b31b6b3b7fefbd42b230e3c99ebb6641046ca0d31bc7fee0fd7220d5c1990081

Analysis

max time kernel
178s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
24-05-2024 02:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6d116839d465b55353095a21d305d553_JaffaCakes118.apk
Size

3.3MB
MD5

6d116839d465b55353095a21d305d553
SHA1

32e3801fe794af6bee712e825a4ed97e73f12bef
SHA256

b31b6b3b7fefbd42b230e3c99ebb6641046ca0d31bc7fee0fd7220d5c1990081
SHA512

ff8f1333ee18f54def3e286b2a9794d72e0fc8d1464c0264286fbe49b43555840f2fb13ccf4f5f84aa1a42cacacfa2ed33a03ca65264ca758023e9dc77ee0b8f
SSDEEP

98304:RohWAo3eZru6tvBsYrcnfRrxgzKnUTxWohL/BH2OtywXF3oyVAoVgIR:RogneZS6BBrcnfRrxgmnQzRT

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

System Information Discovery
T1426

Processes:

ua.FoodSoul.DonetskSushiTaun:Metrica

ioc process

/system/app/Superuser.apk ua.FoodSoul.DonetskSushiTaun:Metrica
/sbin/su ua.FoodSoul.DonetskSushiTaun:Metrica

ioc	process
/system/app/Superuser.apk	ua.FoodSoul.DonetskSushiTaun:Metrica
/sbin/su	ua.FoodSoul.DonetskSushiTaun:Metrica

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

ua.FoodSoul.DonetskSushiTaunua.FoodSoul.DonetskSushiTaun:Metrica

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	ua.FoodSoul.DonetskSushiTaun
Framework service call	android.app.IActivityManager.getRunningAppProcesses	ua.FoodSoul.DonetskSushiTaun:Metrica

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

Processes:

ua.FoodSoul.DonetskSushiTaunua.FoodSoul.DonetskSushiTaun:Metrica

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	ua.FoodSoul.DonetskSushiTaun
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	ua.FoodSoul.DonetskSushiTaun:Metrica

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

ua.FoodSoul.DonetskSushiTaun

description ioc process

Framework service call android.app.IActivityManager.registerReceiver ua.FoodSoul.DonetskSushiTaun
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

ua.FoodSoul.DonetskSushiTaun

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo ua.FoodSoul.DonetskSushiTaun
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	ua.FoodSoul.DonetskSushiTaun

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	ua.FoodSoul.DonetskSushiTaun

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

Processes:

ua.FoodSoul.DonetskSushiTaunua.FoodSoul.DonetskSushiTaun:Metrica

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	ua.FoodSoul.DonetskSushiTaun
Framework service call	android.app.job.IJobScheduler.schedule	ua.FoodSoul.DonetskSushiTaun:Metrica

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

ua.FoodSoul.DonetskSushiTaunua.FoodSoul.DonetskSushiTaun:Metrica

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	ua.FoodSoul.DonetskSushiTaun
Framework API call	javax.crypto.Cipher.doFinal	ua.FoodSoul.DonetskSushiTaun:Metrica

ua.FoodSoul.DonetskSushiTaun
1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4262

ua.FoodSoul.DonetskSushiTaun:Metrica
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4299

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/credentials.dat
Filesize
233B

MD5
76d7df1bb7d97899329c82ebfcf3eb8b

SHA1
3e7f2fabb0dddac399da8bd5971cec25edd1b36e

SHA256
450f20812612cf8164a7dd22608b4589d9edd168f5adf4903786747a93577225

SHA512
b1cfcea5c6a16cd0f0caff09fbe46356b57e5da3cf433ab70f671ac45c2d6bcd3e9199280079259feb31eb03615b7a3ea859478aba9f88547169632cbaa1a556

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun
Filesize
36KB

MD5
75b3f4ae10414806060df0eb59d0ccc0

SHA1
a66410969983acc55bf595f2b4d4f4450bb0496c

SHA256
6c26382be0fc1bd71a4f68d27344cba009f27cde21d812d365ca674a8a91407e

SHA512
79cca04e843f6c349a5c048b6decd895637e9c91f1954639271f2d017de53413fad24f1314bbb8df2ed99b0abfd9423648254ab32484849e11116ee20d3fd87c

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal
Filesize
8KB

MD5
84f21224645d5e402ddfb2c37cdc29c7

SHA1
37a667c0835147d11e68118d2c7c4d45c90c5f4d

SHA256
83fb1d7978170c91c5ae333863f9ea2c534edbce29e477d5a40da429c8c1a805

SHA512
84fa0d174ebde0a663e7cf09d12fb56d501d3fbaacd75380546d92d7bca6d1e0e0de74c0fb2e066ddf03459c7e5edbbd5a95e47f65d68d88666029ca5e91fdab

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-shm
Filesize
32KB

MD5
f8babc65cedd89e6b994f121935a003d

SHA1
c62fde18b42df921d55010251bc45b48b2d9ed40

SHA256
26c626c2a9012ff9909321df240b2034aed880c1ff956cc216948c1305e6699a

SHA512
4810f438db4739dd25a43601105d926eb2da056be6e9a0d112811d16decf4c8e320c7e126a774d585b9beadf3de443444808119c24029b446f0254e7d7f9f6cc

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-wal
Filesize
406KB

MD5
18517cbec3f5b4f146f29a928fe2b6dd

SHA1
7644839cd5fd46822cd7067ce46d7ea7602e9641

SHA256
ce9b5be994805cb488a290d132556573d08eb025aa23aaea678e27efd2c668ce

SHA512
dc3ea6e3fc98b3cbf8fafadce6d4032605cfaa52ad21ee00f1d4a29feb760e75412143516c44340dd1662078d2c5ee0ebfebf518c061acb46d4893048f54d71e

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180
Filesize
20KB

MD5
a0aaf55ef520a2aabacc26f8afb7f5e9

SHA1
ebea31e1322bad6aaaa050f3b7423414da2714cd

SHA256
a05b0827b916cc919dc8547c7c5e912134b7c8181a15aaac09a0751f80622ff0

SHA512
c36bb57f7b8071f756fd31999e94b7530c7584628d4e534ba3b2634b28a8b5c35be589660d6b5ab52ed508de79e980e36f17269add861f62f2fd5763dd3cea87

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
512B

MD5
b4cdd5bd54f0fc63c541a02007e269b3

SHA1
6b42300c9d3c0dbfbbc2717f795c47146f56815d

SHA256
0d3a742e1ab4c78ecedbe531cdc750959c6e729b7c3b04d42765c8fb5bafdf2c

SHA512
cb19fb2ab1f2bc62d3538e94f5a6f8c94b5e253d2b1d5b9a3e22a779b5ab61ca016bdde95633d1998ce169b80a884eb4d0e0486aea21a06b2e8293790ca0ccc9

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-wal
Filesize
156KB

MD5
569657cfc9156bdff2791892c4e3e577

SHA1
7bdf99c9a79d227b8e590cb25a8ef3071c00c872

SHA256
5aa3d761582f7fa4169aa7dff9d249464ad6ecf5f98295b68798cc2ff2088668

SHA512
4f4679c511f2ac372b2a410734fbe26ab3840e39874e9c0a9deed60181ef2629ba1f3f5b52aac64e79b92cf6b5be0c14764b9eec6df227d7cb4aebd48e8927ff

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db
Filesize
20KB

MD5
c62f7d7ee1e5b7707e9bf6780d912bef

SHA1
96071a0d81c5c443f820b09d91e4a573c594a659

SHA256
cdd3993d47b7952a8013fb9d9f3860456f55d9e7660d0a6b3366328420122a4e

SHA512
35fcd65a16c8d5453edd8c8d0fb780c563f2db4bb64613511e6520ba0390bc67f48c1532c9990bd36d3ded60db982f0e3f615dcab4382ab96e61efeedafe4b24

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db
Filesize
20KB

MD5
c7401900af619303fff5adcf91c43044

SHA1
d3c13a5b42419729ad68e9b5e0449cbe035a61c9

SHA256
4a5118acc5bd53ea393210c83062b52ca027a0d8567d9bdf9bfb7d7f6cf5d010

SHA512
413962b8a743f6299b96a669fb0e20028d06297b4ed3f9b90b1bad7081141aec8c483f7a69a22a8d29bd1500d4f2ba1d745215d90631735000ddd9cd9660364f

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db
Filesize
20KB

MD5
44def4f6e42c3ec63f229d23af8c804a

SHA1
f5956d9295778b539bced03215343fd3cf7a9dd8

SHA256
882faff2a0f007164d5dbda7bd7f803306423b5eb48a88b1bb72bde65b77e50a

SHA512
a14770398044635a8a8fc0d59dc95af3a97ae78146a9ace3795d600a44098a5ff7099aa3d0ac40442f8ff8c5d3b5ceecb4b360bf47f3e8c7c902879e2e76228d

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db
Filesize
20KB

MD5
6e06f2c35df804ecc0501273ac804889

SHA1
24499abc5246103899421a892a29195c467fa346

SHA256
78cbdb01312686e5ab31ee14195bc9de06794537ee208ab0d8344f5381ab2799

SHA512
14b56ae552d5a7223e8b9bd93509513c8134be0d6a140b84cec7477dd3f43b3e4275d37eefd520ac1119e2871fe02e518c31a10688b5467fefd514d79b2f5767

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-journal
Filesize
406KB

MD5
582bc72d3fe6c342f55777f4b28af24f

SHA1
5332caa809aa198b352c4b9caa5b677b90021758

SHA256
0d67353d63814d46508b190171cd9cab2cc801046272c098f4df2bbaf50aaacf

SHA512
068ed46b9eb9fa9fbd1c129aa02c329a45c06fc57fa2ea37181705ade02b1fe79395ce9068d0501a31732e7ed08e22e408357138b553a349ab5cb729cb136631

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-wal
Filesize
32KB

MD5
469a4d166bf6a87ca6fbd32922749e3c

SHA1
0f65b2193d86e5b6815359efa983a9bf14c9288c

SHA256
7882b37a6a5ae033d8d4719e1433579316fedf2ad739a6d28e3c71ee1aeef08c

SHA512
9faefb242bfdd72824c00b4a35e3589a612ba8554536a032383f05d082613a16b2319d3082e2f4280cfc60bf5999beaec34add36e2db35d27b33b8da1897a24e

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-wal
Filesize
8KB

MD5
08a0f0508b2b6733272da48afdac50e4

SHA1
85a29559d1d4c8c9e5767544c39fe12c489b5d73

SHA256
eeff12029883af6dc236ceaa2d283419bdba9cdfb4a76105b2dca3fbdf6f7a64

SHA512
232e54c303be4f914562cca7b3145bdf5dcb0b43ac214371890d0e61bbd5c57e31fcce497d068e4326d6f5905b8dc55f26c545e30e6adc59fd4e38da47153f1f

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-wal
Filesize
32KB

MD5
37745ad2aa1ea41163cfa650bb56cd15

SHA1
ddd1b9b666bb6e2dc9a286cd5d6e8ff4baf869d8

SHA256
11cb4aca8d5bbd25ffd67390d85fabd03e80e2c0bc803445c80f951182f429e1

SHA512
db96cc4b6c74f9768bb3920848ca118821f99027c79ac0539bf7d901e62de2073757295c98d69ed6b4c68b86ed165bc12a42ecfe1c0077b666a3e14b752a6536

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_data.db
Filesize
44KB

MD5
bf98a332a1880d2f439d83561504e3a6

SHA1
69eac79620e7819e20b63d6cc34ba73497249ce8

SHA256
3fe23e6e59ff59fc10a74e808d775c95c2ecfcef6032340dc3ed1e62081ff109

SHA512
970d8d76e787f36ad9dd42d34b0c5b421ba8fbbd7574fe12f7acf0d697812b4085f2f302e944205c2b7a5044c4f04b30fd82ca3cf23422f8ddf775b5a9c989fd

Download Submit