d9f97fc57b493accaadefbb05f109f0702f448874a8c92402b340d9ea1685411

Analysis

max time kernel
178s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
22-05-2024 11:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6716404f81bfc9e50f9d579d62b38ae1_JaffaCakes118.apk
Size

3.3MB
MD5

6716404f81bfc9e50f9d579d62b38ae1
SHA1

b4fbaeb9b7199a2fe3a11688fc0f581a83d10726
SHA256

d9f97fc57b493accaadefbb05f109f0702f448874a8c92402b340d9ea1685411
SHA512

eb90eec9cffc6b5b3a6f3f3890f870861b4fdddc94a215a6fd763d5673dfa84e6c51527b12a6d64892dc342d715fad8d1f4b0f14ea3fcfa954a6eae69e9c1346
SSDEEP

98304:fPrL/jD6ZNvBoknQqBDCirqDMaepvb3LHOtywXj3kYK1pGL:fDDSZNKkBQe5y

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 3 IoCs

evasion

System Information Discovery

T1426

Processes:

com.producepro.checkout.marchese:Metrica

ioc	process
/system/bin/su	com.producepro.checkout.marchese:Metrica
/system/app/Superuser.apk	com.producepro.checkout.marchese:Metrica
/sbin/su	com.producepro.checkout.marchese:Metrica

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

com.producepro.checkout.marchesecom.producepro.checkout.marchese:Metrica

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.producepro.checkout.marchese
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.producepro.checkout.marchese:Metrica

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.producepro.checkout.marchese

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.producepro.checkout.marchese
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.producepro.checkout.marchese

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.producepro.checkout.marchese
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.producepro.checkout.marchese

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.producepro.checkout.marchese

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

Processes:

com.producepro.checkout.marchesecom.producepro.checkout.marchese:Metrica

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.producepro.checkout.marchese
Framework service call	android.app.job.IJobScheduler.schedule	com.producepro.checkout.marchese:Metrica

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

com.producepro.checkout.marchese:Metricacom.producepro.checkout.marchese

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.producepro.checkout.marchese:Metrica
Framework API call	javax.crypto.Cipher.doFinal	com.producepro.checkout.marchese

com.producepro.checkout.marchese
1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4647

com.producepro.checkout.marchese:Metrica
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4696

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.producepro.checkout.marchese/files/ZPkFS.log
Filesize
12KB

MD5
e19b01b7b9e9eede9e6f4f9b10e7d67f

SHA1
b9f48084bf742c3b40a8face088021d54846dc66

SHA256
7c5c01ba754a6cebcbeab321537f93028fca685e4c440c6a2a5daa085e535f6e

SHA512
6b325b4344f549bd202c04b795004efee12041a856d3f176c3d3679e50b51b892702fe21e0d6b334e74e4f963d35372d427040c14e20a28d770f4222b2112b6c

Download Submit
/data/user/0/com.producepro.checkout.marchese/no_backup/credentials.dat
Filesize
234B

MD5
4ca3e59c37f98bb25f9c60a232775e7f

SHA1
eca14cf2237d7a33c1620b09cc990350d5833488

SHA256
4cb27d2706dc4d0badcac721b6cfb3d05d1af635f94ba0e4e98826fea89e16b4

SHA512
e699ed182ff51e30143154a31a6b81e16cd4fe1511df6dd499facc8f10ab57e595e325898e7a4c4ae45b2bf201ca41ef389d4c4ce8e1d3d0ae6e75140b23ffce

Download Submit
/data/user/0/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese
Filesize
36KB

MD5
c1919fa09e738676bf29987bef2e7a66

SHA1
6a128122cb9e4a03497d301e2f7ec84d5ad3a176

SHA256
430ae5c7e2a5b6e8235a9b49d49470e8e1b38e6b038b34de50b3349d4663138f

SHA512
20549d2c2d7b7b60f683b306359e332763b8bf1e81d0c11f063e1da9fc2eccc1368406c9c38cb318920f65da3c5ffa1f8b1b4df291fa1c1d54e2c1e7192d48fc

Download Submit
/data/user/0/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese-journal
Filesize
20KB

MD5
071b7e0bc04c69bb6c0ddefc30f6b76a

SHA1
311e06fe4301368ff66b015511c5afe3dc3eeb9a

SHA256
ea72926c0ce96a71c806ab9d50b1e58db3dc49ecc87caac3d2cfec773c6bf9c3

SHA512
275cd5291f6a943959d66ccdfe4a1ea6ba5814704d11cd0aeaa524821c1f78591f283c0cddc5357ab68ea71c137b66a606f7f2f38b63d19fdee19181d3aa5117

Download Submit
/data/user/0/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese-journal
Filesize
8KB

MD5
66d1d984405fb74990235257b55c43d4

SHA1
2855e05c865028a6f3593ba4083014741df438cf

SHA256
439c4c13e98667c461df98a141d5aa7cd0c36e4ce4285d17b9b9b166df8d6a4d

SHA512
3f605c51ec45e8123845c2193fb30ed165958ba6254acfb57e79944f6aacf1f3ac4a408c148bb18f251f063437808ea02e9d2a7c7657b75c655ab8b9d37e656c

Download Submit
/data/user/0/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese-journal
Filesize
8KB

MD5
2705496cfccf948364c1c0f23d0a7626

SHA1
366131a9c2a93bbd9feff0f44d59c36374fd2a97

SHA256
e950c1abab69d5cd2cb92fca677b82457b07e17193b89ea4b9a642a9f07f8b88

SHA512
f1adc48c4911b8988d69d8ad338d5ea209e05d1217af20a574f7938f0268695123aed8f8f55745476f5e6e0b21e1693f1a2c359c83d5fe3fc3a434d1c547ea8a

Download Submit
/data/user/0/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese-journal
Filesize
12KB

MD5
753e1015dc0e18664d13c6e28f1de69c

SHA1
3ac9c6638333d6af2c220631e4897b891b17c1c1

SHA256
a5bee63d70578d2c1acb906c97550d8b5dcef123ac77444cfc7ffee9ce52d962

SHA512
41be51b3b48235f21ea76b2a467e572ff0a785654bb3b62e2f7cef9a010eff06e6cdb340c30b68a34a0db1638ce2ea2d3987fc97bf931db40d4609e4e5eceb4f

Download Submit
/data/user/0/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese-journal
Filesize
8KB

MD5
79f2133d39d1d4582458d790ca173e15

SHA1
e7d04017c03d737c990306aeb269b57fa922f1c3

SHA256
3d2d24ada3c5776a733fa2e9a40b09f7d635084b4350865814c910e7e266e9b0

SHA512
7b006ae8c36669b935474fe5ebf8db81dfd3da285f6c2087ad4c93cd56706f8586f93762b4c425066589f03b1776e4c1391772c02c07a59d45992e6c3e91b59d

Download Submit
/data/user/0/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese-journal
Filesize
12KB

MD5
58aa358e35fb66898cc9da3bdecf0218

SHA1
5525c5023ca3d09d38decebc31b801807085cda4

SHA256
a00fad80521a8afb67c336c8fdaa1a960e491055323d35bf28fe652a1169b633

SHA512
3c29a75cff94654b30f8c4a0e66f0275a6216ecfd6553431cdd44b15bec059736c559ad90d44e0740b024182bac0256c3dc5bf0dc434833a2be971a2745ac36d

Download Submit
/data/user/0/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180
Filesize
36KB

MD5
648bb4967ca0f5e671ead0ec546643a3

SHA1
acd41e47f150728cb2ad75e636f05a441162a7b0

SHA256
ec2837ccb19f053e8157146335d78a565698f28996c5b7f0ec453fd62d976851

SHA512
8e1235f1299a08f97d1b2854f58abda7cb70f9b2e5268905f4258e88afb460487899f53e5c41b4a18e5e952c84c2d063e24e87ad009ffce2faa130eb33abb4c8

Download Submit
/data/user/0/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
512B

MD5
362a0622a8357f162660c580ad0d4c24

SHA1
2475ce984384192182a0b85fb6e77fb937e158cd

SHA256
8a6c1857eb1ba14f219466fca489ebf724624779e1100fd7670cea1c2b6e79f9

SHA512
8a56b1cae9ac6b17c7f6d86a65d96cc2b8f6c2f7ccc76eb62f273ab833bf4bfe659092b0a26266b854ed174cf53b946a918713ac2cc159cbe408ec8a80c8ac45

Download Submit
/data/user/0/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
8KB

MD5
0f1a15b32e8257acc94ea2d3bf459f1b

SHA1
a4f4b8e04be3e74e0554ac4149fd81122e201139

SHA256
447806801d879193a9e0162c1d2ae0b8649c1ec5f1ff85a883129b4fa74aa604

SHA512
40e9bad53d4114106e14217f13bb89ae1c6192376630ce6743c26439647be16f994d2993ea0191dac34c317ab78f0f160553848ba3d71fd6bf728f05077dceda

Download Submit
/data/user/0/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
8KB

MD5
51197aa27782e011cb937a7c8ece786a

SHA1
8bdbf04e1e7d9d0b40cb1390c2d7f118a64f975f

SHA256
0cbc739b3aa07f0434fa09b410156b2fb2be7d12afe5dadf3cc2fcd5ffb8eef9

SHA512
548d9341f841461197fdf535837939212140a3d05858e16c870bc6dfdb5810968ae15e105e9b8127d6a3a676f0366c638d0c6dbeaebfc98da0644037582b70bb

Download Submit
/data/user/0/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
12KB

MD5
b90f7f490106c7047c78567bebe8a612

SHA1
37813053984a54d0d7dd8e1f58962dd0692317c7

SHA256
559d4199a18dd51c30c3d65d294b758acae9bece2ba0fd887be0f3f6044cb833

SHA512
70610f715baab1fc6a45f2544ec2e2734c19341ab4b6a68d0b648392d19f486491aab6e8dc2078447a46e0054dbc9650f79861bb1aad3157ccd5afd1ed8603d0

Download Submit
/data/user/0/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
12KB

MD5
c97fc251b8b4b283113aecd133fffc78

SHA1
b67e6a68fa6e27310d8502ebe09acc27e11e098d

SHA256
713c0f2169233ab90f4419ad91bb6c54f03ba6a64204005e6f1409c3f54f8ec9

SHA512
6bda47b3e39a90f7832bdb1eb2d0ec169fffedb300cd18fd8037b5bc3793865dc0b040401e4cf8427bb48a9df798a05fb72e00818e9d60ba0fde266e272e5867

Download Submit
/data/user/0/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
12KB

MD5
bef46be25ff44ac5118be5cd8967c913

SHA1
d229c515979797a4c42aceba0d73e5579a8dc8ee

SHA256
f19fda0ce95e50f40df8ad8f76cbd4a3ab37e74820e04df62adc2e7ab0f97cb9

SHA512
8b873616f123c6b164cb983ee8c45ba6966b3d37748b3ec8a15a8976cd6a7c54af052ce536df7461e78e1f78b6a9e6429f15d05189782bebae143e17ed2e5937

Download Submit
/data/user/0/com.producepro.checkout.marchese/no_backup/metrica_client_data.db
Filesize
20KB

MD5
f19ae806f0519c65962f16b4605592c4

SHA1
83003415d8ce79476a4c377f5cf24ee6560ee3b4

SHA256
dff56ac5bce40748506b1c87e8104ee0a0877df5ecddabf1310433d70e297c99

SHA512
cdbeb0e011ebc07c62cb5760cbb4465574903d28d9d19fbc4de2eaac352ee88dc193eafded37e5ff9a6e8f822a3b99ae20aa7fcf5bdaa421ddef25c816f85b7b

Download Submit
/data/user/0/com.producepro.checkout.marchese/no_backup/metrica_client_data.db
Filesize
20KB

MD5
a840fcf5962070757a1aed8cac1f1fac

SHA1
8be053618bda815f42ea967bf985a24a99b78292

SHA256
75e119cc2e5ce727eabe6a2e841108827ee8cd93faef9de6b95af2b487a12875

SHA512
51ef1c3eef3c2ee2cb45af34fe750fd0d3030b4bdf60a880dd1d7fc3bfb924a43c217f49140b1d2acd8fe9c8c9f98ff27532333788b81eb279037ef3cddf32e3

Download Submit
/data/user/0/com.producepro.checkout.marchese/no_backup/metrica_client_data.db
Filesize
20KB

MD5
5d148c2b562a4dece21607f01d38f91d

SHA1
de898254739ca536e872f74fc512e3056a1c6b6e

SHA256
3297ab11d74d2d8766980d82c8cefcd7b388b988d057bb66e99822f2c8d26abd

SHA512
f8d9350a8b6ea817c3a309432647b53034538dcfb2f70a9ea35a37924c6278b2ee224ab15ab3a68a43b182c305f7ce59a365d1b2eae088ed0a7b2a86311fc5fd

Download Submit
/data/user/0/com.producepro.checkout.marchese/no_backup/metrica_client_data.db-journal
Filesize
8KB

MD5
b0ea61eed5c7571cd6a42be786ab9a80

SHA1
e0b29b88e97225b0022c474e602e14689286d98f

SHA256
3a64f5d9ce3bdcc2db0a6e6b10c88db674409f67af7d3defa378267f48488c27

SHA512
f292a33b68b6da598b256b015c7c2436d9e8ce9dd1c07ed4352c8b106f12dc5df834bc17baf1c9b0cf9258217cf6559b1c85be9878960c6cfeb1942b25fae07e

Download Submit
/data/user/0/com.producepro.checkout.marchese/no_backup/metrica_client_data.db-journal
Filesize
8KB

MD5
bc194ccdd8fa793eb3a5023ce43e7bfd

SHA1
4f0e8ea6316b8ef490fcc74c6c5ccbb6fcee9aaa

SHA256
dd7ce52c5fd4224d754dea96a383added01636593c87fd5690358a2f9563351f

SHA512
04a9f65b8f237c41135dae89f166e1f1d0fb8c63704148f79e97aa7bae7073e17fcd38cd3b253226533153b25d5eb651c4b8398cff8de487b6dd1827dac5bea0

Download Submit
/data/user/0/com.producepro.checkout.marchese/no_backup/metrica_client_data.db-journal
Filesize
12KB

MD5
3b8c51f9bdf309ddce7d3075f83ceb5e

SHA1
d8c5b4d61df7ad2b4bef5dd618f18273952f139a

SHA256
928e5356534f89cd0f97fb852503f777a57be56d9d434f5d1355d59dcf0a3ebd

SHA512
a83f590fd67a6e07da5c391551b04d022086cc98fe90c2f93f0e795ba269a594254ab08fa481463f12eceb073315ce211fa8750e341282255547c8a131a1ba52

Download Submit
/data/user/0/com.producepro.checkout.marchese/no_backup/metrica_client_data.db-journal
Filesize
12KB

MD5
8efeba575418c53163cd81a5a70ec395

SHA1
cf5e1a55ae78afe870fcf54c9927c86d59b63216

SHA256
d4e8a4043d8bca179af0cdb368d6f5378efa8bcf651ba036dc3e59608e0c611c

SHA512
7235844341c710606867c469e51fdd1773ececfb6149fccc8ebe6f4d4f6c54d44146d0dfa4fe11d5549bd5ff4b84013f92ccd570f26f70bcdd255389ce5c64be

Download Submit
/data/user/0/com.producepro.checkout.marchese/no_backup/metrica_data.db
Filesize
44KB

MD5
48046a1953d2cb18958ac6e7394ebf84

SHA1
56a5282a09c43d23afda91d467eb34e904e4a5b1

SHA256
f394ca91e4543b492534d1e2d92eac41c978b81b38e4a55eac6bc31616113ef6

SHA512
817c6929f7cc9d0c9495728211584edcad4d750a2f14548a9a11c1e4cbeb67773009c726a333083be5a62c677deed43d6c5da9bc56f21430802294da569daa36

Download Submit
/data/user/0/com.producepro.checkout.marchese/no_backup/metrica_data.db-journal
Filesize
12KB

MD5
976820d78a76be617adb9c353b75eef6

SHA1
c8d8cfd45b927d7b9b0552784a3f9655ae829884

SHA256
31d615283f69de0ebbb1a71353e4c557572f263a5857f51d54876ba133d5e698

SHA512
877648e9842c843093b7eb2247692219933a55feec1e89263fe2386b4f9c36b4c13099f4f2e2b949fa29d19530f66d7d6b442ec8ae7e2224ef16bf80be7e2fb3

Download Submit
/data/user/0/com.producepro.checkout.marchese/no_backup/metrica_data.db-journal
Filesize
12KB

MD5
8b1ed4dccf66be7d5d60d1fc08fdfc6f

SHA1
6725cafd2d30df70242388f31a79615bc766d66a

SHA256
b927f96d8df292f95d6228eacc08dcc2b1aa86d04aa6feeaae6c813a8b419215

SHA512
11263224ff0fd441a6d13331015b2d7c01fdd4d8e98018ba3b9c4a364486f82fe2c65312e9461e447ed8f3909f200a1f2019970bb86b6482d027ef724a93af6b

Download Submit