823cd7d1b3555671c02b60c884315815af626846996bc74f492124c2b3e0b3b8

Analysis

max time kernel
179s
max time network
155s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
24-05-2024 11:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6e70900c2d251d59d2c8441f8ad3436d_JaffaCakes118.apk
Size

3.4MB
MD5

6e70900c2d251d59d2c8441f8ad3436d
SHA1

08f87c9c3bbed81dcc3a934d64ddd4d574e34cc5
SHA256

823cd7d1b3555671c02b60c884315815af626846996bc74f492124c2b3e0b3b8
SHA512

ff4786d6dc5748ce2cf86deb0dba8f288ee4cf3d257bbbca6d5b822067c1580fbc51b60c2ce9aad4c84a75c379b08141a93992d2f79e69fde7ff89ab124f354d
SSDEEP

49152:oDxxxx7bEU8qDlmLYNIadK86tmbtBChtLPgCDUQ7+k8nMoYEuwuXe3DzPN/iRZwp:ovDlVNU8LtYhtkC/7+k8nMoNaezzPFT

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.iws.deals:Metrica
/sbin/su	com.iws.deals:Metrica

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.iws.deals
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.iws.deals:Metrica

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.iws.deals
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.iws.deals:Metrica

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.iws.deals

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.iws.deals

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.iws.deals
Framework service call	android.app.job.IJobScheduler.schedule	com.iws.deals:Metrica

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.iws.deals
Framework API call	javax.crypto.Cipher.doFinal	com.iws.deals:Metrica

com.iws.deals
1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:5225

com.iws.deals:Metrica
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:5312

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.iws.deals/files/ZPkFS.log

Filesize
20KB

MD5
ea9c2dc01d788f2ed7ad6a455e32335a

SHA1
3da6ee06226734e9a402c3ef2b542af3b509b6af

SHA256
ddcb0e1970efc2dcb42a4dd328ef8c10f3512b39a47277d5b075fd3b92dfc3a7

SHA512
5b834f25f6f8afea98eec78cf8e148671ceca48aee8019e09308389c1f336e47e55666fedf66e09c97e827c375ade0fad635b98686ebd2f72240108670d25e76

Download Submit
/data/data/com.iws.deals/no_backup/credentials.dat

Filesize
233B

MD5
be4d51bbe3e165f710289af48093159f

SHA1
c660d2fb17a1e17c83739babbccba98e8a589e6d

SHA256
7a14a86df451903206d81a82d7e477bad03dd0a74ae5593ad621fbdbaf30dbec

SHA512
0afdd6183f020038abc08b1f07091bd40055f339639f171a32d6081b4b68ebb6937efa143cc31310d0ef0130ca6b3ed2cc523dd3466cb60c137fd319f40dac66

Download Submit
/data/data/com.iws.deals/no_backup/db_metrica_com.iws.deals

Filesize
36KB

MD5
6c0110b7e706612a85b1784e12ea4ac9

SHA1
b3f64f9955c14c25ac6be4e884b8777e8bad4845

SHA256
0cb8688fa6a5019eadcbb285bc5ac2bc04a6b08af85c6c40c31a7a359635c949

SHA512
e51160294c4be0447ef4cfb854f36cdab971ffa15c23ff89c7fd3844e3212c60933ba835bd6c9e4216c7459601b15fb9d8e964288203cc032f9350c46eb4be65

Download Submit
/data/data/com.iws.deals/no_backup/db_metrica_com.iws.deals-journal

Filesize
20KB

MD5
4b264dcf69eff54e86c598c07951d356

SHA1
1f552f6d0eca41572e4da0c97f2b78ad83e4ca29

SHA256
931b7d0baded7bbfb63b9f79626d330b349c094bdc0beee2d33713f4618113e2

SHA512
09c3da0319da36548796dd37a353be39573dc3410966f1e03caf7afebb911a5260b0122943d7b85073f060c5d826db1ebf49f1d99e39b799e6a4907fc18cff9f

Download Submit
/data/data/com.iws.deals/no_backup/db_metrica_com.iws.deals-journal

Filesize
20KB

MD5
a002cc1ef865acca0da814fc6eb0fc54

SHA1
561dc6a0cd37ec3c2ea60aac19fd7c61f0c65168

SHA256
6ab56c4c200e704948dc0fcf73bfa0156429aeac81490eba45a04b183e2192e0

SHA512
4ec601000adce6d7d0ca6b56d94da5884abc72b199f110f5e912667b6fc0e82fe944983135ec3375df7bc510ce196aa9dc3ffe733cb2dcd8aae4a50e7ffc1e6d

Download Submit
/data/data/com.iws.deals/no_backup/db_metrica_com.iws.deals-journal

Filesize
8KB

MD5
72c953bc24eee880bf85a838ace77f64

SHA1
135979e4127456294a9d24256d1518ecd5c4db58

SHA256
e42fa758dbc38b7bea55fecca15d817f346de5e4f8e7937a38b83f87d3664981

SHA512
e794c8f3d72553efbeb15dc0be5d41e640f0cadf555987718d82f9eaa3a6de9604be8163828b629b3a8a3e68ff6719a95a5ee12eef9613f85bb2b2ed5469f8d0

Download Submit
/data/data/com.iws.deals/no_backup/db_metrica_com.iws.deals-journal

Filesize
12KB

MD5
e58f685caee2e17d705c8bad82cf1721

SHA1
3d5ae2ec78278e66c2adc54497841e4d7b48c7d5

SHA256
0d0218f2d79d3c2050c8c0dd82653ee48728aee466f58105a71e1b20b0b8b3c1

SHA512
e83336c4d3058cef43b17a33680c3dd2b19cc398dd5af141751e87b1f7bf539c1ba045597ebf706f99512cdea187134d40f4e10aa387b10da03a3a83a53805fe

Download Submit
/data/data/com.iws.deals/no_backup/db_metrica_com.iws.deals-journal

Filesize
12KB

MD5
a7e1130046a171fb47c9c67aaf008b9f

SHA1
e4e16214b6968856708b63a70ffd6e03b8f42706

SHA256
3d706e43296dd633e875ef5725fabcb6cba3ffd3bba6bbb95c38bae20a1a38c8

SHA512
3302f34d2261a9fc8182f72af71c3f1c482dfe56089483ff50670b1ef738e73c50fcc8eba3e2a8a66cbc00eba9cb4089229d6177f5b674385be28b8c8c854c04

Download Submit
/data/data/com.iws.deals/no_backup/db_metrica_com.iws.deals-journal

Filesize
12KB

MD5
5a9bc11c691e0812e5e999b56763393f

SHA1
bdc7511b12bc74916f8009048eb42c90a2403613

SHA256
6ef767983f6104655c5dda8baac707640e4c53db6744ad620b43cdadee779972

SHA512
7f0956309849a144722a96e75b147a81e49781dfd6b6a4c769dfb80f55a4f45bbd9806baf1586719e8c7223e19d844b8737f5f932832037cb4c591677dbf80be

Download Submit
/data/data/com.iws.deals/no_backup/db_metrica_com.iws.deals_20799a27-fa80-4b36-b2db-0f8141f24180

Filesize
36KB

MD5
6dec1c3b0af9ccdfcb380b61cca9750e

SHA1
11e7ce5a11b25f9a46369170aad528352a11c082

SHA256
354c7c3be8b827099464de379a4cc3d12cece6bedcbd3b8be534c9581bd8abeb

SHA512
0a6daad666cd02033e57c14d10ac6baa8f4acde012c1ff21af9ba1a0da7b11c3b466c7d294cb87b4057f21d9641cd3d230fbcf2c4b6bc159a2e2e69a619e3327

Download Submit
/data/data/com.iws.deals/no_backup/db_metrica_com.iws.deals_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
512B

MD5
f5475e14d77978c0a3a04705e49c2767

SHA1
62ddc98e111d9c69919e533e04f7534e5704a44e

SHA256
e7afe59f7c0b4314b32b3c83e653fd0b99f08eeda2075b73016b6b8f0e70ea08

SHA512
83332a4be928bd8ae30436405674e545fcfe58eb5ef46d9be0990d99d2d81a8ec630805dbc405a86eda417914f4a9a4a512aa619b4763944400421f652eeab1a

Download Submit
/data/data/com.iws.deals/no_backup/db_metrica_com.iws.deals_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
8KB

