b941a37d8cb6090c701d91d2157c5e59875a584989aaf23bb21a61b77702417a

Analysis

max time kernel
178s
max time network
140s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 06:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

664a42ac03c3460209e52dd8d5025873_JaffaCakes118.apk
Size

5.9MB
MD5

664a42ac03c3460209e52dd8d5025873
SHA1

2bd16c956d809dcf760452ce88bad13f93383aab
SHA256

b941a37d8cb6090c701d91d2157c5e59875a584989aaf23bb21a61b77702417a
SHA512

4ff0026fdff0883a4444061e0c9b1795e7958bfff36809d07dfb4c3a2cdabbea055e4727922decb7d9e388ae00c7871e3c13f9a91c5f9031e9b3af899f0f2ee3
SSDEEP

98304:YDna6nXDEWn/urXc3Mv2vIvZCu+GlirgkV9oVr9W2Arfo2sh56kRm3yPnC:YTTnmrM3uiqsbGlKVKXg7G6oUj

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

System Information Discovery
T1426

Processes:

com.aksifood2:Metrica

ioc process

/system/app/Superuser.apk com.aksifood2:Metrica
/sbin/su com.aksifood2:Metrica

ioc	process
/system/app/Superuser.apk	com.aksifood2:Metrica
/sbin/su	com.aksifood2:Metrica

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

com.aksifood2com.aksifood2:Metrica

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.aksifood2
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.aksifood2:Metrica

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

Processes:

com.aksifood2com.aksifood2:Metrica

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.aksifood2
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.aksifood2:Metrica

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.aksifood2

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.aksifood2
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.aksifood2

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.aksifood2
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.aksifood2

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.aksifood2

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

Processes:

com.aksifood2com.aksifood2:Metrica

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.aksifood2
Framework service call	android.app.job.IJobScheduler.schedule	com.aksifood2:Metrica

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.aksifood2:Metricacom.aksifood2

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.aksifood2:Metrica
Framework API call javax.crypto.Cipher.doFinal com.aksifood2

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.aksifood2:Metrica
Framework API call	javax.crypto.Cipher.doFinal	com.aksifood2

com.aksifood2
1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4303

com.aksifood2:Metrica
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4339

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.aksifood2/no_backup/credentials.dat
Filesize
233B

MD5
7621639fdbb6ce47283cef0fb1a3e0b8

SHA1
4f36d084108037afe44ed4dc55e17f6a0a9c9639

SHA256
3e0f881244975eef02da01c9822089f1a350c7de56ee5f092adadaee451d61a8

SHA512
6b2d9cbe421ecb4931f0a09db5b0ec032decb83e7ecee32a071c88def65e0454680cd677d869054437096355de6bf8595cd738f450a31753b5fb62a35cb64597

Download Submit
/data/data/com.aksifood2/no_backup/db_metrica_com.aksifood2
Filesize
36KB

MD5
cd1ce63a9f51f8d36dc2d7f53991cb94

SHA1
ddc48a8df55f62908efc0b41e78ce2c8588b0544

SHA256
880ebcbad1166c80b80fad31adeb44ab33fe258dd470719c607ba6bce214a1c1

SHA512
d54e534fccd5f76d1586bd152851c1398ce5449e6cc37d3d561c23d5d049030102ec3705b736e2a21f94f7c3e48575ea5f19868a670ead28e766ae2287d95957

Download Submit
/data/data/com.aksifood2/no_backup/db_metrica_com.aksifood2-journal
Filesize
8KB

MD5
40b2ff2715996a41788c27e4cc5b9da3

SHA1
0c62b6564867167878c2b9f885a6c5b707daab02

SHA256
35e808843fc90da7991155a2977f181a1cbb920f7ded794f2d6d416ca761ed59

SHA512
808add59c42d33440f9cfbf44c57e8af64d44743721873298a7fb7657fcb9a2e188e702501d197c18157e1bea84d35f40aa018f8dfd59348ebce4a34db1fb9d3

Download Submit
/data/data/com.aksifood2/no_backup/db_metrica_com.aksifood2-shm
Filesize
32KB

