b31b6b3b7fefbd42b230e3c99ebb6641046ca0d31bc7fee0fd7220d5c1990081

Analysis

max time kernel
178s
max time network
139s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
24-05-2024 02:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6d116839d465b55353095a21d305d553_JaffaCakes118.apk
Size

3.3MB
MD5

6d116839d465b55353095a21d305d553
SHA1

32e3801fe794af6bee712e825a4ed97e73f12bef
SHA256

b31b6b3b7fefbd42b230e3c99ebb6641046ca0d31bc7fee0fd7220d5c1990081
SHA512

ff8f1333ee18f54def3e286b2a9794d72e0fc8d1464c0264286fbe49b43555840f2fb13ccf4f5f84aa1a42cacacfa2ed33a03ca65264ca758023e9dc77ee0b8f
SSDEEP

98304:RohWAo3eZru6tvBsYrcnfRrxgzKnUTxWohL/BH2OtywXF3oyVAoVgIR:RogneZS6BBrcnfRrxgmnQzRT

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 3 IoCs

evasion

System Information Discovery

T1426

Processes:

ua.FoodSoul.DonetskSushiTaun:Metrica

ioc	process
/sbin/su	ua.FoodSoul.DonetskSushiTaun:Metrica
/system/bin/su	ua.FoodSoul.DonetskSushiTaun:Metrica
/system/app/Superuser.apk	ua.FoodSoul.DonetskSushiTaun:Metrica

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

Processes:

ua.FoodSoul.DonetskSushiTaunua.FoodSoul.DonetskSushiTaun:Metrica

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	ua.FoodSoul.DonetskSushiTaun
Framework service call	android.app.IActivityManager.getRunningAppProcesses	ua.FoodSoul.DonetskSushiTaun:Metrica

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

ua.FoodSoul.DonetskSushiTaun

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo ua.FoodSoul.DonetskSushiTaun
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

ua.FoodSoul.DonetskSushiTaun

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo ua.FoodSoul.DonetskSushiTaun
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	ua.FoodSoul.DonetskSushiTaun

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	ua.FoodSoul.DonetskSushiTaun

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

Processes:

ua.FoodSoul.DonetskSushiTaunua.FoodSoul.DonetskSushiTaun:Metrica

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	ua.FoodSoul.DonetskSushiTaun
Framework service call	android.app.job.IJobScheduler.schedule	ua.FoodSoul.DonetskSushiTaun:Metrica

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

Processes:

ua.FoodSoul.DonetskSushiTaun:Metricaua.FoodSoul.DonetskSushiTaun

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	ua.FoodSoul.DonetskSushiTaun:Metrica
Framework API call	javax.crypto.Cipher.doFinal	ua.FoodSoul.DonetskSushiTaun

ua.FoodSoul.DonetskSushiTaun
1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4529

ua.FoodSoul.DonetskSushiTaun:Metrica
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4576

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/ua.FoodSoul.DonetskSushiTaun/files/ZPkFS.log
Filesize
20KB

MD5
d01115ab3b3ab6cd76adfbc07994cd9a

SHA1
2e7e72949ae2c3c9fc3faef4ff50f29153ce10de

SHA256
477bd41c92d45d060b57856b501048725ba8cd344d54d65459d2f6a0d5c38e68

SHA512
bdf67bda728f6ba75d0f993d24b0feb954d5cbc369d522ea553400482ccb65ed6c9fb042608d7ecb2940bfae1df0e47a7cdb37409561581c8aa31a774334092d

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/credentials.dat
Filesize
234B

MD5
6ffc83a29d7c733207c93fd6bea6f768

SHA1
26e550e7cec83d67f81d94f5985295ec82e3c2bf

SHA256
a1a4a689e43290aff156a5d4c44dc435f5c85fefdabf22c182523590a7755ca3

SHA512
18ee225e8414ec57c83e638bfb76bb6db63f692e27be9e8ad48355488fdae7567f2524a12244eb1f48cc1dfcfedef83ed58d435ac24127b670bdc3c593b6f941

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun
Filesize
36KB

MD5
0cb87f34443526db33e254354425af7d

SHA1
980b0a86e0c7887efb27a3dbc052cc539f54f7f0

SHA256
111cfab89e2734317f4aa9367e3a281fd32490a87cf6459b121cf4f81e732e4c

SHA512
c6bb65c345a8c13060299ff069b95395b08e2f467a2f06a29fd0cc3b2e93198d9766b4d01a9afdee69dbef55ca7834e0d0f60192f6928377a2c3af961a3f8286

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal
Filesize
20KB

MD5
7ed58cf6a93098227370806b615f11c8

SHA1
156be01fb86d2ecd12169bc99e7cddee82c7e61e

SHA256
b980cc32057077790009a87e152645c4f4371410a2288da53ba7c4acaf433d12

SHA512
af3cec41badb92f58d2c973e45171a6eeaf5e2881cf3c926936b124d0c6e4a802ea0222043409fc9ad2b44daa5a44ab4d16837a6717cccd8e08a80e593c10060

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal
Filesize
8KB

MD5
dea373cedeaebb65b9cbae6b2215b047

SHA1
93f8bed897db43f2d2ab6534be8f331d221b17f1

SHA256
8b41383ee71ad43c6eb93dfecdfd0b5e65775d34afed6f5b1989d84c93896935

SHA512
d1cbef2b42f4579ba5a7f8d7b4bd8a40ed4e91d0c56203838dbf78b383f550606162bdfa746833d50fc84c48e97841aa96e31772c5394a076b23a8d3de02dd5c

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal
Filesize
8KB

MD5
b3a0558b4557699674887e96583387a1

SHA1
719b8fac9f1194c354700f4b9e8ffc46c6939647

SHA256
bc2e7a27fc48754cf6b5811eec9972faf2fe576a0746543281fda11bf1a95d5a

SHA512
46aa7658fb244308e8c3f48150468b2cd18e767872f0e4c7372fa94f0b02f3d126ce70b18f3c35690132c2aff4ada9599eda0665a7fff7f0e9d576e1e2a3c77c

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal
Filesize
12KB

MD5
40c74749ddc2f2a9e0d62aebc41f1b84

SHA1
fe3e308f80dbcd174a93faf1d1f533f87a833e31

SHA256
45672a738a6583a738a602b698237fe3c064ecef6fa35060cfe33dc0f557d3ae

SHA512
98792ea053db9579c81ddd4590eda5d6b4aa9331d81e9764918a9d663d7dc2dc8166c4140d81908e7d954356341cb4751996878b8d6c87c3f89c8ec81ad07464

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal
Filesize
12KB

MD5
c3d29f5a6ffece78e972e824a8831a27

SHA1
dd61086c4107781bc785aed4b36a05006e147038

SHA256
0335abd341c6122f2e3593acda857942b98b021b1c465f3becba5d257a223fcf

SHA512
ded374fd1eaa78bd632d82e65a2387a15a551fe39961a11c50e85bcb4ae889bd6832ffc33dbb4885929f942411a5fcba6cbfe710b2a444a73ca3316141bff129

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal
Filesize
12KB

MD5
ef9f8db439bca96e4ee08784b798c28d

SHA1
79cf9becb722b427ef733a639cb11f0798c60e89

SHA256
eb06d3b2ad6e8acc5c17048fa69d3bed9240e00fd8e7117b16fda12ccba61105

SHA512
bd9ebb312f05447c71717d1b95ff7bd294b664673e070df8657f8240d067e5087878c05fe6b6e69e9440ae06d69544dd9f24f0f1f77fe62edf7eeab960911e7d

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180
Filesize
36KB

MD5
95313145c8317821a4de146b5a3fca55

SHA1
881de2fa2e400aae50b499ffe00300d2ed9905e7

SHA256
325db2c9947f372c9ead272de3cadb17cb3419e630e4b14a392f6705651a678e

SHA512
e9810b030f2e0f1bcde0a3aa1ab0f8b1e082700f2879ee304a4187e18aa3d7e984fcda970745cb2d592102ed1a2c5df80078c8bb99f560ad45ece878d58a77af

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
512B

MD5
17261d3d9b2abac5fa0537047b71705f

SHA1
4660af8463cb49ce171ce2098c9fa9c4acf095ba

SHA256
39a5f583c75eea820c45735cf8aced1cdcb5554f8e53ebea5c55b6f670bdb4aa

SHA512
d6b3f60726c01796a5480063e6f278018e0109a43c19345299a5c1eb5338d74a15011656e31b2e9cf9f30daef35fd24f8354d8317c4e4e0b83650afa961f95d4

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
8KB

MD5
6b0d53e85bb9ffac42fe1b55064bd610

SHA1
7095f69db9cce515e206eb2175e4f59a30c01088

SHA256
e01f49b9c1139fe122485a538a1c1d0771c74ffdb949d330abddfe9fd768e30c

SHA512
ada6f6ab2feda8ee939a80c56cbe33edd78ddfff727007f5cec04bff2a02e9578d18b37691c060363719e62f02727dd1856eb6184cad50999ade7881f0091a09

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
8KB

MD5
4102db605e9176244de61b5710a12858

SHA1
266b71abed8d96bf939d7227dcfed51d98f76cc5

SHA256
6b2a459d11de870b7e425630a8bdbf37f4b13a29b53c8160ed1dc749b8e57a7d

SHA512
27ca634ec4818598a4020edceb9840b1e476df4cb43223f203e2203bb913040c0169c31ffce495548704cad455ccbb1c9753d87a047ae7d835054276e543e107

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
12KB

MD5
db8defee47cea631e5b81c64dd3ffc50

SHA1
f99d36dda51d4d2a1be406f95fbf0fcb42b77a0b

SHA256
f4df2c28e7286638e0224de4808310179f3f6fe02e953b794c74fd24d4a96a04

SHA512
5dee3f7572ac0deff866da25a34b63cba668ff14458dd2520b56301b214c3b324ff72ab767c1b0810820ccdf15b512b29bebb58af6b2a24e5616dab3d50d3cba

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
12KB

MD5
2c225f83f8c71f05d327772a66d5bd4a

SHA1
9675a290956306db07c58f241bea568e7aae256b

SHA256
9652e6e7c83f5180ade470960358a2d9180f9dce4ce1da994cf5124d6f8b546d

SHA512
f5bcf7e9c2adb1b32393bb8235231b503880e65292f62e92efa06d74d65119f3c70865e2cbf3cbdc9674094f80c6fc3c52ae7080d9c9b83508456c54c65df173

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
12KB

MD5
1700f5751965658cb2b2d231ae0ab494

SHA1
3cb2c0cbde0f61b9338af2d2089194b39714539b

SHA256
45d3d3cb270bab8c4ceec660c825407ed6e4fcfbcb82fa6a8c45e0e086d6ce68

SHA512
18c106c94fca21f9a4635c8255665e5f90b7f6ee7da6c42caafc08eeee868dfe6da621f0552a6ca1631145fbaa3618ada5a0611ce340c8ac38ea08477b186825

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db
Filesize
20KB

MD5
6893f6ff05d206e0a46313b9da19dbd7

SHA1
b1b0d7189954095764e3ec6e6a1f2de9aca6ace7

SHA256
64f69bf527ba6cfc562a06fea770f4513090a800f33abcaf99568d3dccdfec56

SHA512
5187c72af0b40ad19938900dd3948a2c270ae2d59169f3cf45a0e33606e827005aa4830067bb47cda924a0138c6de0f848e7e3cbb87ed5d2b6aa06b240ab1a90

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db
Filesize
20KB

MD5
e5639b469346d3d19c79ae3bdc2f4a9a

SHA1
b4d9041b94176f65417e63e77f0f324b81e8dded

SHA256
cf283c9f2c282ef339f1ac0c4eae7d6f44f86bc1744cbf8a9b5703edc7368aaf

SHA512
273aa09cf7f4de26661bbedf2ecd180b5adb537022cd824d2185beaf7eb1784bd1ea1f1f22c01e4762729bdefeb81964f1a47f13e90b883beb27ce7c8d1f03b4

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db
Filesize
20KB

MD5
07563532adce0b8d590635ab468e635e

SHA1
b916d390a609f38f7e198ec7adf1d5ceec88c379

SHA256
31a02edb61a8c323928cf75e66c8116d382d8a5fc94d2edccc5d1fed2f5956c2

SHA512
5fd99d9e7c16608a35d4f42bc317278ee48c68ffca6fbc7ef5ec0471609daf7fb96838f9f8e04c5fc57be57cacaec4416362319a7effc0ac33e12294c7463216

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-journal
Filesize
8KB

MD5
a1b544f7fa7f1172e29d561e1ce58673

SHA1
4129f1d27bfa2b3e8ccf8197ad4a14ceb8a39f40

SHA256
4ab6f5ee4d97b3a48b75c4c7ce3f980310497162fb019bc6d48d7872a8fe4a49

SHA512
0de013970f2812f394a3500a7be8038bde7562b4294da70289df7fd620dfd4c59c19bd91a1f3c28ade3f0c8299a48409750e2485f4c8e1e0e9f6a14932bd3292

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-journal
Filesize
8KB

MD5
b297127a3ab57bf17ac4f5036d917a21

SHA1
8147ee3d83e37934727f14925b0d3a66e65c8f3c

SHA256
334f284118e15173c4507b10439baef09312d35a6316a23ef0c0e13bd20f9d2d

SHA512
bcc2920e4e30b84922f4fce9468dc2bd052aca236e0096f8de7a5c81f80b1d2f8eafc7f94accc5816c09b26360eea1b5be6779a95f1b78e604ab5e584e6d00a2

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-journal
Filesize
12KB

MD5
2558e03032e09a8fc738606b8f5f4b7a

SHA1
1f1606b83c9f0d1ab449828de78580e0ada7bdcc

SHA256
f82712a344d6fedf04ecfc47ca41c3443afc230b393c6940dd8c03786acffe6d

SHA512
82a25c10f59f9027613647c0db1f8b2df95d2d0f81e7cd9576bdc94344cd1252d785cc9fe6cff2d6fa41096254a682f9c677b4d7c1623b839b0e95e6762d7ca6

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-journal
Filesize
12KB

MD5
a65ea90def7e8cfbebff61503d61d3be

SHA1
83860fab95e94330eaefc28b9af6988b340ab570

SHA256
8b88fb0829db9dd3f65610e2b3dc1253a70669c5c3fb7a3fc09dacb6f29d4da6

SHA512
ac9ca0b72c2f8c757eaac4218850fbe036fa4371af7a45fd736ec93c7339ae073a5f280ea1c2339d0cb72908f4c00403a4d79bb6383d7c712d090ae56bbbcd54

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-journal
Filesize
12KB

MD5
ba7ad7d7895e9b9951350ca6a2e38029

SHA1
bc2b3eb73299a324262279252d4fc2dd3f0802d7

SHA256
a4ff33bc1e78790224d2cdd5c4df24ddcbac36c26740ce82151f921810413a03

SHA512
db6e00c893176a6730ed4518ddb51cdf59100a90814d9e86c3896cac06a263afc9bbc43f7c55548d421f81984b032f5842a4d319b561de26c51ca1fa372a55cb

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_data.db
Filesize
44KB

MD5
0c1b2f719d5c57fac52583d9a1e33f9f

SHA1
871e88151b2ddf3151ad65f16a227ada9a239f30

SHA256
5b287df2a05a820766335c2d1fe4110fcd378cb8884db343d93922f165b30f98

SHA512
76efbd91f1b0d7ef071dc4848ec5fdafc101d0120d06e0b5576fb9728c037c0ecd46d8a76eeb92ea7740ea77462fde3a2e30e827f3f07ea6aef7b21053fa2b75

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_data.db-journal
Filesize
12KB

MD5
547a09dbe23e91bcf129780f2829c770

SHA1
b5f64342eaa760e203ea52621e30677ba1d48a16

SHA256
57bb736130544ee1deb29cc425fa598efeceed64a580a01256160302e2674a6a

SHA512
e597eec9227068fd547896c7d8f483b44f2d099e1ac0cda14b2abcd1eb5eae62fd2eedef86d9f0bfa3d3f9c8fdd4eda81fd48ccecabfdcf713b5e0a9d935d793

Download Submit