02bb61463e6488ff0e0d796802bbf4e6ff7a3af5e131331dcb8bbe75a07c6c6b

Analysis

max time kernel
179s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
01/06/2024, 05:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8983ada140ff2064a5368f37280438a8_JaffaCakes118.apk
Size

5.9MB
MD5

8983ada140ff2064a5368f37280438a8
SHA1

2c06a0ecc07c3fa922c2a10aff40c5ddefb1aa76
SHA256

02bb61463e6488ff0e0d796802bbf4e6ff7a3af5e131331dcb8bbe75a07c6c6b
SHA512

fe1a26b3e07aee47237aa2445331905be41d10fc20eb0bc397f999ff995e155dcf1ecf0682a9c4fe91d7addeab43cd9d2ba9daa2571d395bb65a652df8852773
SSDEEP

98304:XHQljvUKULoYgMmTRavh0nsudJ6VMyq0QBa9uqArf0iLhZ601mT6PPm:XHQlDU8dcKPMU0QQgz/600b

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/sbin/su	com.appsmart.delivery.darbarmuenchen2087:Metrica
/system/app/Superuser.apk	com.appsmart.delivery.darbarmuenchen2087:Metrica

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.appsmart.delivery.darbarmuenchen2087
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.appsmart.delivery.darbarmuenchen2087:Metrica

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.appsmart.delivery.darbarmuenchen2087:Metrica
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.appsmart.delivery.darbarmuenchen2087

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.appsmart.delivery.darbarmuenchen2087

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.appsmart.delivery.darbarmuenchen2087

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.appsmart.delivery.darbarmuenchen2087
Framework service call	android.app.job.IJobScheduler.schedule	com.appsmart.delivery.darbarmuenchen2087:Metrica

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.appsmart.delivery.darbarmuenchen2087:Metrica
Framework API call	javax.crypto.Cipher.doFinal	com.appsmart.delivery.darbarmuenchen2087

com.appsmart.delivery.darbarmuenchen2087
1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4261

com.appsmart.delivery.darbarmuenchen2087:Metrica
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4297

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.appsmart.delivery.darbarmuenchen2087/no_backup/credentials.dat

Filesize
233B

MD5
0c5a71c6c21f9e4bc46891ad32ae9c0f

SHA1
ea6feb20af4c0edea21a10403d4b50c265bc2b7f

SHA256
0a027c58f0241c2256e281ef213422a99f7e10ac285a66a95e059510145244a4

SHA512
88e6f187af1a56c23a371c8a73535d3e548326a5d9fcd6d8444fb24684a58ac92e99d8616a9498f24eade7cef4d64f7f30760e34b33e32fc1aaf49acdccc5482

Download Submit
/data/data/com.appsmart.delivery.darbarmuenchen2087/no_backup/db_metrica_com.appsmart.delivery.darbarmuenchen2087

Filesize
36KB

MD5
82349664fdafe0bad862b3bfd44fa7b8

SHA1
9616b386eaec55615fe5776cd14cc6b9e5b08476

SHA256
560489ef95c3e04c0a307fb1e435244fe6abe98123fd8b70b57fcc50b5a97c89

SHA512
a4de0e9790855a7ba931ab7e4ac3d5e12892aed8366f962671bf8b91b2a6e6a620aa31756971320c5f02ac1bc18ee56ce9c8c87d9e84acd15cd5849039803e22

Download Submit
/data/data/com.appsmart.delivery.darbarmuenchen2087/no_backup/db_metrica_com.appsmart.delivery.darbarmuenchen2087-journal

Filesize
8KB

MD5
e793937583e0e0a493924dad73280c7a

SHA1
074002576c48c30e03fd9231fc6f6a61730d3030

SHA256
480825025bf035a4882cfbc9dc2c398bcb2f76f23006a0231d119a60fa19f448

SHA512
8e7e12a237f3e57271f085b577e4ce0bc102c61115839f681c74100f2ead35a9ee762efa56a9ce5743b2c94fda20816cbc3c50663341cd7e7555b82ae94734b2

Download Submit
/data/data/com.appsmart.delivery.darbarmuenchen2087/no_backup/db_metrica_com.appsmart.delivery.darbarmuenchen2087-shm

Filesize
32KB

MD5
dc80460e0ae4c2256e79b2a6e83a7b29

SHA1
ac668f0a35b16ede1dae4f594c26938b67cd9b9f

SHA256
50ca55972cb541cbff51d8cb3512970f5f042f4656221ef710410fd9178a953b

SHA512
0b0fbe3ddaa9a75d4c4bdffd4c1ec15c9815bfb3d3b6a7ae7e404c162c0605e24b24272e23e8be77f3bd7422aa64ff3cb241072b1346c30696597b06594c5e30