MD5
73abd7f469c4e1a9803535d9d749e2e1

SHA1
3b28e351bda5dec121db1a83d5ce9c147b8dc8fe

SHA256
c956022ea1a2f09b2436dc7b721fc23e9e4052c72b7e04fb5f0da7f1a377643a

SHA512
2f42233e7b3f7fbc833598d1c36d65670b1c81ed78c80fdca6bde76d6f5c1c6bf4a9a93762b77c5864ad465498032db03857277358a151a1156c783db75270de

Download Submit
/data/data/com.iws.deals/no_backup/db_metrica_com.iws.deals_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
8KB

MD5
c00803076ff4b47056680bc9f0bcaf25

SHA1
a24240d399bf2e046c54f3528288d0e5dd4c5131

SHA256
778e2e051c8a0fb3ecabdd407795777dfd271ae7808053e62305a81c4876313e

SHA512
de66b9f35cc6bf4e6dbaa5da86f1bdfb858a6946f2ec01ffdccdc4be9b0c3e5b0f46f1c84a6cba66c7207941a52be261a239e8a9d23ec6a6c0c1355fe7bd9927

Download Submit
/data/data/com.iws.deals/no_backup/db_metrica_com.iws.deals_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
7ce4beb9d1dc36fc6c40ad18ce461997

SHA1
2f4b65633d2ad04e79e7a333e64d6254f656ca13

SHA256
6a365b523e3f90c3a2064697019d17d0f421fc45220a8a2d4f6528a1f773e12c

SHA512
762d67aa2ccfd878a84669dc6538f76d91fcbd4672ef46a4a0aafb4ac825759e4b896a837326f4f4da0a0813c8d412535ec814cec687b717412ac21391ba103d

Download Submit
/data/data/com.iws.deals/no_backup/db_metrica_com.iws.deals_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
2cd2c3f8a13d6cde2acf3fca19a891e6

SHA1
2633b5f924ec6b80631719256ae4eee2f77ccd8a

SHA256
71f335c390c91d731c5a02a9c4537af546818d466e8a0944b51406472346c420

SHA512
b369f0c3b5d9e4dce2f574c25e2e1408efdb9d90f05f4622769987eaecbc330a7a86e3236dcc31456f698961b95a7abd1eb7d17026dcb0027687f60993ad2f0d

Download Submit
/data/data/com.iws.deals/no_backup/db_metrica_com.iws.deals_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
ac36412b1651d279d9f704e284cbcf2f

SHA1
8896715608b77f623f9748c7dd624788c9934b49

SHA256
121cffb0484f86253d09713ee7cc92680620cf029f1206dedeee0e24fc46e004

SHA512
d4d0caee433f13f5cefeaee313893d69f3bec6611cb5e8985f2af6880c0b1d25033772acfa1651eabbc5c049a4799d8698aa6d5ae0b2e46969dc5ed2334fb10f

Download Submit
/data/data/com.iws.deals/no_backup/metrica_client_data.db

Filesize
20KB

MD5
49548efdf6d696c4b1493bf68ff18acf

SHA1
b71db1f09c0f7bb63f4a6912155cb53804500b46

SHA256
14bb339f1af0369745f657e55eb202eac6c971a40390362819585e317de7c3d1

SHA512
8391b21c3ef502e2fbf2d32ecd35bf7e09e216cee4da57c2385a0e5adbe85f343208615eb92a10d632bf98ecb3718377ae498c27af013608bfa56f0fe4124ac1

Download Submit
/data/data/com.iws.deals/no_backup/metrica_client_data.db

Filesize
20KB

MD5
85b289b8ac9bdb67e25e84c680d9bd89

SHA1
0c4dbac1f7e8e8105e34e4c9d4247ced25aa74df

SHA256
6393138157ca26f93a2e632655031d76b02f6db7297e1b68ee8fc2babd52666f

SHA512
6f033820fd8a8039241260fcf8c0ea30c88381860825684b076c75f3afbef8d2fb3a9d9515eb9b41ec0c7fa792598b9b0879cf386b633f4aeaf9d7000afba7fb

Download Submit
/data/data/com.iws.deals/no_backup/metrica_client_data.db

Filesize
20KB

MD5
484df068dc370197c0e37af4f433f772

SHA1
5d071329bf5182e60b2d268adca542901d492001

SHA256
3ebaaa9fc7a9245b413f62f91d9e689d468456dd4b6ce2408bcd2003cbdbfbd0

SHA512
587e7b68f2c167d39dd50744f2892a461a67cb073e8cf9f6eb2ab752e07841440dbe212af32958248d15af5d4001e7fa12f86cad62578ef31999355a86c3b0b5

