6efad4dd8b7cc6cbae55b82e43bd2e58ae3735b83bcdbbb38fb1914599b5119a

Analysis

max time kernel
178s
max time network
185s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 02:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65a8d1093c3ee36dc03a5a4a7e34e2af_JaffaCakes118.apk
Size

3.4MB
MD5

65a8d1093c3ee36dc03a5a4a7e34e2af
SHA1

8250b36bfbdca79c0f7ffb57984624a1296c1964
SHA256

6efad4dd8b7cc6cbae55b82e43bd2e58ae3735b83bcdbbb38fb1914599b5119a
SHA512

e0e59a0a35f3c3c8526dedbd3ec22c8ffed0014c223b416dd95bd1f0a519e725d558d40d90ed485b41fb057fb2c39345ae341306457d6a91d1668b4c501f69c5
SSDEEP

98304:GFGrWtKmV8XpTEhycjyx5PYFGSygPBm/Y:druKm2XW0cWvgAcmg

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

System Information Discovery
T1426

Processes:

com.ordrware.breadandbutties:Metrica

ioc process

/system/app/Superuser.apk com.ordrware.breadandbutties:Metrica
/sbin/su com.ordrware.breadandbutties:Metrica

ioc	process
/system/app/Superuser.apk	com.ordrware.breadandbutties:Metrica
/sbin/su	com.ordrware.breadandbutties:Metrica

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

com.ordrware.breadandbuttiescom.ordrware.breadandbutties:Metrica

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ordrware.breadandbutties
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ordrware.breadandbutties:Metrica

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

Processes:

com.ordrware.breadandbuttiescom.ordrware.breadandbutties:Metrica

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.ordrware.breadandbutties
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.ordrware.breadandbutties:Metrica

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.ordrware.breadandbutties

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.ordrware.breadandbutties
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.ordrware.breadandbutties

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ordrware.breadandbutties
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.ordrware.breadandbutties

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ordrware.breadandbutties

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

Processes:

com.ordrware.breadandbuttiescom.ordrware.breadandbutties:Metrica

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.ordrware.breadandbutties
Framework service call	android.app.job.IJobScheduler.schedule	com.ordrware.breadandbutties:Metrica

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

com.ordrware.breadandbutties:Metricacom.ordrware.breadandbutties

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.ordrware.breadandbutties:Metrica
Framework API call	javax.crypto.Cipher.doFinal	com.ordrware.breadandbutties

com.ordrware.breadandbutties
1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4299

com.ordrware.breadandbutties:Metrica
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4339

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.ordrware.breadandbutties/no_backup/credentials.dat

Filesize
233B

MD5
979c4c4841d13e708095679575d4d1dc

SHA1
4db93748164def6c799f3576a2b68f48ad3120a4

SHA256
6f4383d8e43aa894815bef1f18d2422ea002fae5ce884857c08c46f4615f6cb0

SHA512
885ee5dd7820faf49f0cf2c1468afa01bf2387fa096e4f9d57ec108144735145fa996c0aa58e587055f2379d3155b958c42856c20dc3679a3ab0e3bb4bcf32fc

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/db_metrica_com.ordrware.breadandbutties

Filesize
36KB

MD5
aa3b9a7fc704441cf182f48e8d38a492

SHA1
2b0ef3b0e6834b28d7ea16beb6fa37762e4211ac

SHA256
bb86192294f7fbfd246226ba571c0c92ddcc89fe674963fc6b200e7f3b85e1b0

SHA512
bd69fa317c584fec1b4073d82a0e586019a9e656097d8190916ac67bc092527c8c2f1050da87a2b3ccdb974c0ce5b32cd6a1e40ab5351e09f6556ae93856db77

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/db_metrica_com.ordrware.breadandbutties-journal

Filesize
8KB

MD5
021ee3a3dfb6f48b2ec7683bed620265

SHA1
0b9b629babe81449ddb31ccfbd58fe2f58ea6859

SHA256
6ac9104f57a079159b4010a26fa703c4c7b37007e0608bcb9072ad199725393f

SHA512
226aa9af582e1473addac125559cf861c58846c4b6219fc1f0494e9e73f6a9a657888b73776f5db19d86649c406f212a3c95433ea06b1256c48393537abe2163

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/db_metrica_com.ordrware.breadandbutties-shm

Filesize
32KB

MD5
ec656cf718ab0104009c1e982d6dbd57

SHA1
15fccbe69c89b89bc72a4d8c1667b6a04304932e

SHA256
986e639af9cdd8d46dbd6cdbf1ed99a5bd363af8a01c9258dfdffe95c6d29687

SHA512
c1941400c2f2b070f6cb6c550d4088ea5d44a73e2131b7c8c0faaa1b1df2b8c67475f06111a37c6f615455048c6e934412cc835e8ad13f57f80262291107f7d6

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/db_metrica_com.ordrware.breadandbutties-wal

Filesize
406KB

MD5
2e15e607556f7c93b5ac4105b29d7ab6

SHA1
929819f9cc571ee780a32f14585f1f6d6d05f427

SHA256
b9f61a3548a1b82147415a152ae37cdfd0ec339bad94d0a7d91b5be95c37b28b

SHA512
f60377dbc998fa615beef8120fcee2e18f9699f74436f4c06ae3b7791fb24b58305954ef92704e5d6562508825f06bc605b44a2660eea2fa4309a6e78abf56c8

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/db_metrica_com.ordrware.breadandbutties_20799a27-fa80-4b36-b2db-0f8141f24180

Filesize
20KB

MD5
e8c06f53862d73c4742259900daeb7c4

SHA1
8fb7296dbca993d4d3bad13feb7335c89b4defda

SHA256
190e0807ae0159b9c4c9ef9a1be30d9f35a526bd0806e7144deb795ebd3c2f8d

SHA512
8980955315bbaf66a1476894ecd29295147763b05abc3f7937bac190aac93bb8a55139cbf28c9381a96d2dbe90537c031e08c703442117778e57a6812e65ef61

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/db_metrica_com.ordrware.breadandbutties_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
521B

MD5
bbc026f63542cd0932a1ac94462db9ef

SHA1
25b6c1c79fbe4e52705167ecf069b89c5f75f8f2

SHA256
6f3508985c145b1bced0fba3b859ddd6ddf4be7ca6ba0dffd6eb353512f22bfc

SHA512
8cd3f0a16532d8e2928ca015dc4f8bc58784e714ce132563fba3bbea210ef2e2ead1683c7bbb05ef1ee7d91d491dd3b725eb61f96883da36e10920bd8a02eef5

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/db_metrica_com.ordrware.breadandbutties_20799a27-fa80-4b36-b2db-0f8141f24180-wal

Filesize
164KB

MD5
2465be0f516659cf7bb1a230c1c467bc

SHA1
2f55bd03640b9862aa752e78e11ee2aee4eb0e57

SHA256
f5c9db5c5d22a3437402c05b7fdf0523f238e4b2db50c68a387d7bc5e0b2d43f

SHA512
d00fbf8b5772f6caf803a60f1bb2f791e80d4a9e93f0a7c967540110064ad65456f1f12b98af419d2e20f83f8534240bd6df7463598ec92a9e49ca982a4384f4

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/metrica_client_data.db

Filesize
20KB

MD5
721b168284f2f4ad11f6dfd4ca638477

SHA1
c7abc732e07ce99f01af5bb66dee4c38ea65a6f3

SHA256
0118fdbdc25bcdc0f9e38ec0863dcb4e463f2d610f428dda5fb746b6a39806c7

SHA512
0e3f3757413b8d8d668f06890ceb3a8bd8818615fabe74c3fa55c1d32a4e9972fe27a7d0883445af3445e67c2bdb0627dcc2d71298af7ae1d86f6b72e235d0cb

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/metrica_client_data.db

Filesize
20KB

MD5
be47e393b17436dd4010a94f84442a66

SHA1
ff0086d9a9e849e9dfa9d80cd4022e48f2a6ec12

SHA256
8bc7ddad6cf155868bce43514dae875c99fe8f1066a1632bb6f05580af84026f

SHA512
0e35088cd1cafe23436543d128a28d38a8f8b8c806873229a29e67696949acdd569d888a1c3a6d51596e8c0eaa6a35a0db919a5c0f2adbc92b45f909639dc50a

