6efad4dd8b7cc6cbae55b82e43bd2e58ae3735b83bcdbbb38fb1914599b5119a

Analysis

max time kernel
178s
max time network
139s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
22-05-2024 02:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65a8d1093c3ee36dc03a5a4a7e34e2af_JaffaCakes118.apk
Size

3.4MB
MD5

65a8d1093c3ee36dc03a5a4a7e34e2af
SHA1

8250b36bfbdca79c0f7ffb57984624a1296c1964
SHA256

6efad4dd8b7cc6cbae55b82e43bd2e58ae3735b83bcdbbb38fb1914599b5119a
SHA512

e0e59a0a35f3c3c8526dedbd3ec22c8ffed0014c223b416dd95bd1f0a519e725d558d40d90ed485b41fb057fb2c39345ae341306457d6a91d1668b4c501f69c5
SSDEEP

98304:GFGrWtKmV8XpTEhycjyx5PYFGSygPBm/Y:druKm2XW0cWvgAcmg

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 3 IoCs

evasion

T1426

Processes:

com.ordrware.breadandbutties:Metrica

ioc	process
/system/app/Superuser.apk	com.ordrware.breadandbutties:Metrica
/sbin/su	com.ordrware.breadandbutties:Metrica
/system/bin/su	com.ordrware.breadandbutties:Metrica

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

com.ordrware.breadandbuttiescom.ordrware.breadandbutties:Metrica

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ordrware.breadandbutties
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ordrware.breadandbutties:Metrica

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.ordrware.breadandbutties

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.ordrware.breadandbutties
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.ordrware.breadandbutties

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ordrware.breadandbutties
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

T1422
Reads information about phone network operator. 1 TTPs
discovery

T1422

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.ordrware.breadandbutties

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ordrware.breadandbutties

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

T1603

Processes:

com.ordrware.breadandbuttiescom.ordrware.breadandbutties:Metrica

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.ordrware.breadandbutties
Framework service call	android.app.job.IJobScheduler.schedule	com.ordrware.breadandbutties:Metrica

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

T1471

Processes:

com.ordrware.breadandbutties:Metricacom.ordrware.breadandbutties

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.ordrware.breadandbutties:Metrica
Framework API call	javax.crypto.Cipher.doFinal	com.ordrware.breadandbutties

com.ordrware.breadandbutties
1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4621

com.ordrware.breadandbutties:Metrica
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4671

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.ordrware.breadandbutties/files/ZPkFS.log
Filesize
20KB

MD5
d01115ab3b3ab6cd76adfbc07994cd9a

SHA1
2e7e72949ae2c3c9fc3faef4ff50f29153ce10de

SHA256
477bd41c92d45d060b57856b501048725ba8cd344d54d65459d2f6a0d5c38e68

SHA512
bdf67bda728f6ba75d0f993d24b0feb954d5cbc369d522ea553400482ccb65ed6c9fb042608d7ecb2940bfae1df0e47a7cdb37409561581c8aa31a774334092d

Download Submit
/data/user/0/com.ordrware.breadandbutties/no_backup/credentials.dat
Filesize
234B

MD5
20ab84acccc0d132a7f15063a45a4537

SHA1
a15d64f85eab2b9c7085bfd2a920dca4798ac302

SHA256
103783f10e149b0ca7aa9101344df2303bd176d33a05323c12eacdf56036c740

SHA512
24393d122357e7e5c13267fb41a80f1bf41c3dfc7d3ea54871395f2d4709e32c98875033315e024fd1580150ee1f8ca0243383a8d5aa73767147e2bb5dffcdb0

Download Submit
/data/user/0/com.ordrware.breadandbutties/no_backup/db_metrica_com.ordrware.breadandbutties
Filesize
36KB

MD5
d31a3b92809d4b7eaf49448c79fbf47d

SHA1
825087edc776034d59818bbb09502d08ede710ba

SHA256
fc755be55f406d773385cb48d28810f53bc9fa73212abeaed0d1c85d26b822fa

SHA512
4db26c72f0f459840eb523e57d13df8ec1844f8b1ee9f6dad1c38d209fa59481cb7ab8a6e22e7b08537f27fc1122c8c81cd3b29a59b9963d39f8e5587d47baf5

Download Submit
/data/user/0/com.ordrware.breadandbutties/no_backup/db_metrica_com.ordrware.breadandbutties-journal
Filesize
20KB

MD5
a0eec5ee0c2dc4b5f8d1f9fc04f3afe4

SHA1
38d4f010f82a54cff66428bdbac030a13ee4ceac

SHA256
b3bf71a7ce30cc1f66e6cd64feba0ba62e6b40ed6ef89ac9686bd13c330da358

SHA512
6edd415493bf25cc9fb60f268153d33996dbb84c8f7155a7f865ad9477bf3f22283f6d43485dda61f6a33b55723c46f823b35a5f513af5bdac24975a4cc1461c

