a16db78a0ce705484bf1e594ef03ebfbf0115a0f51dc58d38e813ef22995ee56

Analysis

max time kernel
134s
max time network
188s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
28-05-2024 21:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7e79ba2844318f16888f4ab4f96a6457_JaffaCakes118.apk
Size

508KB
MD5

7e79ba2844318f16888f4ab4f96a6457
SHA1

793c0ad71ac32022285de838f1a5c28b709a1687
SHA256

a16db78a0ce705484bf1e594ef03ebfbf0115a0f51dc58d38e813ef22995ee56
SHA512

549a10cb650207fc226616fb941ad8e8f7923030f52b5359a74cf8238327fdc0c9abc1a6626a1d5c0adf860149471e70bc74dff988fae5ee3a9a75661e455309
SSDEEP

12288:XyTEnuMrgEcZQr9TTb/CEKVg7ZFvMQFHFZGidAhr1:gGrIiTTb/CEZEQFHxWr1

Score

8^/10

collection discovery evasion execution impact persistence stealth trojan

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

System Information Discovery
T1426

Processes:

com.where.nice.blue.sept01:Metrica

ioc process

/system/app/Superuser.apk com.where.nice.blue.sept01:Metrica
/sbin/su com.where.nice.blue.sept01:Metrica
Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

Suppress Application Icon
T1628.001

Processes:

com.where.nice.blue.sept01

pid process

5129 com.where.nice.blue.sept01

ioc	process
/system/app/Superuser.apk	com.where.nice.blue.sept01:Metrica
/sbin/su	com.where.nice.blue.sept01:Metrica

pid	process
5129	com.where.nice.blue.sept01

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

com.where.nice.blue.sept01com.where.nice.blue.sept01:Metrica

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.where.nice.blue.sept01
Framework service call	android.app.IActivityManager.registerReceiver	com.where.nice.blue.sept01:Metrica

Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.where.nice.blue.sept01

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.where.nice.blue.sept01
Requests cell location 1 TTPs 1 IoCs
Uses Android APIs to to get current cell information.
collection discovery

Location Tracking
T1430

Processes:

com.where.nice.blue.sept01:Metrica

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo com.where.nice.blue.sept01:Metrica
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

Scheduled Task/Job
T1603

Processes:

com.where.nice.blue.sept01:Metrica

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.where.nice.blue.sept01:Metrica
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.where.nice.blue.sept01:Metrica

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.where.nice.blue.sept01:Metrica

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.where.nice.blue.sept01

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.where.nice.blue.sept01:Metrica

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.where.nice.blue.sept01:Metrica

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.where.nice.blue.sept01:Metrica

com.where.nice.blue.sept01
1⤵
- Removes its main activity from the application launcher
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:5129

com.where.nice.blue.sept01:Metrica
1⤵
- Checks if the Android device is rooted.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Requests cell location
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:5192

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

Location Tracking

T1430

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.where.nice.blue.sept01/files/l

Filesize
12KB

MD5
cb8e763f29cca3167eea5b946b5277a6

SHA1
7681eed08633bce7d8242e557190e444010f1b97

SHA256
1916b893bdb6356ae8dd4f30d3365a0dfd7132b7bafef319cc849cb44f191f31

SHA512
bdd0c3dfc8cccba74f003cef60ef13832ea91931194fdfb9108ae4bd6cdc813e963f3c454fe13b0de5d5f9b2a502886c893b18eebdadce602b2b82a5ef8ed9e4

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/credentials.dat

Filesize
233B

MD5
e5cf5c8a55a53e9e09fee594506b2420

SHA1
c689e310fc63e39224c9b4e2a4c11b12e97c361d

SHA256
c060f441e662b833aacd2da2a03ab53c6928f5f5a8553ca49b4ff5ddefc314e3

SHA512
0843d330b01e7437bb643c5e798602b021f655d4ad1dc736d39fe6a222957b5062ef442d18cac5d2ab26d701e953b61070ff680e0139c5b2709d5d76147d35f1

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/db_metrica_com.where.nice.blue.sept01

Filesize
36KB

MD5
ee2a1fd76c3c6191a16154f74f4fa596

SHA1
917a615dfa4770c16bfc54d363d7aba587a65a96

SHA256
813251a160e2c7f3a124cf52d0b465fe2b9c276e5d8b0fc89dbd5864e618199f

SHA512
750266b4333c884b6f9eef0964ec1e7ec4e3ea14b19c606f25d3782973c2ba3417b614fb0aa5d05479c0d8ae9f8912c978313a00743537fc1f2ff0542bac3be3

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/db_metrica_com.where.nice.blue.sept01-journal

Filesize
20KB

MD5
7bdeb2e3eb972d015e1e91339778cfcf

SHA1
87a7fa8b48e6230747900975e7c366b73c96dd90

SHA256
d01897d34c322701ecba6dfd0f09f8254d0b8ead1daedeab8dd78ba53bf9aaa7

SHA512
6a05f30b81a4c4cb528f741126ba57dec7873380fba0fa93c0da7b83fd5b6c44f786552495d4b57faf39e40636aa6d5a6d8e862a7d6a6ad7a9277fca39022116

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/db_metrica_com.where.nice.blue.sept01-journal

Filesize
8KB

MD5
1d088caaef662a5038f0a5a0ca23b08a

SHA1
8f6d2b2a74aacdff44cd455bae95e0887fd0efac

SHA256
3cf74c1bcaa505c1c4327fa0f6b397a70f5b40cf174aa101b646e5cb3d31246e

SHA512
e7abdbb0acd743417685e0c9b6d1c8a2c71e3e95acaa519fa7d119eb5a19cfd53313b1cde353958421f9b0fcb02fac0599e4a2988f45c52103f415dead905e89

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/db_metrica_com.where.nice.blue.sept01-journal

Filesize
8KB

MD5
d38191c769f5c61ba3e1044d7a1fc156

SHA1
4c7684db2c143ac131983c66a12cea1360c26063

SHA256
efb11d33b273170111bf16a9059c81e715da740064804b5928e0f638ec546c7b

SHA512
188359b26536a8f38041397a281080670cfbfd008c7b5ad9951c2407347d5e5535499054a19e74b738cab4c5bc99a38544b953de4e733f52fc3279b76c2f60c6

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/db_metrica_com.where.nice.blue.sept01-journal

Filesize
12KB

MD5
0568bc31c5990603ec7b7b7bfb2f9488

SHA1
34ec0537f524af631aae1f2721e23014420efed0

SHA256
a5a92ec367df89cec37f48793248960b02f45301972931f127a02bfbfc2056d2

SHA512
af34298ef29539bc24bfa9fceb017e5eeaa7cc7c4ee7a931e5b1e5158cd14f3fd46d97cba95c3ccf3fccc6014593114c1172040b61b544f25b1701249892d142

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/db_metrica_com.where.nice.blue.sept01-journal

Filesize
12KB

MD5
bc6efe1e281944f6f21c646481505e88

SHA1
c8235a5bc65eea78c001180a8fb8e5ac26e86c67

SHA256
f9cdca6c9e020d3c25d788155c6c116dd5a91b129a8472e8da43465623f67c70

SHA512
9b867846167a0a6606c77c323489e22685693d2f2a4fba067a450e14ce607e3e2d6c4714ba796911c0dcc2dc1b21afb29f846ceb4b2554eb41dbcab239628283

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/db_metrica_com.where.nice.blue.sept01-journal

Filesize
12KB

MD5
1a39a06269b27db6fe90b9f2e67dec85

SHA1
b0495ce93229ecaee19cedd09cbc6569637ddb16

SHA256
fe02db8555627e8d53467e7ea3717ccc194609dcc96079c55713067977ffa3a7

SHA512
e189283cb48d6f506c3a495ce2f124ca13f264ac1169b4166700640791d7d5ce94757aa295743f30f2f83425b22331565463554b206bf43f1478d8aa8ac3e895

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/db_metrica_com.where.nice.blue.sept01_20799a27-fa80-4b36-b2db-0f8141f24180

Filesize
36KB

MD5
eb1f898595e6fb29cf6510f469ebf86b

SHA1
deb30e1ca5cd1071ac7e7be97ebed1df5dc44317

SHA256
3add13fd5348b978b77e97e10e5faa030b7fbb37476048030d6abe3f515dfbf3

SHA512
cb49a36c449c2dacd7b5568f4d66a837869757fc6f7cb319069556c39d76ca636136155cf572365283058c1ec17753539a274a6680f48035030de1787629f37e

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/db_metrica_com.where.nice.blue.sept01_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
512B

MD5
9cf3076b98c214db8ed8dd3792ff0e1b

SHA1
cd5307cb21ef1aee15881e5ccbbfc3f6401e7347

SHA256
92ac500665c9877432041e8547c8988fa3f628bcbc26743c156379d9a6e97b00

SHA512
950cbf2cdd11a66359df42e7b7593e332564d12d38fa334420077d7a80b5b7901547c92ae7991867ca3b91917854da26e3179dc3938dc1e53637bcb31eb344c4

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/db_metrica_com.where.nice.blue.sept01_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
8KB

MD5
cc500982de1c955a037c537bb759798c

SHA1
234f24771b5469f4bbc64ac8a2fbaf918faf5e2e

SHA256
b4444f6d122da3a08c5b0f7ae71840a70d0dfecdafba0590a18a5ca33ee592ac

SHA512
2da86fa1b5b354b7c629b4cf617a80380f283b7ec633c78070f26e9ce23527515d2d7dab6cdf795757f49fb5ad81ef1cbbe10457fd6ff0a4155052fb243f7f14

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/db_metrica_com.where.nice.blue.sept01_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
8KB

MD5
9262e2687bc580205d2707818c1c31f0

SHA1
6176659169cd70be637568afecce5d800f02b725

SHA256
71b9b0d12192ab37ad3a36a6555bd9f59e1f5990d81ee39b44a9f94439424d81

SHA512
caaaa264296a13261b2999c1a93090968a759d0a2f78168807f23b55d10cae86ce0ffe8a0df641dafe52072cd427b2e3e1fb5ba91fcafc3c9810d8184c183df1

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/db_metrica_com.where.nice.blue.sept01_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
7480a0dcde959865decac7b34f0c25d7

SHA1
2794e5ecb43efaf1a96f7faee9b04ef074d8d6ba

SHA256
4ebc5256cda38a45900b68afe30e49f38df0091e1a1771d6a9e2fbd86daa92ce

SHA512
f1aa6c1428de398d470ee5d04cd1681f6a8d18c5dd5d1bbe7209ec57a137c476ac0cba20ff2d53a542cbd9ca8a385b65e686af632f04733a0cb71014ec0b8075

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/db_metrica_com.where.nice.blue.sept01_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
cab756ca523e732c96d7b255f76fae31

SHA1
383219743aa9ad133d84463a274f306af72db8fb

SHA256
81a7f784c16b57a686f2fb41a5e90c310a818246281b2b301c92267d67277252

SHA512
70ccdb8242208887c4dbce11596cf96f3a782ca4934bc1fc699abb6702e77356ba61a649a1e64bc9b0414b4fcebcea8d90d4e19286bd2eb38ef4ccd191566480

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/db_metrica_com.where.nice.blue.sept01_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
5f24f89a902d432c60b9089da19dd63e

SHA1
09963b28dd76bab38ac3733cf2c03813ab251023

SHA256
de389456de34a1ed787e54bad2ac84fa81e4319baa2f97ccc6e2ce9b47e991c9

SHA512
7708ef82c64d5d6e3dac6d03a7a81ad4c28b0a2a3069e731e02228b38078088e3f4323a7402f1983a06e989b42156cfd6b3254b31bcc7dff304f6f6971430fc5

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/metrica_client_data.db

Filesize
20KB

MD5
a0a548793a510f9caed081689f935eeb

SHA1
2d1aad0213b2b86bfe52dd2485741fb00eb02f3a

SHA256
4564ec31a51694e8349f462d5ada137b3f37b7c42515a7fe34ea8ef33b5063c5

SHA512
624204c5e505d3f2822a9761109babe81079ce8552551f23b7315baa171ef7881e5b5c4eab607a53b9bf080be6cb3100ff8cedf4cc86fa6218cd18301fcdc367

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/metrica_client_data.db

Filesize
20KB

MD5
1bfd676f9af34e4fb6b3e6c521d9bdaa

SHA1
7914a8dc39d7f08dabb3e97e83adfd2c4434b1cb

SHA256
90b843cceb7ccc8f8f8e7b90a83f759a51630bd8641d51f9f3900feccb3f2fa8

SHA512
928a8f54768dc077e7c288317d9a86c1490fd9d8aad381fff82291838e14f26fc200345c492a55a4aa9fd2ae1d816c8222d7c452af18f19e3018a2538a1de952

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/metrica_client_data.db

Filesize
20KB

MD5
c8f7c9276d267011ef71ca0faf398b14

SHA1
fcc3da6fad73b92e452b50983d15ad860392e1a1

SHA256
642407dd09d1d6ad95a6d7217862b89bf613b77dc50b7401f8e74a43736ec39d

SHA512
289341b2b0037e2514fe8303064e37706e7fc269e3ece7f0bdb68532f0bcc3b70937b853bf0ddd0ba770f1ce38815cdc8d129c8a7c360af5439ba0fda814229b

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/metrica_client_data.db

Filesize
20KB

MD5
5add457641272e4f94594b8bef331b31

SHA1
dc3f469f810b92e5aeaceac2b9bc97c5ece4a489

SHA256
cf9b5be1f32566289080dc2ad19fb9dfd237d4f47c24a969fef4d1ce8aca96c5

SHA512
22114b2b0f8175c07f87b8ca9312448e18932a4584e8af1b65523475abba78730ed781ea147f0e60b9a907a4961bd87739b37279aacb7575f527127821f0cdf5

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/metrica_client_data.db

Filesize
20KB

MD5
43d424bb66f45bf15e3650a722204c8e

SHA1
0df66120123e32cf3b3ecc82a3b024b286aa131d

SHA256
f6b27f908a27ebec96ffdf3525518963489e23915d1c53aa3dc1ce329fdacf98

SHA512
6fb36fdb2d3373488b16e068edacd960f81c89c94ce81375846ff6027432a8fb8fc61d6d86a4fcbfe7a1ff7c6b3828345a2661be1b69898f28c805e79574a1c9

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
d866d0f97417354c2444f953e2fb7b39

SHA1
f643b7348c3b4fbd9cbdb4f9561a89c2d9cf5829

SHA256
e974d4922b09b8f22322d5b55da191a6d196fc5bfaefaf9bde08d5fcb8a90c4d

SHA512
be7746f311198cb8495b66247361654689e3b425260050fd6b99872b1f80f318306e5b4a7aa141a2126eaa9bcdfb0866eb6df61b3fabb567efbe4da79db35285

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
01f6846c7574afbd0f7b4745dbd3f804

SHA1
49f6d28a76bcdecd1a077e1e08d8dbaeba6f7d48

SHA256
a753a5195793decdfd8ef60aaaddc1d59c344d534e24f6c18a4487b6c55005d1

SHA512
30f321f51224b1bd0f71e580638c76fcba500a6f2eee11d6d9fdae4a1a3ef6a40f477b68e7cabd1fcd5588a5ee4b41b906d76a0b1fa2f382ad5101427db7efb1

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
1fb89120cb91bb6c9f841c1d0594617e

SHA1
72676ba2deef610d08968e38c23fa3942a50aeaa

SHA256
f38e09e55600ac0036801071b69f143cf8ab77f3af136bcaef197e1b7a310090

SHA512
d6a3341b8d5795ba185097dbef09a6f18937b585a5d9840c78eb130f829de0f2aaff4e771c57c5ba63563aab7490ef963740d74cbf5c21ba0108093f7651859f

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/metrica_client_data.db-journal

Filesize
44KB

MD5
0d3544a7690c132460adf6634c2b9561

SHA1
a45c85ade2f40cf1b7726898ae2582171ad5cb69

SHA256
763eb0a25208ae090abf29377a1cc8ac20c12327cb154000886dd777f85c2af4

SHA512
4f6b75e8853642f628c1704575afe0266a451fd85b41cefba0956a1790ca6096bb973ea9e2df22d6b7100803ea595878822f0c094bbad1bfdadf0e46d6fc7b66

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/metrica_client_data.db-journal

Filesize
8KB

MD5
e3290cf8fad670476605bec703aff60e

SHA1
212d9355ea1cb89e4e4a016a081efeae8615d03f

SHA256
8e18e4301c2300d04177e1d4f7d00de7bdf9fb2cabcd20ad736a36e850fba676

SHA512
676a3e225b11d608eba7ee8445d4ade3b23e4d442050fcc9b0a651dd914c379443e1dc4cabffdcf842ef1fa51421159c3d378b8232b85e137ccc0fff2ecdb63a

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
4eedc48f66941063f9cc963ff406791b

SHA1
2b436ab824ea2429b6f8add30690c802fbdddec3

SHA256
24ef8d988587bc32f9f04e8da1e5ac7560a2224b2bc599f4560e0dbaddf0687a

SHA512
5c9067c3486209b149d0a3a39a35a5453607f4aca8da69bea318e8839343c9be87838e1faeb438da60e7c3a225d1343634f87c1ee2d340b8e99465c5fcfe91f4

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
9a26c43beeb87fcf6d1887bb960299bf

SHA1
15c0b3fd7cc4406448fee205260e4dbe8bb736d0

SHA256
20fd2adf269c6d8a40495e90ce05dfd717ca5e5ac9091de4093fd9b0ddbab35d

SHA512
c1f8925e20be0278ed1125089ae510acddfff996c8012afa49bd48b33c92ab3f343da5092d40fdfa3aa71485f64f3f329cd37298ad168344517e6bc80b5bd682

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/metrica_data.db-journal

Filesize
12KB

MD5
059ce857c5843cbdb4b4a86d027e2cd9

SHA1
ed5d6ad519af112a1e43fe04608f85e58eded5bd

SHA256
d2f6bfb94227a461a174273407eedcae28ba20601b7a2958452711c59cf54e64

SHA512
60675aa48ab8446934dcf5806b955d065d28f3b819d87ee1872d82be2271e7ec07866ac2d88e4011aa46a58417023bf16b7df866c712f9069920a61d449c09f1

Download Submit