Download Submit
/data/data/com.appsmart.delivery.darbarmuenchen2087/no_backup/db_metrica_com.appsmart.delivery.darbarmuenchen2087-wal

Filesize
406KB

MD5
633781969d6b1f9ba8b97c990cf9d8ca

SHA1
2939535847ee6318afb84f1c4efa98acecf88287

SHA256
0984aaf1d68feb4617c42a8a5f066528b8538dddd29479a582cb48f59e96d47b

SHA512
1c8f3caa7fe5ee1aa2cad408094ecf52c83f5d7b9e275427d05194cc13b7f2c37b6a0576c20d671d94c1444e4572950ba89eefc1bbc72468f4b2b7464951fd95

Download Submit
/data/data/com.appsmart.delivery.darbarmuenchen2087/no_backup/db_metrica_com.appsmart.delivery.darbarmuenchen2087_20799a27-fa80-4b36-b2db-0f8141f24180

Filesize
20KB

MD5
44ebf278bddb05953d25790cd3c83867

SHA1
5fd212e4b5600090bfc767b9aab104fbaf76b3a6

SHA256
421b1c7c56bbf34f241ce2766fe5e812d4f1d85d9a7c44c23078a925de6e244b

SHA512
e2ac165ad16c82509c473b9fb96b8c2cba5dfae85c4b18a9512b698b2ad59cc9eaaa71ad4025e7e8ec0ee49f2d8004e798f0d4775757a55ae8ce6a4dc785eb9f

Download Submit
/data/data/com.appsmart.delivery.darbarmuenchen2087/no_backup/db_metrica_com.appsmart.delivery.darbarmuenchen2087_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
512B

MD5
b5c2136da22520689c6f2f0e88600675

SHA1
a7be88a856f25de9fc64c0376fea89903d603fa0

SHA256
a7ea6634c865766ff45d26f50e6cefb7eb91891d5c35bc8cff3ec4b3e051d615

SHA512
89bd15ed03f56ecd36f34b48e415e0a9fa2bbeb3cfd45ee06e36f8a3013e363c7540fde2996a7e803cf4ae110d213d707a0cf170f67c9e25481cbb9f96d9fe89

Download Submit
/data/data/com.appsmart.delivery.darbarmuenchen2087/no_backup/db_metrica_com.appsmart.delivery.darbarmuenchen2087_20799a27-fa80-4b36-b2db-0f8141f24180-wal

Filesize
173KB

MD5
9834d9b3bd6dc82ffe85662c25894e4a

SHA1
14c18233b508c905875a6795cdcfb1205863ada9

SHA256
f0a70ddb36268ad2a333b597724441d0d5127d3775e303641212e236aeeb90ca

SHA512
e0cf59ca357f6305fdca7f485d419e0c560851fc537383703adf74a6cabc9128465a9a2602bd15cbe53d7eedb26f2a9de7af144de1b4030b5d1a4e7378fc8456

Download Submit
/data/data/com.appsmart.delivery.darbarmuenchen2087/no_backup/metrica_client_data.db

Filesize
20KB

MD5
efb8d3cdb7b921f576dc306cd3ba8b10

SHA1
521eedff1ebf4068e1cca4ac41e09d2c2823c407

SHA256
f57a9244db947f76cb53de9eb2bfd973b7d86e61d67ce57bf3d92e1db6058adb

SHA512
f2a415d04b9a373a4388b541d7a6d2e80bb250833d87afcb388e1e4049b12282fe62290104eefb2cb53885ef9b536465b4201b3e52c2dc00278dcb959ff232c3

Download Submit
/data/data/com.appsmart.delivery.darbarmuenchen2087/no_backup/metrica_client_data.db

Filesize
20KB

MD5
98a86cbe5380c6a8d9cd7a2ca0dee380

SHA1
5a01255e80662ea53879c213bc31f47752cdae64

SHA256
ed9c3e89712c4e04ae2bb1560053f8f26c1d965529d5ec9f8104764d4f987c39

SHA512
90d703d736bc11b3c0de1874795611f6065a5bab13e0ac9f2829f0cac4100fe74c080054505a05022ba3ea4ae6c5ffd8cbd9871ecce08deb531e53f3f81796bf

Download Submit
/data/data/com.appsmart.delivery.darbarmuenchen2087/no_backup/metrica_client_data.db

Filesize
20KB

MD5
44def4f6e42c3ec63f229d23af8c804a

SHA1
f5956d9295778b539bced03215343fd3cf7a9dd8

SHA256
882faff2a0f007164d5dbda7bd7f803306423b5eb48a88b1bb72bde65b77e50a

SHA512
a14770398044635a8a8fc0d59dc95af3a97ae78146a9ace3795d600a44098a5ff7099aa3d0ac40442f8ff8c5d3b5ceecb4b360bf47f3e8c7c902879e2e76228d

Download Submit
/data/data/com.appsmart.delivery.darbarmuenchen2087/no_backup/metrica_client_data.db

Filesize
20KB

MD5
517015ccc5f3b94cd7f7da42cecb09ae

SHA1
70a7fc65059aca9a72702dfeaaa65b06635a37fe

SHA256
67495827bc3490799da336f48ec93dcaa37bba476d351441f1ae7dd025b0f2ed

SHA512
1d48544ef77a3b865e202cd6de538d83d248cf53763539bbcbcbea3d8b18399537fcfe04e680faf01f2500614f5827a0460c1ccc696a390717d7132e8a148597

Download Submit
/data/data/com.appsmart.delivery.darbarmuenchen2087/no_backup/metrica_client_data.db-journal

Filesize
406KB

MD5
da79a878a8b6da40db4a5f678d3b99e2

SHA1
f43e4b7c4c748f0f2019e01fd0194a6c2f828a1f

SHA256
5ff51b6f6f23a910b8018c396d795217a315c6ab13e710b89f82814982bb4942

SHA512
5b16b5ed51c3bcef433ade3b9edc3f65fc584ea618cc333e750a5a61d0056114a204e823f71be800c6b321c73af68a460fd96d1d3802c561a49fcd54b7aeea50

Download Submit
/data/data/com.appsmart.delivery.darbarmuenchen2087/no_backup/metrica_client_data.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.appsmart.delivery.darbarmuenchen2087/no_backup/metrica_client_data.db-wal

Filesize
32KB

MD5
837d6fee309d86eec686410f150eeaaa

SHA1
f8c2b995c2481edcdd208295cb3ac6bb4b866d54

SHA256
cf49d9ad951620f64d25f461ef2d7dd916816f3ad2e3541bee60a6649330d025

SHA512
d7c6afe719a36e62d262bed3923674e7047f2916e71b33d74aa9f4ad165c9df09af6d2b4e081f7e9b88a7576b9aa151c63f5c2e2d6ae611e6328c916bd60b364

Download Submit
/data/data/com.appsmart.delivery.darbarmuenchen2087/no_backup/metrica_client_data.db-wal

Filesize
8KB

MD5
e35a232b302c3d7b10b6ab8ca0b58ec8

SHA1
8d28195754a8e9182f499be44e2244c8aac4ebf4

SHA256
f27ea79f3f490e9b091634abd1382f340dfad6367c7da1436a34344b50de890d

SHA512
fecf54341725f4b816eb468e84fc4ff4a3bc0b105ec79d593142d6d5b1d98f492e7dabe9d7a19b383ba47d553ccde6ce890225a744c2e7a9b9b7f308367a94cd

Download Submit
/data/data/com.appsmart.delivery.darbarmuenchen2087/no_backup/metrica_client_data.db-wal

Filesize
32KB

MD5
908de5f1d0956d355f1fc41f1f19ed0d

SHA1
2911f807579abaa0da95a1664cca1c52a9190a3c

SHA256
859f55d196e7e0ee3d5223495e25043c8685fd416aead2569098ea13b3275ace

SHA512
aec9e6896063dcc8bdaf3ef5196871a91243e2e35bf09a9f02338e213935e433e2cd0c6c475482efebad3bab9fda349988eb0103fe9181ed5b1f4541f96d6b98

Download Submit
/data/data/com.appsmart.delivery.darbarmuenchen2087/no_backup/metrica_data.db

Filesize
44KB

MD5
b5c6b81b7be81705d3032b5431ee2a7e

SHA1
62f06693998dbf9b8b13cd9319b80e0e44b63262

SHA256
aef1d960b57ae9bd480a8b8ff99941e1972a2d4df38a6a50a8b8bd9fcbfc1190

SHA512
fc898b452c3a5f778ad7515b1e96c4c847a85ce991e08b74542a4a9a42552a0309ad1b1ed6d7e654cd79ef314b0e3b648093c724c0043139027f8b57b7eeece5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads