6efad4dd8b7cc6cbae55b82e43bd2e58ae3735b83bcdbbb38fb1914599b5119a

Analysis

max time kernel
179s
max time network
149s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
22-05-2024 02:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65a8d1093c3ee36dc03a5a4a7e34e2af_JaffaCakes118.apk
Size

3.4MB
MD5

65a8d1093c3ee36dc03a5a4a7e34e2af
SHA1

8250b36bfbdca79c0f7ffb57984624a1296c1964
SHA256

6efad4dd8b7cc6cbae55b82e43bd2e58ae3735b83bcdbbb38fb1914599b5119a
SHA512

e0e59a0a35f3c3c8526dedbd3ec22c8ffed0014c223b416dd95bd1f0a519e725d558d40d90ed485b41fb057fb2c39345ae341306457d6a91d1668b4c501f69c5
SSDEEP

98304:GFGrWtKmV8XpTEhycjyx5PYFGSygPBm/Y:druKm2XW0cWvgAcmg

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

T1426

Processes:

com.ordrware.breadandbutties:Metrica

ioc process

/sbin/su com.ordrware.breadandbutties:Metrica
/system/app/Superuser.apk com.ordrware.breadandbutties:Metrica

ioc	process
/sbin/su	com.ordrware.breadandbutties:Metrica
/system/app/Superuser.apk	com.ordrware.breadandbutties:Metrica

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

com.ordrware.breadandbuttiescom.ordrware.breadandbutties:Metrica

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ordrware.breadandbutties
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ordrware.breadandbutties:Metrica

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

T1421

Processes:

com.ordrware.breadandbuttiescom.ordrware.breadandbutties:Metrica

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.ordrware.breadandbutties
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.ordrware.breadandbutties:Metrica

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.ordrware.breadandbutties

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.ordrware.breadandbutties
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.ordrware.breadandbutties

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ordrware.breadandbutties
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

T1422
Reads information about phone network operator. 1 TTPs
discovery

T1422

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.ordrware.breadandbutties

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ordrware.breadandbutties

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

T1603

Processes:

com.ordrware.breadandbuttiescom.ordrware.breadandbutties:Metrica

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.ordrware.breadandbutties
Framework service call	android.app.job.IJobScheduler.schedule	com.ordrware.breadandbutties:Metrica

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

T1471

Processes:

com.ordrware.breadandbutties:Metricacom.ordrware.breadandbutties

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.ordrware.breadandbutties:Metrica
Framework API call	javax.crypto.Cipher.doFinal	com.ordrware.breadandbutties

com.ordrware.breadandbutties
1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:5157

com.ordrware.breadandbutties:Metrica
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:5211

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.ordrware.breadandbutties/files/ZPkFS.log
Filesize
12KB

MD5
fd496b5e1d6d8a97e867a1a892d688b2

SHA1
6162f505ee0befe9e8c1588cf9bb8db7fcec73c1

SHA256
49c3af97bc1b68b8e5245c6779873af666b1622b96634517e423a3199d88a30a

SHA512
c4103e25764048a472d286aa1c29a18469010736eeda0cc0035aa603f9b8e741e0e937d5855c39660c64f3f2d1b6c7cb9dd039681c227c486b8f3e2d4af906d2

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/credentials.dat
Filesize
233B

MD5
08bb31e03e2c3b1609d492566be71e08

SHA1
4bc986f7869a174c4f60e3b42baef65ec813b327

SHA256
b6e97bfb4d1982e48fbde6094cdecd7fbf4ec235c7485b63107ecab44a6a3ca1

SHA512
7057e7bdbf41a91a86f7d222b4a2604f2d8881aab5ef42e779efaf17bd0078e1ca160c3937050a04a5c4ae59667f3f2a7be99e1c20772afaf366fd517c912023

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/db_metrica_com.ordrware.breadandbutties
Filesize
36KB

MD5
3d996abf09aecc7ab3f0622eee0eae87

SHA1
f81a338cd26a93002835f60d35338a83aecb981a

SHA256
614d3c7d0676890cd124a35c43856781e20b4b0ce65090daa2902994d7204fc4

SHA512
04c196ea77557e57033ed46529ac1b3d5906dc5c22dfea92891fc7231d35d673a3ca2f08b6e42104a0b23be8cd654b61550f6e16c75dac94f327c9aebed44101

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/db_metrica_com.ordrware.breadandbutties-journal
Filesize
20KB

MD5
0f2ad6549108bba6955573cbfc612eea

SHA1
d72b05d393febffda7f82ff39d1f06ab9d2aa7a6

SHA256
ab141f4f2f336aa947f49c9eb45423590a56441c1750994dec33285e38427d02

SHA512
d85fb86e5f1eb20884abf01050b103d7fd26c424e2cf2fe6851fbf649d9b74f2117b96b494de1d86cfe924b2f06283d905dc070d6931dfef25263fff6bcbe335

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/db_metrica_com.ordrware.breadandbutties-journal
Filesize
20KB

MD5
97ad6fdd571e39b9d9cd9efda882bf65

SHA1
7352f31319c82fa8d87f833def2b900b3c8edd16

SHA256
078910b432fc81019748c35d9496f64acfd36ab00770da9b9bc4cafcd38d9cce

SHA512
e100e23a1106fbb8924ff2319f2ea95f42a2be5e19dc41bc4d06be0c5e17e1e7687199e293594d1b3c552f9a1a1a1e492dc1928a2806d3fc7098cb8c323bd960

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/db_metrica_com.ordrware.breadandbutties-journal
Filesize
8KB

MD5
485f44ec02a1b5e8d51f1f5aa1c45f35

SHA1
a458f1dc58d4f23530a27f9f58445f7147efce92

SHA256
8fdd43f76830e9add359a96b2d1a98990f5b4b1d2957dfe6d4eb1dea3ac6a8b2

SHA512
7ecf4e62b29bdc99260099b75dcd4dfe69e87394d5123225eb10f85f23bc60ae7679f5c5f97db566b5b735362d2581203a1c4441701ec0eb9147a6301672a9d6

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/db_metrica_com.ordrware.breadandbutties-journal
Filesize
12KB

MD5
dc936d92645d22b7894db7242c5beb0b

SHA1
eb5bf90abe2772378dccf786c7ac69e8e63d186c

SHA256
1e9669c585c1815be7ce44c9128542d937d942d99ebf1eef5e170d8a5f2bc641

SHA512
c51449198314fd6255424edb689f204df8cf7708c03c7fd586f368870e82a4445c5042222b3ece4abaf58d65b1c6ccc7153877f9192a465c503e42b19349ef3e

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/db_metrica_com.ordrware.breadandbutties-journal
Filesize
12KB

MD5
44caed82b08a529adf791cb29781da57

SHA1
84c5212f48083b48b16db2c4d359af523a7b9292

SHA256
491d0e07952b9727e125024a23b8e9bddcc8f4426cabfb73d7a24e2df490d2d0

SHA512
883a67eb824100d57aff03dc75b09ea97582ea9833c4ddc430f32d0c861f930d09c93cdce9578a128ede088c90a85f8f82c0c9d5c7139307e012e38cf9221483

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/db_metrica_com.ordrware.breadandbutties-journal
Filesize
12KB

MD5
8dde358b44020747b6fed9d6d23102f3

SHA1
a6b7bfe52ca221c3529f4d10c50cbada7f2506ef

SHA256
844ffec633a4b2f8b09e67cbc69cda97c06518e136c81834d7e8d37a36679117

SHA512
94797ac4e78fb4d130b634bd69bf842dd1617663208adb2e460574961294b7a7c60c13dd9dc2f070ebb16df1273a387553d5d86e7394b31daa13cddddee90297

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/db_metrica_com.ordrware.breadandbutties_20799a27-fa80-4b36-b2db-0f8141f24180
Filesize
36KB

MD5
bd313f8ed0ee94dfe3d0690a81b9daae

SHA1
1326989362c38382e0b268469521a165f0f08c8f

SHA256
d6e61a1b168578ce139280770cca24456a124f9dbe96dfffc93e5225d4ddc2f9

SHA512
91733811d6c4c3b77b1a3ba1796ccd3d53e0bd6cdad639d5f3dbc86d0f1108257b1d22ffa4a84a93f7a42aa72a601012347607281143709f0589468f14f85618

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/db_metrica_com.ordrware.breadandbutties_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
512B

MD5
9c2eeb66acb8e7c9bb0ac912dbeb6329

SHA1
bd368095aa4642af2457202e8b1192977f8757f8

SHA256
f0c01701eeb3f31aca81fabc24bc557b72deffe22f865c2bb970eac9f911ccf3

SHA512
dd1f1d9967148cb249eea4e384b15aaa09f2cf9dd970148fd6509cee0425baa866fbce19b3d3e833d55b30cb802b15d858f0f2898a6df34b4a5e4532e0786815

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/db_metrica_com.ordrware.breadandbutties_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
8KB

MD5
2ec4aa8e82141a2841c79f1811d0254e

SHA1
7d96c5f3be8fd3905699f80420e3524550fcaebd

SHA256
cb5b95ee4b011f75fa4ae24cd429e8a9ca94dad6fbe7e2a95f1121cbb2d63d73

SHA512
a60af9493a9abe0ae4f8a84bc4349afe3396597ebab953565fc48d1b7c3776ae4d1f38a59f7fe5ef977a81793fc6b63a10c98d52c62dc11ca72637b1bb44c235

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/db_metrica_com.ordrware.breadandbutties_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
8KB

MD5
e783f2cfa415fe467f8b1dfe3436d5e0

SHA1
5e78fab5b2c74e3117cea7ffcdcee1ccdf1f17b7

SHA256
465ab07f672f4dd755d35157ca6771e42ebd0e67864a8c0df16c134cf95392fb

SHA512
f21dd5277971dfbaad0cba9efeda1e9f306265ceccb90583c68173120d8ddc78f63dd8ceb255dde0d8de2e28b0864ea5ecbfb55919b7e13433b9ea96f15dc6ba

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/db_metrica_com.ordrware.breadandbutties_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
12KB

MD5
a34b3a0123da9d820056571ac90377f5

SHA1
d459964fe6873528da2c0231ec39225899b4cf04

SHA256
7d68f18dc645b90d4dcd4ad94a36bf120b41ffe00f0352ddc039e7f79be0a4a7

SHA512
4dd92ed2f648c0108b45cdcfb37039e736d8779d905c54a262b9a95958d83e48630c09a8faad182267403acee52c1576212e24c9623178c2bca83fc687ac9916

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/db_metrica_com.ordrware.breadandbutties_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
12KB

MD5
cb447c3c2a63d817c654aa6a383bdbc3

SHA1
5bf65f77b212a3daf140159bf0ee20954c3a9793

SHA256
3615dbcfb112448ae24ade4c033334d6a667c76f3974caf7728e038ef8166c98

SHA512
0f61029707a78d8dcb904403356e2fb8b1d072a2ffd80b48b540abb2843f2a69295cebeb6f5fb007ed900be0a7243bd5bce4607ff9c77ac9164a83f920698782

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/db_metrica_com.ordrware.breadandbutties_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
12KB

MD5
4d0c60e8d9669100fa1965ca7d0fff34

SHA1
5f6fcbf5355351e6776583b7da6b4627cd91c6da

SHA256
02cb4062cc3c3b56fea390afc48aa9fd30670de79c596ee08241bee472cfec12

SHA512
ac6a89901e2754db43f2d9ea6ca5cdb82a643981bb9b159c18f8d2af232f6dd8f94eb323a65a2c1312d0dd9c5520f1c23e9197f18f6384c884a79bc1a32317fe

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/metrica_client_data.db
Filesize
20KB

MD5
4ddb3ba9c3d11c338b14dc9e12b3e4f9

SHA1
c9f3774a121420f619d9aeb95e45853e38c6e251

SHA256
9a37d755ec781bfa98017443bd8c1a131be9069ccd80673e8fe87d93fe633de0

SHA512
6c6b397776d8e238cc7c7cfc1eff2d3c1f0258b589c90012a71e856b50cf93d5c7eac3caaca092b4e3f5deca9be618ae1a04c9c2bdf26ced772d01e17c4a92c3

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/metrica_client_data.db
Filesize
20KB

MD5
484df068dc370197c0e37af4f433f772

SHA1
5d071329bf5182e60b2d268adca542901d492001

SHA256
3ebaaa9fc7a9245b413f62f91d9e689d468456dd4b6ce2408bcd2003cbdbfbd0

SHA512
587e7b68f2c167d39dd50744f2892a461a67cb073e8cf9f6eb2ab752e07841440dbe212af32958248d15af5d4001e7fa12f86cad62578ef31999355a86c3b0b5

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/metrica_client_data.db
Filesize
20KB

MD5
ea9c2dc01d788f2ed7ad6a455e32335a

SHA1
3da6ee06226734e9a402c3ef2b542af3b509b6af

SHA256
ddcb0e1970efc2dcb42a4dd328ef8c10f3512b39a47277d5b075fd3b92dfc3a7

SHA512
5b834f25f6f8afea98eec78cf8e148671ceca48aee8019e09308389c1f336e47e55666fedf66e09c97e827c375ade0fad635b98686ebd2f72240108670d25e76

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/metrica_client_data.db-journal
Filesize
8KB

MD5
46e4919a4636454462e0d649131a1084

SHA1
9883dad6f70a59402f36cb195ae20f3e1c66bdc3

SHA256
98ab674fbcb503863746818a2253482be372774cdcbcb2c56e02d98f97c435d5

SHA512
c8a9f8db5d66678ef68fc6358497960b35c944c4d6fd5c3504316e38027a3ba7725bd23cd7bc8205d7c0d1c04c86e7c8d05dac3e1b5e99b8f4a156b5e00c8f02

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/metrica_client_data.db-journal
Filesize
8KB

MD5
5d9a8873e1dcf18a3e67fdbb514bee3b

SHA1
2e181dd157b57c47bdebbca875234189fc393b40

SHA256
d29344ec8545df3819d6f5fe8d04dd7c3474c85ebed6124cb609d0a5d8e26f22

SHA512
8a01ce1fdb0fd52084c6bea5ec2c114fb8bcdd4ad1d1a6b1a1bc0d94e72d00bac3e10d7b91ee4c58fb01b86cc147dc5484f3c60c934886978af28f61c9a2a6d2

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/metrica_client_data.db-journal
Filesize
12KB

MD5
2c429c354d0e3d564c3af21bf08bcc45

SHA1
7f644bfb9a21cbb6f5d8e28320ace90143540d53

SHA256
2ae7aae7c21faa39459e5244a3c6751336d26d106ff0fac048cd32f112fe51cb

SHA512
5bb68eede13c34320d2dfd0b5caf764074c70fb2aa1c615dba7ce05bf2941c6e4ef2d343a5556cf974cd87c9cc42a21f0defdb210ba5a413aa6cb8e9eee97849

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/metrica_client_data.db-journal
Filesize
12KB

MD5
3e4b96edede0300871c43bbbf6857a81

SHA1
efaccccfaf8f3bbb4743905b5f15aa96ddd64a2e

SHA256
3921adb4db21f18e91ef19dcd82e75ab0444ac9c6c3135b25061dd3659f119bf

SHA512
a75541951012e189e5c8343fb0d510b91fc86cda1dc1e6daa87aef81e39bb3f5ae44e4972a690dd60bfe440bd72f9f886ae9246a1ead5180894d57afcc1baf34

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/metrica_client_data.db-journal
Filesize
12KB

MD5
303a06a5df6ec860bb309c916d70913f

SHA1
519f252a767e3542ee8d2e9db6f472ec9f009f71

SHA256
027dcb157507df36995dd6172c613b324d28c7cde289f409f7ecd69e32b50b6c

SHA512
b246153bab64b8bffebefcfab3a35dc8c335f141a42f522188b79e8f8ca8ce1543be6dfc9fa377b1a9a1203b1bea667e41b879786974f0d080a87e2e17b59734

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/metrica_data.db
Filesize
44KB

MD5
be0d739b695cc7a82eb64c0ee269c265

SHA1
1a8870831ed791bf88ce0d383a6f1b3346206938

SHA256
d0afd767f2da0926584f04d158d46bffcce9f640fdf182c161e0f19fad822e1f

SHA512
99162601232edfb917b330a76354f6e80015a98fca325f197cbfab55f0f19d2ade44dce7dcfd480d455b676f5c36e62438990abd2f244429f6e53fe1ed971eb2

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/metrica_data.db-journal
Filesize
12KB

MD5
f3b09cf24416ab23a5c5ca19ec98ad00

SHA1
db8486dc4542e9e393a56c0e9e41c255bbbfe48a

SHA256
951c933515a88d6f3a406f198d4f7348ed8053f85e88c14badcc0458afd0e5a7

SHA512
b51d73b9ea83b7ef3cb2395256d7f23595aee200b4d7c57116f5cdcba36b88a7ca273584bf42bf60e242805a44ae5ab4fd8615f69c92cf64db05bc8a915d714b

Download Submit