f4dbe84132e147440d8561a08bd9199d6102fea686735ffe936b0d5d6364e6b4

Analysis

max time kernel
179s
max time network
182s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
25/05/2024, 22:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7367ac13488c3c54ca7915169adb73ee_JaffaCakes118.apk
Size

3.3MB
MD5

7367ac13488c3c54ca7915169adb73ee
SHA1

3d28b782f0fec787d097e2a8eae1539d340d7fdb
SHA256

f4dbe84132e147440d8561a08bd9199d6102fea686735ffe936b0d5d6364e6b4
SHA512

befbbdcf4c9edc46550126c090e42cb24a6ba0dbfb97d0eb3f11cc81045235580dc05a473a5f327245aa3994064c3479d97d011e6f0f26609552be0790f019a6
SSDEEP

98304:xugfuWWFkFL7EBasOqFRl8Fr24J73DwpwOtywXN3XWiBj3T:xvLWOLpEcJpXq

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	goldenburger.creapp.com:Metrica
/sbin/su	goldenburger.creapp.com:Metrica

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	goldenburger.creapp.com:Metrica
Framework service call	android.app.IActivityManager.getRunningAppProcesses	goldenburger.creapp.com

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	goldenburger.creapp.com
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	goldenburger.creapp.com:Metrica

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	goldenburger.creapp.com

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	goldenburger.creapp.com

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	goldenburger.creapp.com:Metrica
Framework service call	android.app.job.IJobScheduler.schedule	goldenburger.creapp.com

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	goldenburger.creapp.com:Metrica
Framework API call	javax.crypto.Cipher.doFinal	goldenburger.creapp.com

goldenburger.creapp.com
1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:5145

goldenburger.creapp.com:Metrica
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:5197

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/goldenburger.creapp.com/files/ZPkFS.log

Filesize
12KB

MD5
75bbd55beb06a1c56d13fe074d58934b

SHA1
ab3cc4bcfb76c5ff9d8e8e25ff6e710b7bf974a1

SHA256
ec7b6731bcbfb3436c8f68bd2499b7b162580499f93a72a3a5d54759a3255ec0

SHA512
e3ef7a68ecb43d61d89937dfffdb5a6c0b50f621a34e270bc0cda44dd1e47834cc16320ec24fe294ac6d26dd18fa51026b8117fb4be2e3c815ea3b6495674223

Download Submit
/data/data/goldenburger.creapp.com/no_backup/credentials.dat

Filesize
233B

MD5
fe7b2b956bbfc0d9c3cba7524b27f3b2

SHA1
a8ef98873958801fbbbbf14386b89ae48d0201cd

SHA256
f8da00d3d78c1fc5b1f2f3255691c8320cced0e4d2921263d41b1178049b70d3

SHA512
16131671d5dc0a1d9fdb839c85cefbad88b1cac519327e4461f4b25b55796159698e33cc7feafd830702561ffab029ef8c81c7359eb9b4977fb3882e5dcd878f

Download Submit
/data/data/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com

Filesize
36KB

MD5
e0eb32289538b14928075dd5d81d3929

SHA1
d89bf71688f7c693e96fffc3fdb3d01dc055027f

SHA256
c5cb18a56635a516013229799daa22cd06e58832fd1a8d80a05ceda89254725c

SHA512
da9895b863950b3c9cd7994b39fa12951e7d94a480e5f09f1a6f414f275e925102e4c5483893fa7c3e8ca1663fed21c7bf1dae4797410d8ec013fd8662cbc285

Download Submit
/data/data/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com-journal

Filesize
20KB

MD5
9584ac6c127cb4d0bd5d1092b23f4010

SHA1
b74ed46d3654b07537ff8a4eb4edd9cfd4cb6267

SHA256
440089296e500def93632418b113fa73954251ffa27caec36555107c129a3bbc

SHA512
7713fc657a197ee9e7804191185204ea7acd05f2f4e57b2848ae66aceee2f21948fecfc0cd19b20d2a98604a9d4ca5ae788ee102b54a055e428e068097f7f68d

Download Submit
/data/data/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com-journal

