a16db78a0ce705484bf1e594ef03ebfbf0115a0f51dc58d38e813ef22995ee56

Analysis

max time kernel
134s
max time network
188s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
28-05-2024 21:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7e79ba2844318f16888f4ab4f96a6457_JaffaCakes118.apk
Size

508KB
MD5

7e79ba2844318f16888f4ab4f96a6457
SHA1

793c0ad71ac32022285de838f1a5c28b709a1687
SHA256

a16db78a0ce705484bf1e594ef03ebfbf0115a0f51dc58d38e813ef22995ee56
SHA512

549a10cb650207fc226616fb941ad8e8f7923030f52b5359a74cf8238327fdc0c9abc1a6626a1d5c0adf860149471e70bc74dff988fae5ee3a9a75661e455309
SSDEEP

12288:XyTEnuMrgEcZQr9TTb/CEKVg7ZFvMQFHFZGidAhr1:gGrIiTTb/CEZEQFHxWr1

Score

8^/10

collection discovery evasion execution impact persistence stealth trojan

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

T1426

Processes:

com.where.nice.blue.sept01:Metrica

ioc process

/system/app/Superuser.apk com.where.nice.blue.sept01:Metrica
/sbin/su com.where.nice.blue.sept01:Metrica
Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

T1628.001

Processes:

com.where.nice.blue.sept01

pid process

5129 com.where.nice.blue.sept01

ioc	process
/system/app/Superuser.apk	com.where.nice.blue.sept01:Metrica
/sbin/su	com.where.nice.blue.sept01:Metrica

pid	process
5129	com.where.nice.blue.sept01

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

T1624.001

Processes:

com.where.nice.blue.sept01com.where.nice.blue.sept01:Metrica

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.where.nice.blue.sept01
Framework service call	android.app.IActivityManager.registerReceiver	com.where.nice.blue.sept01:Metrica

Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.where.nice.blue.sept01

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.where.nice.blue.sept01
Requests cell location 1 TTPs 1 IoCs
Uses Android APIs to to get current cell information.
collection discovery

T1430

Processes:

com.where.nice.blue.sept01:Metrica

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo com.where.nice.blue.sept01:Metrica
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

T1603

Processes:

com.where.nice.blue.sept01:Metrica

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.where.nice.blue.sept01:Metrica
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.where.nice.blue.sept01:Metrica

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.where.nice.blue.sept01:Metrica

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.where.nice.blue.sept01

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.where.nice.blue.sept01:Metrica

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.where.nice.blue.sept01:Metrica

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.where.nice.blue.sept01:Metrica

com.where.nice.blue.sept01
1⤵
- Removes its main activity from the application launcher
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:5129

com.where.nice.blue.sept01:Metrica
1⤵
- Checks if the Android device is rooted.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Requests cell location
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:5192

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.where.nice.blue.sept01/files/l
Filesize
12KB

MD5
cb8e763f29cca3167eea5b946b5277a6

SHA1
7681eed08633bce7d8242e557190e444010f1b97

SHA256
1916b893bdb6356ae8dd4f30d3365a0dfd7132b7bafef319cc849cb44f191f31

SHA512
bdd0c3dfc8cccba74f003cef60ef13832ea91931194fdfb9108ae4bd6cdc813e963f3c454fe13b0de5d5f9b2a502886c893b18eebdadce602b2b82a5ef8ed9e4

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/credentials.dat
Filesize
233B

MD5
e5cf5c8a55a53e9e09fee594506b2420

SHA1
c689e310fc63e39224c9b4e2a4c11b12e97c361d

SHA256
c060f441e662b833aacd2da2a03ab53c6928f5f5a8553ca49b4ff5ddefc314e3

SHA512
0843d330b01e7437bb643c5e798602b021f655d4ad1dc736d39fe6a222957b5062ef442d18cac5d2ab26d701e953b61070ff680e0139c5b2709d5d76147d35f1

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/db_metrica_com.where.nice.blue.sept01
Filesize
36KB

MD5
ee2a1fd76c3c6191a16154f74f4fa596

SHA1
917a615dfa4770c16bfc54d363d7aba587a65a96

SHA256
813251a160e2c7f3a124cf52d0b465fe2b9c276e5d8b0fc89dbd5864e618199f

SHA512
750266b4333c884b6f9eef0964ec1e7ec4e3ea14b19c606f25d3782973c2ba3417b614fb0aa5d05479c0d8ae9f8912c978313a00743537fc1f2ff0542bac3be3

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/db_metrica_com.where.nice.blue.sept01-journal
Filesize
20KB

MD5
7bdeb2e3eb972d015e1e91339778cfcf

SHA1
87a7fa8b48e6230747900975e7c366b73c96dd90

SHA256
d01897d34c322701ecba6dfd0f09f8254d0b8ead1daedeab8dd78ba53bf9aaa7

SHA512
6a05f30b81a4c4cb528f741126ba57dec7873380fba0fa93c0da7b83fd5b6c44f786552495d4b57faf39e40636aa6d5a6d8e862a7d6a6ad7a9277fca39022116

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/db_metrica_com.where.nice.blue.sept01-journal
Filesize
8KB

MD5
1d088caaef662a5038f0a5a0ca23b08a

SHA1
8f6d2b2a74aacdff44cd455bae95e0887fd0efac

SHA256
3cf74c1bcaa505c1c4327fa0f6b397a70f5b40cf174aa101b646e5cb3d31246e

SHA512
e7abdbb0acd743417685e0c9b6d1c8a2c71e3e95acaa519fa7d119eb5a19cfd53313b1cde353958421f9b0fcb02fac0599e4a2988f45c52103f415dead905e89

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/db_metrica_com.where.nice.blue.sept01-journal
Filesize
8KB

MD5
d38191c769f5c61ba3e1044d7a1fc156

SHA1
4c7684db2c143ac131983c66a12cea1360c26063

SHA256
efb11d33b273170111bf16a9059c81e715da740064804b5928e0f638ec546c7b

SHA512
188359b26536a8f38041397a281080670cfbfd008c7b5ad9951c2407347d5e5535499054a19e74b738cab4c5bc99a38544b953de4e733f52fc3279b76c2f60c6

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/db_metrica_com.where.nice.blue.sept01-journal
Filesize
12KB

MD5
0568bc31c5990603ec7b7b7bfb2f9488

SHA1
34ec0537f524af631aae1f2721e23014420efed0

SHA256
a5a92ec367df89cec37f48793248960b02f45301972931f127a02bfbfc2056d2

SHA512
af34298ef29539bc24bfa9fceb017e5eeaa7cc7c4ee7a931e5b1e5158cd14f3fd46d97cba95c3ccf3fccc6014593114c1172040b61b544f25b1701249892d142

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/db_metrica_com.where.nice.blue.sept01-journal
Filesize
12KB

MD5
bc6efe1e281944f6f21c646481505e88

SHA1
c8235a5bc65eea78c001180a8fb8e5ac26e86c67

SHA256
f9cdca6c9e020d3c25d788155c6c116dd5a91b129a8472e8da43465623f67c70

SHA512
9b867846167a0a6606c77c323489e22685693d2f2a4fba067a450e14ce607e3e2d6c4714ba796911c0dcc2dc1b21afb29f846ceb4b2554eb41dbcab239628283

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/db_metrica_com.where.nice.blue.sept01-journal
Filesize
12KB

MD5
1a39a06269b27db6fe90b9f2e67dec85

SHA1
b0495ce93229ecaee19cedd09cbc6569637ddb16

SHA256
fe02db8555627e8d53467e7ea3717ccc194609dcc96079c55713067977ffa3a7

SHA512
e189283cb48d6f506c3a495ce2f124ca13f264ac1169b4166700640791d7d5ce94757aa295743f30f2f83425b22331565463554b206bf43f1478d8aa8ac3e895

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/db_metrica_com.where.nice.blue.sept01_20799a27-fa80-4b36-b2db-0f8141f24180
Filesize
36KB

MD5
eb1f898595e6fb29cf6510f469ebf86b

SHA1
deb30e1ca5cd1071ac7e7be97ebed1df5dc44317

SHA256
3add13fd5348b978b77e97e10e5faa030b7fbb37476048030d6abe3f515dfbf3

SHA512
cb49a36c449c2dacd7b5568f4d66a837869757fc6f7cb319069556c39d76ca636136155cf572365283058c1ec17753539a274a6680f48035030de1787629f37e

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/db_metrica_com.where.nice.blue.sept01_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
512B

MD5
9cf3076b98c214db8ed8dd3792ff0e1b

SHA1
cd5307cb21ef1aee15881e5ccbbfc3f6401e7347

SHA256
92ac500665c9877432041e8547c8988fa3f628bcbc26743c156379d9a6e97b00

SHA512
950cbf2cdd11a66359df42e7b7593e332564d12d38fa334420077d7a80b5b7901547c92ae7991867ca3b91917854da26e3179dc3938dc1e53637bcb31eb344c4

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/db_metrica_com.where.nice.blue.sept01_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
8KB

MD5
cc500982de1c955a037c537bb759798c

SHA1
234f24771b5469f4bbc64ac8a2fbaf918faf5e2e

SHA256
b4444f6d122da3a08c5b0f7ae71840a70d0dfecdafba0590a18a5ca33ee592ac

SHA512
2da86fa1b5b354b7c629b4cf617a80380f283b7ec633c78070f26e9ce23527515d2d7dab6cdf795757f49fb5ad81ef1cbbe10457fd6ff0a4155052fb243f7f14

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/db_metrica_com.where.nice.blue.sept01_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
8KB

MD5
9262e2687bc580205d2707818c1c31f0

SHA1
6176659169cd70be637568afecce5d800f02b725

SHA256
71b9b0d12192ab37ad3a36a6555bd9f59e1f5990d81ee39b44a9f94439424d81

SHA512
caaaa264296a13261b2999c1a93090968a759d0a2f78168807f23b55d10cae86ce0ffe8a0df641dafe52072cd427b2e3e1fb5ba91fcafc3c9810d8184c183df1

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/db_metrica_com.where.nice.blue.sept01_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
12KB

MD5
7480a0dcde959865decac7b34f0c25d7

SHA1
2794e5ecb43efaf1a96f7faee9b04ef074d8d6ba

SHA256
4ebc5256cda38a45900b68afe30e49f38df0091e1a1771d6a9e2fbd86daa92ce

SHA512
f1aa6c1428de398d470ee5d04cd1681f6a8d18c5dd5d1bbe7209ec57a137c476ac0cba20ff2d53a542cbd9ca8a385b65e686af632f04733a0cb71014ec0b8075

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/db_metrica_com.where.nice.blue.sept01_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
12KB

MD5
cab756ca523e732c96d7b255f76fae31

SHA1
383219743aa9ad133d84463a274f306af72db8fb

SHA256
81a7f784c16b57a686f2fb41a5e90c310a818246281b2b301c92267d67277252

SHA512
70ccdb8242208887c4dbce11596cf96f3a782ca4934bc1fc699abb6702e77356ba61a649a1e64bc9b0414b4fcebcea8d90d4e19286bd2eb38ef4ccd191566480

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/db_metrica_com.where.nice.blue.sept01_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
12KB

MD5
5f24f89a902d432c60b9089da19dd63e

SHA1
09963b28dd76bab38ac3733cf2c03813ab251023

SHA256
de389456de34a1ed787e54bad2ac84fa81e4319baa2f97ccc6e2ce9b47e991c9

SHA512
7708ef82c64d5d6e3dac6d03a7a81ad4c28b0a2a3069e731e02228b38078088e3f4323a7402f1983a06e989b42156cfd6b3254b31bcc7dff304f6f6971430fc5

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/metrica_client_data.db
Filesize
20KB

MD5
a0a548793a510f9caed081689f935eeb

SHA1
2d1aad0213b2b86bfe52dd2485741fb00eb02f3a

SHA256
4564ec31a51694e8349f462d5ada137b3f37b7c42515a7fe34ea8ef33b5063c5

SHA512
624204c5e505d3f2822a9761109babe81079ce8552551f23b7315baa171ef7881e5b5c4eab607a53b9bf080be6cb3100ff8cedf4cc86fa6218cd18301fcdc367

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/metrica_client_data.db
Filesize
20KB

MD5
1bfd676f9af34e4fb6b3e6c521d9bdaa

SHA1
7914a8dc39d7f08dabb3e97e83adfd2c4434b1cb

SHA256
90b843cceb7ccc8f8f8e7b90a83f759a51630bd8641d51f9f3900feccb3f2fa8

SHA512
928a8f54768dc077e7c288317d9a86c1490fd9d8aad381fff82291838e14f26fc200345c492a55a4aa9fd2ae1d816c8222d7c452af18f19e3018a2538a1de952

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/metrica_client_data.db
Filesize
20KB

MD5
c8f7c9276d267011ef71ca0faf398b14

SHA1
fcc3da6fad73b92e452b50983d15ad860392e1a1

SHA256
642407dd09d1d6ad95a6d7217862b89bf613b77dc50b7401f8e74a43736ec39d

SHA512
289341b2b0037e2514fe8303064e37706e7fc269e3ece7f0bdb68532f0bcc3b70937b853bf0ddd0ba770f1ce38815cdc8d129c8a7c360af5439ba0fda814229b

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/metrica_client_data.db
Filesize
20KB

MD5
5add457641272e4f94594b8bef331b31

SHA1
dc3f469f810b92e5aeaceac2b9bc97c5ece4a489

SHA256
cf9b5be1f32566289080dc2ad19fb9dfd237d4f47c24a969fef4d1ce8aca96c5

SHA512
22114b2b0f8175c07f87b8ca9312448e18932a4584e8af1b65523475abba78730ed781ea147f0e60b9a907a4961bd87739b37279aacb7575f527127821f0cdf5

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/metrica_client_data.db
Filesize
20KB

MD5
43d424bb66f45bf15e3650a722204c8e

SHA1
0df66120123e32cf3b3ecc82a3b024b286aa131d

SHA256
f6b27f908a27ebec96ffdf3525518963489e23915d1c53aa3dc1ce329fdacf98

SHA512
6fb36fdb2d3373488b16e068edacd960f81c89c94ce81375846ff6027432a8fb8fc61d6d86a4fcbfe7a1ff7c6b3828345a2661be1b69898f28c805e79574a1c9

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/metrica_client_data.db-journal
Filesize
12KB

MD5
d866d0f97417354c2444f953e2fb7b39

SHA1
f643b7348c3b4fbd9cbdb4f9561a89c2d9cf5829

SHA256
e974d4922b09b8f22322d5b55da191a6d196fc5bfaefaf9bde08d5fcb8a90c4d

SHA512
be7746f311198cb8495b66247361654689e3b425260050fd6b99872b1f80f318306e5b4a7aa141a2126eaa9bcdfb0866eb6df61b3fabb567efbe4da79db35285

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/metrica_client_data.db-journal
Filesize
12KB

MD5
01f6846c7574afbd0f7b4745dbd3f804

SHA1
49f6d28a76bcdecd1a077e1e08d8dbaeba6f7d48

SHA256
a753a5195793decdfd8ef60aaaddc1d59c344d534e24f6c18a4487b6c55005d1

SHA512
30f321f51224b1bd0f71e580638c76fcba500a6f2eee11d6d9fdae4a1a3ef6a40f477b68e7cabd1fcd5588a5ee4b41b906d76a0b1fa2f382ad5101427db7efb1

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/metrica_client_data.db-journal
Filesize
12KB

MD5
1fb89120cb91bb6c9f841c1d0594617e

SHA1
72676ba2deef610d08968e38c23fa3942a50aeaa

SHA256
f38e09e55600ac0036801071b69f143cf8ab77f3af136bcaef197e1b7a310090

SHA512
d6a3341b8d5795ba185097dbef09a6f18937b585a5d9840c78eb130f829de0f2aaff4e771c57c5ba63563aab7490ef963740d74cbf5c21ba0108093f7651859f

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/metrica_client_data.db-journal
Filesize
44KB

MD5
0d3544a7690c132460adf6634c2b9561

SHA1
a45c85ade2f40cf1b7726898ae2582171ad5cb69

SHA256
763eb0a25208ae090abf29377a1cc8ac20c12327cb154000886dd777f85c2af4

SHA512
4f6b75e8853642f628c1704575afe0266a451fd85b41cefba0956a1790ca6096bb973ea9e2df22d6b7100803ea595878822f0c094bbad1bfdadf0e46d6fc7b66

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/metrica_client_data.db-journal
Filesize
8KB

MD5
e3290cf8fad670476605bec703aff60e

SHA1
212d9355ea1cb89e4e4a016a081efeae8615d03f

SHA256
8e18e4301c2300d04177e1d4f7d00de7bdf9fb2cabcd20ad736a36e850fba676

SHA512
676a3e225b11d608eba7ee8445d4ade3b23e4d442050fcc9b0a651dd914c379443e1dc4cabffdcf842ef1fa51421159c3d378b8232b85e137ccc0fff2ecdb63a

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/metrica_client_data.db-journal
Filesize
12KB

MD5
4eedc48f66941063f9cc963ff406791b

SHA1
2b436ab824ea2429b6f8add30690c802fbdddec3

SHA256
24ef8d988587bc32f9f04e8da1e5ac7560a2224b2bc599f4560e0dbaddf0687a

SHA512
5c9067c3486209b149d0a3a39a35a5453607f4aca8da69bea318e8839343c9be87838e1faeb438da60e7c3a225d1343634f87c1ee2d340b8e99465c5fcfe91f4

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/metrica_client_data.db-journal
Filesize
12KB

MD5
9a26c43beeb87fcf6d1887bb960299bf

SHA1
15c0b3fd7cc4406448fee205260e4dbe8bb736d0

SHA256
20fd2adf269c6d8a40495e90ce05dfd717ca5e5ac9091de4093fd9b0ddbab35d

SHA512
c1f8925e20be0278ed1125089ae510acddfff996c8012afa49bd48b33c92ab3f343da5092d40fdfa3aa71485f64f3f329cd37298ad168344517e6bc80b5bd682

Download Submit
/data/data/com.where.nice.blue.sept01/no_backup/metrica_data.db-journal
Filesize
12KB

MD5
059ce857c5843cbdb4b4a86d027e2cd9

SHA1
ed5d6ad519af112a1e43fe04608f85e58eded5bd

SHA256
d2f6bfb94227a461a174273407eedcae28ba20601b7a2958452711c59cf54e64

SHA512
60675aa48ab8446934dcf5806b955d065d28f3b819d87ee1872d82be2271e7ec07866ac2d88e4011aa46a58417023bf16b7df866c712f9069920a61d449c09f1

Download Submit