c839dc0dee80b106e6abfa1fbf2c6429c808d

SHA512
3946fab2d05f1605a10418245830c2094af9f42c7ff2226780202c1272d228252082558a4e656307dc85f81b8ac32d463837284f1376cde6f53319894960cc2c

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
0f8c8c28da9057320386f4d2452ff0d6

SHA1
42e1a998ba00b383c70f8cd1d23998df46361340

SHA256
f60d96de3513bd056360b823aec3529ff7b15158611ecdf807dfb37647a7ea16

SHA512
96dbc8816fd093422a14b5441134e1d2a711e1a59d9bd46efe2e2c362e99cc4b64f9bdcc9b27bd814019284dd945270567f066c7bec6ecacf193a9839ed45c78

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
9700f645c8a8bce41e77e94ff219bebf

SHA1
63b55c17a68c79a341529e4f6c47f882c26a049c

SHA256
527023c8e6f3d619845d874673323f4f1088371005c9c0524469bf3fcc751a15

SHA512
f94a95021dc132f73be86dd61f57f493cfe5b830d277ab63ccbbe935b6538cb5a23f3a306c056f6010992deaec8742a3c21ae0a15ee4edfa5996369eab7f2048

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
f22c70f4e42de14e697cdb1811f1b668

SHA1
a8ef457ed45e9f2f942befbb9b2c656a66999715

SHA256
b652ec2ec5f3e09ddb1f0616777c7c81e093c9219b6119b9be3b37feaa9f5f32

SHA512
404227be0c341b79e21409bc81bf76094b4ffdc2464de40fab512f48bfd552c16b75cdcbf886a71ce15f32812cdc6a2690ed6835ed0bcb967eefabe81112c522

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/metrica_data.db

Filesize
44KB

MD5
ebd128d93329a0d87b084b68df24faa4

SHA1
257aeb78cc56d14150c68b011a32c059946e52fa

SHA256
97ee7eca15413e18386591b56b467b520a47e2e464c9b8ddb8e33bc201cba4da

SHA512
e555a45d77a375c5dfbe43c571acadb03aa59d45beedb5c3d213572bf1ece93223882fa9f44b3e3f6aa13566e6d38b585c0529a708097c54983a45c13ee843db

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/metrica_data.db-journal

Filesize
12KB

MD5
5fd16d43f8f620204e93ea4676758672

SHA1
ac54c0298fd7a6988d376acd342eeb020e2f344a

SHA256
959197c81b7dd779fee33215ff1c35ef4d73462e4e477d71ae1e4d2ca7fc762e

SHA512
d8fc2d5fcaf1ee4539ebfea69ef9de3999c906cb750a66c3c6457c83f186afff0d54e55e07f36c24504d2d73bd1ff93782419e32157272a98be884e39053d959

Download Submit