a16db78a0ce705484bf1e594ef03ebfbf0115a0f51dc58d38e813ef22995ee56

Analysis

max time kernel
134s
max time network
139s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
28-05-2024 21:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7e79ba2844318f16888f4ab4f96a6457_JaffaCakes118.apk
Size

508KB
MD5

7e79ba2844318f16888f4ab4f96a6457
SHA1

793c0ad71ac32022285de838f1a5c28b709a1687
SHA256

a16db78a0ce705484bf1e594ef03ebfbf0115a0f51dc58d38e813ef22995ee56
SHA512

549a10cb650207fc226616fb941ad8e8f7923030f52b5359a74cf8238327fdc0c9abc1a6626a1d5c0adf860149471e70bc74dff988fae5ee3a9a75661e455309
SSDEEP

12288:XyTEnuMrgEcZQr9TTb/CEKVg7ZFvMQFHFZGidAhr1:gGrIiTTb/CEZEQFHxWr1

Score

8^/10

collection discovery evasion execution impact persistence stealth trojan

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 3 IoCs

evasion

System Information Discovery

T1426

Processes:

com.where.nice.blue.sept01:Metrica

ioc	process
/system/app/Superuser.apk	com.where.nice.blue.sept01:Metrica
/sbin/su	com.where.nice.blue.sept01:Metrica
/system/bin/su	com.where.nice.blue.sept01:Metrica

Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

Suppress Application Icon
T1628.001

Processes:

com.where.nice.blue.sept01

pid process

4625 com.where.nice.blue.sept01
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.where.nice.blue.sept01

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.where.nice.blue.sept01
Requests cell location 1 TTPs 1 IoCs
Uses Android APIs to to get current cell information.
collection discovery

Location Tracking
T1430

Processes:

com.where.nice.blue.sept01:Metrica

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo com.where.nice.blue.sept01:Metrica
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

Scheduled Task/Job
T1603

Processes:

com.where.nice.blue.sept01:Metrica

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.where.nice.blue.sept01:Metrica
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.where.nice.blue.sept01:Metrica

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.where.nice.blue.sept01:Metrica

pid	process
4625	com.where.nice.blue.sept01

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.where.nice.blue.sept01

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	com.where.nice.blue.sept01:Metrica

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.where.nice.blue.sept01:Metrica

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.where.nice.blue.sept01:Metrica

com.where.nice.blue.sept01
1⤵
- Removes its main activity from the application launcher
- Checks if the internet connection is available
PID:4625

com.where.nice.blue.sept01:Metrica
1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4669

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

Location Tracking

T1430

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.where.nice.blue.sept01/files/l
Filesize
12KB

MD5
2284c479796be65ddad183a2dddeb37f

SHA1
1e7cae07ceb08fdbfe21d20951f15e14fd5a9982

SHA256
7b108fde35bf15383e08f73866e8c3ec1e38145da66894f1fa4d29f3df0d6d4c

SHA512
89efeede0fbbe9fede909d587bdd31839dd2d6d381ce964be4738fa4a92fe5c711e5dc04949e9bd5d99d3fc0e1b098800bb4d403bbabfe16c65cb8ccaf9cbf19

Download Submit
/data/user/0/com.where.nice.blue.sept01/no_backup/credentials.dat
Filesize
234B

MD5
d41e238c3358838636bdae3931e96696

SHA1
7850c1be5f93937322dbd97f44fb995c08430eec

SHA256
4bcd088bdc190dad3ee5ec8601ef575fa216c79172abc3268e22b26c614d9d8d

SHA512
81496c05708667247221498a0a1c711837b607b1675189df57912ba99a637e293e886572dbedb3b6362a147bbeea0b85a1401b90a8319f996f4ac26453a76590

Download Submit
/data/user/0/com.where.nice.blue.sept01/no_backup/db_metrica_com.where.nice.blue.sept01
Filesize
36KB

MD5
0675ce870ef59aced1bcbdfa6f33b030

SHA1
81f4b14989c36bfdec34733f2643b8f4876278ff

SHA256
62f48339d5113bb1754c029d1765428d875d9e556cb7c2565d20e199e8d6e969

SHA512
1f3f43cfa52186bfd8c53d08a82457d1a6b9949a093da3579a73a241c5d206236360ab951b843bea733920a979fab26b8a08693c4cade5f1d97b14b035d5f68d

Download Submit
/data/user/0/com.where.nice.blue.sept01/no_backup/db_metrica_com.where.nice.blue.sept01-journal
Filesize
20KB

MD5
c49488fba0391e3e7bcd5839f5007034

SHA1
0d4ce0cd89bd38f268adfbfcaae1aa1b37d1ffc7

SHA256
ed2cf64b17c52a2502aeb057cbe54cac96661d77178beb4177586a7efd1e7ec4

SHA512
9a1bfbf50310c02a64f8af16cc27f6c640bba08282d25dd4ab49c469f74ac842e0af3ad0f05add20805def88b88eed1af84fd2b81b0f0e7fb80b9d482268979d

Download Submit
/data/user/0/com.where.nice.blue.sept01/no_backup/db_metrica_com.where.nice.blue.sept01-journal
Filesize
8KB

MD5
c982143b9e97886b243c9484f4095f87

SHA1
e3af5c454218c52f7e3340dc4e2235fdce90d20d

SHA256
6cb7d057f7915a6c6f733efc75cc04cff34eb9ad704a1f60a524ae0ce1c7ca6f

SHA512
c9205485a033f7df95f873c3a820af74266dd0c0902f7d184278a1bc190b636064ffc6cf61e3fa7ec6fe43720047599f50e10ba5ce7d77972510db3fb5dde569

Download Submit
/data/user/0/com.where.nice.blue.sept01/no_backup/db_metrica_com.where.nice.blue.sept01-journal
Filesize
8KB

MD5
116873194216031fae34057bd9dbde5e

SHA1
10a9425d8fe9fee8d0b6355d728651895bc580b2

SHA256
b4f0dd7b385fd8a212b90300aeb8e4df7b1aca6cc383b58a09f39f7429601cb7

SHA512
2564750df2966a19cf7e0d930bf660ed92d3294ef0c5cfa6e14283bbfd376e4c4898b61fff60679528e0374b9097ecb5a1b1f27b56786802a2b1cb79016699b5

Download Submit
/data/user/0/com.where.nice.blue.sept01/no_backup/db_metrica_com.where.nice.blue.sept01-journal
Filesize
12KB

MD5
87721411ff2da17c34e1609232702ba6

SHA1
4dad7c955c53295382b886353a0be34e1bec3e1d

SHA256
599710b201a3a5613a6ea3ef76429a116a76ced25abbd8c45c0030660e7fd47e

SHA512
279196a112c078f8bb59d6f007b3ed0d29f509ea27f82acdb4b421dd08f0968448f870e80f595978462c6af49c8b436892f508576fd8f9e5cf519d4efca681ee

Download Submit
/data/user/0/com.where.nice.blue.sept01/no_backup/db_metrica_com.where.nice.blue.sept01-journal
Filesize
8KB

MD5
4546219dfddc6e7f34ab5b3650e89f07

SHA1
2868c0d77bcc3b0818b40e3752bcfdba648ffa28

SHA256
b388139745306d6c0bd0ed00b9dab1ac72ee8e412c2d46a1fdf2f5c87c6bbc32

SHA512
982ae89b7c2da31f927da63d763e1a90245291f8755806dfb96892e2be4882c392689444b2e92388b02ac1cecf35a8215922dc18b819f663d8329f85ca1ea936

Download Submit
/data/user/0/com.where.nice.blue.sept01/no_backup/db_metrica_com.where.nice.blue.sept01-journal
Filesize
12KB

MD5
2f1a4ebed32040ffdea25b651da1c24d

SHA1
dc0b96cb2eb7917d424db2b361c504468568cc7a

SHA256
b96094e2e81046c1f5ceefc993867e38263537f1bcff035ae796f04dfef49fc9

SHA512
5333ae1a9e38d47b6f8e68dadc9195d8a6187d3d75d8d5505359e9f21a097f98af1965acef48364a96f090d13bf57b2f529a52c3e1c39f291088553126ebfdc9

Download Submit
/data/user/0/com.where.nice.blue.sept01/no_backup/db_metrica_com.where.nice.blue.sept01_20799a27-fa80-4b36-b2db-0f8141f24180
Filesize
36KB

MD5
e14f97e266b17770000a527c0709e281

SHA1
04c75f81bc83526b871162a39dfc9ea608adced8

SHA256
9a3a2b00e9945adcfcf785010f6848531a5ad53a22521dc11d4a71bf9640465f

SHA512
f289a3f408732430c399c8a0686cc17605a01ca7aadcc482e21de925715ad19c16ec5a29297ea950c92981e9cbb631b6365e7688c139e9747146c6c1cae04ec0

Download Submit
/data/user/0/com.where.nice.blue.sept01/no_backup/db_metrica_com.where.nice.blue.sept01_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
512B

MD5
f3c31bf4049e6b634dc26133d13bfd79

SHA1
4028f8cb77b57364ec391ff90634fe9e27543616

SHA256
a72cabdbea4d9f6b39cf094d12a3efd0bcf64c4312e81e5c5a43513dba5a37a5

SHA512
521fb1011ce20010c630b862abb55cd3de11a1a8687b0c6b9e4ed94cf565650b1bd1ac044ffaf6df08a972a3367280a0d9351630e6b30151da8a5cfca8692a89

Download Submit
/data/user/0/com.where.nice.blue.sept01/no_backup/db_metrica_com.where.nice.blue.sept01_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
8KB

MD5
aa82201b7af75cbabc607059b8b0d1bc

SHA1
9367964e73f1182fc596106ad2904bfcf180998b

SHA256
5bf7f4041bc14479271ef53ba09dad7fa376259f03286ec9fc1f2791f29b6372

SHA512
1d6f5011fc29e059053be8bd985a30798077a279100ca3aead406997425d5196bb590064ec34e33de7d96480683b2141768ebeb8f2b730433534955f4c3af087

Download Submit
/data/user/0/com.where.nice.blue.sept01/no_backup/db_metrica_com.where.nice.blue.sept01_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
8KB

MD5
e5cabd3b041fa07b0fce9c752208f7e7

SHA1
9db7bb98581adf48d0737a301f1f25f0761b7c63

SHA256
5bde55744df8a9c2d94a0d2a801fceb84ebeb65f363561845693ead4eb4befd8

SHA512
e4895a204edb47a62a79c98a6809ae9fde63045a7d1a766cffad747975f71785267161e749c24a1e8e01cb0e5a038070e6133ed8e5446b5531a0369e913762a7

Download Submit
/data/user/0/com.where.nice.blue.sept01/no_backup/db_metrica_com.where.nice.blue.sept01_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
12KB

MD5
7ef0f0aa0aceae072dceb38abf672ed1

SHA1
ac2e4551fa7ee9683870c18c3156e3d81808f721

SHA256
3abc83a4a3c4ef065c34e02433d256e8226a6673d38386903e0e878d60d86733

SHA512
5bd52dbe03a49b0df153fe39b5ca05b9f02ad68748fb2b4a1e10c463f427ce5a4f0d6ed6dc4c1a1d0acee9e3e86723152c54a31b459a64e6535b1e0514f89577

Download Submit
/data/user/0/com.where.nice.blue.sept01/no_backup/db_metrica_com.where.nice.blue.sept01_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
8KB

MD5
9a912083c06e91239991a52332d0e1f9

SHA1
b623d8839d0678d41355a2914a8096c87b0f0ee2

SHA256
e72e8b07f5e882452cfda6ee172b5f7efb11aa06b3aeb9c565940455ee767034

SHA512
e571754c9adcc876766e86b79e029036e4c7f829f809939e62b1e64b31cbd3d40638d3681ce0446a2d5dd6beca2b4959a7ea1fd051f1cf7bef3f96b2ff204359

Download Submit
/data/user/0/com.where.nice.blue.sept01/no_backup/db_metrica_com.where.nice.blue.sept01_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
12KB

MD5
6d37ca4bcf73e879c00de4c10f8baafc

SHA1
128da5ca4f7e8e949cab4886c45cc7ba00a8145c

SHA256
f60e93e6ddde15aee05f5a3a229d4c21247edd5d80f8596c65fe80d105058f68

SHA512
9f6c9f7858dc02991b1ac2ebff5131d278338fa28e10eeb156abbe5c8e45730d035030b293eb9c91254b99e8d62b528d59409c153d780fc3e99878fb5e026a89

Download Submit
/data/user/0/com.where.nice.blue.sept01/no_backup/metrica_client_data.db
Filesize
20KB

MD5
fc318483a677c71a725dbbe6e9516df9

SHA1
8ac3af9cbfb464e53b709028d1f64a4d019bb2f4

SHA256
d6d65421dac425ed42a96af8b94a1d708f6e23b556f0bc80011eb4970304b7f9

SHA512
0e3a0d7629cbfdcaa59e415c4ba982355f249b9595d234c0de6fda993c65c121435c442945766017cd78533fbd059d7edfe2eda0185ec6e4d076499536a63140

Download Submit
/data/user/0/com.where.nice.blue.sept01/no_backup/metrica_client_data.db
Filesize
20KB

MD5
b23290f66c614f8c293691120738477e

SHA1
c5907113a299966e663508a075a590c450145126

SHA256
04c0f043471c42428837f95f1c51169f762911e0065bd8185d364fe984001c64

SHA512
24f3a145644d945978970e2d2e933c56efe1e1782fb8d945b6f17b0e1f54079a5ebc130ed6b8b02339daf919b443bf324a6868750b78e0100de5e5810130994b

Download Submit
/data/user/0/com.where.nice.blue.sept01/no_backup/metrica_client_data.db
Filesize
20KB

MD5
1625f2a3383f162bdba94bebfdd3fa75

SHA1
2314de67dd85e010611474c1f8c4770a1e874ad6

SHA256
9214f7a07b3a8c3002c12a9302f3d86c2735b8e01d01bc31f58053eff4ad9157

SHA512
943ceeccff5e9ca00237c0fc084cd9ab8f3f822a4ef23c700bee3557afb3fe5c69afa129cc8c59fea3475e972e6e8ae1f77a0cbf2d21474bb9359c9669e1d99b

Download Submit
/data/user/0/com.where.nice.blue.sept01/no_backup/metrica_client_data.db
Filesize
20KB

MD5
36de47bb9c3c2a681f32810b71d17855

SHA1
197da0796b62c9ca0f38e9bfbc10080625c840f2

SHA256
37f81b20187267d4645a8f08de36d5241327d57d2d94b1c149d05d14a864f9ce

SHA512
0af4038504f237c3a685ff38bf043881a7daee63ab90f86a20a03a03530cb55f0817b1e63a50d090a6fdc338eac43822a3031a203b5c7f90e7c8ceecbab04b01

Download Submit
/data/user/0/com.where.nice.blue.sept01/no_backup/metrica_client_data.db
Filesize
20KB

MD5
4ba71ab2e61534c68723d9937e7d0299

SHA1
02688d4f781d518246bfc3b79cd849168b29b4ca

SHA256
2a5db0ceb59aa536b53795a4f0e64a3a269071421dfe24ce7a64e1c932a689aa

SHA512
9e1ae35baac86e0c124009db3cfecf5b979860329438b9ef0b02226d24cacefed2dd11a227b5a69247c1e7eee5f8a7b1548f3b5853257b1eb6cf93c7a3d129c7

Download Submit
/data/user/0/com.where.nice.blue.sept01/no_backup/metrica_client_data.db-journal
Filesize
12KB

MD5
e2865aab7aad8cd9ce8b4327592871a2

SHA1
2d0793f9735b3728292e96ec0aa869e616164c89

SHA256
15f8a24829b81ff80bdaecb83d25d2ca779a947cab4715f35f9d2d79ec179285

SHA512
a9094b5503acc73c8afec0eecb8efe3b62b2e73f2c837ca007cb3a5359a5fcf42a8426f96617af4fe6fccf31a6f7d884a74ad3b7c4058cf6f99e83218317dcfa

Download Submit
/data/user/0/com.where.nice.blue.sept01/no_backup/metrica_client_data.db-journal
Filesize
12KB

