d9f97fc57b493accaadefbb05f109f0702f448874a8c92402b340d9ea1685411

Analysis

max time kernel
178s
max time network
156s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 11:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6716404f81bfc9e50f9d579d62b38ae1_JaffaCakes118.apk
Size

3.3MB
MD5

6716404f81bfc9e50f9d579d62b38ae1
SHA1

b4fbaeb9b7199a2fe3a11688fc0f581a83d10726
SHA256

d9f97fc57b493accaadefbb05f109f0702f448874a8c92402b340d9ea1685411
SHA512

eb90eec9cffc6b5b3a6f3f3890f870861b4fdddc94a215a6fd763d5673dfa84e6c51527b12a6d64892dc342d715fad8d1f4b0f14ea3fcfa954a6eae69e9c1346
SSDEEP

98304:fPrL/jD6ZNvBoknQqBDCirqDMaepvb3LHOtywXj3kYK1pGL:fDDSZNKkBQe5y

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

System Information Discovery
T1426

Processes:

com.producepro.checkout.marchese:Metrica

ioc process

/system/app/Superuser.apk com.producepro.checkout.marchese:Metrica
/sbin/su com.producepro.checkout.marchese:Metrica

ioc	process
/system/app/Superuser.apk	com.producepro.checkout.marchese:Metrica
/sbin/su	com.producepro.checkout.marchese:Metrica

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

com.producepro.checkout.marchesecom.producepro.checkout.marchese:Metrica

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.producepro.checkout.marchese
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.producepro.checkout.marchese:Metrica

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

Processes:

com.producepro.checkout.marchesecom.producepro.checkout.marchese:Metrica

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.producepro.checkout.marchese
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.producepro.checkout.marchese:Metrica

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.producepro.checkout.marchese

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.producepro.checkout.marchese
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.producepro.checkout.marchese

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.producepro.checkout.marchese
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.producepro.checkout.marchese

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.producepro.checkout.marchese

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

Processes:

com.producepro.checkout.marchesecom.producepro.checkout.marchese:Metrica

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.producepro.checkout.marchese
Framework service call	android.app.job.IJobScheduler.schedule	com.producepro.checkout.marchese:Metrica

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

com.producepro.checkout.marchese:Metricacom.producepro.checkout.marchese

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.producepro.checkout.marchese:Metrica
Framework API call	javax.crypto.Cipher.doFinal	com.producepro.checkout.marchese

com.producepro.checkout.marchese
1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4301

com.producepro.checkout.marchese:Metrica
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4343

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.producepro.checkout.marchese/no_backup/credentials.dat
Filesize
233B

MD5
1133e9404937057bd84d66d3bff259c0

SHA1
92f43a2d4ca94f7f43d6933d2377c6b086088c50

SHA256
38003675857da7c9acc172fefd609d4e4c0be0161ee722d87ce16cae39e38d97

SHA512
3089845ec79f24e8e7e9ccf516ea9d28ebb0544400eca22c9ff47df25b2fb427c50680472e87a8a43ca7e3d9a0eaa3ea26b7ff21037e214d81aa21ce8fda203a

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese
Filesize
36KB

MD5
18a3e0ee32c730f5f783657c91856819

SHA1
3d203caf97c200fc8f88ee3d0052e265c44640e7

SHA256
9c07e80215b129e0433ae3ede2d1ec63a7e6cd7a11307a874c62a65f35a474df

SHA512
1277ee05fd9cd8c2d5c99ad96fc41fb40b5ce1db84d3f7fbd1523ed8c7ed99136fce247d00a7add4f0d575d49d025358eaa2c2b1fff7b6e5cb78213b60c07cf4

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese-journal
Filesize
8KB

MD5
720a5dbd22ffc30c8a0a772906274ecb

SHA1
21f976cada03535c3e7d8c96bfb8cbb6499849cc

SHA256
e9c0084e6048cdf9ab29813a97bd0eabe962d5959af3cc1eb1cc5fd9112358fb

SHA512
1614a7b9195c79686c507c727d6a36cc1ea33ad3def4f15fbdc94d7e15778d724f6ebde5d92c3545b70f4f4e8fb59310e9856335312949120218d719f9eff072

