658932bc529c8173287dd91f7a5d2a50a323e9ff04efcdb1b91a73b5515d3d2e

Analysis

max time kernel
178s
max time network
158s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
29/05/2024, 08:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

801f6b1f903eb95786808bf18ca37631_JaffaCakes118.apk
Size

3.3MB
MD5

801f6b1f903eb95786808bf18ca37631
SHA1

8b37820282c36d4b3671d7acb02ad65515cd4ed7
SHA256

658932bc529c8173287dd91f7a5d2a50a323e9ff04efcdb1b91a73b5515d3d2e
SHA512

f0e0c143da4f547ab56716ff2f10d8617c38afcc07d899db88739b8016e9c8654d82af21119e76945e68cb39bcee3924769493a6d585396b2ea9b27c97916ae9
SSDEEP

98304:RohWAo3eZru6tvBsYrcnfRrxgzKnUTxWohL/BH2OtywXF3oyVAoVgIA:RogneZS6BBrcnfRrxgmnQzRK

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	ua.FoodSoul.DonetskSushiTaun:Metrica
/sbin/su	ua.FoodSoul.DonetskSushiTaun:Metrica

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	ua.FoodSoul.DonetskSushiTaun
Framework service call	android.app.IActivityManager.getRunningAppProcesses	ua.FoodSoul.DonetskSushiTaun:Metrica

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	ua.FoodSoul.DonetskSushiTaun
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	ua.FoodSoul.DonetskSushiTaun:Metrica

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	ua.FoodSoul.DonetskSushiTaun

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	ua.FoodSoul.DonetskSushiTaun

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	ua.FoodSoul.DonetskSushiTaun
Framework service call	android.app.job.IJobScheduler.schedule	ua.FoodSoul.DonetskSushiTaun:Metrica

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	ua.FoodSoul.DonetskSushiTaun:Metrica
Framework API call	javax.crypto.Cipher.doFinal	ua.FoodSoul.DonetskSushiTaun

ua.FoodSoul.DonetskSushiTaun
1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4300

ua.FoodSoul.DonetskSushiTaun:Metrica
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4349

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/credentials.dat

Filesize
233B

MD5
fff55be3cc0270c6f7fc6895d727e507

SHA1
2bd529875c40c4dd850c165efd68d2167f36ec3d

SHA256
5769cd37c966df1cb42736722a833646059596ea0a642b79220ed10735c4ab8d

SHA512
a773b17c23b5c312d49a436bca56146cf11541ddb4bef8fba485c2bda817917a640266c55620355bfa3191501456960e401d846813cb7750de6473349124a566

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun

Filesize
36KB

MD5
148741740c62cefd0273e79b6ced1ca0

SHA1
1282dad9c9fb3018e1dcec1deeefedf1d4d25e19

SHA256
c04a8e99b53b62c94f83de4dc43cb88b71e893cf22339d28def57039436e8ee7

SHA512
622d0e27a3bc3ed755b1cc31c1cb75b26b28745023aecba81478dabce37066930f903fd19b0c727eace25151ffa6627fa845112f5777e7e08652437bada7e104

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal

Filesize
8KB

MD5
246fea072c686cbe802de3559e9a8662

SHA1
67630a3f67b42b1e697f13d05bfa7834b876ee55

SHA256
74907069dc186a92411ea415a4425426e0d7d47e5c71ae76a1ca406bce96ca92

SHA512
3372504d66071d366245d3973eeec9a62d77a89cc05feef9e419ee8fdd5923afe9e120a03c7e0e2e7a25f292a7abfb039229ca5a3fe80e7aa572970e747199f2

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-shm

Filesize
32KB

MD5
70d24a46251e2c45d01bf7ff74a4a4d5

SHA1
db75a46c1b4b4707e8d527ae1d860cc11cffaeaa

SHA256
e49928ca1bb91f0f4a13c8182d65e4a0b2718e32580d41b55996b2aace5ca67a

SHA512
e85a3aad819b08718faa5dc317d75eb001a1f460a15542bc12a231cef5cc1f7937d751a2e91ed510593343aae4aeaef358562b79e61e1805fb2944a4920a1495

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-wal

Filesize
406KB

MD5
6cbbaca89f9411864b58d93a113d5a7f

SHA1
473159c9c0a8948d8c5667b4b0bac2742611f333

SHA256
6253dd2780c08956768b969233c91ce06a02875a8921b385a6c9a52fccdba24d

SHA512
4c366fcdefad0ebed17350052a7f71b91b64682d854a796361a4a57dc782bcd27491e6797a243d77e7530b1fbd3b345ffe00f560967d0a2436f2da1e8a2c94ea

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180

Filesize
20KB

MD5
2960757ac26e775bf7e9ad70c69353e2

SHA1
a694b1cc052e9ead49407d3207fddcca3696173c

SHA256
737d19a70807ce02e619057d82600ecbef7a4270f5adfb1e67a36ed5103a1eb5

SHA512
fd432b0c849fba4eab452b2b129169fa928169449010e0f078735a3b543204dbde9dea53e1d7f99e34b7d58ecc2548fed16fb0b95b97742fa51bf4ccbac017c9

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
512B

MD5
df24b7f612fb2ec48121f78018c491c8

SHA1
ad3de5dd956b8d74ecea3267510c02d5406d20e9

SHA256
9d6ba6d706add704be86802a8518e28f890f7caa1f8a9e13d9bed82560366233

SHA512
de23e335381caadda10395a7c4c015322653491a2af0f2d73b7d1db1f6d3ed98430f956b88005887ee4d0e474e41872a75c511d08672e3c5a3ac0e9f6a3d1436

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-wal

Filesize
140KB

MD5
45a7740bbb6d602e40a35b7c74ed9a79

SHA1
3d6aabe5284622c373c912a43db4aeaae2a7314b

SHA256
2439f5448b537c71f66f2cfe4b8559d495725f32c8ba9ca5f4c6cdc986c621e4

SHA512
18bede0c589ae081c0717938d5aa6bcd7019045c3749d35ae3286a5c493dd24220bbc1d5df673817eb99d6cdc5e331ce935e808f0f0ccff91f853b2363a46c37

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db

Filesize
20KB

MD5
27e164569a93b81e2346d7a2509c2427

SHA1
1c8144dd5b2e2b2502f4320a7b99278a1a9cafad

SHA256
f373b6851f2ac58ead952c0d35193e60af248aab0770d284f8698d6122b33999

SHA512
eff6f5f38a6eeddacf4aa5656ab607d083e316192925a89c68d7df80fe4a4f18b8c9d6a92cf35109b603a752b9da8147df9bfd9621edb3556482e668882914c4

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db

Filesize
20KB

MD5
744071b737a34d79ef590b364c7d9e36

SHA1
579f7f12cbbaa2bbcff491bdda8644a12f6d92a4

SHA256
b8311f38c90332854bb6a425d5afcb9917afddd0aa1e2bc99e3d216cc491d8d4

SHA512
d28d94a3e1f37ba6c46d70423aa53832006c792f88def03e9e31e8b6714b74c458a0c5cf1c79475c4e08eeda4a0842b85628bd68d954fd508bedd9542cce7d0b

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db

Filesize
20KB

MD5
44def4f6e42c3ec63f229d23af8c804a

SHA1
f5956d9295778b539bced03215343fd3cf7a9dd8

SHA256
882faff2a0f007164d5dbda7bd7f803306423b5eb48a88b1bb72bde65b77e50a

SHA512
a14770398044635a8a8fc0d59dc95af3a97ae78146a9ace3795d600a44098a5ff7099aa3d0ac40442f8ff8c5d3b5ceecb4b360bf47f3e8c7c902879e2e76228d

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db

Filesize
20KB

MD5
d959f405f700365603905ad97871817b

SHA1
d9f41d3f760f01fd3ae081c4be8dc275476f024a

SHA256
bd98d718ab5a74e1fc460c694119ad76c69a3089321fd993d68cfaa720da51b9

SHA512
ccc1554943110e19517713b86ce43042e9d52f7316fea1c16cc4700d01a690bbaa075bd758fba2f4ee135c92517adc04020810272c141e2f4a994537563cd1e7

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-journal

Filesize
406KB

MD5
9f82fee3d86c9f7403375b6d37b551e3

SHA1
50feed5ad7f3ce9bea98ca29449f24a74edb9d74

SHA256
16bd4c706a7ccbb0860919f14f8f696f0730aca63e9e2c4a73d785a2785b29f3

SHA512
3979a964545a81346acdfe681a3e81951c95c763f14e8f2466eb10ef1640a31b734851cb872cacb862c63515c834890f718e343017d92c970f7a4a5f626d161c

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-wal

Filesize
32KB

MD5
46ffced18a354811cdaaf9b3fb750dad

SHA1
cb21eb3934732cb24e1fa8455ae5a75a77ae39ec

SHA256
0f56d41b3362395e8fb12721d4381e2194d69e18171b3b29dadccfd7d0f59b37

SHA512
7d86beccb2a8ebec6a0c6417bd9d1bf7da16301e0ec8bbcdd2272177f64f0779b07d5169982a75ea33c2f6cbaaeda97d9b2fe15980d81f0464d1886f2370dfe9

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-wal

Filesize
8KB

MD5
ef8d5e12fcbe739eb54fbf55305cd289

SHA1
c8403fa12c7a9383e781345bca15e5e436d1e384

SHA256
15c91112c560c819d87573688ec57784541b2ed273fc390cd0e8ec5e2211400c

SHA512
d6ed9cb35438d45a0170e161559578ae8c507045752c70bb4c2fd39f0f1d540d45dc48bab16129eae85013a2ce0ca5542d69829279fa0805ac9f65c09336802b

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-wal

Filesize
32KB

MD5
3aab9b075bcafc07b1890db4c172b71f

SHA1
b6f7ebb614226ffcc9fc2ffa034da4b7a8054a4e

SHA256
9aa6c2512eed4bb575b78d266ba278f5736ad1d3faeb1d8675d3ef5065a2bef7

SHA512
5a06aa67e5c0c8a7bcbd1d593edfd0cd9c90eaa6b7d1c4f6d37704afc3ee91c7da646b99801119111fe444e2810728596f6210514aa799c14e04396fafd82327

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_data.db

Filesize
44KB

MD5
644e18d7ffc9e43793f5fc69c2ade563

SHA1
cafc9b00882cd12b0097ca8f76dcf4c15ca7cce6

SHA256
6c2f769a37808924658986ddc9a629c4640a0ce2f5a93abc4ec040ffda35021c

SHA512
11ebb9613a41230eb568fbebde231e803a986148f6501d465b35a9ac29ed6c3398f0341a62f7533fd37236b601c91cf03dce15dc5a246263c27bd10e512e00d2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads