f4dbe84132e147440d8561a08bd9199d6102fea686735ffe936b0d5d6364e6b4

Analysis

max time kernel
178s
max time network
136s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
25-05-2024 22:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7367ac13488c3c54ca7915169adb73ee_JaffaCakes118.apk
Size

3.3MB
MD5

7367ac13488c3c54ca7915169adb73ee
SHA1

3d28b782f0fec787d097e2a8eae1539d340d7fdb
SHA256

f4dbe84132e147440d8561a08bd9199d6102fea686735ffe936b0d5d6364e6b4
SHA512

befbbdcf4c9edc46550126c090e42cb24a6ba0dbfb97d0eb3f11cc81045235580dc05a473a5f327245aa3994064c3479d97d011e6f0f26609552be0790f019a6
SSDEEP

98304:xugfuWWFkFL7EBasOqFRl8Fr24J73DwpwOtywXN3XWiBj3T:xvLWOLpEcJpXq

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 3 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	goldenburger.creapp.com:Metrica
/sbin/su	goldenburger.creapp.com:Metrica
/system/bin/su	goldenburger.creapp.com:Metrica

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	goldenburger.creapp.com
Framework service call	android.app.IActivityManager.getRunningAppProcesses	goldenburger.creapp.com:Metrica

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	goldenburger.creapp.com

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	goldenburger.creapp.com

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	goldenburger.creapp.com
Framework service call	android.app.job.IJobScheduler.schedule	goldenburger.creapp.com:Metrica

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	goldenburger.creapp.com:Metrica
Framework API call	javax.crypto.Cipher.doFinal	goldenburger.creapp.com

goldenburger.creapp.com
1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4526

goldenburger.creapp.com:Metrica
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4576

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/goldenburger.creapp.com/files/ZPkFS.log

Filesize
20KB

MD5
d0c6216468a004011fddf11d7cfd8777

SHA1
f59d660f0c7848925c77ca041725d00d3c43dd6d

SHA256
168982d1fc28361b0a4438fdb040fda0af95c6517189034b29827a6d26088f62

SHA512
c4836a64404e1eeb9544aeedce3d8a2b70b5375d2885d0ea86c86c60f89edf098962e2e4aa2e5f2627b74a1e65d3d34869408ab5def402883db130467d75e94f

Download Submit
/data/user/0/goldenburger.creapp.com/no_backup/credentials.dat

Filesize
234B

MD5
1fc433283c0e990da2708ef2fe44f167

SHA1
0d4175d88f9b859173a667111b1384cd14cb9d97

SHA256
db9154083b2a3d4934e901a391d8ab376d100bca71d3f3937e1b8e431c6e81fe

SHA512
6cb8c560925775be461d6a936c15528eddeccedd6fc4a08847c4b7360dc74c34187c0ab5081458782f1677af9d72d28907d52d0fdacff2d0114b16a5d239ed6a

Download Submit
/data/user/0/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com

Filesize
36KB

MD5
bec008593cfbb475cf777deb4e88bb9f

SHA1
88eb7f565790f3b9ec13fe0b6d21b24506167c98

SHA256
a627a396262cccffa4ea604fe703aa63fdfd8046352530167d17496156b71138

SHA512
5f2a49715e63a6cfae4a6c9d337e7ff53d6e2467d8f787ea5a8ca212c5273f16870b9f19434095aeb3ec5653295d2bda8154c56c8e5327ae86dcb9ecfddd5a53

Download Submit
/data/user/0/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com-journal

Filesize
20KB

MD5
3efad89b5456a1b244a3f4957239c02c

SHA1
285a60ebe855b32b702f76bd119f2fc199ee7518

SHA256
3a3a9ac95e95cc4891a162dad753957637d262fee2390ab54b4cb4eeea61c4f3

SHA512
d8c96ab0fbebdc34f00fcd40d8e53bf124f7f2f93333fcccb8f45de8198224bdf8b0ac668474c91a55faae3e7f94f89df27eb6d2ac765c36fdce2323427b2c68

Download Submit
/data/user/0/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com-journal

