edd2463f6c9cff6d2b2c3e996eb298ffc7874f907898ccec048ae7666538c65d

Analysis

max time kernel
179s
max time network
150s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
22-05-2024 17:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

67f94adcfc778a2e2b3c8e8fb6b5e13e_JaffaCakes118.apk
Size

3.3MB
MD5

67f94adcfc778a2e2b3c8e8fb6b5e13e
SHA1

c1712535383bc345d23c374f38cd454616dbcd34
SHA256

edd2463f6c9cff6d2b2c3e996eb298ffc7874f907898ccec048ae7666538c65d
SHA512

6ed1571f2b61bc86a9f1de1f443d877083e57ba87d70b888bf5ad14364a62cfa35b6f2e3d556ebc292e3317123d13483a1a05c6c1efaedc1ddf3bfe3663dad9a
SSDEEP

98304:RohWAo3eZru6tvBsYrcnfRrxgzKnUTxWohL/BH2OtywXF3oyVAoVgIU:RogneZS6BBrcnfRrxgmnQzR+

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

System Information Discovery
T1426

Processes:

ua.FoodSoul.DonetskSushiTaun:Metrica

ioc process

/system/app/Superuser.apk ua.FoodSoul.DonetskSushiTaun:Metrica
/sbin/su ua.FoodSoul.DonetskSushiTaun:Metrica

ioc	process
/system/app/Superuser.apk	ua.FoodSoul.DonetskSushiTaun:Metrica
/sbin/su	ua.FoodSoul.DonetskSushiTaun:Metrica

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

ua.FoodSoul.DonetskSushiTaun:Metricaua.FoodSoul.DonetskSushiTaun

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	ua.FoodSoul.DonetskSushiTaun:Metrica
Framework service call	android.app.IActivityManager.getRunningAppProcesses	ua.FoodSoul.DonetskSushiTaun

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

Processes:

ua.FoodSoul.DonetskSushiTaunua.FoodSoul.DonetskSushiTaun:Metrica

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	ua.FoodSoul.DonetskSushiTaun
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	ua.FoodSoul.DonetskSushiTaun:Metrica

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

ua.FoodSoul.DonetskSushiTaun

description ioc process

Framework service call android.app.IActivityManager.registerReceiver ua.FoodSoul.DonetskSushiTaun
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

ua.FoodSoul.DonetskSushiTaun

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo ua.FoodSoul.DonetskSushiTaun
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	ua.FoodSoul.DonetskSushiTaun

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	ua.FoodSoul.DonetskSushiTaun

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

Processes:

ua.FoodSoul.DonetskSushiTaunua.FoodSoul.DonetskSushiTaun:Metrica

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	ua.FoodSoul.DonetskSushiTaun
Framework service call	android.app.job.IJobScheduler.schedule	ua.FoodSoul.DonetskSushiTaun:Metrica

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

ua.FoodSoul.DonetskSushiTaun:Metricaua.FoodSoul.DonetskSushiTaun

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	ua.FoodSoul.DonetskSushiTaun:Metrica
Framework API call	javax.crypto.Cipher.doFinal	ua.FoodSoul.DonetskSushiTaun

ua.FoodSoul.DonetskSushiTaun
1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:5145

ua.FoodSoul.DonetskSushiTaun:Metrica
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:5194

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ua.FoodSoul.DonetskSushiTaun/files/ZPkFS.log
Filesize
20KB

MD5
3154c132f6c0ef6d23151580444221d5

SHA1
c88a96c689ddfa9cdd9509fa2de51d8dc36176a9

SHA256
fee3ada2a4a8c0bb873a0e29dd3b701d234400935bec0af332dec79b140140af

SHA512
c1887f7a6cdee9c17752ae58c2dee57d272187d609b9b6760f352eafc9ea0f441ae0560a83f9d94cf3c230e27da1c5b68906e958b866a3b61afe2f493c7a308d

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/credentials.dat
Filesize
233B

MD5
2d522b7f6e0b191013f55f2d33610a64

SHA1
bd8d4c6eedb09b902f6f44905f455ac5fdabfc6c

SHA256
cf7d94415afb1dcd5e103d7089a7c4161e5f0591e89354126b1283f2969eedf6

SHA512
49cf5fabdb86ad1a0c6e6035173da39f3a8910fb41a7f124ac4d3d2ca0ed9d8db0e1ca3f306042c1b8297baadfb5aa7301bcf3f3400bf918813dcb3edfe7305b

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun
Filesize
36KB

MD5
2475555344ea5026ad4b9d84987bc6a3

SHA1
58de61ffd79c05173dc4b205f3bcd3c61ace5633

SHA256
c8569d36f9ae42651ea9e7f01f266577475096f6bed640a72d64c0c78cd45888

SHA512
d0ff1497e7a700cf2bf9cb07e50d9b70c980c13b3316c28309516c2580516c720c5214f69cc641e4e1bbad110de4c35a17c9afb5b0e61ad681c42f83d2255113

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal
Filesize
20KB

MD5
f81cde6d11c88bc75d61f2836fde3419

SHA1
7724da70109c3502e29148195b263443ae979620

SHA256
0b15af84cab66ea74ae8d01e4bbd27e1297c82eb3ea93a47e45047e41566adab

SHA512
585c6f8a391f3fa040d8ea624938c7b5ca15608b25ff26746aef9566e86f40e035894eb14ce9922f731934c029cd5bcacd7913774eb61991bfe9761115c6d6a0

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal
Filesize
20KB

MD5
6af1b98c2f2f447d80386f23d1c25fe1

SHA1
4f6ccd6539ddbfb2884ba7f118e1842bf01a0333

SHA256
f2ceb90177be7b4c0be3bce1975debe882162e05dfe88f4a18360c754c51c7ca

SHA512
d1ab85b23edc9d6f1aee6a5a66a68a1c1b47bf3fe6772dc6adb49dd288c1ef01817726b425b0c224cb502981d968bf317ad6d46b42c383eacf87591b9d3bacb4

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal
Filesize
8KB

MD5
d21749a865caa1b240250cc8667fc6a4

SHA1
1d5a0cc0c62470430b6f726b8ed1b4b29290c056

SHA256
1ac8143a84d18726facd02817e4331dddc692ef7931e072da970aa6c2d8b946a

SHA512
ebc25c511616f39461bb8c46986e9f9848c900be3e2869c1b49299966fe5f3ba1dda005a7999e70d9405941c868ddec50c6de5ca5891c42ed5432903adc8fd84

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal
Filesize
12KB

MD5
95576a5ffdf667843d01b819232a7cfd

SHA1
af6996970843c23dda8adf099c30529cfecd76b1

SHA256
dbc6c1ecb93ea83210085f5ca55f08321e49fe231729973ca6e38a977267578b

SHA512
159b30e88529e59b92754b4ad5da8fafbc393b712ece5e18937c42d547b72615394279536d7e73b5b7b4f246a2f73215f12bec248b0867e55848297a535ad59d

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal
Filesize
12KB

MD5
e6f697973b4f92c306c4228a1f20f46e

SHA1
86947c56d3c4063031db45398525499e3f6ba827

SHA256
3d3f42a2466883243f5c7651741217631ff9947f0794a3ac70f548141773e905

SHA512
f38e4f2f5182b575529f166b14c6be28b414a9e318e36807dd5c80b20f0a8717b935b9d95a96d800e28c86d8ffc0ff21e95280e2bb10c9dfe8d24cd2abcb4d57

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal
Filesize
12KB

MD5
365a9c24b80dc68254d90f8355605471

SHA1
60c857134b17dff7373021455889f0dcb3d92664

SHA256
cbec1f1f9130b70e9543c239bff4bb7a6de35bcb647b390f25d9cc8e07442075

SHA512
4d721d9480df0ca13c73eb68fb2460410231243a7cc77e481d013ec82fd11d39c8417cc521a77e3be2ccb2a1c570644cfda8f0ce45dc685244f5ba369213f2a7

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180
Filesize
36KB

MD5
98804d49f4f8a1aa4b39f75a194bbafb

SHA1
2655355c72ad1aa97921945eda910b226fb5afe9

SHA256
6e22003f720ae26f704d427c85deddb6e2a74c812b7456b42a969e891432a1fe

SHA512
6c38d9123a47e441f1779686b8c534c36941926777d2d3fdd07584672251a8a42bbaef48276836927d55dedb69a6ae97ee1264d0269f357ed57cb7d1e324fbd7

