d9f97fc57b493accaadefbb05f109f0702f448874a8c92402b340d9ea1685411

Analysis

max time kernel
178s
max time network
129s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
22-05-2024 11:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6716404f81bfc9e50f9d579d62b38ae1_JaffaCakes118.apk
Size

3.3MB
MD5

6716404f81bfc9e50f9d579d62b38ae1
SHA1

b4fbaeb9b7199a2fe3a11688fc0f581a83d10726
SHA256

d9f97fc57b493accaadefbb05f109f0702f448874a8c92402b340d9ea1685411
SHA512

eb90eec9cffc6b5b3a6f3f3890f870861b4fdddc94a215a6fd763d5673dfa84e6c51527b12a6d64892dc342d715fad8d1f4b0f14ea3fcfa954a6eae69e9c1346
SSDEEP

98304:fPrL/jD6ZNvBoknQqBDCirqDMaepvb3LHOtywXj3kYK1pGL:fDDSZNKkBQe5y

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

System Information Discovery
T1426

Processes:

com.producepro.checkout.marchese:Metrica

ioc process

/system/app/Superuser.apk com.producepro.checkout.marchese:Metrica
/sbin/su com.producepro.checkout.marchese:Metrica

ioc	process
/system/app/Superuser.apk	com.producepro.checkout.marchese:Metrica
/sbin/su	com.producepro.checkout.marchese:Metrica

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

com.producepro.checkout.marchese:Metricacom.producepro.checkout.marchese

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.producepro.checkout.marchese:Metrica
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.producepro.checkout.marchese

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

Processes:

com.producepro.checkout.marchesecom.producepro.checkout.marchese:Metrica

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.producepro.checkout.marchese
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.producepro.checkout.marchese:Metrica

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.producepro.checkout.marchese

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.producepro.checkout.marchese
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.producepro.checkout.marchese

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.producepro.checkout.marchese
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.producepro.checkout.marchese

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.producepro.checkout.marchese

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

Processes:

com.producepro.checkout.marchese:Metricacom.producepro.checkout.marchese

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.producepro.checkout.marchese:Metrica
Framework service call	android.app.job.IJobScheduler.schedule	com.producepro.checkout.marchese

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

com.producepro.checkout.marchesecom.producepro.checkout.marchese:Metrica

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.producepro.checkout.marchese
Framework API call	javax.crypto.Cipher.doFinal	com.producepro.checkout.marchese:Metrica

com.producepro.checkout.marchese
1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:5174

com.producepro.checkout.marchese:Metrica
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:5225

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.producepro.checkout.marchese/files/ZPkFS.log
Filesize
12KB

MD5
044d1fece936f53a89268b2267d6c29f

SHA1
17cb015c645bb41bbd557e2c27927623c04a5f47

SHA256
9e3ea8352712dc532dd812f4a460a577c6475d6ad37c93c669f6b1360efde844

SHA512
59398ce75225b41e3886679e4e1cfd5289ac721c3bafe6a77e3872b3a8f11a50cdec212c1f114c09f11884ffa191bbacd994cccb7aee34d0545db0f0e078aed6

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/credentials.dat
Filesize
233B

MD5
52c7243a77344888c833a3cef5481894

SHA1
ef9b11d4e2b62c3e384c96d732c512a59a582942

SHA256
e091110bc400265e84d7dd0b27ae61a67c418b5d1aa76829e15eb2bd2554c28b

SHA512
79fd7faf62b7d8e8b75432ace099b81f466f9f996ecc85648de2636bc5742cf9a33858935738d1ab31fd1d86d5389dbe815aa89502454af3d2e72a4457e5d4dd

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese
Filesize
36KB

MD5
0f45368bddff52cf9dee55f254db70b5

SHA1
68aee8f6905328a0415d8814dbb289ed07f86ce9

SHA256
10d1a966274ae1c6fd60089d6c2dc3a45bfc000e8e2f098eb26f299604b87e1f

SHA512
76e6cec809cbcdecf81c98a42ff9b549cfa55c75f6e3ecd1836b6d2b689400b3b7422e720fc4403dbbf86fec81e176095b21719f59b68e7fa78d5652b488d63d