Download Submit
/data/data/com.iws.deals/no_backup/metrica_client_data.db-journal

Filesize
8KB

MD5
3731b6098d77cf61094687a0ee3253f7

SHA1
9e9dac20291f44548b2aa104e54cde18ce86cb0f

SHA256
4049b82c000ceca484d7f03bd4a12b167eca8e189078659f816f4e6fcc2cacc3

SHA512
506fb238e37c92832093183d1f9784792c7d5da2e3b4e298024461cf3ef6f6f3c6e5187bbfae0099db9d322dd076454256155afd327eeaf8c2eadaa3d9a06c9f

Download Submit
/data/data/com.iws.deals/no_backup/metrica_client_data.db-journal

Filesize
8KB

MD5
4e5fa3554392ef56457623821ad6a103

SHA1
2c756502c93ce33814037b0911be901163c34758

SHA256
9c205f46e077a2607422ab6ed3cc3aa0b197414e0fb48aceee86311895a9cf0e

SHA512
1d773a8dbc3a42d341a0b49ae6d502006b22dbb8f0c3fcedfe2094ae778d60d6a7fe9fb664035346a44651c0ab387197655a853e4e79a9cc59ff3684bd774aef

Download Submit
/data/data/com.iws.deals/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
70ef8e3b49b7424a6d072c8a815cb369

SHA1
046b5bdf45382c3024dde5c0459cdec3708d963d

SHA256
acb31f1adf4cfdf4beda907556337352a5f0c2a1eca73ec9df89d1a228d57ca8

SHA512
3e36fd3200ec20346cc80e210d133aa4e6f5d6fe8077eb80400c6c35e61d32b09da5cf0cd3a469d34c7cc5e4754a9b4017f1c86de67b35b3e40202fd3c60cf89

Download Submit
/data/data/com.iws.deals/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
575947056d60cb672fdd482b136651fb

SHA1
b2c1bc4cda56cfdeae59da143f3d73e42fda6616

SHA256
cf0a7d98db5857e228acb674b413290a1057f0ecb13be53dfc5efbd78cd4ad70

SHA512
6b12afa3cf19cb0659d2808903c5a21d1d13618436a4b7d847db06e0c2508f8ce2eaa72534c49085e953dd7e7f40c7bb654e68449a084c1eb13a313effc9f3df

Download Submit
/data/data/com.iws.deals/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
bddfb53af76d8f02e116a766eedac35a

SHA1
f6d6eb4f9985e6d4230e59967c4884cc4eb1a59d

SHA256
56d9e477c990ac04fc6a499afda0d57aaf6b5f29312dd2efa5b0cd5ede66dd48

SHA512
6f1fbfc0cc627c07d5db13a5e2ea1b4811decbb400f4f199dbe0e0666da162c4814572566c92258bce4b7bb474423327de09bd48fd2c0b8e5348df14055530af

Download Submit
/data/data/com.iws.deals/no_backup/metrica_data.db

Filesize
44KB

MD5
bef2edbcc52999e6d7f597252b2deb2b

SHA1
73aa980b22274c0e16216f4350b339941ea692c0

SHA256
23082715c30c28ae2ac850717de0a8c5918458a0bf95ffe4e768a6e4270195e0

SHA512
d0d9372a6a35636ddb0347b031509caf846574df3c52112b5fce2eb513ed02f602d18f42b5ff4eedf2a17a74b6b51fa9213ffb6b3b1c4d09daff905ff41181f9

Download Submit
/data/data/com.iws.deals/no_backup/metrica_data.db-journal

Filesize
12KB

MD5
4eb0a879672c9a4b9e49f4136095226c

SHA1
9f4a78e622c415c2091af29edbc9fe855bb3c649

SHA256
a83fc771e4974e88c84505bf4f626ff0a82fc2e2b29d660019984a6f1c74d988

SHA512
5f8de63ffe483444fc59d90618eab74deb0a1abe2594ea2950953abee56d962fbb4229a531af607b2a425922e109b24dd70d95879dd9c22bc19d4de5b10347ec

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads