f4dbe84132e147440d8561a08bd9199d6102fea686735ffe936b0d5d6364e6b4

Analysis

max time kernel
179s
max time network
176s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
25/05/2024, 22:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7367ac13488c3c54ca7915169adb73ee_JaffaCakes118.apk
Size

3.3MB
MD5

7367ac13488c3c54ca7915169adb73ee
SHA1

3d28b782f0fec787d097e2a8eae1539d340d7fdb
SHA256

f4dbe84132e147440d8561a08bd9199d6102fea686735ffe936b0d5d6364e6b4
SHA512

befbbdcf4c9edc46550126c090e42cb24a6ba0dbfb97d0eb3f11cc81045235580dc05a473a5f327245aa3994064c3479d97d011e6f0f26609552be0790f019a6
SSDEEP

98304:xugfuWWFkFL7EBasOqFRl8Fr24J73DwpwOtywXN3XWiBj3T:xvLWOLpEcJpXq

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	goldenburger.creapp.com:Metrica
/sbin/su	goldenburger.creapp.com:Metrica

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	goldenburger.creapp.com
Framework service call	android.app.IActivityManager.getRunningAppProcesses	goldenburger.creapp.com:Metrica

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	goldenburger.creapp.com
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	goldenburger.creapp.com:Metrica

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	goldenburger.creapp.com

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	goldenburger.creapp.com

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	goldenburger.creapp.com
Framework service call	android.app.job.IJobScheduler.schedule	goldenburger.creapp.com:Metrica

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	goldenburger.creapp.com:Metrica
Framework API call	javax.crypto.Cipher.doFinal	goldenburger.creapp.com

goldenburger.creapp.com
1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4266

goldenburger.creapp.com:Metrica
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4300

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/goldenburger.creapp.com/no_backup/credentials.dat

Filesize
233B

MD5
dcfa0f6aa91849cab5edd375a950b541

SHA1
abc611cb08b5a925c0765234a671a936b99e91ab

SHA256
4237bf9845b8737c39ec43e74a869dd1a4cdc9337fa7c757be276ff81d089957

SHA512
6b4ad153016fffab28872d706e061d72826662d575b55ef246a12a21cdec3f483642947cfed9822b8e9a71f57780a87effe5d4d12ee741414da5de768e228c76

Download Submit
/data/data/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com

Filesize
36KB

MD5
e4ada74314e6c063e92ac789af075d5a

SHA1
f276d58d30be726debbd63e6b06a54a74db84a22

SHA256
0844f098d4a7b81e6b5c30fc17d7fff35c5dc2b37f10cf43199d54e50b29d2cb

SHA512
cf93bcfd4aab78696bae0275a3694d173835feae4fdffe74299e7351764010e02c0862a588009651a03051c8098ce8d7aa33ac705e96d0862c288bffec3f404c

Download Submit
/data/data/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com-journal

Filesize
8KB

MD5
04161aeccd799eed8a42a6f02ab41fff

SHA1
476fae96e0c327693e13527831a0cbb6115d6f11

SHA256
7ed20c922caf75bdb1ad4b574b1d91c8d8bed9497182303972b16988531af52f

SHA512
8bd283a406db995e2386dfa91130ee5b730d89bef564e60c41fef9170be72192bfd14fa0c1898a80df128c31634a22ab13176d6b8032227bca57277d0bab4d68

Download Submit
/data/data/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com-shm

Filesize
32KB

MD5
5596dc979c7a5af53289eb80d0043211

SHA1
b837ab9c8128ad7dfdf55929e8c412c139193b59

SHA256
33990726916efc019d476110398bc7110a6632f4af7ce8c136235d1ffe49fbfd

SHA512
eae19edb91a993834543bc6d3d2bcc89730a50005499ce12f2bfd9584c78a98b50ad85f5592dcbb47ac82223dc318f47b2fa394d697b45f67806f2e672f72af0

Download Submit
/data/data/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com-wal