MD5
8fc9895cd68294b3c4a20e3a5afe0ea9

SHA1
f83a3ade745dd30f3323a082f9afc57342638a11

SHA256
7804576d28d4d8f68d92b8cf1d81d33e23c28a281816ebf5268cffbdd3fe065c

SHA512
eaaca9401c399084e1842174af047a19f1ce53d65cceec46dfaae597008314bc6766eefbb5f92eb36863acf615c7df330023596f089f7a4d55e742a612afc389

Download Submit
/data/data/com.aksifood2/no_backup/db_metrica_com.aksifood2-wal
Filesize
406KB

MD5
146454107426e7aa9a1601b955f35777

SHA1
28d19ab8c9a9ffc088768bd78aa7ff4dcb594c51

SHA256
d7e7701ba879b0063fa57e4d7e2f54f87798a471191864344c47dd6217fd6d33

SHA512
a3789ad905014f454187eb71925c3e0bbfe04c83431e1119edd5645da51c185d6d153e99df26481314bf749cd54c84a456a80d36d8ae6a1167fbeb053bcbb33b

Download Submit
/data/data/com.aksifood2/no_backup/db_metrica_com.aksifood2_20799a27-fa80-4b36-b2db-0f8141f24180
Filesize
4KB

MD5
f704a72f4b29f6dbcd19f2e19c2f3496

SHA1
16cfaee25bfcb5d06e888e3eb4d9dbe9282beafa

SHA256
e82e818396b09d6b980286207bbdaf6402a3e58db0111444fb1726738360782c

SHA512
c8775466944cc66f22f66faf7d7ced2ee6e18fa1e50b116401ab32ae5e8dd1374c380f56580dfe3713464c7cd8f65b064137f34ae6586a09e7ec42bf37a1e8c2

Download Submit
/data/data/com.aksifood2/no_backup/db_metrica_com.aksifood2_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
512B

MD5
37cc8ffa53b9efdb2a6a2f6e5cbd035c

SHA1
4635b932d27210fb716f56853ff1e2c865d10a4b

SHA256
ab0bce16d1e1c564e4694369105da56cea5a070c5f9774b71ffe24be6157fd0a

SHA512
b5ea68ef05ddf2d7fb380519ec29e5b50b63cafbbacd470ed77036bf31ed8db54404463c5fae52aff8c33d2bbf808ab4976b50ab4b71f80aa79dcdc931115ea7

Download Submit
/data/data/com.aksifood2/no_backup/db_metrica_com.aksifood2_20799a27-fa80-4b36-b2db-0f8141f24180-wal
Filesize
148KB

MD5
6224174a0410ac1223ca55e78a45bab0

SHA1
904d79aa9e271046b33da06dbad5616b1f4abcb2

SHA256
5c25918b1d7287315da5f309dbde51e5e9d39e32a950b823910e3fcb6eacd01e

SHA512
d95438fbace96676a0f793f2684ca717207caab173acb2d8bd98a80c45ba07ab5cabb749a17f0ed662423bcbed450ab7c10246c83a25e94b48e05bc26f34e53c

Download Submit
/data/data/com.aksifood2/no_backup/metrica_client_data.db
Filesize
20KB

MD5
fb39c4ccddee9810bddb20d6b48d3275

SHA1
2c375c649e116fe25b37be5d59e5b08feac9762d

SHA256
39ecd995fd49738200c65304c3c12c83a2d1e0d119572999fccae38b8b79b3df

SHA512
2d0848b3a561f434d7dbd6b91632f0be91f3813c3f93ec98ad4c7689ff55dc3a1e2dd1d283f6f934aaf0f91c95bd2f9d8c0548d6b425e2ef4c2b9ca57e8f60ac

Download Submit
/data/data/com.aksifood2/no_backup/metrica_client_data.db
Filesize
20KB

MD5
d33e42236378716e615a1f3ff10c56e8

SHA1
f548b8e492ec1b0e6def7b47423a0fe4e7343023

SHA256
3a4cab540f4cd5038aadd48520edf715ca3d435f101b4f12978ff39da0f7fae8

SHA512
ff77d2a42362f1624e4d482b0c6028f22d0687909799d61b60bf4491e7cb27cc339a1735276cc65b1e37544ef3336889f7c3a9b908a68e9530e4a69d0a47198e

Download Submit
/data/data/com.aksifood2/no_backup/metrica_client_data.db
Filesize
20KB

MD5
44def4f6e42c3ec63f229d23af8c804a

SHA1
f5956d9295778b539bced03215343fd3cf7a9dd8

SHA256
882faff2a0f007164d5dbda7bd7f803306423b5eb48a88b1bb72bde65b77e50a

SHA512
a14770398044635a8a8fc0d59dc95af3a97ae78146a9ace3795d600a44098a5ff7099aa3d0ac40442f8ff8c5d3b5ceecb4b360bf47f3e8c7c902879e2e76228d

Download Submit
/data/data/com.aksifood2/no_backup/metrica_client_data.db
Filesize
20KB

MD5
1bdff8e146df7f47935f1ee1ab843d9e

SHA1
e201cdacb0febfba43a17cd9c8220aa5b42a4aa4

SHA256
093032176f09e1207f7d64f99169c8d4da4af405b7d4b078683af11bbe59147a

SHA512
2ee72358645fd3c732cd820e3649b88ecd05a392c672fe7c74a138fb279729705bb2890c1b052ab50549bc206d855f4b2afca3de4a37a76f6add99d02b2c2d17

Download Submit
/data/data/com.aksifood2/no_backup/metrica_client_data.db-journal
Filesize
406KB

MD5
c263e45b730adbcbea71e5af8c8e074d

SHA1
2491ef6517b09d58597bcabdf5fbbb9ef8331ab3

SHA256
8dcb8c8f0ebadc33013f132f7dec2b59a336ee6528b3788e4a67422051106c57

SHA512
6c718aca88918a80ae08e6dc0ab3103f1ec5e943a32b73e4846916fb88ff60af8ddf6f360fda4838a413f6b74d4a53b7ee342e4bc5f1b24f9a2b0ef89a47ccb0

Download Submit
/data/data/com.aksifood2/no_backup/metrica_client_data.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.aksifood2/no_backup/metrica_client_data.db-wal
Filesize
32KB

MD5
a1fb66d19af25cf2ce443b59f75d8ed6

SHA1
aa623d3b1b2745f61a03169b3361186eb7f82897

SHA256
09df7c19d37b986b0019d0040d44f0c7c1a4a7efeb603d091f94f797330e65ee

SHA512
676c1150bb2a3e0dfec39eb8fec76574592af984391f0e1ef450a2631f23f0078e869a32166a1369be26b228da91720310ff736772bdb9e4d4bec564bdd09c1f

Download Submit
/data/data/com.aksifood2/no_backup/metrica_client_data.db-wal
Filesize
8KB

MD5
7e981716a8ab66053adbce7009705276

SHA1
5d0d757fabe851c21fc0c922ccb2d37383e75c9d

SHA256
018529a419492902bd6c0a888040b897cc61a5a3560a372a053131cad10b9365

SHA512
0bceb3aac7a68a299cbc8ee0ca9be44edf7967442afaf65b99ac0fdbff57ecb0292ec272cc5b1816a758c59301cb80742fed23756006cd24103cef9ea8fcc064

Download Submit
/data/data/com.aksifood2/no_backup/metrica_client_data.db-wal
Filesize
32KB

MD5
175f23cc385ef9ed071072d87c301847

SHA1
7d2a41518877216a7cc67da29643e39f3b1dd676

SHA256
8bb1d29a01afb5e950359bcab505edf5ed357e3237fdf866abed49472c854c04

SHA512
d8b5382964205b3d3cd1f52ca01f89fac1242c9facc4d70e43c0111681d779371a9d17d61d31091641a206adbce48895704044d23a0699fbcfc26b6831b153e5

Download Submit
/data/data/com.aksifood2/no_backup/metrica_data.db
Filesize
44KB

MD5
2cbabfcbb2d10ff555f0492821728352

SHA1
a62a10c871cf33dc8275475eef90f4390fc0b2f4

SHA256
f8db3185e276adeda691387519524f483dabaa679773d0b511a38f3966caeae3

SHA512
cb357b04c7e90585a1c55f17eaa7862eb763e85f4660cf7ab83ee9539120a90bd361fd27de736ace7b2c814464b8a18acc3a147cdfeed470bff5029cb8182435

Download Submit