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese-shm
Filesize
32KB

MD5
10c870e7d4b14ddb31a9fd2701c874d1

SHA1
362a45d181eda2f6ab1e49d7898957ab449689e7

SHA256
21580d9edb246e4c131b0fa951e51dd3f35b73d9a3d4b089f0bba7d168fd561e

SHA512
66a39644bd337898dd8ddc7c6bf9d85611eb3c35a0c6d375f9e08c868c1714c8bdfbdfec400ea5e5d38aa5118a5b742442354ff9167deb7cfcc8750dd03f42c0

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese-wal
Filesize
406KB

MD5
ebdd7d8422abd5057a78c4e728250841

SHA1
27e5b15f3ee790cf77c59d3975073f2c516ab1f8

SHA256
94e23157f88019cf670680faba047d9ffb9a7cbbe17e6eee3eb85f4dabfee881

SHA512
6cf7d354a82300d14e0d503ac655c6550cdd76b0b6ca8841b554c8a8a7f0cea7e0b97e9df18a3349bb7dc0d2a5eacb6eedd0189901444c9beb31bddc37b023d4

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180
Filesize
4KB

MD5
ee0534dc1d13bda03dcfa3374a10b02a

SHA1
d36f8ca59b05cf4b4f340ae89238658da2c32db1

SHA256
949020f4ca5b8947b75666c66e3fd308bc9519fe6edb8ab8490c62ae0913dde3

SHA512
be2f926fe815b6a9628a8ca45bcb32132b747f8f9da7943efcf306057a5133f166e3a0939a9da9ad279efb7fe0c517e34946d4508d0ac6d51183b8c961d055ea

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
512B

MD5
e7fa82e7c8c0624a03c6e0709100fcc8

SHA1
3f93891164a83d8eb4ec23bb81cf9a3f80819aa3

SHA256
668e6142b2fa3447e8b3ca0dbb9d8f6d53e0aee8c41ce2c42bfb7bea85da8bb9

SHA512
242222871f291dc4bd4f95a8a972fea88834c4e36e0e54daeae0a7b9542eb0c8f96ffdc0d0dffd5f7d48f5755c409cac80598b420f73de462dc65a639916d382

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180-wal
Filesize
156KB

MD5
8576d8947e3016c57b9c53f9800894ff

SHA1
45b941ccbb41a4f3458fb7f563824fad0749b11b

SHA256
0daa50755767367c0000f7074e94c2d8e3d31d6504cd0c5094d7f0e75dd616b2

SHA512
0593b862e13854714babe14a6e316c5be46a8e1bd21b8df59dbb1ea53834643c7f39241071e809ac9b683c1622c1b20561237b9c37a4336ba917f7e1cdda81c8

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/metrica_client_data.db
Filesize
20KB

MD5
0727bede281275427394fe1181b5f74f

SHA1
4204afe4072122c5fa5232b1441f424b97175da0

SHA256
8a17dd638e63207c05faaf59be30332121ad16fc19ecd072fb7a6715eb4e64f6

SHA512
62e2ff5b591364d8eaf92b7e96a314d9fd64fd4e1a93bafb662057183eb9165724849a8c512ad2fe4b7732d3b4e3e3bdbbe7dae76dd434ca0f9733be2386d35d

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/metrica_client_data.db
Filesize
20KB

MD5
5534f3be991b5d4c6e9f9a17f52758b1

SHA1
cb00fe4ab637f654059beebac999e62a070d7845

SHA256
6be126d0863487f6ee594f09fd7c6f7d177d7007409f21ac837808185b540a86

SHA512
42886a3ebd9adde1d8e18200fbe634ecdb3a2eb777a400dafe778bd8291aa18dc13d58ba8666c5414049c5108787244c019552b73521fe4092c3e76a151929bc

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/metrica_client_data.db
Filesize
20KB

MD5
06956fcd61dde81412cb470eaaf15574

SHA1
d2c4ce7f735d5f7d834928e5e1b1e635d1edeed0

SHA256
3dbf28ea5983f0dc2d1f012b666219bf75e7e13ed73de897a9b68cf6bae2a20f

SHA512
8116faef3c3ddf6433dedc38420fe569e29a884cdbd7dec8bf454a22db41f9f5fd80b14a5c36a2357f9bc448024c77f619ab6f1a0b71fd2a195334b7d4726ba9

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/metrica_client_data.db
Filesize
20KB

MD5
bca8448ebb2700c4a65662f7781124c5

SHA1
576fa981b097a4ae8a786ab9bcc12b46be3dfcc1

SHA256
dcabf2303ce52e3122f16c1b280f47237ae979caf148e2208138370dbd5da185

SHA512
e71e626a9c60f5c7300d4c29870c16d6f961b0319ae97c48462b8facd55380501a32521b18d7acf3cae9e1722bce5d601bf4ee5d5bada526a5c58d503d532cb5

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/metrica_client_data.db-journal
Filesize
406KB

MD5
ef8247e9751e938f63b8ca379eef372b

SHA1
71bd2d9922a7d9ac84ae18af1870df99417d577b

SHA256
7cc6d7e9926ab87d38e512310f025e13f82be36e6cdd5d34954ab6bd44785761

SHA512
4e2534f0ebe190f1ed018c0e1ff375c9e4d772b14dde67a7cc62e334f1f59acb45876166efc192510fc16370114c5763bfb7c5277c712412279f2a4f04eeb2f1

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/metrica_client_data.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/metrica_client_data.db-wal
Filesize
32KB

MD5
94c882c3fde6243d6a4002ce1858db67

SHA1
b5d5a1fb6e4f945b9f38d80c56414392b9a60283

SHA256
f2aecc97c824fee450cc17313337d2a2ff525bb1ce72d5f0219cc11bc763c786

SHA512
b8b9cc088004a9c8ec46d5b9e5a48fceac8c5b30c09a3845791ed6ed1043ca6a775ca01ae88564d1eed04f0a6bbec767bb5b024ee4b24e317bcbf1e4b36441dc

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/metrica_client_data.db-wal
Filesize
8KB

MD5
d03041f4037b051bc68c34c290579019

SHA1
69f1bf45eb460267dd0d18f46611e6175c84f4f7

SHA256
2359e038e43b3235c83f70035a4964d4d61c3511471ca3d318363c4000a97ba5

SHA512
a8540db6dfd4b298b0ac3f6017b4421cc4188b329fcfe2dfa2a44af5c66c68c0f236dd9662e9de37abb452e34d59b40a4209a8b9dbfc683358ae2999be03e206

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/metrica_client_data.db-wal
Filesize
32KB

MD5
e4b3bff82e9adcf859b3939831c1138c

SHA1
9f0e02dea4795f29c8709669e16b2145cf7fbc52

SHA256
1b773adc09356d46b79dc9d8784eac4dda93d3259343696622947ebd1dc87aa8

SHA512
5bea13bda099e8403a9035543ac8871c6ee50952730c77c94a3ddcc36e90b8ad10adab4a80547ec4e53f7a18637ba934f0281793a805bb9e540822488d6fe008

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/metrica_data.db
Filesize
44KB

MD5
961e42c84386f1ff180a57749983b5a9

SHA1
6c608c2f7dc19bcdb2fc6295e015c4d091f1035d

SHA256
c4f73fc912b188a2069f03596612c91a0b24d9ac88eabb6b166dfc05027c0a0f

SHA512
76beb19eeae26dadc95d3f35e386f76021a2f3e4bd391253d447e97483863ea0d1e48c7720ec6c503c9a8b7269071839a2c9f42340ea69ce5ceb552163730d64

Download Submit