b941a37d8cb6090c701d91d2157c5e59875a584989aaf23bb21a61b77702417a

Analysis

max time kernel
179s
max time network
131s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
22-05-2024 06:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

664a42ac03c3460209e52dd8d5025873_JaffaCakes118.apk
Size

5.9MB
MD5

664a42ac03c3460209e52dd8d5025873
SHA1

2bd16c956d809dcf760452ce88bad13f93383aab
SHA256

b941a37d8cb6090c701d91d2157c5e59875a584989aaf23bb21a61b77702417a
SHA512

4ff0026fdff0883a4444061e0c9b1795e7958bfff36809d07dfb4c3a2cdabbea055e4727922decb7d9e388ae00c7871e3c13f9a91c5f9031e9b3af899f0f2ee3
SSDEEP

98304:YDna6nXDEWn/urXc3Mv2vIvZCu+GlirgkV9oVr9W2Arfo2sh56kRm3yPnC:YTTnmrM3uiqsbGlKVKXg7G6oUj

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

System Information Discovery
T1426

Processes:

com.aksifood2:Metrica

ioc process

/system/app/Superuser.apk com.aksifood2:Metrica
/sbin/su com.aksifood2:Metrica

ioc	process
/system/app/Superuser.apk	com.aksifood2:Metrica
/sbin/su	com.aksifood2:Metrica

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

com.aksifood2com.aksifood2:Metrica

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.aksifood2
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.aksifood2:Metrica

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

Processes:

com.aksifood2com.aksifood2:Metrica

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.aksifood2
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.aksifood2:Metrica

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.aksifood2

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.aksifood2
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.aksifood2

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.aksifood2
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.aksifood2

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.aksifood2

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

Processes:

com.aksifood2com.aksifood2:Metrica

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.aksifood2
Framework service call	android.app.job.IJobScheduler.schedule	com.aksifood2:Metrica

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.aksifood2com.aksifood2:Metrica

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.aksifood2
Framework API call javax.crypto.Cipher.doFinal com.aksifood2:Metrica

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.aksifood2
Framework API call	javax.crypto.Cipher.doFinal	com.aksifood2:Metrica

com.aksifood2
1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:5138

com.aksifood2:Metrica
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:5245

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.aksifood2/files/ZPkFS.log
Filesize
90B

MD5
a1e3157f595e8e3673cb91679ee09d2e

SHA1
7a5b468f80ab2dbe458036112fba67d19e1d98ea

SHA256
e98945b25279469a0bd6e7053d1ec50e212c3710ab0a960ae3b92de3298d7513

SHA512
bdb4e07f525f1b039b5b5bab81ca99a3d1e34a35ab6e381d73d154b47eee065cd26e52fd1b219bdd0be7deb243978ee858d0e7a4295d970b7f77177bbc8489a0

Download Submit
/data/data/com.aksifood2/no_backup/credentials.dat
Filesize
233B

MD5
db0f2fa91171bd15d2d05e6c1baf24bb

SHA1
977c765e2653d2e7a0568009d0d3da6bd3c6db5c

SHA256
7e6eb771e35245698020740e06580f3eec940e8d5192eb4309647ec86a96e015

SHA512
8c86083240864938d3b4808256eefdf259e6c621e442bafbc1691ecb40592feb8b2789d1d58ee2265cd27d3dae24e9b1287c94e2fec1b6a2620c4ba9793965fb

Download Submit
/data/data/com.aksifood2/no_backup/db_metrica_com.aksifood2
Filesize
36KB

MD5
cab6558ea59c047401f20e6a100ed281

SHA1
9743b68abea2394b0908db784bb0aab97d50a7b1

SHA256
2cc94ffb52fd79c1357dbefbad21a9f7325294900104a39ed65be5606395db6d

SHA512
cfb1cde482d1ad0ed634974ecf7f04b4aaa5d4e7698cb613dee0c43f2760a25d95fb0de1e31bafbece84a9ef9f067d8f6726370bf3f66f72225b51775ed167d3

Download Submit
/data/data/com.aksifood2/no_backup/db_metrica_com.aksifood2-journal
Filesize
20KB

MD5
b236de01d21d77320861bf7b394626c6

SHA1
1fe9cf9fe5cdc2ace928c1db764af3d8ee60cf45

SHA256
86b83046a8d7336913c9de4aabc4ac85f4e321c90dbeaf5aa9f9272dada4877e

SHA512
9ce75eee856ea2f0354a59095b817a94d56ea597d3dbebcde6b47083ca0c2ba5f389fe85d5ed6e7dc8fd6223df8e8177da9900741e6dc328464fa3d989a5056f