MD5
d88b83b6c586add4ac41e6a0e724b0a3

SHA1
095b1f52baba626e1ef2e718616ea8043dc780fb

SHA256
1476c09c5ee07d803c3a1e498d86c2cb023796b917c2ebd8bb02609d36645781

SHA512
c5f75ace92fc44577909a66106871d1d7b7938227752ef5aa68982fa315b1a43169df8441b4d456ee83e759db0ebbd7f16a0803b6a043285a904a9bc83b324b1

Download Submit
/data/user/0/com.where.nice.blue.sept01/no_backup/metrica_client_data.db-journal
Filesize
12KB

MD5
964a6f8b3af8b53b5b5b14c32bc19b3c

SHA1
e338539e72e62ba5b97db6970bf8b7c8fe6d198c

SHA256
3352fd1509b2d0ab5d617c3655d7bdfa950dbd11727762afbf258a8d6ebaf3e3

SHA512
92d076dcb1e3bc7a49623c864ec290a0f843c4fb008719fcdc00ef8041cec39d4be75f34b08e676823128018861d52dac8f63a375cf35f5c976e72fbc38a57e0

Download Submit
/data/user/0/com.where.nice.blue.sept01/no_backup/metrica_client_data.db-journal
Filesize
44KB

MD5
43a258035f2a6f0bc8695d77fba083a7

SHA1
55509676e47fc9af5529c5d8b9ee485e0975f1f0

SHA256
862a48a12c3592bd2a3f34dfbd117ef18cd2e35123eba667dda72b1d2123f583

SHA512
16b0a2735a27d40feef395ed57d9e99dd136a36d2203031641ebde10d84622a0f73d6426e8ee0abc65a408ebcf19439e709a926076a08feb93972a4fc3ea76f5

Download Submit
/data/user/0/com.where.nice.blue.sept01/no_backup/metrica_client_data.db-journal
Filesize
8KB

MD5
b1eea8bc83438fc10aff2a7baf8cfb95

SHA1
959d1df2cef75c3f4bf8bd95a44bd6364bc729dc

SHA256
d9ad932930a9fff22bf67fd3edbba853a2f2093661b78d6c5d13f568c9eb3a29

SHA512
cd60058d86a1227fcffc31cbe8682c6416efa846c23b83288c395e4b6b00c1d59245e4c29abceb6c5814a93531c48f41b44194ad171d9de29f0987eb1f55e8ff

Download Submit
/data/user/0/com.where.nice.blue.sept01/no_backup/metrica_client_data.db-journal
Filesize
12KB

MD5
2244cff9a7f1c6e76a05422ea56e7dfb

SHA1
c7362ab556a75344b94f696ab8b36447e8b61bad

SHA256
8bfc0fc8c6e546d345871087761274214ed835817a2fed02996eea8484c39458

SHA512
82551d67cfb90ce92cd6c5035c35aac8277dda0458aeb04b7812f4c042f87a50d5fe314f1f178dac60b47abe3d895b7404a6a4d3977b7d6eef27b28e711b79eb

Download Submit
/data/user/0/com.where.nice.blue.sept01/no_backup/metrica_client_data.db-journal
Filesize
20KB

MD5
3f32eeae773db05e8af0b2c02a47276c

SHA1
52948d65f824004891e276c0ecbc33e3dab6bcd2

SHA256
51b49a7ac490f6a71bccba9025fc0738a74bc9e04455e8c25c4979ee66470ea4

SHA512
69ef19c8f8f3626fd11e8a0fb31b7236bf18819e9b7b7700a035f19c66f2031c5154a5a6c2fa0cf03ba52d5a6c838cc3b01593aafe906e386f751064d469c3e9

Download Submit
/data/user/0/com.where.nice.blue.sept01/no_backup/metrica_data.db-journal
Filesize
20KB

MD5
873221c10c50cbc24288058b654e18b2

SHA1
6093afde1c468b5bc9c165c58cf7f0a1101f701e

SHA256
10fb14b57e95658e450f4f4f1d93709164806d7f0ebca27081d56600c553e5c7

SHA512
32252145c3e341052f69df5dd32a4ab18170e7d2b18a44b786bb0925cf6b8485af6aac499b58903d1d5f1570b282446c93e97d2dff9c91a7473a7ea6a5c76c62

Download Submit