Filesize
8KB

MD5
e954e7cf79346bbd02535b40c4f09de8

SHA1
5c4139fe57af34004b723ee7def84b36fc0e4848

SHA256
5c710f3c6b3e57fa005e8c5150848f549124b6cf695e261ba3ba2f5d8752f603

SHA512
2b0e27fb2331754f58a195b18469f5b0c05983693865ff1d10d14b20d23c9f7ae58f82a65179570f5c0bd53f7386505847470a8d00f341c89e52bd2c5200d327

Download Submit
/data/data/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com-journal

Filesize
8KB

MD5
f42d55271ebbc3edcc55e5e7e3341265

SHA1
87f7951bf4c6bdd529e01b52b3440f8d7d108679

SHA256
404afb84c92e73f054fe20286f2f5eccf18400a08ecee0827c0bcd815ed171a2

SHA512
4c8394c76055e1b37dedf7503ec8c71b4b90fbcba10001a3a0da7343d0ebdd990d807f7f27413b29aedd9c632242fc442a4b8de4591a95f9ed671ea0509229cc

Download Submit
/data/data/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com-journal

Filesize
12KB

MD5
fa51f9883f7b2acf55555f5396df7f00

SHA1
9e907dd90e8502eec4957660c1c8d49e8a3eadc8

SHA256
19927025ff0a428ff3fe55c8cf19d4313f2ba7f834b8242f772b17f8005dc995

SHA512
c15e62e6b56ae8757e0fe2daf6a1b69468a412ce856f33e79ccf9b9e2123d254ca333e016f09b9c54b0fce7924108048eabb2024aebdf67b40b59b17c76fd787

Download Submit
/data/data/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com-journal

Filesize
8KB

MD5
7c4d0c6f7f0b68a769963870bd6d77c4

SHA1
64e42ce4041667a7f42fd357286018cbfacad3b0

SHA256
4af930f22ad121dafd2eb9ebdf15edb216ed3df2fde653f805fe5bb17bb5635c

SHA512
aeb24267555c824fcc5e0f0296934d35ce53404df6b8a07272ef3cd59482586da04a649781c9430c63b2f8a0caf19a3bccc33f0c4557171d311a6a458efe3bb1

Download Submit
/data/data/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com-journal

Filesize
12KB

MD5
359fa4ccadfd22da9edf4faba2c43cc3

SHA1
9676bea01e954b043d6f96b94c9f4b5ad36221d2

SHA256
23ef28f3d8615de7ff24c7027c5b7747ef5352ee1a67e4a16fba24f9202025cd

SHA512
2e943176f2fa29bd25d45c6f285f0d3d9b5d5e5fb53605b96c7607946c77c864452ac3a79fd07a578064d2f139ceaddff719a758710dd7880d76e884c8d382b5

Download Submit
/data/data/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com_20799a27-fa80-4b36-b2db-0f8141f24180

Filesize
36KB

MD5
1e4a315a35eadffb375bfcab7e6e1ca7

SHA1
90f0e523671b57d786fe273401d768699a6a50d7

SHA256
a9ace1bd791845b1e25d9e3448dde91cebeb39c25029baa77785ac2ecac9085c

SHA512
f561d0b5f8cc13ae4aec947f2ef94701cbc0b8ba2aad97ccef14bf4390aee8e3de7c1aa775128d4dddd0146ef1d5c48a0a9a48edb1059a4fddbeb90281d8b01f

Download Submit
/data/data/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
512B

MD5
bf418915e5cf83f85d5b7468e4e2c0e9

SHA1
2e89a31d2e2779883e344b14602b862256e14a05

SHA256
0e35fc2cdcebae71b74acbec4efd61d4ebcd58549fd011da88d3073d21a08cd3

SHA512
f8d9e6c77d15881dbb70d42921b977c2058326583fd598ae719505ce4881668c3ea62f07b7cd8e9149e31168655f3f09812670979a8465bfe045d9953fc827c6

Download Submit
/data/data/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
8KB

MD5
9b405d74fc543e3b2c8aeddfa32a5c44

SHA1
44f23d7f1170da1a86d31ad9ee017e3d6ccfb3e5

SHA256
a0cea83f95da325aea3802e9e655c381a98b6fa7aed25c1a6d6f69fa023d5cbe

SHA512
144be5383a89fbe83d6a747a2ae8d425394b566629fb94a7da25075b0148518671ed49ebfedc91e5429bd5f6637f5b9b724654d2556c77161963dc8d7f1b875c