Download Submit
/data/data/com.aksifood2/no_backup/db_metrica_com.aksifood2-journal
Filesize
20KB

MD5
bf38569a38463b07e5687ac8f599383f

SHA1
ff4a5a404e0b25ab580c6c605896ab652b1d1d4a

SHA256
2e44b236f5dddaf30ea67c52aff17db6b94a749fb6f6663c59b21abd2fb14524

SHA512
995276a560f7422c6c4114504535c9e7f179fdba4018706c4b32614154ea61a255f278d1b7d10d5f7e9ce9d3993cd926b13feba07dd18a33b029dad1286fdb00

Download Submit
/data/data/com.aksifood2/no_backup/db_metrica_com.aksifood2-journal
Filesize
8KB

MD5
1480a167b558f1f8d5b5a67af57f6125

SHA1
aacdf86011d4b040a4587167400569898bf065eb

SHA256
3d7da2af149adc551929bd3e03bf773391150a1b53c07356af745cf5860bf9bd

SHA512
39c59dbe3019fce6d044f63ad5cf5c5704f167a822e5116ee7014584db06e3aecc6b73d203a7e7532f722b19bd5355559ccf875424db169f89fb2bf43320f5f6

Download Submit
/data/data/com.aksifood2/no_backup/db_metrica_com.aksifood2-journal
Filesize
12KB

MD5
607a8fbd387224612df0c811995784e9

SHA1
5007d2242a4c111475cab8d745938ee4137169eb

SHA256
3bc142bb833992971fa6b2cb896609ddd378bc7231813545d3e9017397ea391b

SHA512
865b4d78da05b1e97a992b9af021c14c286d2e983ed9b07e6343e1fbaefacc66bb26fb5862a7ba238eaff837ea717511af16b9fd113ea7da3269a63383d16d0f

Download Submit
/data/data/com.aksifood2/no_backup/db_metrica_com.aksifood2-journal
Filesize
8KB

MD5
784e360ffeb9799a5f9e8c319996f582

SHA1
ea14687337eb79ca4bf70fb0a86abc88b3e0d78b

SHA256
3b7a4dfe15e68c2147cf53012ed2efe3d62153fac96693c1ee20a48b2c0d434f

SHA512
83d71fd6e7674d3a54c6433869408b851bcf5b096953b43c56f37941319b5fa2e87095ad81a01a1562c6ef698b457445958ae136c1b9ce2e3a898e6e124ff3d0

Download Submit
/data/data/com.aksifood2/no_backup/db_metrica_com.aksifood2-journal
Filesize
12KB

MD5
7ba474fff9ba3306adbc3ea7e370518b

SHA1
a7164b873ad700a2c733eb2d6363199b54295148

SHA256
b9de4216f5a0c152963006fd7e0c666d3bab9fda8b21ebc6596bf27c60961e53

SHA512
f63605a11fe21678a9c0ad0d8e4697426dd30cb15b2f63e91c42828edc00f252dcf83396571f08f8540d1f855f3e1e1804e82ba597dda48d439c2ca6c53556e6

Download Submit
/data/data/com.aksifood2/no_backup/db_metrica_com.aksifood2_20799a27-fa80-4b36-b2db-0f8141f24180
Filesize
36KB

MD5
d98f42bcac34c2beba4d8aa38d643854

SHA1
585c8ddd790594f90f33087317e00a742aa7d423

SHA256
d3ba50a6992aff24c624ca76042a8162e26c2b51ec0c1d6e307b5cef757f3248

SHA512
4f9e532954ef8151777b0e36420d53c7def383ee7a08dccc9bc0e1d06281dcb9acd61b11039a10964b335b51f2a1ac8397bd6f1c6ea94691e86749d28dd46209

Download Submit
/data/data/com.aksifood2/no_backup/db_metrica_com.aksifood2_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
512B

MD5
f913a21d9b79738ef854c8e1eb226605

SHA1
20d548cd57f5c3181df2efdd6841a259af72896d

SHA256
ba7392c5b11ef9630fc19f7ea757193c6e710959d3fea738a8f299efc495584c

SHA512
fe3a3f69f370d054026c3ef48665f63adbf0c11adea9267add8163a0459f4b8c3bf63d3cb7f69649aa93dcd89ee7e09545928b6a1284b6049c541d482c31bdd0

Download Submit
/data/data/com.aksifood2/no_backup/db_metrica_com.aksifood2_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
8KB