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
512B

MD5
ec834bb22a6c02ad25b7b8100288f65c

SHA1
a64b3ede1e06ec7c381b69d5175d738151cdf4c3

SHA256
d744affeefe75039140b7bd992a080e0b78d251b179d8aca54e05884a9be664d

SHA512
97ef63736ac15d30c9aad9ab4febf6095c0ff4df6fd51b38a7b7d29c6f44f08d2e84fd458fdc9cf8fc7fd8126bb4649b4a6ed19d9fbea8f8addb913dbe3db392

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
8KB

MD5
7a7642db82d1746a6a7afe6609536de6

SHA1
fca20e3a797e2d5cd973646646deaac772e550de

SHA256
2629ce684af13201d52d65da59a837421b8bd86d23cb849e8ee84bf9fa88bd76

SHA512
b1053cecfd9ab138d86d66c12cdeb942439b7cfdcc9720c5c1354529e0ffa313414e9dad8c5e30d1ec9ab176ef7bf5be65ef4f4b2c682ff70494ebe81f18c5d8

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
8KB

MD5
6fda81c8dc1c784d3a7e7b017197209f

SHA1
e107fbdd9640a53cd5f4b89e85fadf517d7cb79f

SHA256
845018cd9173ab2c702477e76c70926176e5755ed7b890ee3869024d41497a92

SHA512
ba37ed400260771280cb00f82e0466683d8cfb97d9bcfd0846d4a722ab044acdf3316bf4b14e68c452cf51c7e1c1cc05982e3c039596c39b8ca072286a0d54ac

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
12KB

MD5
b7c806d71510b774a40d2225dc22ad17

SHA1
dc088c16078385afea151108816a46a5957dbff3

SHA256
bc18c22950797e9431e596a92b7eaccc33868fa74808877d37adb28653f43d0e

SHA512
ec56cbc611a3fdca16a8769e6c1d9aa7c909134edfda20f5faddf1eac9da1c28c9443d2059e8ab8ac650539bf54c78062e88b9d08ce32b3dc202afac30001e01

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
12KB

MD5
d8fde5bb69f785fe3c837fee4e5d1ddd

SHA1
5b600360628ccf537c8669c252ffe3f7cf32ee91

SHA256
d0adf887ca91621fe3e16753001c2543472ef7a97baf0c9ad4dc9ac3ccb8c1c1

SHA512
4c3ced128a53cf6de79c79f78715d6f862133fb2c798916e2d118cdec7b9ed5dc934397ee17d37679a6e9d2e27bcf7e68f05066364a6394e105c60a2d89c7cdb

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
12KB

MD5
0f7edc649bac0913221fc947c9efbbfc

SHA1
f7df72483f9918d38aa1606d69fab68e656ea32e

SHA256
9693c1747e01f5e96248b566cebf610db6b9141a5a06b30fe9067c6a9cfb6b34

SHA512
f66782c81191877c48f50ff2884b22f8072a373936decefed37866c99640e92b447d0e7c9c3939d6fead5868c099fc42eae607aa83ab8075c1854d861c7eb7e8

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db
Filesize
20KB

MD5
a9edd624d28ee5a7ed6224282c975783

SHA1
167516e4c366aa4e00db92af7115ee4e3ae39fe1

SHA256
b688d9e05cb425bad6f25c79fcbf61c9365d4c42f8ca98ea617fd1ae4f85af85

SHA512
0982493df504e09330cebc2da0e0811e2c525f10ddd1dd4f27ba3731726ae4baca74d857658de1e59964e3e6c54f9628480c52289525d2f1cc2710c388d6bf37

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db
Filesize
20KB

MD5
89037a00eb158e168cbce9b871b007d1

SHA1
a441d16044acbf98d96d6c89c179fe25ba4606e5

SHA256
31788d10182d77e1b72cac1498426b52678e82d47c700362e7f346b8361f2dd2

SHA512
8ea0d0f8af19a56a7bcc18972f87b4c0c612f1a9252a5499079efd2047ff0994b6b2baa4b4cc2fa4f244e894e605af897afae3d76b5e6d6630e98fb52112d02f

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db
Filesize
20KB

MD5
daffa9adbcd1876026c9f346ca793e50

SHA1
8ad964a2752d2f6d88a1fa9fa1e506ba26fcf048

SHA256
ad78e89c22354f45c1cdd63b42f2eba44b771d18480395e597c268d44e2216d3

SHA512
a484cc6884c1d6e4dc2847981ddfc86260a15fc3132499b36b8fe52e3003235cfe0c7ad55f0c0048f01a869db09cb122ee3ed1924f3e753fa85efdae072b4ee8

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-journal
Filesize
8KB

MD5
0410a8f4ca146dbf829bc542296cc1df

SHA1
8ae580075f843d7bf88f3f6596f25f31942e72cc

SHA256
c9a2a719a9e72053e0636e571821b2e9c8339b5b0ddf669fe38bd104ddd32d3b

SHA512
aedf9789fdb3c05d5b733b491bf9f63ca1865c68cb82c4140485b6bd7c6d4745c4443e369018e86af39473b7e97ac8ca6a57f77c483d870eed437a6372e3a17d

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-journal
Filesize
8KB

MD5
9bb0e57f6d5e1fb47504eb26c766eebf

SHA1
f536aa491f286232627ab7d6ed0cc07d9b73f677

SHA256
2fef039177896b11462c8b62e6f8001ab3dc009fcc67d3137a032faca0c36f46

SHA512
2d20501f115eca7bee8ad6560e6ccaf8bc355a329383d176e93efabbeebe10e1d39eeb9b03a3c73c04bb15fdc42267aa0b04f63a712632a0f63a40870070b90e

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-journal
Filesize
12KB

MD5
a4f01fdce46866c3e54f50639af01a12

SHA1
2e932cc29d8ea51cd4a5fa2d6ae8afef80ce787c

SHA256
a5fda0719c9261de169975757718b50d56a14fee653fdfa4978d06220c8a2cc9

SHA512
a90a95f421c15541e21b3682c697c8e8c6561734700f6ba4b59e54019599917028a40b6a7cb1c0e94db722cfd51192d5a47889f387692def6437cc13f99ae2d2

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-journal
Filesize
12KB

MD5
b9efbf318c2cd329e2e95efdae986a84

SHA1
b097afe6215d1945402bc5e187f7cf6376e5078c

SHA256
5220d240b58198057732b725643b25f2ec8f7b301909d6a6a6a94180334aefc4

SHA512
7c6563b9e09cd5c87eebf6a41c267c13b84e6dc84b545f79aa050aef915ecd7573d709b20caf62b5cf262abee0375399b1fe4ea79f3a090651277ead7691ea29

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-journal
Filesize
12KB

MD5
f785ca9ef89f20f158c4cd47d1e76c99

SHA1
287abc7cb317c5f63ca45b6ea34a7b2d9558876a

SHA256
3dc0b689c85123e9ab842844acc01ff4482c967283c2956463faf2adacc4661c

SHA512
9845ff9d948a0adc055ebbf42bbe07ed0f74f05a7ed721705d6bd8ffcc2a3c91c28c715e155454a144b06c7911fdfa87c7118b5b1e8d59cbe3d4b7265bd424e2

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_data.db
Filesize
44KB

MD5
ebfb3720abf2e5e1b6949f8b05acea69

SHA1
06e3cfc3195c39d0b369a2257165b02538076e93

SHA256
7a0e647e0e1e30631f17d0e1f15bb59f20ff55b9df7cb97c5491911a1364cc6e

SHA512
09a6364a57c46e2b762e1dc7e7077afaad6a957be7b3e31d41145a2478e6cf7abaa63f999bf61dd869bd2b1fccaa16336a4affd0ea07bb92d2f094c332e2f2bb

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_data.db-journal
Filesize
12KB

MD5
70217d16c202627c83d89fb72695a1fc

SHA1
643d95fb47201df5c43e6ea15841e51a6b57f51e

SHA256
9749e60d4991b3eacbae9807aeb4b9adb21e67ddf99b65785bb2eb0bb39063ae

SHA512
3f0fdec9f0e1819e44293405a53506f9d4cf6c4287af0d196d9518fb52f290cffa8b223c2d5347ea037a7e0a4a1f3d0ff06f8d7739a07bcd06bcb77560f53a34

Download Submit