Download Submit
/data/user/0/com.ordrware.breadandbutties/no_backup/db_metrica_com.ordrware.breadandbutties-journal
Filesize
8KB

MD5
e8e1c596084da81c17befdd7b272514c

SHA1
822068be1ecfc38e5810290117905414ef80ad64

SHA256
0115503856b47ee964763b150a3d9d3c1ff068f4978abaf54f42943d835c670c

SHA512
401d6e8d63984dd814df5f16b756ae8935306704a442c314a88056fa39a75b46e8f7ad8eca4974872f6bc0ffd50436b9d7e24a00d069a27ef025d23fd1326056

Download Submit
/data/user/0/com.ordrware.breadandbutties/no_backup/db_metrica_com.ordrware.breadandbutties-journal
Filesize
8KB

MD5
b06d8395ef8d89a137b43de3f1658f04

SHA1
4de9cba05f107c05163b6b1a338d10f6030025c5

SHA256
ae12ebb8ab29e1aab283dd0ad7ab3950d96e9130f345d9dbb4523daba5e7bfa8

SHA512
ae61f3a1f0784f1d0e08035e36be9172d598fd5242f1b53bf5bf0e3fe463e09b8367e2e07dc27642e4dc7f21a4a01c0d4415558662c5d48e4f2c40504ad96d39

Download Submit
/data/user/0/com.ordrware.breadandbutties/no_backup/db_metrica_com.ordrware.breadandbutties-journal
Filesize
12KB

MD5
7a20b136d30fc9f5dd0b2873a0c82046

SHA1
ccf84d3e5e6724e03ad1d03544e92784dbd11a38

SHA256
85a88d143df0f59a84ab3cdc3e371bb8286c2037f3f1b227d54ac64adf71f10f

SHA512
87ee6f87395758ddba455a64374b15a435c7cab3a68e480d87fef3aed0b7b86bf67b0dffb24a8cc7ac584bc2b5d7aff6270e13650a9106c8e5b95458389292e3

Download Submit
/data/user/0/com.ordrware.breadandbutties/no_backup/db_metrica_com.ordrware.breadandbutties-journal
Filesize
12KB

MD5
b17d1551aa55913e2c5699310e6d5411

SHA1
ea99d98d8df3c66a6a65a91db14a25f6afd3badd

SHA256
7dfb24e4aaf501ffd39dbaaa7ca928ea98ce5b7bd9decbafa4a6a6a21df13af5

SHA512
3517930c1fe1616238314786fbc132a98ec27c59ae0b197e98d8fe2f440eb47ffd4c4508572c1fe5bdd66125b8df233d79cc362aa19c16110b4e6e55a69472d0

Download Submit
/data/user/0/com.ordrware.breadandbutties/no_backup/db_metrica_com.ordrware.breadandbutties-journal
Filesize
12KB

MD5
7a998d50135f39ae0c2b3173ca660b50

SHA1
a71832f4d377162bb9744839c57664772abe8bba

SHA256
b36cc8e059e6fa894e62774f51fe341627b731465bfb7d5d8ffdcea527a6c179

SHA512
8cb62dc8c969e9645a6dc535818a22b531d2ff5a3cf999456c1f45e1afee7567df275f4960af9b2ba234d280011c41993eb9f08c9c2b015d662c30c4a9c24cbf

Download Submit
/data/user/0/com.ordrware.breadandbutties/no_backup/db_metrica_com.ordrware.breadandbutties_20799a27-fa80-4b36-b2db-0f8141f24180
Filesize
36KB

MD5
5946b7853f9674e43661af1e31d148e3

SHA1
2ff07f213e500f2a107c7a7d4735b48f071bed62

SHA256
c698150c7daac24787157697f086f68f024983257f18f5ad1b6063deddf260c7

SHA512
5344ac419afd6867d4623fcc40ff3dececaf0eb9040e05c52f73451927fab58357dcc724efb367a11c9c21044f84ed1c02cf409cee727de36c2be053d2f37874

Download Submit
/data/user/0/com.ordrware.breadandbutties/no_backup/db_metrica_com.ordrware.breadandbutties_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
512B

MD5
52e7840490bb2eb97642be60d250fd89

SHA1
1842f6523b8e3e5a3611ab8d0f97407ab84e5424

SHA256
7263416d3e9d69c3f21b694a6d99bffbce2be0e70c64bcb482ef0f44c4deb480

SHA512
ab640afc7e4e3dce12bccc4c1eee80ba883eeb4207876dc4d5c641ce1db70ff4d1be288786e6c72db0a7a41d8036b4e40adeaf4308e1b02de29b97b1b0fde060

Download Submit
/data/user/0/com.ordrware.breadandbutties/no_backup/db_metrica_com.ordrware.breadandbutties_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
8KB

MD5
36f58eaedf4fa862d658000905e15de7

SHA1
2933cd98e0573af3b159a305c986c0b1889f6106

SHA256
f0e7c130978f3ae882b1d66eddf40ee352f2b47cef0fde56d38df91f2d0995fc

SHA512
432f7a6b7facc16e494fdff78e159b3409275780e2e902cfb9743892ddae9ee7f000afd27e6928c11a90b87b85368d4cfab50d4defc098ab79520fbda74aec20

Download Submit
/data/user/0/com.ordrware.breadandbutties/no_backup/db_metrica_com.ordrware.breadandbutties_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
8KB

MD5
7ad395737161ef49f2cc711e5537348c

SHA1
297f6b4be975024bb900afc9331cb2ae62393c30

SHA256
0b7d4d309e5f8276498dd5a27a0bb8023ebc8adce0adc83ed343b363dc894e1b

SHA512
04e44661642dda7c60dc4ff5fbf24ae726b1feaf6222161475cbbcad079103e50741a38b401a7761928a8383a4431ee14c64ee1f33fa91d303dc64eeac04975d

Download Submit
/data/user/0/com.ordrware.breadandbutties/no_backup/db_metrica_com.ordrware.breadandbutties_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
12KB

MD5
ab27174b0f4e8d863922f0cd53acfea0

SHA1
2ad4da11ada49f15c1ef1067e94bff54298a5514

SHA256
24e129191c86208faf9b3cfb4c5205b140f635377512eddeaf0e9b5e0d12ad3b

SHA512
4ead63eb41d268c16dcc3a9e499bde5df8f9ffbb68fe0eb08ee61ead9c62412004796c2e47039335f216953c26b8ce9743d7371ad872c18b5827aba055e90358

Download Submit
/data/user/0/com.ordrware.breadandbutties/no_backup/db_metrica_com.ordrware.breadandbutties_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
8KB

MD5
100adeb6f19725ddb00aa8f6c5e3b127

SHA1
83ec3e91b6be6a848e8e98cb151df0f0026928c6

SHA256
a31bda2daf0fe5868737679f3b828c08954a1e544d13d42602148a5a17820c92

SHA512
ed4a2c296070ce9b13f0dc94ed2d5d56e8ed67c8532755e95ef2ec6cd7f3164044f5fa6bac66ec42fed20a4b53990d1179db9d284a23e16d5be50ead2e91e4e1

Download Submit
/data/user/0/com.ordrware.breadandbutties/no_backup/db_metrica_com.ordrware.breadandbutties_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
12KB

MD5
5178f0a5c1a3c84497eeeb31d504170c

SHA1
622f8e36fda9bd1799ad2ff47afff76261c13db1

SHA256
833f8ca587b3630ec4ca2ec772051e0d49e381852f58738b39bb2082bec5e63f

SHA512
5cd1846911c498925470002427e416c3da6dd8cd31b45823ff778adf2bb9c01c41c987543cb94a873a0fa15f1927863752f3d27981f1ae7f3b52e2ea5de383c6

Download Submit
/data/user/0/com.ordrware.breadandbutties/no_backup/metrica_client_data.db
Filesize
20KB

MD5
c92780d949a50b8fe2acc059e998039d

SHA1
2efaa330533308ef9215109167605c1a6c9bde5b

SHA256
9023221ba7499cb3dcdc1f2fc9cf267b735f84bb4f9f76dfaaa10ef01c94f2e9

SHA512
d372c373b2d54aebac3c71c5f6cb7abdff34c69b28adfc3a0edbabb68c53172e8f603c89d3dd760ac4aeee76eb6e8f662720fa52bcafd75e8aebf04f88e3c5e2

Download Submit
/data/user/0/com.ordrware.breadandbutties/no_backup/metrica_client_data.db
Filesize
20KB

MD5
e5639b469346d3d19c79ae3bdc2f4a9a

SHA1
b4d9041b94176f65417e63e77f0f324b81e8dded

SHA256
cf283c9f2c282ef339f1ac0c4eae7d6f44f86bc1744cbf8a9b5703edc7368aaf

SHA512
273aa09cf7f4de26661bbedf2ecd180b5adb537022cd824d2185beaf7eb1784bd1ea1f1f22c01e4762729bdefeb81964f1a47f13e90b883beb27ce7c8d1f03b4

Download Submit
/data/user/0/com.ordrware.breadandbutties/no_backup/metrica_client_data.db
Filesize
20KB

MD5
03885cd19bb54c784d1be64233080ea0

SHA1
61d856a34da3eadfc59bbfc4b8aab7b276e0e914

SHA256
840cfacd13176849740ecdf3d1f0a7b7e922cc9c80ed9f3815be58c702364414

SHA512
41e448de7496bb08b26a1fcef49487e472feba656330e0458cd226d66ca8400f8cc5dfe3495da31ecad3dfb05682f07e237e5d35c535f5fbc8de9c319a7ea185

Download Submit
/data/user/0/com.ordrware.breadandbutties/no_backup/metrica_client_data.db-journal
Filesize
8KB

MD5
6fc1835a779f67bcbb4bb9f930f4959a

SHA1
c00752cc9b949e55838d3acb18b79561b5ec7470

SHA256
668aeb0e692ba961ee7e27515ddc18e5fb2a6df71aca41512d3494ca838abb60

SHA512
23f3f3c2a06ba0ac3aa9db9743f33eb30d2118a8e03d17aea266fc314355c2937b4fb41b3e4eea3007c907bcef085176c7a2d616fe6aab55239890a78dfeae6d

Download Submit
/data/user/0/com.ordrware.breadandbutties/no_backup/metrica_client_data.db-journal
Filesize
8KB

MD5
7c508fe3441bc11c8abb15ddd6a21ab1

SHA1
69ff0a77d8a1b6aa9be36a39c42d623055633579

SHA256
794909da8ba2e9dfbb50937fa1646cd8f98b654c134132d3b0dbec497ae2bdf1

SHA512
2882de63f184f5f5e966f31315f1a1f704838064e1a0fdd5af5cfda29eb6c2d55c4d54d6ae5b3811bc7a34b14a9b763a7d267be73f7333d3a2da87b36034fc10

Download Submit
/data/user/0/com.ordrware.breadandbutties/no_backup/metrica_client_data.db-journal
Filesize
12KB

MD5
d139498ca91cb64c3f734e62d3674135

SHA1
0afa5fee98c77bed09bd0782f5511cb0eea3f80d

SHA256
0284000c32ed4921b3219b6bb8bec9bbebda4d88be4ff18c78d80d9b7dcb6794

SHA512
dca7833cf15ef7d8e63c45ff36264e92771a1d0b2f3f6eba4ff2364501fae5a450acc9293881dc791a32cb45a6cd1ff7fd13bb938eb8f5810870a14ebb278d8e

Download Submit
/data/user/0/com.ordrware.breadandbutties/no_backup/metrica_client_data.db-journal
Filesize
12KB

MD5
338e45899e09b9cb24b848ddd2e06425

SHA1
bd1f2ebedf01440c54aaf6fd639bcd617ad26ef1

SHA256
88cd4a36928d1f038413f8094c18c2a374478127be8f34ab05db561757736764

SHA512
b790b0b55524eb9baedccb85f2cc8e94b6e91f900356fbf714cb8751f0b49af4eca69c8efbf90c5ee1fdeb594d902d18dc839dd185fb96a9a0e2e06993072e0c

Download Submit
/data/user/0/com.ordrware.breadandbutties/no_backup/metrica_client_data.db-journal
Filesize
12KB

MD5
fa190f6a2ca491687bbaec10a4abedae

SHA1
78994bee79667d17971171140d5d0f9b2cd29de0

SHA256
a33ff23b42244bd3ee56f24c36760295c2e5786cef7c19e0969c74354047389c

SHA512
f94154d84f857a0a4e16aabb36d46a8e6b2fec31e7bdcf13a4c3d1b4719824665ce694f172695e063cdcc23857c73401eace976dee96cd4509b6d25ae3a98ad3

Download Submit
/data/user/0/com.ordrware.breadandbutties/no_backup/metrica_data.db
Filesize
44KB

MD5
905e594de6585986a5198fd44a9736a1

SHA1
ede3c27ed09de951349d11c92a4d96ad039998cb

SHA256
3cbd75d1abc44b43bfa2e7c31193a11e5b6b70713caf17ee4cf50eb87851149e

SHA512
20f3b8cc14dc2453436f98362759c74338be5fb0842aaf955c748acd10e7d2d917e6fe8e90497f539af669eb0d6e9b430d7599b5ed56344ac9e257fd45c4dc0f

Download Submit
/data/user/0/com.ordrware.breadandbutties/no_backup/metrica_data.db-journal
Filesize
12KB

MD5
e2581cde879c2681894c07e050a02217

SHA1
3cbe524a9b0fece2a1bee1a75adde7cb5fd602aa

SHA256
f47e02b79f8da10139524fb3099288174afc557be6dac4d3c58f9290e6e6fe5c

SHA512
f8ea869a0dfaa6d98eea6ba83e20ae79bbb4caf0e1ab4c06ddb2274a4f39f12604fd4b6a56d03e96e5ed509eb208b8490c3998bca182512ef96c1cccfc757c5d

Download Submit