MD5
99b96b27b7b96a17de55d4495aea2472

SHA1
53f20c208f8ec0cef58138f8c65a3394bc2220c4

SHA256
64172b7724ffe337458367dea569b6d54b9bf53d27db7c28d1949143324e8a67

SHA512
24b59c1f37bae4e9926ab89251d39f8a6a81c879d74f67024c3ec7015c05ee6e725a7d04968416fc86e096873fc537d3cd1b1af4e00868e83d03e6a9edf4022b

Download Submit
/data/data/com.aksifood2/no_backup/db_metrica_com.aksifood2_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
8KB

MD5
ca82e40512d92513ecb0224895094913

SHA1
db76336c4318f9c7c9025480007c315ac7f94327

SHA256
bb2e2610bdd10182d2d76280b39d36fa579dc6db117109883d47fe430fe3adb4

SHA512
be77272c0914af7c2d8d148d0f4c29e78a2a4ac289301e8af998ddb5e2eec13e47bcdca9d5cd9ab28bef3816af12c473eca3b2ad17d5d80b1699c100d2116ac8

Download Submit
/data/data/com.aksifood2/no_backup/db_metrica_com.aksifood2_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
12KB

MD5
10c4fa007582e164ca51e0812cace526

SHA1
43499d08982b8126219bfd84a303f58b38930f60

SHA256
cc69a5dbe36346bd2fdcfa4f9db43ef3f3e808bea4c5aafeac4dbca1e215004e

SHA512
dd0e76ba1b155c632f4a22e0a801878b7b24b40102ee4ac6f0438da6cb29c1df2c09063b1889a0b36196f5d8df0920f96f96b80774b615484e88d111593e4350

Download Submit
/data/data/com.aksifood2/no_backup/db_metrica_com.aksifood2_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
12KB

MD5
84382da3eda160111352da55af013470

SHA1
07468c0baf66f7562a84e0fed1f1e0d387723051

SHA256
f14426d048dfcee42598a516ee35299862807bc231bc53f9fd2a6c86ce286c5c

SHA512
97ed79f71457f6b8502e9cd7ec9c8f4129a73bf0c8bd4e1b0f06ea5c1ed2c504ab0f0820600491fbb0ee5bfa5d3674ebb2ab0bebb65f2a5e7ed72540f46c8639

Download Submit
/data/data/com.aksifood2/no_backup/db_metrica_com.aksifood2_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
12KB

MD5
b16a2075244b5ab9700d86acd01e37a5

SHA1
cf6a7fb91bcfc9ae0f42068ab6848107af00e91a

SHA256
a7ee98169a6f565acdc8954a547bc27fb9d29eff986a111a0794f1dad7dbc401

SHA512
1fd040d1505bd33b69be640cd03b4304226cc600dc41fb05209e0a1036ff78c9797346b45b67fae756794b84d077464b017d35819906ce8b5eae08dd5af30d7a

Download Submit
/data/data/com.aksifood2/no_backup/metrica_client_data.db
Filesize
20KB

MD5
cc0e40138cf5b8b9770ae69d023b3836

SHA1
debc4be523f66ae68692cd530faab7928bfffb46

SHA256
f687727659151726ab86d23da18eca51c7ca1b8b7b5bb26d16caa0627c3350c1

SHA512
99f5bdf77197df7eff78d66afb3daac10bc41fa22ae5b9616671835a1d0180dba04f96951f50e23e087ba58cf27c6b9949c49bbde6d0b282ba6f50afcdb97ef7

Download Submit
/data/data/com.aksifood2/no_backup/metrica_client_data.db
Filesize
20KB

MD5
c86e62f2cdca62fb6982a82121852af9

SHA1
10d3315b884df7bf86676a40181d7f5af02b9153

SHA256
a8e7af04f385d91888a0a9abec90af43477c7e936fe2db2e56a9c0e1b73e615e

SHA512
ad97cd24a8dbb62739af12a97686927f3c482a8e22c534061286c87d2b25a8f24d43e7e693fc024d3040751f38dd7b1f073bfab46455f58006b06f54cdf79cfa

Download Submit
/data/data/com.aksifood2/no_backup/metrica_client_data.db
Filesize
20KB

MD5
6fdd33bebf87e8468a90ac88e070d70a

SHA1
bc4e3845416910bed408f49af26af189013d1cc4

SHA256
e4a0ec820e5a2b0444d5b6dacbdf2812eccb84bfd0652a391b8b7ebb4e29e00d

SHA512
cf210ac3157d2f4de3aeaade3f7eed12edd4323d17f64ea5c005e2c2416e0703017da5b334a4bf10f3d52aacc8e94f5cfbb3256e19259c13034d54b158019dfa

