edd2463f6c9cff6d2b2c3e996eb298ffc7874f907898ccec048ae7666538c65d

Analysis

max time kernel
179s
max time network
137s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 17:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

67f94adcfc778a2e2b3c8e8fb6b5e13e_JaffaCakes118.apk
Size

3.3MB
MD5

67f94adcfc778a2e2b3c8e8fb6b5e13e
SHA1

c1712535383bc345d23c374f38cd454616dbcd34
SHA256

edd2463f6c9cff6d2b2c3e996eb298ffc7874f907898ccec048ae7666538c65d
SHA512

6ed1571f2b61bc86a9f1de1f443d877083e57ba87d70b888bf5ad14364a62cfa35b6f2e3d556ebc292e3317123d13483a1a05c6c1efaedc1ddf3bfe3663dad9a
SSDEEP

98304:RohWAo3eZru6tvBsYrcnfRrxgzKnUTxWohL/BH2OtywXF3oyVAoVgIU:RogneZS6BBrcnfRrxgmnQzR+

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

System Information Discovery
T1426

Processes:

ua.FoodSoul.DonetskSushiTaun:Metrica

ioc process

/system/app/Superuser.apk ua.FoodSoul.DonetskSushiTaun:Metrica
/sbin/su ua.FoodSoul.DonetskSushiTaun:Metrica

ioc	process
/system/app/Superuser.apk	ua.FoodSoul.DonetskSushiTaun:Metrica
/sbin/su	ua.FoodSoul.DonetskSushiTaun:Metrica

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

ua.FoodSoul.DonetskSushiTaun:Metricaua.FoodSoul.DonetskSushiTaun

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	ua.FoodSoul.DonetskSushiTaun:Metrica
Framework service call	android.app.IActivityManager.getRunningAppProcesses	ua.FoodSoul.DonetskSushiTaun

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

Processes:

ua.FoodSoul.DonetskSushiTaunua.FoodSoul.DonetskSushiTaun:Metrica

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	ua.FoodSoul.DonetskSushiTaun
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	ua.FoodSoul.DonetskSushiTaun:Metrica

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

ua.FoodSoul.DonetskSushiTaun

description ioc process

Framework service call android.app.IActivityManager.registerReceiver ua.FoodSoul.DonetskSushiTaun
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

ua.FoodSoul.DonetskSushiTaun

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo ua.FoodSoul.DonetskSushiTaun
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	ua.FoodSoul.DonetskSushiTaun

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	ua.FoodSoul.DonetskSushiTaun

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

Processes:

ua.FoodSoul.DonetskSushiTaunua.FoodSoul.DonetskSushiTaun:Metrica

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	ua.FoodSoul.DonetskSushiTaun
Framework service call	android.app.job.IJobScheduler.schedule	ua.FoodSoul.DonetskSushiTaun:Metrica

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

ua.FoodSoul.DonetskSushiTaun:Metricaua.FoodSoul.DonetskSushiTaun

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	ua.FoodSoul.DonetskSushiTaun:Metrica
Framework API call	javax.crypto.Cipher.doFinal	ua.FoodSoul.DonetskSushiTaun

ua.FoodSoul.DonetskSushiTaun
1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4205

ua.FoodSoul.DonetskSushiTaun:Metrica
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4243

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ua.FoodSoul.DonetskSushiTaun/files/credentials.dat

Filesize
233B

MD5
b8b92b3fc172d0046c365efd8e3d50d5

SHA1
62f613d5744bd1b1723fb32f6150f6bad3c26f9e

SHA256
0df43c1dee3675e06904b2fb54f4d11888131d45412324e01378dc75682ef37b

SHA512
7e52a0a77ebacc4726ae7f9965e1895195d5bfc213cc8e7bd8b59a8c010b2327e676f3f6544a43f772e580c87779021b4eb47631d861a02e24ea16f051d5bb10

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/credentials.dat

Filesize
473B

MD5
847cdbdebaaa8c48d93211d47392dc8d

SHA1
3f72ba8617da5457ffa00c02b53cdbd0b6c6f76c

SHA256
4f294178b80ec4c65a70b644170da865b91d09a2bb68f3ca39c1bc4c2ab6be37

SHA512
59788ccedc3b401b7945efc9c3d954744fd1d8295f4032030dc2a5025eb53a28afcbeec673f9dfae600e476862767e5eae83f7b5e592c373d5adb4921e4320a9

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun

Filesize
36KB

MD5
2aad547ad3f97a7b9899c00a362ac47c

SHA1
a2fff80a2dbf2826363d14e7f5c588d4668e111c

SHA256
382943342cb063c20eed094c74da94938261a9e8cc250fc6d4fbc9d612623722

SHA512
f1470903114f922fe2831e3e22cb96abff5903c07521568efde75a886ad9982518710fe2b7dee2ff0932b1f736d7a63fd82ee892e7effeb43a1db282f943ea19

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal

Filesize
8KB

MD5
fd888e5793dd151ac33b22ff678c0db4

SHA1
d84519bd6bb2be6ecb9b8db36ea4ab3aec97359b

SHA256
e804fb9192b9840d4280704757c5405bd826bfbf84f892629542fa21649380f2

SHA512
004b75ff60c7856a954b48257acbc3901406116ee87016d45ee96a169e62ee25761671c63f1f42476712a6b66586a485477141b8c2c2ff3239b23a50410f9883

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-shm

Filesize
32KB

MD5
6856aed0f9b5fd363bc3bc4ea5e23fb7

SHA1
a7f1d8f2699e4652151e235c136a4ca77387932e

SHA256
33483a266020c7c4dd822f20e294ccb63cc11d668cbaa1f14aa2f8445ff7077f

SHA512
166fa3351acfc054080512c4dbec1c75ed0c12911c573b2b4c4763e49eeef96c08f037eb75b21a4d78b0b6f784704a4aba52b26eb0f715e6244c2ebf37c59984

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-wal

Filesize
406KB

MD5
953f644bd0f373a2c5e97185b3a92fc8

SHA1
dba1d23ac4027ed2399be0a7d77894afc41844aa

SHA256
99ed92e3d20c38a75a9ee7a9a808878ff11f992741db5b63297384589a99c556

SHA512
a101133af4d06faf9e7b92b0c500ab356b6ec87ebb9728d1a8c59d64882cb7ba7e586c18445b06bf3addfbc41b1bc7ec92fbaa25bf74c714ad3cda5c4ed2548e

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180

Filesize
20KB

MD5
7f3d341c6762ec16e61c19d618518c0e

SHA1
1bded9cc28142a211886e138845964f1cd969768

SHA256
429569001c8bd6034501ed8faa288d76de828266ff88efc8fe3c2801698f62a6

SHA512
7dc1fc91a6fde808b09c4f94fdcd7ee9de4e4b98ba1f2b47796d92d4aea348f0606689c362973475f340d4df5ea5a27195ce4b4c5258be2cecf8557730d2f5f9

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
512B

MD5
3b6c63efcc9b1552a3315818f390f40d

SHA1
82360127ddebd76016396edb1a971b6bd6c4b5f6

SHA256
02a1125cbdfdfbb6c54515d27d9cfa763b461fb170b3cec90b28cad02aef1e0a

SHA512
0738b88a787248bae094c59e0b99ac76988a17eda358a83dc153d43cb25a366ce40c4829b435b33043e2ebc7f50fdd0228e3c45932928c8488c9968cb4fe03ec

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-wal

Filesize
164KB

MD5
ac1a09c2718c88ea0583695ec553f7c2

SHA1
a0e5a238f6c8e2508eb6a08721075f1828c877b5

SHA256
a522fec30f1dd55956aa722a983b324480b93bd5fb282d6128779481af7a1b07

SHA512
626bb5dd37813fbc8641c5db3801f7dbb46c889a44137100c1b94cce7b9abc9e51b7512f349d9d90d67684c00a655d5624c1d7526ee1714b72dbbb19aa223624

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db

Filesize
20KB

MD5
d8e7e3a111d69443c89ab0e82b9b6ea9

SHA1
19e9c313fd0b18610c0923d790e06a30361a63b3

SHA256
60074b9435e0e707c31affd077d5b6902fb2f4602ddb3902b66436fcbcfe8f19

SHA512
95d698b96ea341dd092eff432b751139c8857f951f2f24bef2d217679550e39a67ba3bd92d898019a28e24151c38da963aaf96ddf5e243328401a179b94fd240

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db

Filesize
20KB

MD5
ab46373aebeb6abbd760ee9b7374c45a

SHA1
e258a33bf3619135260fd3eeedc1c12c7beeebb7

SHA256
2f184197e2bd39aab24a31a9ed6f33c6d81be1203029da49cacbb68d82a17953

SHA512
e5e2daee5fece2025a18f0468c5b1ecbd034265fa48195c5647742d8d723eea6594ba1bf38731e7b70d279c2b32f4bcb44b09d3ccb887f80d9962d662cb87303

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db

Filesize
20KB

MD5
44def4f6e42c3ec63f229d23af8c804a

SHA1
f5956d9295778b539bced03215343fd3cf7a9dd8

SHA256
882faff2a0f007164d5dbda7bd7f803306423b5eb48a88b1bb72bde65b77e50a

SHA512
a14770398044635a8a8fc0d59dc95af3a97ae78146a9ace3795d600a44098a5ff7099aa3d0ac40442f8ff8c5d3b5ceecb4b360bf47f3e8c7c902879e2e76228d

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db

Filesize
20KB

MD5
8e56ca76ad831676ca34b2f490fa1b98

SHA1
4bc118cbc29281fa8a191971c54e31f4f078892c

SHA256
eeab3cb1ae704d0d1b2d184ab593d9b6d4a3ba03149b652517c9e02d134c8dba

SHA512
f6ea25999fa5f75e4b8e466ccd390ae4eab51c6811a00922b03eb09b6921be8651af3421f933d114cf0d94ed971e38ee21d8af66884a6bb1a070507aa527b638

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-journal

Filesize
406KB

MD5
e2409fffc0bbe456cfa92162c8c0e18b

SHA1
6962f8449ae7953883e4e7167961e4b0fa7f05b6

SHA256
d10eed4ea1eeea3e7da52309a3e39fa41ca3b1900c4783a09281a699668a5134

SHA512
583d1759ce99e1fd7f637cfb7dde616e13d3b51acde222514cd6fd6ccf5fef942ea28cbcc125b1ec2429cb906fc533e1a1dfe208d0d99bb6bcc924e1822a0ffa

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-wal

Filesize
32KB

MD5
dbf692a3cb4e93ea9b2b21f74e8c9b57

SHA1
f8fb47f38c4c59444d161df85d55be6f508c090e

SHA256
6aafa66be32685d2e0567e35da86a4d931bed25a5d1171a237a6e0c558331776

SHA512
64b05b4adb35fd1e328b13986ec0fc34878d8f50cb5fde955e71197406179c061379487dda588fbffc0d48161a6a814e364386bb0b29be0dce764fcdcc66a535

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-wal

Filesize
8KB

MD5
de68b277c54980d3cfe778301921ee98

SHA1
437a816889a3a78fd76e6f39a2aa40b264773393

SHA256
8be070558237fb955e925e1e8cd7210a388c902370e01ef80ef000e4857915bd

SHA512
2c6eef2af1e958b1c14e1a58921342c562af844b752a518772e92af001e96a7ddec9d4570e4ef8cfcab770fa88d87211db24bb3735d5e38235c915d4196422d2

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-wal

Filesize
32KB

MD5
5ddf93a70de9d3908f3441c244acd860

SHA1
67a12180ae8b42717428006976f9e7d48b179a64

SHA256
2b44d51f1d76cd86388e669d20b4600517769a540996e3ccbfe40413e2a2d6f3

SHA512
a196834d45414b3b0e0f8aa4eae7cae3b796efd33c0013b395615ff0371e13be3cce540f6fd3efcd3a770ed65991ea7b615ea4656922e3229a55916db31e1bab

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_data.db

Filesize
44KB

MD5
11a6fa6987f91a9c8f7b39189467ded5

SHA1
cd8c7ba82b690d8b9372fb11ec27339927e96fce

SHA256
b5cf763a4b550fcb10040c0e435343a4c8a83eddf364faa1a5c44de016fc896c

SHA512
717701f5e0d24aa62eb387d603853ee0d27c20b05c84a9aa636ce3395de1f04edfba3f1e2c1aa8d53ca072baa0f61095be174470a87a1d0237c2a3b56a8cf803

Download Submit