Filesize
406KB

MD5
9d6fc30a00ec89df77374ba69efdde9c

SHA1
8653cdc22ea1356abbaf3c793ac7560175fa0b92

SHA256
44d2cbebce040f17423c3ba20f115f450982d7c1a926759cb82af0bb238a5441

SHA512
0205d4091e0564bb5989244db24bb088bf746e879d5f758d4bbc5bf6e7112e56ad0f3d5208e37328a1227d03e4f70bbd0d8ed5255cc2942d11cbd435ac2ecaac

Download Submit
/data/data/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com_20799a27-fa80-4b36-b2db-0f8141f24180

Filesize
20KB

MD5
f20d7de79a6db4e4ffb949f5b2581719

SHA1
c184ee7e93f040a6e699896651f11b5efd96401e

SHA256
d27b61fc7a863ecc1191afa9f578c7aa885d026a1b11a24d8b3f711133fdf101

SHA512
b643009aed32c829062048a3da2a92858d1e4b4d213aa84a285190c6197eaa802fe7da0612088c141bb7e9df63fabc568af10833674b585432ccf72c5201bbc1

Download Submit
/data/data/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
512B

MD5
189c0ae74afb4d8c0bd0e61874910842

SHA1
89f1e4ae9f1c5ca67e72bf5727b8989460e13650

SHA256
53d8d4844e05e16ca26418c3e981784476abd08418922e41e1356963828985b1

SHA512
42bc8a3e6b07624521d7a2c5ac27666eae872361d699852a8ca86278d102d69f8fcbb350de2b1fbbebdfe8ff036d6b728030cb76837e5840220c1607e63f3c4d

Download Submit
/data/data/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com_20799a27-fa80-4b36-b2db-0f8141f24180-wal

Filesize
164KB

MD5
ac2b5bb6eda4a2d37ea2b4611a41532c

SHA1
c9ef12077c114ad5ebf6bcedfba22d3223fb9f59

SHA256
5390caad37a97c2034a62d16f3fc21c4cbe4a6a2e7cd1d10716947c386fefc8a

SHA512
e6119e40c1e5c294f5a96eadbc160477cfc161e045ce1e8e05f8e04424505d42f5730faf4116742899cd205201e4013bb8aee0bee22b9a63c14aa18ef7a0031a

Download Submit
/data/data/goldenburger.creapp.com/no_backup/metrica_client_data.db

Filesize
20KB

MD5
86fe668a2957bed6de6fcc7d8b1c2931

SHA1
138cefc72eb85aa18e037fcb0caf371e39b736da

SHA256
e2f6f37142be63c332ba4dbffb2be0ae87470f10a9e62d9697d9635b28692e94

SHA512
2d58d5e16894f816840a794d0aa347c330f25d166a04789d927ce7c0c33fc92123dd64f8b481e0cc50392c6ef620648705a40755162ccb7ab9d05d5756de6f87

Download Submit
/data/data/goldenburger.creapp.com/no_backup/metrica_client_data.db

Filesize
20KB

MD5
5a201c49678220bab5c1bf4ea8ab990e

SHA1
38a29543568268c8730fdd68ec8bf10958990e03

SHA256
40273f62742e3477e536556d54cd01f9c5d00bddcc4b33a030a434e0a9ff6214

SHA512
98f04d55bb3727d6c154a7779b8aaa05ac287dc5b2d4bb7ada9325ecf640b0c8e806ec2bac71cf1e8ed761f7236b338b9f643fb8607c9e9da2e728918d3dca64

Download Submit
/data/data/goldenburger.creapp.com/no_backup/metrica_client_data.db

Filesize
20KB

MD5
44def4f6e42c3ec63f229d23af8c804a

SHA1
f5956d9295778b539bced03215343fd3cf7a9dd8

SHA256
882faff2a0f007164d5dbda7bd7f803306423b5eb48a88b1bb72bde65b77e50a

SHA512
a14770398044635a8a8fc0d59dc95af3a97ae78146a9ace3795d600a44098a5ff7099aa3d0ac40442f8ff8c5d3b5ceecb4b360bf47f3e8c7c902879e2e76228d

Download Submit
/data/data/goldenburger.creapp.com/no_backup/metrica_client_data.db

Filesize
20KB

MD5
b4f28b52ad2cef7210d677e436a0d3c6

SHA1
447664eec4341975e3797587d2bf9417e6bd1844

SHA256
c07197447098d51d7cb3882243d6922191a34a376d9516b3b301af8bd8ca658d

SHA512
e0db54e86d15ff461609dca26a6a990688f0c3c1470f8606698bc179e758185e3a3c8a8c6e54fbf5196ff491749678a14d421e4b1e411f4dbb868794ce11a094

Download Submit
/data/data/goldenburger.creapp.com/no_backup/metrica_client_data.db-journal

Filesize
406KB

MD5
7b5c5d395002ba4be5bfe152d937b032

SHA1
c8a54fc55043f000ecb9f07ede3f07573cd7e0ca

SHA256
ba1ea511014aa026f5b4896de62565869ce2a2b224900897e2e55fb5773afc42

SHA512
d838f57926fd9c47c2bd8f5f161b537a477f4941854a0383ef752b1d5a8e8c463d2b0a2239ff1ab20ea5f271f912696321785d46e26c5762140092cf126a1fda

Download Submit
/data/data/goldenburger.creapp.com/no_backup/metrica_client_data.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/goldenburger.creapp.com/no_backup/metrica_client_data.db-wal

Filesize
32KB

MD5
d9a1402a1759e08107b9737367014987

SHA1
6e97eaed4259fb60bec8e8c158c88bdc70d649bd

SHA256
56f250d682ab360561bfbf2b97a891dd5b119f7174feb2dfb111367bffe0c9a3

SHA512
5c9bcf6a016b379f39f605bc38c4761ef51c4957c2d89e5090a85626698830f250822c0144d871a6d73d64177a7f567990179c59078224767656396828f85caa

Download Submit
/data/data/goldenburger.creapp.com/no_backup/metrica_client_data.db-wal

Filesize
8KB

MD5
fa81bf88975c7220ff44ac19c9748ffd

SHA1
404be04118551c534e405b3437bdbed152cbce48

SHA256
9acd8ec668660b9135ab890db17709dd4bbae365c87025c79900c6e97845a76b

SHA512
990b0d75bc3c7db4f9f0c871177cc17540b08cb768b64a29d4d349d7c5116335f7f07c3cc14cd156a91598b47817a1b9d8c01b867edebc59fd64c971bb7e2d86

Download Submit
/data/data/goldenburger.creapp.com/no_backup/metrica_client_data.db-wal

Filesize
32KB

MD5
88c6641b712a4c5769203029854f5308

SHA1
5e9a19506e7c20b60faf8e3a34050596bb121c12

SHA256
8e124840d2f2a7f46c044141011625506c2b3fcf4193302b9788087f525c6ac7

SHA512
4e178d3c8101b2260b50e9bbc975e26aeb4dd8d11d9544ad6467e777f8b832d53ff49a9df22e1c99924264bc5b7133f5f3b2fc2e5f05f61f0f070a2227025432

Download Submit
/data/data/goldenburger.creapp.com/no_backup/metrica_data.db

Filesize
44KB

MD5
42a52f7263703589e17db9773f62c7c6

SHA1
443935e7a00215c1e871d314f58463c398fc0ae9

SHA256
e3770d20f8f06ed2e0a858437cc72ab27d1eaf1922dd7307e8154d8942d161e0

SHA512
34987acba149cafefb3866b724a7b8d9e700235b5fadc0dc5d3a4d18e7d027acd9b561b8010abe7d42634eebd2b0643550788e947ba1af57d960dbc2197ca498

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads