6efad4dd8b7cc6cbae55b82e43bd2e58ae3735b83bcdbbb38fb1914599b5119a

Analysis

max time kernel
179s
max time network
149s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
22-05-2024 02:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65a8d1093c3ee36dc03a5a4a7e34e2af_JaffaCakes118.apk
Size

3.4MB
MD5

65a8d1093c3ee36dc03a5a4a7e34e2af
SHA1

8250b36bfbdca79c0f7ffb57984624a1296c1964
SHA256

6efad4dd8b7cc6cbae55b82e43bd2e58ae3735b83bcdbbb38fb1914599b5119a
SHA512

e0e59a0a35f3c3c8526dedbd3ec22c8ffed0014c223b416dd95bd1f0a519e725d558d40d90ed485b41fb057fb2c39345ae341306457d6a91d1668b4c501f69c5
SSDEEP

98304:GFGrWtKmV8XpTEhycjyx5PYFGSygPBm/Y:druKm2XW0cWvgAcmg

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

System Information Discovery
T1426

Processes:

com.ordrware.breadandbutties:Metrica

ioc process

/sbin/su com.ordrware.breadandbutties:Metrica
/system/app/Superuser.apk com.ordrware.breadandbutties:Metrica

ioc	process
/sbin/su	com.ordrware.breadandbutties:Metrica
/system/app/Superuser.apk	com.ordrware.breadandbutties:Metrica

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

com.ordrware.breadandbuttiescom.ordrware.breadandbutties:Metrica

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ordrware.breadandbutties
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ordrware.breadandbutties:Metrica

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

Processes:

com.ordrware.breadandbuttiescom.ordrware.breadandbutties:Metrica

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.ordrware.breadandbutties
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.ordrware.breadandbutties:Metrica

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.ordrware.breadandbutties

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.ordrware.breadandbutties
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.ordrware.breadandbutties

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ordrware.breadandbutties
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.ordrware.breadandbutties

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ordrware.breadandbutties

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

Processes:

com.ordrware.breadandbuttiescom.ordrware.breadandbutties:Metrica

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.ordrware.breadandbutties
Framework service call	android.app.job.IJobScheduler.schedule	com.ordrware.breadandbutties:Metrica

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

com.ordrware.breadandbutties:Metricacom.ordrware.breadandbutties

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.ordrware.breadandbutties:Metrica
Framework API call	javax.crypto.Cipher.doFinal	com.ordrware.breadandbutties

com.ordrware.breadandbutties
1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:5157

com.ordrware.breadandbutties:Metrica
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:5211

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.ordrware.breadandbutties/files/ZPkFS.log

Filesize
12KB

MD5
fd496b5e1d6d8a97e867a1a892d688b2

SHA1
6162f505ee0befe9e8c1588cf9bb8db7fcec73c1

SHA256
49c3af97bc1b68b8e5245c6779873af666b1622b96634517e423a3199d88a30a

SHA512
c4103e25764048a472d286aa1c29a18469010736eeda0cc0035aa603f9b8e741e0e937d5855c39660c64f3f2d1b6c7cb9dd039681c227c486b8f3e2d4af906d2

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/credentials.dat

Filesize
233B

MD5
08bb31e03e2c3b1609d492566be71e08

SHA1
4bc986f7869a174c4f60e3b42baef65ec813b327

SHA256
b6e97bfb4d1982e48fbde6094cdecd7fbf4ec235c7485b63107ecab44a6a3ca1

SHA512
7057e7bdbf41a91a86f7d222b4a2604f2d8881aab5ef42e779efaf17bd0078e1ca160c3937050a04a5c4ae59667f3f2a7be99e1c20772afaf366fd517c912023

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/db_metrica_com.ordrware.breadandbutties

Filesize
36KB

MD5
3d996abf09aecc7ab3f0622eee0eae87

SHA1
f81a338cd26a93002835f60d35338a83aecb981a

SHA256
614d3c7d0676890cd124a35c43856781e20b4b0ce65090daa2902994d7204fc4

SHA512
04c196ea77557e57033ed46529ac1b3d5906dc5c22dfea92891fc7231d35d673a3ca2f08b6e42104a0b23be8cd654b61550f6e16c75dac94f327c9aebed44101

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/db_metrica_com.ordrware.breadandbutties-journal

Filesize
20KB

MD5
0f2ad6549108bba6955573cbfc612eea

SHA1
d72b05d393febffda7f82ff39d1f06ab9d2aa7a6

SHA256
ab141f4f2f336aa947f49c9eb45423590a56441c1750994dec33285e38427d02

SHA512
d85fb86e5f1eb20884abf01050b103d7fd26c424e2cf2fe6851fbf649d9b74f2117b96b494de1d86cfe924b2f06283d905dc070d6931dfef25263fff6bcbe335

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/db_metrica_com.ordrware.breadandbutties-journal

Filesize
20KB

MD5
97ad6fdd571e39b9d9cd9efda882bf65

SHA1
7352f31319c82fa8d87f833def2b900b3c8edd16

SHA256
078910b432fc81019748c35d9496f64acfd36ab00770da9b9bc4cafcd38d9cce

SHA512
e100e23a1106fbb8924ff2319f2ea95f42a2be5e19dc41bc4d06be0c5e17e1e7687199e293594d1b3c552f9a1a1a1e492dc1928a2806d3fc7098cb8c323bd960

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/db_metrica_com.ordrware.breadandbutties-journal

Filesize
8KB

MD5
485f44ec02a1b5e8d51f1f5aa1c45f35

SHA1
a458f1dc58d4f23530a27f9f58445f7147efce92

SHA256
8fdd43f76830e9add359a96b2d1a98990f5b4b1d2957dfe6d4eb1dea3ac6a8b2

SHA512
7ecf4e62b29bdc99260099b75dcd4dfe69e87394d5123225eb10f85f23bc60ae7679f5c5f97db566b5b735362d2581203a1c4441701ec0eb9147a6301672a9d6

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/db_metrica_com.ordrware.breadandbutties-journal

Filesize
12KB

MD5
dc936d92645d22b7894db7242c5beb0b

SHA1
eb5bf90abe2772378dccf786c7ac69e8e63d186c

SHA256
1e9669c585c1815be7ce44c9128542d937d942d99ebf1eef5e170d8a5f2bc641

SHA512
c51449198314fd6255424edb689f204df8cf7708c03c7fd586f368870e82a4445c5042222b3ece4abaf58d65b1c6ccc7153877f9192a465c503e42b19349ef3e

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/db_metrica_com.ordrware.breadandbutties-journal

Filesize
12KB

MD5
44caed82b08a529adf791cb29781da57

SHA1
84c5212f48083b48b16db2c4d359af523a7b9292

SHA256
491d0e07952b9727e125024a23b8e9bddcc8f4426cabfb73d7a24e2df490d2d0

SHA512
883a67eb824100d57aff03dc75b09ea97582ea9833c4ddc430f32d0c861f930d09c93cdce9578a128ede088c90a85f8f82c0c9d5c7139307e012e38cf9221483

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/db_metrica_com.ordrware.breadandbutties-journal

Filesize
12KB

MD5
8dde358b44020747b6fed9d6d23102f3

SHA1
a6b7bfe52ca221c3529f4d10c50cbada7f2506ef

SHA256
844ffec633a4b2f8b09e67cbc69cda97c06518e136c81834d7e8d37a36679117

SHA512
94797ac4e78fb4d130b634bd69bf842dd1617663208adb2e460574961294b7a7c60c13dd9dc2f070ebb16df1273a387553d5d86e7394b31daa13cddddee90297

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/db_metrica_com.ordrware.breadandbutties_20799a27-fa80-4b36-b2db-0f8141f24180

Filesize
36KB

MD5
bd313f8ed0ee94dfe3d0690a81b9daae

SHA1
1326989362c38382e0b268469521a165f0f08c8f

SHA256
d6e61a1b168578ce139280770cca24456a124f9dbe96dfffc93e5225d4ddc2f9

SHA512
91733811d6c4c3b77b1a3ba1796ccd3d53e0bd6cdad639d5f3dbc86d0f1108257b1d22ffa4a84a93f7a42aa72a601012347607281143709f0589468f14f85618

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/db_metrica_com.ordrware.breadandbutties_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
512B

MD5
9c2eeb66acb8e7c9bb0ac912dbeb6329

SHA1
bd368095aa4642af2457202e8b1192977f8757f8

SHA256
f0c01701eeb3f31aca81fabc24bc557b72deffe22f865c2bb970eac9f911ccf3

SHA512
dd1f1d9967148cb249eea4e384b15aaa09f2cf9dd970148fd6509cee0425baa866fbce19b3d3e833d55b30cb802b15d858f0f2898a6df34b4a5e4532e0786815

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/db_metrica_com.ordrware.breadandbutties_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
8KB

MD5
2ec4aa8e82141a2841c79f1811d0254e

SHA1
7d96c5f3be8fd3905699f80420e3524550fcaebd

SHA256
cb5b95ee4b011f75fa4ae24cd429e8a9ca94dad6fbe7e2a95f1121cbb2d63d73

SHA512
a60af9493a9abe0ae4f8a84bc4349afe3396597ebab953565fc48d1b7c3776ae4d1f38a59f7fe5ef977a81793fc6b63a10c98d52c62dc11ca72637b1bb44c235

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/db_metrica_com.ordrware.breadandbutties_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
8KB

MD5
e783f2cfa415fe467f8b1dfe3436d5e0

SHA1
5e78fab5b2c74e3117cea7ffcdcee1ccdf1f17b7

SHA256
465ab07f672f4dd755d35157ca6771e42ebd0e67864a8c0df16c134cf95392fb

SHA512
f21dd5277971dfbaad0cba9efeda1e9f306265ceccb90583c68173120d8ddc78f63dd8ceb255dde0d8de2e28b0864ea5ecbfb55919b7e13433b9ea96f15dc6ba

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/db_metrica_com.ordrware.breadandbutties_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
a34b3a0123da9d820056571ac90377f5

SHA1
d459964fe6873528da2c0231ec39225899b4cf04

SHA256
7d68f18dc645b90d4dcd4ad94a36bf120b41ffe00f0352ddc039e7f79be0a4a7

SHA512
4dd92ed2f648c0108b45cdcfb37039e736d8779d905c54a262b9a95958d83e48630c09a8faad182267403acee52c1576212e24c9623178c2bca83fc687ac9916

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/db_metrica_com.ordrware.breadandbutties_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
cb447c3c2a63d817c654aa6a383bdbc3

SHA1
5bf65f77b212a3daf140159bf0ee20954c3a9793

SHA256
3615dbcfb112448ae24ade4c033334d6a667c76f3974caf7728e038ef8166c98

SHA512
0f61029707a78d8dcb904403356e2fb8b1d072a2ffd80b48b540abb2843f2a69295cebeb6f5fb007ed900be0a7243bd5bce4607ff9c77ac9164a83f920698782

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/db_metrica_com.ordrware.breadandbutties_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
4d0c60e8d9669100fa1965ca7d0fff34

SHA1
5f6fcbf5355351e6776583b7da6b4627cd91c6da

SHA256
02cb4062cc3c3b56fea390afc48aa9fd30670de79c596ee08241bee472cfec12

SHA512
ac6a89901e2754db43f2d9ea6ca5cdb82a643981bb9b159c18f8d2af232f6dd8f94eb323a65a2c1312d0dd9c5520f1c23e9197f18f6384c884a79bc1a32317fe

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/metrica_client_data.db

Filesize
20KB

MD5
4ddb3ba9c3d11c338b14dc9e12b3e4f9

SHA1
c9f3774a121420f619d9aeb95e45853e38c6e251

SHA256
9a37d755ec781bfa98017443bd8c1a131be9069ccd80673e8fe87d93fe633de0

SHA512
6c6b397776d8e238cc7c7cfc1eff2d3c1f0258b589c90012a71e856b50cf93d5c7eac3caaca092b4e3f5deca9be618ae1a04c9c2bdf26ced772d01e17c4a92c3

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/metrica_client_data.db

Filesize
20KB

MD5
484df068dc370197c0e37af4f433f772

SHA1
5d071329bf5182e60b2d268adca542901d492001

SHA256
3ebaaa9fc7a9245b413f62f91d9e689d468456dd4b6ce2408bcd2003cbdbfbd0

SHA512
587e7b68f2c167d39dd50744f2892a461a67cb073e8cf9f6eb2ab752e07841440dbe212af32958248d15af5d4001e7fa12f86cad62578ef31999355a86c3b0b5

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/metrica_client_data.db

Filesize
20KB

MD5
ea9c2dc01d788f2ed7ad6a455e32335a

SHA1
3da6ee06226734e9a402c3ef2b542af3b509b6af

SHA256
ddcb0e1970efc2dcb42a4dd328ef8c10f3512b39a47277d5b075fd3b92dfc3a7

SHA512
5b834f25f6f8afea98eec78cf8e148671ceca48aee8019e09308389c1f336e47e55666fedf66e09c97e827c375ade0fad635b98686ebd2f72240108670d25e76

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/metrica_client_data.db-journal

Filesize
8KB

MD5
46e4919a4636454462e0d649131a1084

SHA1
9883dad6f70a59402f36cb195ae20f3e1c66bdc3

SHA256
98ab674fbcb503863746818a2253482be372774cdcbcb2c56e02d98f97c435d5

SHA512
c8a9f8db5d66678ef68fc6358497960b35c944c4d6fd5c3504316e38027a3ba7725bd23cd7bc8205d7c0d1c04c86e7c8d05dac3e1b5e99b8f4a156b5e00c8f02

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/metrica_client_data.db-journal

Filesize
8KB

MD5
5d9a8873e1dcf18a3e67fdbb514bee3b

SHA1
2e181dd157b57c47bdebbca875234189fc393b40

SHA256
d29344ec8545df3819d6f5fe8d04dd7c3474c85ebed6124cb609d0a5d8e26f22

SHA512
8a01ce1fdb0fd52084c6bea5ec2c114fb8bcdd4ad1d1a6b1a1bc0d94e72d00bac3e10d7b91ee4c58fb01b86cc147dc5484f3c60c934886978af28f61c9a2a6d2

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
2c429c354d0e3d564c3af21bf08bcc45

SHA1
7f644bfb9a21cbb6f5d8e28320ace90143540d53

SHA256
2ae7aae7c21faa39459e5244a3c6751336d26d106ff0fac048cd32f112fe51cb

SHA512
5bb68eede13c34320d2dfd0b5caf764074c70fb2aa1c615dba7ce05bf2941c6e4ef2d343a5556cf974cd87c9cc42a21f0defdb210ba5a413aa6cb8e9eee97849

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
3e4b96edede0300871c43bbbf6857a81

SHA1
efaccccfaf8f3bbb4743905b5f15aa96ddd64a2e

SHA256
3921adb4db21f18e91ef19dcd82e75ab0444ac9c6c3135b25061dd3659f119bf

SHA512
a75541951012e189e5c8343fb0d510b91fc86cda1dc1e6daa87aef81e39bb3f5ae44e4972a690dd60bfe440bd72f9f886ae9246a1ead5180894d57afcc1baf34

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
303a06a5df6ec860bb309c916d70913f

SHA1
519f252a767e3542ee8d2e9db6f472ec9f009f71

SHA256
027dcb157507df36995dd6172c613b324d28c7cde289f409f7ecd69e32b50b6c

SHA512
b246153bab64b8bffebefcfab3a35dc8c335f141a42f522188b79e8f8ca8ce1543be6dfc9fa377b1a9a1203b1bea667e41b879786974f0d080a87e2e17b59734

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/metrica_data.db

Filesize
44KB

MD5
be0d739b695cc7a82eb64c0ee269c265

SHA1
1a8870831ed791bf88ce0d383a6f1b3346206938

SHA256
d0afd767f2da0926584f04d158d46bffcce9f640fdf182c161e0f19fad822e1f

SHA512
99162601232edfb917b330a76354f6e80015a98fca325f197cbfab55f0f19d2ade44dce7dcfd480d455b676f5c36e62438990abd2f244429f6e53fe1ed971eb2

Download Submit
/data/data/com.ordrware.breadandbutties/no_backup/metrica_data.db-journal

Filesize
12KB

MD5
f3b09cf24416ab23a5c5ca19ec98ad00

SHA1
db8486dc4542e9e393a56c0e9e41c255bbbfe48a

SHA256
951c933515a88d6f3a406f198d4f7348ed8053f85e88c14badcc0458afd0e5a7

SHA512
b51d73b9ea83b7ef3cb2395256d7f23595aee200b4d7c57116f5cdcba36b88a7ca273584bf42bf60e242805a44ae5ab4fd8615f69c92cf64db05bc8a915d714b

Download Submit