255332e2c8e6d37fbf83551dc3c9ac0d421aa1ccbd5b0d1effa66d303b672667

Analysis

max time kernel
179s
max time network
142s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
22-05-2024 00:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6549a2a7999b12d82df68e05651d098e_JaffaCakes118.apk
Size

3.3MB
MD5

6549a2a7999b12d82df68e05651d098e
SHA1

3459a09f7acc33d13ab644907807292bd7e4da63
SHA256

255332e2c8e6d37fbf83551dc3c9ac0d421aa1ccbd5b0d1effa66d303b672667
SHA512

0d395d9d5b76e2cd7f301bf622e53cd74c3b33920bb03d307ab2fe9b8ce255c38462d02c3fddabf5169b184492a0f3d7a4e90a6f67c63b9b964642074d4c03ca
SSDEEP

98304:xugfuWWFkFL7EBasOqFRl8Fr24J73DwpwOtywXN3XWiBj3h:xvLWOLpEcJpXg

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 3 IoCs

evasion

System Information Discovery

T1426

Processes:

goldenburger.creapp.com:Metrica

ioc	process
/system/app/Superuser.apk	goldenburger.creapp.com:Metrica
/sbin/su	goldenburger.creapp.com:Metrica
/system/bin/su	goldenburger.creapp.com:Metrica

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

goldenburger.creapp.comgoldenburger.creapp.com:Metrica

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	goldenburger.creapp.com
Framework service call	android.app.IActivityManager.getRunningAppProcesses	goldenburger.creapp.com:Metrica

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

goldenburger.creapp.com

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo goldenburger.creapp.com
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

goldenburger.creapp.com

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo goldenburger.creapp.com
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	goldenburger.creapp.com

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	goldenburger.creapp.com

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

Processes:

goldenburger.creapp.comgoldenburger.creapp.com:Metrica

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	goldenburger.creapp.com
Framework service call	android.app.job.IJobScheduler.schedule	goldenburger.creapp.com:Metrica

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

goldenburger.creapp.com:Metricagoldenburger.creapp.com

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	goldenburger.creapp.com:Metrica
Framework API call	javax.crypto.Cipher.doFinal	goldenburger.creapp.com

goldenburger.creapp.com
1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4637

goldenburger.creapp.com:Metrica
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4685

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/goldenburger.creapp.com/files/ZPkFS.log

Filesize
12KB

MD5
64a35f8280b911eba82cc4304e1974b7

SHA1
a30e4e5ce901d152aed67b0c8265340354952747

SHA256
694ab536a513238c06f52590ccdd69f60163bf38b0ec8258ad0d4fb9e93d9b7f

SHA512
30809d65a988aa1eb64a94c11e0100dadda99799ea52d5c1958653224e0bd3eb897a22c97bb401f010c6b03a061034fc5f3a7b528fc774c7e116317e4c91d3c3

Download Submit
/data/user/0/goldenburger.creapp.com/no_backup/credentials.dat

Filesize
234B

MD5
0142d45a12207d6051113d971853f2c9

SHA1
6b6cb805840c8722b02279e10fdf25dbd1edb3b6

SHA256
94bca15e1e62fd5e713a6111805f8499b934a8f6c43a485ecb2302e6fa8e086a

SHA512
bd55a0f9cf4b0a664ddae64f667f1046e1d2083df93626eacd82b9daa4ec72a63ae88f20a525b97e14f7512f357420cb60abd0ac234d4b6ac347a2326385bcbe

Download Submit
/data/user/0/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com

Filesize
36KB

MD5
95c58ffc710ff38e7a7231d87985b122

SHA1
48b6cf5dba550dbf2199e041f4e815ce3f773c4a

SHA256
283cf7c231a50a0fae8e9d595a9ba8b4c3e11103ac3ff13894af105bb6e9acbb

SHA512
1a9515964677784d0396e9711ff7546671fe6ae0f86d6e03a10a41d8d91805560fe9337da398cd2462191676880a1499c12aa859bcf3382a0178977ca04eacff

Download Submit
/data/user/0/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com-journal

Filesize
20KB

MD5
0d5e743ea9cc2a78665f43179d57fb75

SHA1
bebe8f32ed17bca66e961f47a23d90f35ed91372

SHA256
3bb24953ee3c858e834513e9975aa549ff6675c91d30764f9d34d4295faf1054

SHA512
b72e7ac0b0445e386006a5f4202e6cd91f735e5407611d666f9e5165f5e95144cffe017760b0117750cb6fbf0e95f29591c3451fa0013976accd4c334d8d46a1

Download Submit
/data/user/0/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com-journal

Filesize
20KB

MD5
a8d586a41ba79006946000e9e45900e8

SHA1
ef6043aa1438021241a9060a4ab27ead86a26fa8

SHA256
e10537291fd022f1dc32b1e06a4bfc95e387b2005e0214aaa39dc5453132a9f0

SHA512
1791cb4da0f6570d1ae9ef24262f5614b93ea6d6709c03d9feee84790491ccce9c60ad743ca6524050ec38b32d6a153fd9222da51c317dd41a84447ed127c5df

Download Submit
/data/user/0/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com-journal

Filesize
8KB

MD5
feea29173a04577f1de7f7f36ffe159e

SHA1
857133dfc068431995c4a844c57351f89f969435

SHA256
f91199e5ca44b3456d34f439e9a63ccfee5335bc94cd5278c1e955142b871cac

SHA512
ff6a7217aa39b399d7bdf7b38f5c3532c8e140a28b41c914f6baad53449cca5d0711940efe10ecf39567c56edc353173f9651d7167aff68d30bf9b0fbb0db1ef

Download Submit
/data/user/0/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com-journal

Filesize
12KB

MD5
5a749c8aae3772b2aa165ecf76c1efd8

SHA1
4c2e471bcdc8855807ec2553705a20ebfc8a0640

SHA256
bdd4c81c8e1ca03e1b9ec3fe2a8c3d281738862c3771506813de001f5647c223

SHA512
d20cc82d9455add0ae34100749fc3171873f2acad070d2db10587e4d5a982b0faaba6bb6334aa702cda26261691947439973c98a5f33f9d6af626ef76d1de7fd

Download Submit
/data/user/0/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com-journal

Filesize
8KB

MD5
122bef32ec61d3aa671fca48e340dbbd

SHA1
5bc5a51edf223c348c45a672bcba70c47892e569

SHA256
f4d5db6877f48f4e57396426b94070740d0702d4f798241dce806d901380fc58

SHA512
5d58904390ab562ef11270f38d2a0f25ffe37cd2d77521d63ebeb7787caa553a8c5745ea1d574fe592448698ac02dc2939ff27b8df7a510014e58466abc6b30f

Download Submit
/data/user/0/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com-journal

Filesize
12KB

MD5
5c37070d933804e2de99b160d0a11110

SHA1
2bd81527f9f5dde2c9ea189ac7a9e1fe607225d1

SHA256
a3947a761e926c909b2da9e582d568426b8f19b9458c58dd9131daa88b6feba2

SHA512
d8d4afd0e068541e0345467d48d71b31d8e82c39f2dc0f673191e0ff6d1d7c591ed41b3ffb51d389fc7b999afd26638c62229c17b0ed8d1d9d5984e57f39a96f

Download Submit
/data/user/0/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com_20799a27-fa80-4b36-b2db-0f8141f24180

Filesize
36KB

MD5
8529446573929af039129d4320ad43af

SHA1
c512ed576029f07c2f81c220641dcbb566868cae

SHA256
f2b48118014b4b5d53c46f533549e3dddbd67df6c397f610dc643db88dd391a1

SHA512
9e236e2a7d521cb44911329551e6c44c8f1a2103161e0f5eb030c12a9589ff736b43190b2645f25d691b2309393b0bcac98703107e6c4b6dededd3bb2944bac5

Download Submit
/data/user/0/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
512B

MD5
e14c82d823e8af41774cb1d5e8d6a0aa

SHA1
41759ca49c3ac10b8d2e2e377e70bcf27126822a

SHA256
72ef236990aee389ec0992d67ca7cfddf7e45a1afd4bd6b4d927b6802d04794a

SHA512
e9e76bfeefb91cab01c33231a6967fa14d7b63985c2393151c90bfdb13ebb8aa69595a62b56e50ebd1f341c80d999a6e8eca16fffd0037e6ab3662ece41f33f0

Download Submit
/data/user/0/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
8KB

MD5
63fb5a05dc0c0fa1a5e6f266d49228bd

SHA1
6f3671f267d3f99abb08f4facaf53f97b662fe54

SHA256
1c7a5cfc00ed8db8364c811f04badcf1d9907985b06193e01444806b5c9d6355

SHA512
f8eca4b463a50c58aab27a9500c13acfb9b5e2e79950b6307940ef0c6684e447c0d43f0645993024c1e978c2d2dff8eda89175ee9efbb66ad2d2542663a7360d

Download Submit
/data/user/0/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
8KB

MD5
f9864907476862d96c100fc92a540188

SHA1
aa248e8cef8eaec544645dfc25a4c4681b77b7a8

SHA256
493463365464f4ae5b90523946ba35447a62469db2c3c63743daf675f1cb5a53

SHA512
c9814ca53b2e453f47a045214ffa6636c3613bdab5a9300f837463c536f23dfe165e1c24fa9bf18ba9508f62e034757f7b457163857c4cee59ee271bef9cd243

Download Submit
/data/user/0/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
ff8d80ec0834a099af04f12011fa1684

SHA1
df217ed2436d3c494bce8dd68b37f3f098844bd4

SHA256
613243f049db30a4be6fa2b945c5a2ef53bed269ab171f9b57bb220e4f41faa9

SHA512
d519da2f721a9bee9a627d016ee82bb6e5df8bc0455eb8ea024fe53ef0be29e46cf7ce29a0b906ea0ac8cb96fe64be3d89f845aa5255ff0188b71aeb6318afdd

Download Submit
/data/user/0/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
8KB

MD5
60662084ffdc060ded90aefc9539cbfc

SHA1
18016a248f1c7c4d84b327c50cd9043266bab712

SHA256
b788de100580cf4161b576858561eb67913d9dc2d562040d4cd838842d180246

SHA512
28238124325ffa98b142e18967cf3a524c0505bf3b8803f66e46216fb7f4ae76a25fca33df856ff0e448f9b4a17499920990c5488e8eb792eaa69050790e501b

Download Submit
/data/user/0/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
c5d148b2e21d2691337976d8888d4c91

SHA1
c038f23a0358329c148be44202f07aeade84e1ff

SHA256
27a7f939e95b4cb2cf29597dc687fce3413f4e8b8c21bdc2fbe9e6e79cdfdc0d

SHA512
5d2d0c1a28be4baa7edb744a45f8c4a652452cd188c80fdb861a02ad1d04a74e38e081794ca27691caf40518a4261248747eb4b38e6044ebddd5f7a8c31c4183

Download Submit
/data/user/0/goldenburger.creapp.com/no_backup/metrica_client_data.db

Filesize
20KB

MD5
194c6d2f420b2a6f6dcd2bba9fd743c5

SHA1
455cacc88d561d979894d69d485c64c496c2679a

SHA256
e83842ac5d7c65206b1ed1d1826f5fbbbc3fbd79ad610d1bb1a28a37b0f0201b

SHA512
cc13757f2637fe9048ee886a621dfb7806cf00fd20e1a3ffc5840940011c4c3ccbbdaeaebd54442ef7c59e3923b1c1d1afee87d8976e04ea4c9ba512db8a3a78

Download Submit
/data/user/0/goldenburger.creapp.com/no_backup/metrica_client_data.db

Filesize
20KB

MD5
e5639b469346d3d19c79ae3bdc2f4a9a

SHA1
b4d9041b94176f65417e63e77f0f324b81e8dded

SHA256
cf283c9f2c282ef339f1ac0c4eae7d6f44f86bc1744cbf8a9b5703edc7368aaf

SHA512
273aa09cf7f4de26661bbedf2ecd180b5adb537022cd824d2185beaf7eb1784bd1ea1f1f22c01e4762729bdefeb81964f1a47f13e90b883beb27ce7c8d1f03b4

Download Submit
/data/user/0/goldenburger.creapp.com/no_backup/metrica_client_data.db

Filesize
20KB

MD5
d01115ab3b3ab6cd76adfbc07994cd9a

SHA1
2e7e72949ae2c3c9fc3faef4ff50f29153ce10de

SHA256
477bd41c92d45d060b57856b501048725ba8cd344d54d65459d2f6a0d5c38e68

SHA512
bdf67bda728f6ba75d0f993d24b0feb954d5cbc369d522ea553400482ccb65ed6c9fb042608d7ecb2940bfae1df0e47a7cdb37409561581c8aa31a774334092d