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese-journal
Filesize
512B

MD5
66e1f8ee1a033bdef5cf0edffbb4241f

SHA1
ef1662ceb003afbdc7be721f031e8afb191ea1e9

SHA256
189e2e2027e841279fa3dec0ae3874eec64095afc93210ee0263057e5a8df766

SHA512
01f3e2f8afc1094149b433c43def83e8df58431f4b6f794ea78c054ec3d840259ce4931432dc11b760950eb93b5cf1829b8db35a0322e8fb3d5fe4d35ce63a98

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese-journal
Filesize
8KB

MD5
016f494566b1839a2e7c6375e37d9e44

SHA1
e8a1f964f3c74dbef1877630acd3d0e13c9726a7

SHA256
4b3916cc44f31d896315042ec24810947e4ef67fb069d124c2634f7d92a9cbdd

SHA512
0e384e3a8daf0359b26ae30db4ec8fffeb7ba0ce37187b3d044ee631f652cef75c4f5e94468eb1ee3cc6d194e24e561ce28f940516a514443126ffba1c9039cf

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese-journal
Filesize
8KB

MD5
422dc93734c8aa562c382ca848902cd5

SHA1
c39043918f808bce68b861b3d63520ef4d6079fb

SHA256
7cc1de61f1f3e83eac70cc4fc400ec0de5877d2cdae59e9534eed384d0af7b3e

SHA512
97c6316b584dc53f68e6ca67e9ec57bd84ecdc34fbffe085798356960597d586f5327e8e5bd406573b0600ded1b80579f46459a54837d75de8e748107a9e1216

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese-journal
Filesize
12KB

MD5
eb75061505a8b750e4d2b5772069f526

SHA1
a087cc6d192cadeea711624ec4d864ab0e481023

SHA256
529d17442955344d664a5f2cbe1340486d15d2f348eca4fc0e5a1208416d884b

SHA512
362c9327501f37a19d0ea87bd1158ba4a4e03c36081f5d0843de3d97711905f34f75e755aab000d3e2eec78468cbb8c73ee7ca006aa89f462d338e2b39a144fd

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese-journal
Filesize
8KB

MD5
207f5e8160922f14116c475da5d0c03a

SHA1
049df8e457966aae47dfc77e700cf91236a71f8c

SHA256
79c15ed28fd8babaca3a6ca238c733a8e32608e2aaa0f5aaba6ee136d67bf90c

SHA512
5a23bbab46733e127b8bfbbeb85253dba2d9b47434ccaae0ea611ecc45f92a5235e2ad369d67e6e9575d6768ba1707e3dac7cfdb480d0c8446e636cfcef69894

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese-journal
Filesize
12KB

MD5
ce8b69456307caf23835473328d8dcb4

SHA1
92e04cbdd14d52cecd154347f0decfc502a4a797

SHA256
2e5c337e8a5d6d5862bce72086c07e796d05f460fa5fc7c2da0ef1907779c0a9

SHA512
12ba7bc4b08dc377632f565c49010535c1afdfdd73b28fc85285435e6106660f9c9e25c144f151b78426f9f24b951f627776ed1be5cf15ea9cfcd49971fc170c

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180
Filesize
36KB

MD5
72011711a5ff22054559ae9501f89202

SHA1
44db5cd05a3c6ffb742bc79387c30c2ff2cf35ff

SHA256
bbd88332dda11b2fec3ef0fefcdcbe9dc7906202c9e154385b147818d3751715

SHA512
f8499b0432c3d596c1e95ba0f0bd91dff72a52096c7c0a1baf479877279a2d933887e885ac32c4e86a65a5359c16feff3ad71c1475f11625cbd39216cb95aa69

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
20KB

MD5
140cc29a7d1e0f880bda1768c3144edd

SHA1
3fbd800246e6bceb55aefef661349dc203035dd7

SHA256
44ce7f0549684af18df8155c9dc61308009352839f1c94800fb5da4bed3036a1

SHA512
c54e15ca3903681c9bd235a453141d1659aaff2321cc89abe63bd9ca78807d236ef4395c7f00e9cfe4f698e46daf1ec977284aa22b36d2974c41e12b4f0ff734

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
20KB

MD5
6e1448be88f450b35bf43eb8ca8a4056

SHA1
4e8fe8ef36d3607cfc6547af3bcf745fa015a713

SHA256
f4acac3c9583ac08c4a76cb20954090ac68eb31e2a84da9df74e0fff3dace72a

SHA512
1d9c388f83730dceb21e0a5f5c274dd168730ccfe686cb6c2eef0a6edce0ffa2679310dd58564d77d1de0c88403f88f7a4f599641a4879f9dd93d2ef139a298b

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
20KB

MD5
d6a4f32cdb0d2a8f1ee2dc7b41988c51

SHA1
cd5b6800c6949ac72d0b4a972218e0cf993dcea5

SHA256
44f602035569a4f55552123de6f09f2132209a2fcdeffdcf8b7f49cb6b20de63

SHA512
6af625cc984e02dbdb93f52b1efef355ecba57efbe9f9e3ec20a44fe5019eeebf1838949e4dca7338021f2559d13c4b8174f541bb17bcac2a8bd471ab8b4ceb1

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
12KB

MD5
1fa296b1c14c638e8f908fca238e5cda

SHA1
3c076a8111dbf011ad1e5dbb63d48900698ce3f2

SHA256
696012ad0dca480428dd14c7da72a98a0e19ccc84ed4fa67f256e97e04bfdfd1

SHA512
f6d0afba7f4c092ff9ab6bbb670a4fe07e3e6e2fbe54c939db9545fb9b4b405c00125de980ed5ba34f1c04c1e4d6060c6dcbc2ed03252c1531aff7e27d5bda02

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
8KB

MD5
563c8a4c3a9aa5b56f1d287061d53c34

SHA1
67b744d8b2f6cba8859501c3d9836d40511badfa

SHA256
0b4c1a4481e4a3f8ad8fb056b079809cb4463a32b7d7702b2f8c5db241e4d3ba

SHA512
83f0620dc29f0f19eeccca417f431202847774d3259652d72e31a801893abb11959d8a4eeca8920071c41f5d7d1c4b4bec2cd00f1ee1f2ccbbf5cfb5ed248278

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
12KB

MD5
1d693706d68271f3c34a3eff7875a6aa

SHA1
e2e5c77aed7c7c6c99f28d7bd226d4a891c6cdd4

SHA256
f3d662a2b46ab56630318788958aa5acfffe242fda25978025853c1711037c7e

SHA512
d1cb19161a7adde604b631786250ced8af3ad53cee9a8c5fd4b7ecf7d73f91f3899df4c222b2a0c8cd41a06ad842f49c130d6a52b24ffdff147da2fae7a32d05

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/metrica_client_data.db
Filesize
20KB

MD5
d58eefa707b6bb209eb4fecaea28202a

SHA1
fc8a48a824b20bf0c22218ede4bd73e9202546c5

SHA256
aee07e8fff7aa21719b98c5c75753adc592769d6f94c070f95940ba4aeb0806e

SHA512
6439dd5e9c5499c1e3d1c4cca4071e4b303dc6818bdb29183a8e6c0c30607804dbdfb0e8d6dca8b5896b97674c6d2d685fb51c858325ddf30fd6a42525a8ff93

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/metrica_client_data.db
Filesize
20KB

MD5
af1b2768838f9eec0445d0bc668d3908

SHA1
2b77e19a2fed85abe30f97ce4efc328ae0c3222b

SHA256
bcea5f8fc9357d2eb437f3e2b3668e02d97a9e30b375935b1f86893037f0e7f1

SHA512
d90ec1d6ceb58aa9925ad4179d4acce180c763425ec11a8fd5046b142e87e7a91dadd11c0abfdc0d3c6347fb9cc55b827fb0da237e4e99a68a7555b6023666d2

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/metrica_client_data.db
Filesize
20KB