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/metrica_client_data.db

Filesize
20KB

MD5
44def4f6e42c3ec63f229d23af8c804a

SHA1
f5956d9295778b539bced03215343fd3cf7a9dd8

SHA256
882faff2a0f007164d5dbda7bd7f803306423b5eb48a88b1bb72bde65b77e50a

SHA512
a14770398044635a8a8fc0d59dc95af3a97ae78146a9ace3795d600a44098a5ff7099aa3d0ac40442f8ff8c5d3b5ceecb4b360bf47f3e8c7c902879e2e76228d

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/metrica_client_data.db

Filesize
20KB

MD5
e793e65ddaf422b6b751e2e1b4abb653

SHA1
9122cc8acd2632593b3596181f112258dae3eca1

SHA256
1c5b6f4cc3fd1f8df781eb2182f8e523d29ac95bef21e142cbc0ace5ccc2dfe8

SHA512
908480f831c6b84647cbf2843ae9535b914e8ed97cb4057e26f8a5c13dab7293b876e63d96d4fecd2584cedf3901550dc187fa1cff7b4dbcf43369cd6668ddea

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/metrica_client_data.db-journal

Filesize
406KB

MD5
88461044131c919119249feb586de6b6

SHA1
cadb457f31303172e664e670be5127faf254d5e0

SHA256
7d70226382809bc0e49bae62a77b2f80c8285251072f33602f4dcf3ef10ff358

SHA512
f3dd487c659fdf5b78c89d61129bc87aab369310e90073a012765403360a2be5bea58c97734d2b21337bfdcc133f91db9606387ac2415540aab3a8c02aface39

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/metrica_client_data.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/metrica_client_data.db-wal

Filesize
32KB

MD5
39a339147f2da163b003fe77f87e77fc

SHA1
0a4997b890c29acae03813c58cd67b8d78072311

SHA256
16494f65f9048ae446856572dbce0b129cc78394f9ad3fb724191bac760ea0b9

SHA512
9b1febf47fc5f8efbcac36524c1c2cd14637a98ee3cb531b22f811a70e66c0c51e73847d8c870fbf9d6cedcc531e3cac19ba03556fa423eae98d2ec02416e6fb

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/metrica_client_data.db-wal

Filesize
8KB

MD5
37f130cf3cfacee3ad8fc3a922306b01

SHA1
dcc2f72dc7a3b75abe7ce621c69ffccb764f2856

SHA256
52f4585127ca5bbde10373a811254e47de82a2e93a797bcc3ef3ec82126ed91a

SHA512
f95c68f8b8402f0f501924ce76fee79ba1371566a62ae950d9d0f21b6ac24ae964fe06e60cbea8bf2cd69c106fb95ee10d13c0596c55d9d6cf3992247abf18ca

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/metrica_client_data.db-wal

Filesize
32KB

MD5
b6a82bb39775f26da30ce731e7e68333

SHA1
c069aa76539b6111111b135cf56875ed53350d6d

SHA256
9dfa801b4ceeda09c5a8c1151298232d8743415dbbf67e80fa6a039f77eea48a

SHA512
af59356f453a3801e01613980c1f2818e29f8a9593684f1914125582ca1c6c623ff1b82a5849775158ac9d185a01bba4b2904e0fc86a1e9bf15f3b17901c59cc

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/metrica_data.db

Filesize
44KB

MD5
c85ed3e2adc50df301606eba0b9dfd5d

SHA1
f0a5bf0da63e0a8cb4f02acf6b52e4a0de42b627

SHA256
e13b0edfc9fed3d6402c48334277adb7300cce25663e31b569f4ed6eed84c5bc

SHA512
cef24081495126979c6fc7c17cd1ae79503395fffae4c7dc19a5cd8cb001aa5e22856d291f35243d704cc30b550ced8468218337b20e903bee031221e6ad6574

Download Submit