Filesize
20KB

MD5
cad3ec6ca835bedeb85eecdc76323a50

SHA1
8defce4962eb98d161cd73047a8e130a68a6adbd

SHA256
59277d1f8ba79c95919ab98a4587b44f151e83eefa4a78878ac4ddc733b02091

SHA512
d6266f2b3babd0924fa067484afd87bf983e633695aca3e8b067752545fab5bea88622cc59a00d72a12970b971e92121d7e8c5977d79b152b6fe8e052714c2f6

Download Submit
/data/user/0/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com-journal

Filesize
8KB

MD5
394af0dcb5ec7a9a39dbcfe62e1ed23d

SHA1
530dd387e36003d3d6855cb64c22c430e79fcfaa

SHA256
e4d30cc80a32f23c70fc0e3ff0918f45913dc2251e256bfb6a6d7a74f948ad51

SHA512
b0518963913a2d4eb8fc8d4316f25ee7537392c7652babc2295b5aeda028e37c8b81cee4b621a014dd901b054edd3e0ca8e6356c8901f1414d264de13281271a

Download Submit
/data/user/0/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com-journal

Filesize
12KB

MD5
7a17b1fdc4408364cdba9342122762d8

SHA1
8a266bf70a57217009df78fe093f82fc75275daa

SHA256
85e832031bb1f0c9547937cb16ad3ded8dfb6ca5bb90222e1093c3ccdae3bea7

SHA512
3f6a0577eebd1e6d36390a4117478713678acfd07b071ab23a3df36cf07fe6c93890fa70d870d9cf44e6a087856851fba5d8908b46e2d4b7a5a48c857a55dea3

Download Submit
/data/user/0/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com-journal

Filesize
8KB

MD5
46707b8b52c99b1fc14e771e1c5b7e0a

SHA1
057ebbc1ae8f98dde09fd57439a87767c4cc6a47

SHA256
cc9424b39d32116e648e379d172b077d7d00b8090042db8803425b2d57897b83

SHA512
d9c02706b55bce65d0615e935fda795bd5c8280dc961fc8aa7db332e20960c94a4b27ad9dd6ebe7431b6cef86cf1b5b2ec2404d213283bf6561ce7bcae2e1057

Download Submit
/data/user/0/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com-journal

Filesize
12KB

MD5
6a299853c86209a7b0c7cccd38baaad4

SHA1
a53a3d01d229d036a76b171a4418b549164bf19c

SHA256
7a7e40afd0f21089bc9e1889e3da350947d9e99bc6f2fa2096bc0b42e9514f4a

SHA512
559897e3d9be9851e7f7437311d7616dcc3486f1be9648682c1e364d8aef20b3be41ae79e971aefdd4caf174bc2edb1c5e7fd3b9665e1367b119f0d9c1090f0e

Download Submit
/data/user/0/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com_20799a27-fa80-4b36-b2db-0f8141f24180

Filesize
36KB

MD5
b21d31d5e2c9eb3fc007f4ecaed79ac2

SHA1
88e4acce12b771887eb62399ae7ae10cc10361db

SHA256
dfff609ef3a4e51b57e51cab689a5015a70ba581610680535ded8610727799df

SHA512
684d4d4830312219952a4a111d12d870b9a9f840807b63dcedfe5e20bb2264373f5f6c4ab5381bbed5f72998b361417886c12046c4deb6c29f39cfe245f5dd62

Download Submit
/data/user/0/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
512B

MD5
16ef18fc199af76b83208054c930d362

SHA1
a4536dad0d98ac8717bcbb3f3f54b624b9a30314

SHA256
4df6bd4b8a71556a54ab983dbbc4aeacbeb172eae22b96eba22ad065a68070b3

SHA512
fea5424e176e73cbda908e607627119efb6df1cc59d4dce50fe58a799afdad942a2acc3735611422aa8e42dc0a17933d128a1ddd7910639468cf7408e86443ae

Download Submit
/data/user/0/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
8KB

MD5
2e1ee32e7aad7250aa49d9028a6feff3

SHA1
2280e2279609a316c3af2d7056875a7921bf0cb5

SHA256
f499554dc6d0f126c9a8955cad1134fbcc234c713226db3d7d122914d322d81f

SHA512
cdf28714c14472bf25623e55e7aba37339ac4021ca41e325a373259c2495e70c655e36a46dd94ea0334b1ca0c1a80b2881162485f55b952f611f44b19f55df3e

Download Submit
/data/user/0/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
8KB

MD5
497c9408cf65c58be1cb0ebe85d9318c

SHA1
49672f39f3f3761adec66ce82092a754ffc21ee6

SHA256
00b84b953a3b7c5af4609b26f0b75e05611b76f3f6f560801ae6fafc18dda57b

SHA512
a4d6797f32332e90e308bdfcdec7f51b1b6589429a1c23bf3291e4a079faba4f8698bbdbda8ca2a462961f5c74f284c48a8ea03e2722c1f3501ceb1e9a2dfc2a

Download Submit
/data/user/0/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
9c3fa8e4327164fa4610dccf67017ad0

SHA1
a159fd6502128a8fdff95e489e4cd4852f488ef5

SHA256
eae5536f03e99d5a18d1b70076fc2500ea31af91609101bbdcbeea0db57efd5a

SHA512
c19424737ba2e342121e29fee89ea89e83550909c332acbadd27113022f71ead88874a92525ddb3a9a4a8b3b1c9dd2b3829918b1202c882b4fafd82118551e9d

Download Submit
/data/user/0/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
101ad95466d517d0c2fc53aa68f0a76e

SHA1
e9a939f39b4d7dfadcf956e888a9e88c41d28d0d

SHA256
61f25cac86057450ce64f0c8b1cc62eecb376bd371c2809f764fd670a28c92f6

SHA512
6e67a4efc95fa116c6d50a740148018adda03ffac99af77400b3e518ecb013df623807830bcce7a07f0c538c1e6a4d6cfbf8ed68b4b2c232cabe16c8d449e4d6

Download Submit
/data/user/0/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
c5530143128a7860c8329e161cb96e8b

SHA1
64f6f90e6c2304f1a8b8fcab5daa0dd61dfca7e6

SHA256
08d6bf15db19baba5216da9cea77628ca9d98e5400d8906822ce57b0d46fb550

SHA512
ad48163ce0432320bafaae4baae7f16a72b0a12d72c6272c1c8e00d98121d81c0d996922e7801da0b58a5cbb10153f0f256652248b4002abb02b05e5ac88995e

Download Submit
/data/user/0/goldenburger.creapp.com/no_backup/metrica_client_data.db

Filesize
20KB

MD5
60eff4446c9f133d9c8b0a6665da52c3

SHA1
af699f602ef21e15c278b1b4a011ae517e5621c4

SHA256
6604194b04fc43c55329296ac8d237c67a7795c23016fe7c915dfa0e4b252abf

SHA512
646e28d3dc6fe0b29d62ceb2094920dbd8552301ac95e48fbcc3becc985899faf56f55cb7539cbd033100c414d1611412c70c3db3d1c0171ef389dbbdc813310

Download Submit
/data/user/0/goldenburger.creapp.com/no_backup/metrica_client_data.db

Filesize
20KB

MD5
d7ba57e1897a9339853d5804f2fa742d

SHA1
ae8f9bc9f8be70604a46acafccdb8419b1f2dc0b

SHA256
5d078bea267fc22258ec0cfcee3af81d729f2773a5a20f7bbb809585ae81d362

SHA512
e1e715e2365433f58cdc274cbff06abdea134c30ce682d916203a1165b0f963f556a77c1c921de87abc2880d1c7bc29a6626a0167ed3ec206101cc59ec1f6f70

Download Submit
/data/user/0/goldenburger.creapp.com/no_backup/metrica_client_data.db

Filesize
20KB

MD5
10f536d83177fff5ad4a676d275ea795

SHA1
658e30d4f7afa4dbc257adcea4b2e33795a1740d

SHA256
fe27eafa333583ded7d2268be75ff7955eaef4970feb4dcf2d6dbd78170ce096

SHA512
9b3021a2784bd6d76a29c4d97f9ba0aeeec6f4af29fa1ce021ed767f16e27fd914bdff4ae1c9ba82ce0d7ce55c302a8cd88b1a4fa425cb3ebf274cf324fa0afa

Download Submit
/data/user/0/goldenburger.creapp.com/no_backup/metrica_client_data.db-journal

Filesize
8KB

MD5
86cdc6c859c3b6cb2f1fa97bd96c3462

SHA1
86815158ce432354dd63ac2f679194db26a5f192

SHA256
4f6b14145b6601801668c0f87b82da80296564e1eab7f749634ad4bfcf31288e

SHA512
fef57946f5dd3e95ae9a92bc71e1dd514a430e2e6b357ee1b3cef9b33eb0693138be11edab9512f295afff7c6432230aa61abe932dd9d3ba4058662b6d627260

Download Submit
/data/user/0/goldenburger.creapp.com/no_backup/metrica_client_data.db-journal

Filesize
8KB

MD5
801bb15afeb1e169b16696bf5432fa59

SHA1
ede3bd0e25908eb2877a9d777950e0a1b3449bdc

SHA256
ab2e0d62d8df9e8c7e864512648ba0ccb15b1a83a34d06e01edea3ff0ad53aad

SHA512
bd89b8a8d58ac65d264b9ba82e4edb802fbade96ee8f251215f3face88590385b3edea8a98d5081878bbd6f7ad5ad6c6078ebde79788679d99f652db1e6924e8

Download Submit
/data/user/0/goldenburger.creapp.com/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
fa810b4aea89432cf5e0c5424b436139

SHA1
0b3f2fc1e1751766a692bbcb81335c22bfcfb674

SHA256
66a8b120838576998675704111c08c9bb61436c4c29113613c747644c789a163

SHA512
b38e8e9bdf281f29a15c9539c54f1ff79904affd4ac1d3bb126196a37ba0d5f13e987a06904f02fe15563dabc34462b8b8c5fa60f6a83183e91e703430b4b23f

Download Submit
/data/user/0/goldenburger.creapp.com/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
ff38d730267c0fe2729952002a667f88

SHA1
d0889e360f83a3985a61a46499a079f9085fa055

SHA256
d13f6fc26a9a0aea09c3a3ad9aaeafe847392f01fb8577fc8600337d9ae6e634

SHA512
c747fc8a1b8dd7b0b7fb30dd82fc76a3367fd41db53164717f7ef663ea8e166571c9f4bd8d19cbf0026054b80076f553695036cf6195d8a2db63cf9a70b836d2

Download Submit
/data/user/0/goldenburger.creapp.com/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
613cf84a7b4794c76bbc811f0b8bdd73

SHA1
40b0d1596c32a9c91059135cb07704ef1301f759

SHA256
08e942aaab81c3d7c6376845532cf9673805b079ae498ae8310f6c50483a131f

SHA512
8324a59eb7888cac22ccc5187c1735b0a619a9388747547a389eb8d5d9f0277ce32022ec4e49c10dd0c3b44fb53d370ddc13633f73027a66bd75d5bff8ddbef1

Download Submit
/data/user/0/goldenburger.creapp.com/no_backup/metrica_data.db

Filesize
44KB

MD5
f5d424608e26f7599a2e8417ea9d06ea

SHA1
eb18c5aa2f48c2d762f62a248af53d354df06fb4

SHA256
c1701af40eafe5e7c352d6bbad1b38f39b8ebf24fb0a0db811b1aec71be80ba3

SHA512
d444d47c797bf777c9c1d5c2c7e1733f9f2870c49993fe5e127f75d99d6ed6419451234dafdb7500b65278cd9de8229c2c0d4793632ec510974edd029c78e7cc

Download Submit
/data/user/0/goldenburger.creapp.com/no_backup/metrica_data.db-journal

Filesize
12KB

MD5
70468eb7f503cae10d9357f6d4e242fd

SHA1
92c7ece13b4b5a8c62619b5d9b9dc99cf3be1e91

SHA256
d4e4e3d1f195772fd87466ca20f5b496804da3cb8e5636eeca496e6feb62ffae

SHA512
04e8bd4a514d7f795aa376ebcaa8a601c90f78722b456b1e8fcd31b6e42e05ab0edd579eeaf4e1303075da2dcae92358d4716ec2cf6283ef35415f6bf020bab5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads