255332e2c8e6d37fbf83551dc3c9ac0d421aa1ccbd5b0d1effa66d303b672667

Analysis

max time kernel
178s
max time network
159s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 00:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6549a2a7999b12d82df68e05651d098e_JaffaCakes118.apk
Size

3.3MB
MD5

6549a2a7999b12d82df68e05651d098e
SHA1

3459a09f7acc33d13ab644907807292bd7e4da63
SHA256

255332e2c8e6d37fbf83551dc3c9ac0d421aa1ccbd5b0d1effa66d303b672667
SHA512

0d395d9d5b76e2cd7f301bf622e53cd74c3b33920bb03d307ab2fe9b8ce255c38462d02c3fddabf5169b184492a0f3d7a4e90a6f67c63b9b964642074d4c03ca
SSDEEP

98304:xugfuWWFkFL7EBasOqFRl8Fr24J73DwpwOtywXN3XWiBj3h:xvLWOLpEcJpXg

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

System Information Discovery
T1426

Processes:

goldenburger.creapp.com:Metrica

ioc process

/system/app/Superuser.apk goldenburger.creapp.com:Metrica
/sbin/su goldenburger.creapp.com:Metrica

ioc	process
/system/app/Superuser.apk	goldenburger.creapp.com:Metrica
/sbin/su	goldenburger.creapp.com:Metrica

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

goldenburger.creapp.comgoldenburger.creapp.com:Metrica

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	goldenburger.creapp.com
Framework service call	android.app.IActivityManager.getRunningAppProcesses	goldenburger.creapp.com:Metrica

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

Processes:

goldenburger.creapp.comgoldenburger.creapp.com:Metrica

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	goldenburger.creapp.com
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	goldenburger.creapp.com:Metrica

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

goldenburger.creapp.com

description ioc process

Framework service call android.app.IActivityManager.registerReceiver goldenburger.creapp.com
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

goldenburger.creapp.com

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo goldenburger.creapp.com
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	goldenburger.creapp.com

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	goldenburger.creapp.com

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

Processes:

goldenburger.creapp.comgoldenburger.creapp.com:Metrica

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	goldenburger.creapp.com
Framework service call	android.app.job.IJobScheduler.schedule	goldenburger.creapp.com:Metrica

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

goldenburger.creapp.com:Metricagoldenburger.creapp.com

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	goldenburger.creapp.com:Metrica
Framework API call	javax.crypto.Cipher.doFinal	goldenburger.creapp.com

goldenburger.creapp.com
1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4314

goldenburger.creapp.com:Metrica
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4355

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/goldenburger.creapp.com/no_backup/credentials.dat

Filesize
233B

MD5
c43348169afa02dd07440ab48754bb38

SHA1
1731982b8be7dfeb5ae8b1b349767865420661e0

SHA256
08c2283f8e056b817ad7a8ccfd4dc8d5ee3aef7649fc11a8b0b80763db80f79f

SHA512
43c377834458c36701bb5d195b5a65496ff611f4f9443234224deeb16a7e313c1f75cd7e6b848e5c20fe3f5708366ad2f253f313b192e10263ea5b4eaeab85a3

Download Submit
/data/data/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com

Filesize
36KB

MD5
0beef292b304a6579e28dbaa34ca5bb9

SHA1
5b5e00ad304bcc3d80309c3f1875627c4165c099

SHA256
ced8da0b123e4eb9575afbfe32bb1f153e2205e3cda1357c035b02771beb7635

SHA512
6e673604416953012c5e1f4812b7dc51c80516bd152b75991ea1181d38f6852adc0e79d0448138843facc6cc601fb653a6f0cd8734d6c11a7cd0734bad04bdad

Download Submit
/data/data/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com-journal

Filesize
8KB

MD5
90eeb712eb3ca0e5e39856f5ef75d3ae

SHA1
5f3409fd406954065ed970c3c84da8c83f70b576

SHA256
5e7d0eb988173fc76a65cb8d626e7a6920bc09ab4f3beabdca008a020433a4fe

SHA512
02fb8d9c60ad248a4ded6d088f9baae12cf42d5946993bdcfa88b3d7b043e119b6448db5a387dcce9faf3a89a37cea16fbae3df9936811bd7ed7c23dc38f8dee

Download Submit
/data/data/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com-shm

Filesize
32KB

MD5
21f6c8f1b60dd461d5d4e4e94ae104c5

SHA1
a1ea56be99bbe1ec29349946bbc1cd27c06d2c03

SHA256
342058a971026a45399f9f40def212d9343c9195f8134f5f82254feabb160a13

SHA512
5cabf9a92e2075fe57bb8c2c776e950441727ac6828e5d14df365752e56bd6e9d411f120917e874f991b826df46b529d49f40c65bd2df2f0ba945d5305a5bb3f

Download Submit
/data/data/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com-wal

Filesize
406KB

MD5
eb67e2a1f8437bd7585ab448bfbbdc51

SHA1
50acc91cb951e07e1b6896677b1ec1c3cf365a74

SHA256
4b0c824200fd3b66f03945f7c31b9ae697d0353ddfb3d49aefc118c309f00273

SHA512
9bac8c297c1250f2c66f95d13046d958da782f2b65e7b6207137a59089068146f7c17362d0df87cd92968b47a98c4cade03263d5b546d7410fbe982acadd6bfa

Download Submit
/data/data/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com_20799a27-fa80-4b36-b2db-0f8141f24180

Filesize
4KB

MD5
d01f60e06b185b79ed90fd969e3107d6

SHA1
894f5124b0b5ba338c40da8738641b33763c9d02

SHA256
5bb04e1bcf8ad27b3acbc2848e0a2bc71a57affc4b8a53a21d150a7ed9a09883

SHA512
a9eb72a9bb03ded52cd665b6a3a823d7f42d31c12e5943b5ef4da6ede822a7326375fa7b551b55a8480bd9fcfe3be6753367cc5891b135a0a10130da10603558

Download Submit
/data/data/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
512B

MD5
c4609023c9ceddf10e7c5922ee499c24

SHA1
30f7aae011a847c5cb4c984f73ccf44ef9a0b5bd

SHA256
2ede7fa6a7586e0463d24d4a7200ed59ad0429d2d2792179df12a024603a6666

SHA512
1bf05544d253ba1fad42d13e635c601509af61be76b0a0eb245db7adf5da3bcc94f5f741f2c60b7a1cae1c9ef286107eeec1410e7682b19e5e988ac98aa361ab

Download Submit
/data/data/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com_20799a27-fa80-4b36-b2db-0f8141f24180-wal

Filesize
156KB

MD5
c38d2a0048940c7fe6c7f196283c66f2

SHA1
544fbe700d9530967824b6cd6078455b5a670679

SHA256
d21b8e95b22810a097cbbe5211dc8005c69d70c291839fcea77506b9a5e1d57b

SHA512
c32840b0be2059c283914a987db7e5c7f89a7d4fdac8ae53fab7c079d732d6af56a6d6f9cc70ddc4e96ba0f54e3b11a22554f49a51136bd0df1a90aaa58ff4f8

Download Submit
/data/data/goldenburger.creapp.com/no_backup/metrica_client_data.db

Filesize
20KB

MD5
36a75a8bad06e95bab46d80aac05f30a

SHA1
7c2ff325117598b8b6d7926f80ac1adc595d4f03

SHA256
49a795ba6a9292848c2b6a4d95fb2b8bca49abe88e9c70a3a47025d97b394544

SHA512
6b44f67a1814ad476a836d5fc04a8367d0d88c79dafba43b574aa2a70bd5975711f12a49fa2ce1a1122e43c400262e8791302b1325e7ff849283f4f5d3250646

Download Submit
/data/data/goldenburger.creapp.com/no_backup/metrica_client_data.db

Filesize
20KB

MD5
e4952c6b5e854c1f718a39ef6815f868

SHA1
77b058be8448c2076eb563013b0ae7c3a2e69202

SHA256
e62f06a3401f8520832e1e8e51cf2cdef903989fba808831786935f0c0621a4b

SHA512
83ace627458ff48712ae299959275646a96d706caf19c61ced54891db02c940e4c912b43e99dab5f4b66bd1e76ffa4c7592024670eec8d556d97fb3a79a6b589

Download Submit
/data/data/goldenburger.creapp.com/no_backup/metrica_client_data.db

Filesize
20KB

MD5
06956fcd61dde81412cb470eaaf15574

SHA1
d2c4ce7f735d5f7d834928e5e1b1e635d1edeed0

SHA256
3dbf28ea5983f0dc2d1f012b666219bf75e7e13ed73de897a9b68cf6bae2a20f

SHA512
8116faef3c3ddf6433dedc38420fe569e29a884cdbd7dec8bf454a22db41f9f5fd80b14a5c36a2357f9bc448024c77f619ab6f1a0b71fd2a195334b7d4726ba9

Download Submit
/data/data/goldenburger.creapp.com/no_backup/metrica_client_data.db

Filesize
20KB

MD5
9b5d0a2c15f70d3cae3263bcc3fb959d

SHA1
9e7c248546feefae273923bc67be3702e2c26040

SHA256
7d232a2559da1c13fc9ff5603054de08ecc8337bc64454e19aba3ebe29a72b9d

SHA512
98a059da1b6198609348bf7f146ada12f1b660f1e2e6f8a3e047d99f18543a4a9be07c7439ee04c1f9ce4b22defc3ee5685bac9aac9227b3de95f1d4f3bc454c

Download Submit
/data/data/goldenburger.creapp.com/no_backup/metrica_client_data.db-journal

Filesize
406KB

MD5
efd8d5794a1ff0348d47a6fa75bf4d53

SHA1
611c7a4b8b6793ca36bbcc6f650ed94118982b3d

SHA256
3d1b3f96b7ad542eefc5f295b69a678b4ffe75c4c0ebdf46a86a47cf25e37c9a

SHA512
24180ca00f7f0cd8bc7bec3f66ba5497928ed6e0cd1fea6bf69d392063eb1ce475183be08e00222f227a79000d9e365fcc8e264fa10fc3b2db92b2160d1aee1c

Download Submit
/data/data/goldenburger.creapp.com/no_backup/metrica_client_data.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/goldenburger.creapp.com/no_backup/metrica_client_data.db-wal

Filesize
32KB

MD5
acd906c30f264c3365e9de9902f6c207

SHA1
35e4b7c096cf32f7961bbb9d87f7da1312c2cffd

SHA256
9dce82dc4783861e42c4e03df5f5a5ccb17a68affde11f4c292fdf560a08e942

SHA512
078d94f08d8399e082f06238e275a42e71d75fa61d53d0e7878f1c47abe7a1eb810aa6cfd6e3cef1258da7ab5c39c0025a105c1a508a662950bb050f375cd393

Download Submit
/data/data/goldenburger.creapp.com/no_backup/metrica_client_data.db-wal

Filesize
8KB

MD5
142c25defcf7e8413268af7050869996

SHA1
e3ccd73d3cac714ca53920c6f4c00e2d9deb3985

SHA256
a25ed18970e77af9be9d45f4f25da0496169a01777839b28879949eaf1571d84

SHA512
6c395e47905c95fe7352a8cc6c4146d9bee827fa750ca5880620c1aebea682e68b76b4a435888f4983bda32cd7a529a2e0f7eec5b2eb8f5e1fe23f37138e07e6

Download Submit
/data/data/goldenburger.creapp.com/no_backup/metrica_client_data.db-wal

Filesize
32KB

MD5
9896dc795a8eb2557edd4d848e4a7863

SHA1
ccc6e0fcf4abc3213063c03a7b66b6e4529758b0

SHA256
1f8aac3a3a97ad2c6243ab21b7226a08cad020fdb1c4605283278ef328f39e3d

SHA512
25fcd5f32ce77f47fd470d76d763edf7093791087879589e4b9df01524d4593bed7cc355d55e8b4f48877228bd2977b622c26b530ec1eedceef7943b331d4243

Download Submit
/data/data/goldenburger.creapp.com/no_backup/metrica_data.db

Filesize
44KB

MD5
4c55ca7199eb4d415d47186170e8c623

SHA1
ae812270ad92d5b0c3e70eb0041569277a98fcd6

SHA256
17fc969e3c36de8c83432666b84015db8be91ad01bbd647c9921425707b5f034

SHA512
5243bc266304974c37dbd68d6aa7ff48b9ddf37574327ef625c8ba4a0941d5b970373e1497707a744fc4cac40a7250b6445422b16696187111805deea2fc7ff8

Download Submit