MD5
484df068dc370197c0e37af4f433f772

SHA1
5d071329bf5182e60b2d268adca542901d492001

SHA256
3ebaaa9fc7a9245b413f62f91d9e689d468456dd4b6ce2408bcd2003cbdbfbd0

SHA512
587e7b68f2c167d39dd50744f2892a461a67cb073e8cf9f6eb2ab752e07841440dbe212af32958248d15af5d4001e7fa12f86cad62578ef31999355a86c3b0b5

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/metrica_client_data.db-journal
Filesize
8KB

MD5
cd1807f22dbc1692db97df33ce3d7bda

SHA1
9ef7bd74f167f06161bfca2a08b8951f0a732de1

SHA256
fba356e3ad08cf50535c61bf61c0042154e99c3675beb3b1869d7b69d98973db

SHA512
93eee247354e8621051bcb1efbf419e903b260ce3eb4e39d8a2a560f4579f964330ceccac55c85322f7e0bd3de06e49917d64492e704fa20ae65c9daae310741

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/metrica_client_data.db-journal
Filesize
8KB

MD5
9485ff39af8d5e479f2e394addf0e4ff

SHA1
5b5a5096eb73b8249adb269049152a35a398c65c

SHA256
ed21fc0e427298c66d998670de8c918b882b021e82a8205b015487c1e47c7df5

SHA512
1a4e4a9e10c16e42e0ab2ee84bb473af1711820179c20ef77105dfabeccff578f09be706eff3dc31c9bd8f599ffb8348f15c956a16140e06a973abec73c15a44

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/metrica_client_data.db-journal
Filesize
12KB

MD5
6a6b24053ec27a77d31313d3010f2df2

SHA1
a64d22aecb430183cf78b7e28cec842863a3e2fe

SHA256
43e954520fe98dcbe2a5d60bfd37a7e4d4b2a4e8d890869ce43219ab6db14c35

SHA512
38e6da45b022f6084d95b9d12cebdda32181324d8449033ca03d93c986498bfb8e581cd4f8e61d84d180e23c7cc6a0842abcb7a8864865578bd6f5ca05e9c7e6

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/metrica_client_data.db-journal
Filesize
12KB

MD5
c9703506ad7f0da71826e2cd225a390b

SHA1
6f9b7db75519ffd84688de2b64a3219df8b57355

SHA256
a37ffe1386e7aab0880c17a638a4809687048c31de16993ddccd6b7210617ef6

SHA512
043f642b1de84d40659c3c0ee99af4dab190c04333ad5e46e006d802134686ca471debc625e2c5d73ac870aafa874365fae35522c73636e0031c6303c32ba4e4

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/metrica_client_data.db-journal
Filesize
20KB

MD5
5f8ebf74998a220ca9b4b84055371257

SHA1
c59632f72cca1d3841cb71fdf54d49f01de4391d

SHA256
567fad44a42d0614e1ed6897632949cefb35892d0ac24c66ba4e94543eeaa397

SHA512
5802ff52b8e79c2327e35feeda23065e5fd5248aa53fd4fd9bbbb817417d791487498c9b75dec66d0035ed2e92e1bc27ccb9f727f3ac9a3361ee7cb9f87f7c00

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/metrica_data.db
Filesize
44KB

MD5
31e3a8020ab7cdc831495f2dd7aae4aa

SHA1
cd4f8b6a72b5f2a0676489c45a4ffa17ce499c1e

SHA256
fdd33344cecce355c8e9be8906ecdd2be65e2047e0c185efcb5e3aa856445922

SHA512
520b3ab41f614aaf151686d4a93a14e0ab033c6fdb20f85e16c5292551edb6225c10191b9df45b93e8245434bfdb4f2b87b39ad76979177f54d21a6f99f9584b

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/metrica_data.db-journal
Filesize
12KB

MD5
a6cc25d33d71cbd4280602ad6d869d4d

SHA1
1240a20e42322ccf37499fe7ecc88142fe0f51ec

SHA256
e94d9e94b323d3563db2a13b385c5ea10c387abf68ecbe94597efe2612961b66

SHA512
0f788d43c7feaa50f2f74190d3b17cc5e826b1f5b46f12c827abc7f22cf2490ec8803727cd5171e6753bab6fd3c955cee48fcd06bd5b2c61c5734f005c3d1d65

Download Submit