Download Submit
/data/data/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
8KB

MD5
3c5fd02eed629c758a46234c8c5b0437

SHA1
c892e97235cc5f6dfd1b9ac25dd1b4d9ee66b129

SHA256
41a14d1b28f82ff0d3c72ffc10e1aed39af24abf7767ea3bb6614302c16ec501

SHA512
e6bb8973315ab28a3c52fb11e0ddb04192f3f646c4f586e3897529db1fcb80dc2965a9cde686334c1bdf213a82c4558b688292a20be45e9394ec203d4c05e9a4

Download Submit
/data/data/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
e2b0368dd6e3b3245ac970c838f2bc7d

SHA1
95640fc6a9f0abbee8c8f7f84db31eec6aa1cb19

SHA256
d24dd6a15b76b3b2b29105f104af012344c1dc16e7b9c8b686c4f1b35f3e22c4

SHA512
6887752f93fae0870200aef64e3b6b82e1d498abda2232891e67d61f36a02f22178d4403094c7aeb85d82f62e3d2bf3f89b37f4a4bfc798b7a050ffd6d3f1894

Download Submit
/data/data/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
5fd9a61e32ac262d2ba74ac4b3017123

SHA1
91c8f57d46f3f12d9884578f4f4eb31d4a1efcb9

SHA256
7b54b894a1a7748c2e1e58803080524347e8cd0023a16f7325814a64d873b503

SHA512
c97659e33e5fcebe36fcba6cd0931a306fd92b6ef795e7eff3cba053b7fc4397d8b4c111b35d609a5b7ca6fcf2ae1699b25caddd2c5062ee61f22e40d5df5866

Download Submit
/data/data/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
2ce2be34063481f9e12c7da80a49ce07

SHA1
b36256ef514a8822695bf06546f18e62fe5bb7c7

SHA256
2ddc5ca6b377369b5362b8b98400d0289eb0c49f1401d0d6f669f65c038c422c

SHA512
b33fe966cf5e523b5ed069a8c7bbcf5385037da8b0fe8be696ff87fc3af29f2e860f93e85a9ccc6539ac881510e4919784bb15540b139f9c4a020489fb5d8eaf

Download Submit
/data/data/goldenburger.creapp.com/no_backup/metrica_client_data.db

Filesize
20KB

MD5
ea9c2dc01d788f2ed7ad6a455e32335a

SHA1
3da6ee06226734e9a402c3ef2b542af3b509b6af

SHA256
ddcb0e1970efc2dcb42a4dd328ef8c10f3512b39a47277d5b075fd3b92dfc3a7

SHA512
5b834f25f6f8afea98eec78cf8e148671ceca48aee8019e09308389c1f336e47e55666fedf66e09c97e827c375ade0fad635b98686ebd2f72240108670d25e76

Download Submit
/data/data/goldenburger.creapp.com/no_backup/metrica_client_data.db

Filesize
20KB

MD5
c6319035ccca3e05bbd787f76725e006

SHA1
cfff89d07c2b3579701155e073475df8e239b3bd

SHA256
1e4b238b79e14c5bd35c0f0f9587c594a26e6028a026b489d53d89ad38d910a6

SHA512
6aa63831b79b8c1125dab85f7e8118da0b469736f97ab058b77d350958df3b9f54b9dd21178368f3da7e60e0898fd2f5e8166969213479c70eddfb628b03051a

Download Submit
/data/data/goldenburger.creapp.com/no_backup/metrica_client_data.db

Filesize
20KB

MD5
484df068dc370197c0e37af4f433f772

SHA1
5d071329bf5182e60b2d268adca542901d492001

SHA256
3ebaaa9fc7a9245b413f62f91d9e689d468456dd4b6ce2408bcd2003cbdbfbd0

SHA512
587e7b68f2c167d39dd50744f2892a461a67cb073e8cf9f6eb2ab752e07841440dbe212af32958248d15af5d4001e7fa12f86cad62578ef31999355a86c3b0b5

