edd2463f6c9cff6d2b2c3e996eb298ffc7874f907898ccec048ae7666538c65d

Analysis

max time kernel
179s
max time network
131s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
22-05-2024 17:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

67f94adcfc778a2e2b3c8e8fb6b5e13e_JaffaCakes118.apk
Size

3.3MB
MD5

67f94adcfc778a2e2b3c8e8fb6b5e13e
SHA1

c1712535383bc345d23c374f38cd454616dbcd34
SHA256

edd2463f6c9cff6d2b2c3e996eb298ffc7874f907898ccec048ae7666538c65d
SHA512

6ed1571f2b61bc86a9f1de1f443d877083e57ba87d70b888bf5ad14364a62cfa35b6f2e3d556ebc292e3317123d13483a1a05c6c1efaedc1ddf3bfe3663dad9a
SSDEEP

98304:RohWAo3eZru6tvBsYrcnfRrxgzKnUTxWohL/BH2OtywXF3oyVAoVgIU:RogneZS6BBrcnfRrxgmnQzR+

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 3 IoCs

evasion

System Information Discovery

T1426

Processes:

ua.FoodSoul.DonetskSushiTaun:Metrica

ioc	process
/system/app/Superuser.apk	ua.FoodSoul.DonetskSushiTaun:Metrica
/sbin/su	ua.FoodSoul.DonetskSushiTaun:Metrica
/system/bin/su	ua.FoodSoul.DonetskSushiTaun:Metrica

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

ua.FoodSoul.DonetskSushiTaun:Metricaua.FoodSoul.DonetskSushiTaun

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	ua.FoodSoul.DonetskSushiTaun:Metrica
Framework service call	android.app.IActivityManager.getRunningAppProcesses	ua.FoodSoul.DonetskSushiTaun

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

ua.FoodSoul.DonetskSushiTaun

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo ua.FoodSoul.DonetskSushiTaun
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

ua.FoodSoul.DonetskSushiTaun

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo ua.FoodSoul.DonetskSushiTaun
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	ua.FoodSoul.DonetskSushiTaun

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	ua.FoodSoul.DonetskSushiTaun

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

Processes:

ua.FoodSoul.DonetskSushiTaunua.FoodSoul.DonetskSushiTaun:Metrica

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	ua.FoodSoul.DonetskSushiTaun
Framework service call	android.app.job.IJobScheduler.schedule	ua.FoodSoul.DonetskSushiTaun:Metrica

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

ua.FoodSoul.DonetskSushiTaun:Metricaua.FoodSoul.DonetskSushiTaun

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	ua.FoodSoul.DonetskSushiTaun:Metrica
Framework API call	javax.crypto.Cipher.doFinal	ua.FoodSoul.DonetskSushiTaun

ua.FoodSoul.DonetskSushiTaun
1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4564

ua.FoodSoul.DonetskSushiTaun:Metrica
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4612

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/ua.FoodSoul.DonetskSushiTaun/files/ZPkFS.log

Filesize
20KB

MD5
d01115ab3b3ab6cd76adfbc07994cd9a

SHA1
2e7e72949ae2c3c9fc3faef4ff50f29153ce10de

SHA256
477bd41c92d45d060b57856b501048725ba8cd344d54d65459d2f6a0d5c38e68

SHA512
bdf67bda728f6ba75d0f993d24b0feb954d5cbc369d522ea553400482ccb65ed6c9fb042608d7ecb2940bfae1df0e47a7cdb37409561581c8aa31a774334092d

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/credentials.dat

Filesize
234B

MD5
77aa59aeae1478d9522ec10e9f1bd371

SHA1
acfd42569e1f0948238058aeae6414a62ebc90d1

SHA256
2f0d6bece42115604583bad2ea54f72db84c55d1542fb3092c8df2abd1e60796

SHA512
14f0e65141cfb5293dce8bcf200e5237a3a073b426737dceebe217609fc43d3b0697faf7cf9716d9d6407fe63c121fbb5363e799faa50b6559988b1fbf7396d4

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun

Filesize
36KB

MD5
acfb08ff55ced6f91addfadc3a0c6407

SHA1
9e8683b8dd4e7eb42548154effa2f8552605ed63

SHA256
50d09a1ba4587ddde366b69477d04e5829f0e0dc1f0f82fcdf71a30ec2f9a8ca

SHA512
b982ebd66beee4d309f7147b6234f997c8c01f4ab14f8f104bc98028e5c14c377aef8e3940ea5ffb40334ffabf4e0496deb32bc10b153d103d891e0f372c2079

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal

Filesize
20KB

MD5
b7723c763e250966b7c3f042d014b809

SHA1
e6c1f64e356538b4ac8e4fbfd979e8e6cbe53652

SHA256
2f4dca0b53a46ed43d83a0a26d76922ff6e4b78d72e551ae5a9d53f484c28446

SHA512
adc83cf0b7538698da299a9a58ab2af4aa286a1cb618c3407bc92b22ff1c863b646ffdc8c7197f959fd95bc4248d9984997cd9c9ca203ec7c8f336946ad6156b

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal

Filesize
20KB

MD5
ffddf8c7fdbbce3bce62494966b1f48e

SHA1
3d05a500b650fe13e63b89234ba6fc94951d4d78

SHA256
f1fdff8810d91e66701c09b7043e9f9758c0abbb88548ee13acf9742c14dccf0

SHA512
d987939c072df7e0c65e0954d0a0ecc7e01c75c720c181fb16135e7c44ca357f0ba936d6f30d3962d5672dae3e9afd49b698b7953a6c2d777ce74e017e63d3f9

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal

Filesize
8KB

MD5
c73106fde4d892823a5e9874f19f322e

SHA1
3959494186eb0d66c0d39ba7d3f01557934e802c

SHA256
2b458194e2c9ae4580edc64f739349f2ef60b2fc473a0ae3bf53ab7f71394299

SHA512
9061a63f52517a7ec162fedb905e8b58abca0c6dd41aee4f0b73a1aa0d4d5deb47eb84c81cbc0e98398be61319df81a583d493865490d3740ecdaa6b72504740

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal

Filesize
12KB

MD5
577f28a6c9e0dc7a216407c2363309b8

SHA1
1b471209a62d0cbd6b68b65c2e03f36a5deb681a

SHA256
18895d18c69fb6f970db28a79a635c7ca73318994e4da00a9573e0365f17818b

SHA512
dd54584277d2eb176e3d4a61ae89be24fff73c8ce2014d404a87d818726830634e65d1f71fa0102072cfa51a7854afeaef9ad46904a54d55883ed2aec1b07957

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal

Filesize
12KB

MD5
f035865a92761a4185f04a318b999997

SHA1
851c3868916b4050a444e25b3eaf7e05fb36017b

SHA256
ccbce6c32668c5c616ac240780858d75d2ecfcdc604629c646041a555d98d4e6

SHA512
948b9f3c75c0ac89927fc246ca0a372afe927b39accbbfd0b77a8258a5f7ddfc54bab13ef66bb51dee59cb2ae7376c05d68904882cd87ceebeef46a0a3aa4279

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal

Filesize
12KB

MD5
c182075ac5512181bea24535650c74e4

SHA1
478e506a1327e59340bcc892a31778187bcc4b70

SHA256
2d0b8a6fbd94232ccc9d47dd33f093a0e16be10085b175d49105817f9dc93859

SHA512
d856dbae91113e56d51d73564bb3742213470bf60f89bc148c74714225483f533213be26a6db84bc4e3fc4a60d445bd83bf90c8e8a0488de02a12dd19b3d01eb

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180

Filesize
36KB

MD5
056300473d990f1e2aae586d784f2c82

SHA1
e6dd188eeb57dff47cf898518837f7cabf8fa665

SHA256
f72929e9b565d5bcdc4de0ed621c068ef0b39914e3b1f08abfd26d9d38a47842

SHA512
929ee1a9d5b1605989737585f2664ece5ee1742968d98d68ef6006a7b7d524de788d24eb660975e2295beefed3c723ab2d22940e5fe2b319dfed8630248348f2

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
512B

MD5
92c0dcac9ee19b46b06f4573b127cc09

SHA1
9211adfed17504904eb9dc0f160667dba8e1577c

SHA256
cb531f4a1317251abee4a64c942530b8fef3f576b4758be0ea38ccf7030016f1

SHA512
b65685bd0603e7de1c6d8a6e8c835178dc15e64a5aa7575781a401c6a6c60eac79b90a98fe3fc48a305201724d9673a35a452ecf614c78a6daa7c31af2dd5e23

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
8KB

MD5
cc9f8fd7644deb753c7c4119d34c2e2b

SHA1
70c6d6561ef4a3859c212571fadde43e8d70a8a6

SHA256
bee28d96c3dc40fc7322cb91d48ac4cb2d5fb8e5d4436db7b9f0934aee1a2626

SHA512
798e54f1cae2c984255ceee650b6ce060afb5e30ea0c3773de4f63843b84189fe5f5c187de84a303cf18217ce8c28cd2f847263a33e0a5da4d8da2ecd2225ed4

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
8KB

MD5
0c10109edaf8b7795dc80fa8f5208f3c

SHA1
ccfcdcd16b18714ab81acdf6ba64e20ab38dd79d

SHA256
625d4a9e1f775aa238d456da71efe1ec0a60f7d5388d1dbd6a8cce2670dca31c

SHA512
1af71610ea18502e17142dcf178590773e6cf5f84ae1378f90b69814f2f30423e18254d5d894124f80de44b1033a55570b0eaace46e0f88728fd3124dc6acebc

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
b73e179e26ee9a7befa8098c853aac26

SHA1
b2c29b84aded71462c8b39d8da14868f69745c7e

SHA256
a6da2854d5244783c28b37b8bfa901fc4dc95f33840bb2f56082d0375761df84

SHA512
979b36a8e6efe0d25e597d573302c42f40c5ff58649af8dcdc13e0ba1fb1d77a89a858c569cda9694b4ba6e31ff8ed1a3e6e0d88897fd5d13521091abaca381b

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
8KB

MD5
910798e910ceb1d4a08273adbf999a8b

SHA1
fae06c492d2f975f2882df5d50a8a6ce8ae9d94e

SHA256
aff15b53ddf1e416f2eabb46553902fa7c06f92d5e0933d957a66f7710db0086

SHA512
32d5f4e9661d54194882f2a981c7f6ea2655194471d4cf651dffcec644f25a70f193997d984a521b3245cec17667b5551296cfeaa3d8a27fc33c0adf72a486ab

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
04a17992b3b953ab58f99cd9d72eb916

SHA1
e1cfac9f633b0dfbe5b6365733424553ecdebb4d

SHA256
79644a547682c7cbe338b61ecf9c9ac2adb5e83979a4bd087af0fc2978bf0f5c

SHA512
4decd120bccd7bb362b09027c1fc09e9d7a6682bbd82b309fa49ed47c70ca733be968ba9970d849a7fceca60c2723c04c40d44f314ade210cbd198c1d7400da9

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db

Filesize
20KB

MD5
ce48491c36a6e4318b4dd8568885bf80

SHA1
c0cdeb5e969e38c74c80e466d84bb16ce4a5114b

SHA256
971e715a7292b7b9e9f9b59ec38c6e1905cc185307b003c7152d3886224d2cf7

SHA512
e53cffd4e48fbe593970c7423c83506ce9525980bad304769707a05eaeccd4ca381843a2996f8a8c8c0ec57548cebbf4f2e35d137a98c92fbb47d1f5615afb49

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db

Filesize
20KB

MD5
e5639b469346d3d19c79ae3bdc2f4a9a

SHA1
b4d9041b94176f65417e63e77f0f324b81e8dded

SHA256
cf283c9f2c282ef339f1ac0c4eae7d6f44f86bc1744cbf8a9b5703edc7368aaf

SHA512
273aa09cf7f4de26661bbedf2ecd180b5adb537022cd824d2185beaf7eb1784bd1ea1f1f22c01e4762729bdefeb81964f1a47f13e90b883beb27ce7c8d1f03b4

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db

Filesize
20KB

MD5
78704f1ba55230b3ac37b75367d5b478

SHA1
7c59df6b2437ded6ea171c56f73d219081727130

SHA256
351e32a993f9b6e4f136f6e955c7cc0d16a2a335e12b405b58d09ef27dd26d01

SHA512
37511febb41325d2526f371cdd83243888e15628aa52bc348b4c9c31f083f01b49d0a897dd635f60084b8c244734d72703878c13a70a42b4c51aa41141b7080e

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-journal

Filesize
8KB

MD5
bbcc5a040c1597a689ca257af6241fda

SHA1
2e7349583d74b05775a1be7bedc8d79c8c9c4d91

SHA256
20ed9ed783719432b3cc89c6457776aba0ee2a0a2a478f6879478f99f932ece4

SHA512
4d5fd10504cb27726d2a9923a38f6a37f11e8504876a5639e01c43106574cf6f5bed2ed105898ee9a58f11e6e0eba325123ab29dd262ffe49272280ff1a1e347

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-journal

Filesize
8KB

MD5
ef78b94043e3989ba8f86d65fcc48134

SHA1
1f1d91b809c1fb67458fa42406929b5663726a7b

SHA256
00ed6df0a792bca59a360970b670e6fb56d51d9141c73bbb8d7facaabd132f2e

SHA512
4dc3a9628bffe99bbed3a35dc0d16b3bd409db7cc569dc656ba946bc439da2a9d20befbeebb54ae35a7bb7469350003dcc2e1b498fffdebfc2bfbb05bfab6938

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
00d34356a05d981fa98d5a0dc1018eab

SHA1
4d31dfb668802a11392b5ca16ee0e8a34531bc74

SHA256
06795aac57a2dd4e5a1cd21accc019b31107f62265c6df548f372813a44bbde9

SHA512
cb3b3a3071d4aef512bb8147475cd366ed55bd7578df40f235a4f96726c58018971adefc02247d3625a0defdc77410dd1e23997b15745276e4367b475e5dbc55

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
fbde42ce5f8aead64e07248d374985e1

SHA1
af362ea3f0b6a554fafef0f8a0466526ecde4194

SHA256
769e68571629ea64589ae6be757541cdb26a00a41045872ac22f124ab5f934d8

SHA512
5355ced6b7c683da262c7348a0d3ac364f9a25ce21d23fd1ad5a8b98eb310f7e00a88ecc522ef7f87ff2a2746fa7a8d159b70e5c4db623a1c6ac1e627dce73c9

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
0dc30c72f2562dc8c87180dee046b862

SHA1
1cfa1af6b2cd746c8a5a8c552249543a30efcafe

SHA256
6e624d2f095b9c5b19b8dbbf63fdc78ad877ba45dd4d6543f8a053fe3dab7f3c

SHA512
3d5bc2f8534dacef98780c0f08b18cac755dee061cc5dbf11543ec8f0f1824ab79ebc23a1612c1352fe1441749b88e3fc6d10368d1d670c2fa8f5c0ad15103d2

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_data.db

Filesize
44KB

MD5
cabfcc63722d721d4b46a5d0aaaebc49

SHA1
7a23ab54ea825beee938f4e07acfce54d4048213

SHA256
2cde76fd2a41cfdabb72fa24764c962328ddf5d9e7246498f961218e6b232140

SHA512
b65a35f634fcfec986b10c53147fbf3bfff84562e2f373bf868a9ba29007e212de8e2d8981ece38ec0b94caa766505c07b21322dec8043ecf2bfb534aac63e9e

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_data.db-journal

Filesize
12KB

MD5
f0824ba08d11ee0e54470999c9e4f561

SHA1
a271e1762c6030db14bdd6485798b14265083600

SHA256
1ca5bf0945f63c386fccfae5d3d84dd89eeb8a7837161643e0cf83aaa54e9563

SHA512
0bf6593dd2cbe27fd0e9f5631aa6696f1e1a7549a754042ee4faa962ae1424ab7783e4e66d274e97baf0524013d7bb9ed1307fab2fc0bc76fa2807d47a83d7d7

Download Submit