Download Submit
/data/data/com.aksifood2/no_backup/metrica_client_data.db-journal
Filesize
8KB

MD5
6071b8dd4af39b83032d1b3e52175c6c

SHA1
a9fbe0c9bf14a11715fb9b1d2bdd03612379b1ce

SHA256
4dfb6fd7a604884327f4635324ad2e152090c42e36dbfc36ae085d322515780f

SHA512
87880676f1031119028331690324784f5494f8da72e6969270a15f19ea2ef91de67d3182a9727776562cfd74439f2a8d68c816b84b2dd73313ff448b3fcb6fb7

Download Submit
/data/data/com.aksifood2/no_backup/metrica_client_data.db-journal
Filesize
8KB

MD5
7a9a294a36337b1f6ee79bd9203666fb

SHA1
a5375b69e9ba6e39c87b6c2153f0e249a3f6c061

SHA256
6281729a152246443a7f069beaa7a1af1a14aca665dce0fb90deba8c6dfed1ca

SHA512
2309baa1df0fd19d8a75ae9b1539787564a5aefa6e98e1aa86e9dd7b072f70258f2bf102174cfa6ab1968d6cf0e985b27021362bc619fc8147a872b072f978d2

Download Submit
/data/data/com.aksifood2/no_backup/metrica_client_data.db-journal
Filesize
12KB

MD5
7467cc2726863520859f9aa7f1859035

SHA1
c5ea414fac66bf213e19425d0d4d1818891fc2ba

SHA256
603697d228c4c5398f507a9d3b2e3f6b0084cc23f70d399d337aa4d341016ab6

SHA512
36c561c2286a82fa3c6845328b22d7142e8b6ea90db0c28f13ee843a4e26f7abbefb61b415c418604fcb0114c24290a67eb957ee728c26c4edc6c179a3d93909

Download Submit
/data/data/com.aksifood2/no_backup/metrica_client_data.db-journal
Filesize
12KB

MD5
dc5ec24f5dc8a8a6e0ab035c333529f5

SHA1
f0f4426d77dd9f84dcce2ab4cebdb296b7d3a26b

SHA256
bf7f2a911a80a622241e4920c6cace65eb9ce5395bb6be02167d6d02df6d2c2b

SHA512
bc13de7bac3ed78098f0da971d629258aa39f712074900df7df791112f8fef62851c9a7d6bb616d87e1a38dadefa60243431ec435c169bb82a0ae4b79de6d783

Download Submit
/data/data/com.aksifood2/no_backup/metrica_client_data.db-journal
Filesize
20KB

MD5
bd4cbc24e4e737ae5da7d181e2c63361

SHA1
7d23fd408eb576c9f7fca10ca9167e68e36da9e0

SHA256
fb0d47a2885e2cf0ee90bc13a585505c313065a28dd5f561a08c329927de29c9

SHA512
c8f18323f8b6f53e1cae449ac25e4cb96a49a4a6b47305faceffcf5a9cede9d66b8b53a386e69ead62221187697ce170f1bf0c49ee44d72bb1e5ae54d0dd9373

Download Submit
/data/data/com.aksifood2/no_backup/metrica_data.db
Filesize
44KB

MD5
2dc7c16bc777fee157726fca5fd360dc

SHA1
6146e265aad313e25cf1cac4c9ffde211baaae45

SHA256
9105c979ca762ebfa41a4beb026613fc6af6c4b21339bc69d1b8c9f73b599e3b

SHA512
8331296190b9b7c9501b4517a62717933b37b98d69bff48dd3e4060b12fc5a2ecc11f2625b40e83e226e114ce6bd0559a057ba68288b7b6e86adb8d3fedce622

Download Submit
/data/data/com.aksifood2/no_backup/metrica_data.db-journal
Filesize
12KB

MD5
53a3d068dffb7215f812d339dd0d6c0a

SHA1
b59e6d0ad176d4cb7cefa5e2a9e54fd592c99762

SHA256
815b03a3e44e551e6bf4dc60fba42f4d9e1ae52853afe81166e27a1422278a8a

SHA512
6a983020987419ab1c5f5e341e68d53d7a8ed6535bb3414cbd41431f727bafd118ed34ba2a64c1e2136422c7f94c75fe2230c4bd9729d9e553aa2953563c258d

Download Submit