Download Submit
/data/user/0/goldenburger.creapp.com/no_backup/metrica_client_data.db-journal

Filesize
8KB

MD5
293a80de874f98c39414c99fd5e3d30f

SHA1
5d2ff0bbaf21859742a6e7ff53ded4e855199728

SHA256
446e0573de708a8d93db1fcab51f9bcc3055a095c3e3693cc6c67a96a2690c10

SHA512
bdc01f8ba1db463aabe70706327549d13b2724ea6de2b23a818661a4ef33b10cfb806255f530c9f326c44156e5bae5b06fc9822f04253c1e88827930abca081f

Download Submit
/data/user/0/goldenburger.creapp.com/no_backup/metrica_client_data.db-journal

Filesize
8KB

MD5
07fe910634528551b11ddd117f84380d

SHA1
499e15f1ba90d98fca83b08d8e8353dd98d2bd93

SHA256
403511a3795b51b9fe14b59d78fa26ad9ba8ab56b2abf1788f2eeb016c4a20d0

SHA512
e16ff646b9398a51a72365f7a3b48067ee0ab76f1bf31d7ff16680a8823be0f7647a54a7d4d1dda3b3b4ea0cfb7c82492841b8fca489fe92434481fce815e2bf

Download Submit
/data/user/0/goldenburger.creapp.com/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
968789c442be3b6e5711b861dad5ec0e

SHA1
d2051b9475217c4ced575b96978d7e20e56eb5c6

SHA256
a70ddbf3c3d3e68ab6985e8f7870f8b0be2af6aa062c5cef300b248eaea040be

SHA512
2641a80554a8500d1fb27d329710c104039294420a9916a813f180de2f18f1f698f40dd7b2221e7cbbb6a75f46ea428b2b0eb7b61eafced6556c8902c625e611

Download Submit
/data/user/0/goldenburger.creapp.com/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
3ae42117985ee9805839d6bb1fbbd129

SHA1
867354794029f4e0d7a01923bf28bbaf8dfafe96

SHA256
1ccba4c1bcde32ec73507659656a0caef70d7d20545572d0bc6c594e143a1db3

SHA512
54cdc207ebc7b66bbf8ebbb7f5e8479b7d3b18ec3ea59badf3b19cea924f6ff4d9ddc028c611a028702f5f4566f81faaa4cd10e90ade2550c5ac5b64da6ff5d9

Download Submit
/data/user/0/goldenburger.creapp.com/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
9cb850d7580e8bd901b6e3f564f9ad6c

SHA1
bab21ec96ef1637dd9717e9c2913643698f9d9be

SHA256
96b1126e2fe2097c6492ba0d9a30c5a76cd07a18151580f35d7c4e34ef0c56e4

SHA512
ba07bf3cb73e9b560046214e065d72ea32f2cae6473f3367e8d56b752bfd138de05f4ab82e3992bbc7103d973abb37b2b51657434d9b3b8a2d8163366f9c0d91

Download Submit
/data/user/0/goldenburger.creapp.com/no_backup/metrica_data.db

Filesize
44KB

MD5
cf70258cd8e73514a8c89e76e6bc4fef

SHA1
5fe1ba9f1a6002dd362675d639fe80ef429a3e02

SHA256
2fb5c6ae3024e62db8f9d10a2b931e0a58ec67d66e899bda54ca1424e700489a

SHA512
59665ed6c1d96c105a81c09116ee97426c9b1f0355564dac290a2ffbb0522e2584a23cd77bd5c72c064e92d64fd459bf064178481ef53186dd121c671fbe3978

Download Submit
/data/user/0/goldenburger.creapp.com/no_backup/metrica_data.db-journal

Filesize
12KB

MD5
4ec8e66ace8cad193bd3428a873695ee

SHA1
f1d101e00cb75bd498840f0a1257a901bb8c78f5

SHA256
966eb5bcd3a4b517b79a45d0ed2845fde4ad84c7f29501dce6c847a722b3b264

SHA512
2a81efe735980aae7b5460ac9fcb764be2f6f824fb185f505d929dd854eb96bdcc3d474f6013bf286de172418383f54c6c559cf3f9300a688a7cf41e9bccb088

Download Submit