Download Submit
/data/data/goldenburger.creapp.com/no_backup/metrica_client_data.db-journal

Filesize
8KB

MD5
e1e5fdd0bb7ea006c8e7a097034299f9

SHA1
65b6dcd4b6eef408384055901df16f3457cdb20c

SHA256
809e71b5b398168ed4da73feb5134ac860ff6a17e7a40da6822efea3bf84b93f

SHA512
643b179a6e44c237d4fda6f6025b44ac6cd73cdaac20e4d85c184f37507dc7963dc43f80b11c3418db32e0f2bf07689eaa7a1a2e5078a0967f089abb3aacc983

Download Submit
/data/data/goldenburger.creapp.com/no_backup/metrica_client_data.db-journal

Filesize
8KB

MD5
e8ba17e5ac9c5be320b3cbf7ae0562bc

SHA1
587d1be4b2034d16f99f5c39fc8827753ac21ae7

SHA256
05f4edd398a93a8f5133da0d1463616c33cebad12d4aea17cd947d8c6469d1c1

SHA512
c9a5f74b3354b2bd40e80a45d14175b641c4b0de3e42fe544212fce162be3b77d3000453102fe29c57c6507065f07018a750bc655f87cca5600d17876b17325a

Download Submit
/data/data/goldenburger.creapp.com/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
ea267501a3c3b47fd8b396e213dab83a

SHA1
9ddb9300eea202db6ba9d362d6555f1c86375646

SHA256
0f46f99793f15c1d3a5f46d3406a3376580ed70e14ab7fe5613e209ac0bd0368

SHA512
aa6ac4655033536a3c6b8b577e4e79228956e4f70f68919265c5efed5df6bfd41d56ed037865d2d718ee1b35e6707536716470e76fdb7685848240152ef77765

Download Submit
/data/data/goldenburger.creapp.com/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
1995e2d6d1224fbc885a7f1da6ae5698

SHA1
06fad1b4692152461a07f6b7f6e974e7ba535d9b

SHA256
fd18acf1babe16e2f4c57466139d0e08bfb7f8e54b3d2fcb7057f271bc2f6b2b

SHA512
5f4ad134bbf3a84bae04c24ebd7ed9a4f724a25052b1e9a46fd2545ced3c06152705de1dd31cfeed8704dc4b86cecebc6103ef3a4bf883b94b29dd75be354649

Download Submit
/data/data/goldenburger.creapp.com/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
51ec9c880d44e8fb73a40fda4fd47e0a

SHA1
4683843ffe6d16b02b8894e730040460147c46aa

SHA256
c2ab0fc0068816dec9ad609d5bd59d258468e1a32f442cd4fa8c8b57e7b470f5

SHA512
ba2dc6b95198fb3b2181f2a427c68fc0a4d8724e29727ea14392bb65af9d5ade32d6023273893dc21080d6facd2b9044993d43fff1fb2a92d0a1ceca05e259b2

Download Submit
/data/data/goldenburger.creapp.com/no_backup/metrica_data.db

Filesize
44KB

MD5
8fe35bfd4902113a7a97d7b700b8b225

SHA1
963b2605a833ea2e08a641a1ca5aabe2f9e3d2a5

SHA256
1e00801779545c6f9cc2b0541f51a745ea6b187b6e31aceb1938b6f4932adb7b

SHA512
4bfdd13a860b42704a2c808c4a07a9e2f8835ff46b2c9025a7c16e22aab7b7ea2d865edfb5d360e3d64c9b4c768877456e9f22c846d7f5806ddb455cb75ee78c

Download Submit
/data/data/goldenburger.creapp.com/no_backup/metrica_data.db-journal

Filesize
12KB

MD5
6bfd083f6f1dcbd85c94d2f271b20044

SHA1
7efe4196dca79f7c2bc95f332535e641eb1b55aa

SHA256
47d3f22df0840e5938d22d17a9b40c406a6cdec7ded83ec17e0e1065cd898299

SHA512
aa949485103accb822b231673d4fca7b14f39ac4cb299021e46054b782ee10c8e50dd040d349d7fdf28c2571679056775a813d468eca6c5680b7225e174a29ae

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads