Analysis
-
max time kernel
178s -
max time network
155s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
03-06-2024 08:17
Static task
static1
Behavioral task
behavioral1
Sample
91166d014ba911eed2e34efbf2bedfae_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
91166d014ba911eed2e34efbf2bedfae_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
91166d014ba911eed2e34efbf2bedfae_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
91166d014ba911eed2e34efbf2bedfae_JaffaCakes118.apk
-
Size
3.3MB
-
MD5
91166d014ba911eed2e34efbf2bedfae
-
SHA1
4d3683fd4d4fe7748065dab04d7d66f710b5ddc1
-
SHA256
5db8a8ba679ec72512ee4cf8b4baaad9ebe1276811e520278e8f8aed023d890b
-
SHA512
2a15a46c5b227ffc6f1f15c1b5e1b263faf196530812e990a0fc3271865764d6a97fa6df0336a87036c84d6216a89fd81f385dd8eb9d74bc1b9d718a3fa1d5b9
-
SSDEEP
98304:fPrL/jD6ZNvBoknQqBDCirqDMaepvb3LHOtywXj3kYK1pGE:fDDSZNKkBQe5J
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
Processes:
com.producepro.checkout.marchese:Metricaioc process /system/app/Superuser.apk com.producepro.checkout.marchese:Metrica /sbin/su com.producepro.checkout.marchese:Metrica -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.producepro.checkout.marchesecom.producepro.checkout.marchese:Metricadescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.producepro.checkout.marchese Framework service call android.app.IActivityManager.getRunningAppProcesses com.producepro.checkout.marchese:Metrica -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.producepro.checkout.marchesecom.producepro.checkout.marchese:Metricadescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.producepro.checkout.marchese Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.producepro.checkout.marchese:Metrica -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.producepro.checkout.marchesedescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.producepro.checkout.marchese -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.producepro.checkout.marchesedescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.producepro.checkout.marchese -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Schedules tasks to execute at a specified time 1 TTPs 2 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
com.producepro.checkout.marchesecom.producepro.checkout.marchese:Metricadescription ioc process Framework service call android.app.job.IJobScheduler.schedule com.producepro.checkout.marchese Framework service call android.app.job.IJobScheduler.schedule com.producepro.checkout.marchese:Metrica -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
Processes:
com.producepro.checkout.marchese:Metricacom.producepro.checkout.marchesedescription ioc process Framework API call javax.crypto.Cipher.doFinal com.producepro.checkout.marchese:Metrica Framework API call javax.crypto.Cipher.doFinal com.producepro.checkout.marchese
Processes
-
com.producepro.checkout.marchese1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4335
-
com.producepro.checkout.marchese:Metrica1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4372
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
233B
MD549221f427f55e6d55081e2a68839dd1e
SHA1725ba5ce6a9c9c7eb1705a3ac523d9a17cb98998
SHA256cdf2929ceec7af307f8a83da14bf429e7ba72c98ad89b8fe0a736d3aba988959
SHA512c62f8af6314f96db26542a98ef288104c723e6f9bd3f95c0e73012f89baafbc6d08f9f6384657156fe1a588543161ea18aab6debe3ad36296f3e20112347f65a
-
Filesize
36KB
MD532f0f2d39a03f206d2d2c1dd8bb64d44
SHA166394cbba6fe7619c384b3985c38729555f24c59
SHA2569e911b1476357beb534241abb73c53c1b04c591dddd0756925be2b835c60f07c
SHA512f980239e8017490d0625583df64e2af31ae6182f4680f2c5a9a1517d146e1782c6548cdbf3cf06db345d44ab763040a5c3e844347baca1626684d6d931e38dbb
-
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese-journal
Filesize8KB
MD587d4429a832abf8e112d7f827bf1992e
SHA1f663adcbd02996a080797e2caa889c9e1e8bd528
SHA2564ceab35d19ffb2f47f0c4a44d6efffc3c8292d865322875ba6364d871f8e7c6c
SHA51205cd097f399dde0eb1c6395ad9a259fb2c71a5cc863069d0b517094ce13487e7c6e9e5842cdd86e16f10991f659308908c334fb3f4160a1bd1dc8bce882ec75e
-
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese-shm
Filesize32KB
MD52158460361d030be5e84300d330b06af
SHA16ff13938193a3a860232e5a190250bb95858aa48
SHA25698a5b6571f6cc66b7f4c68543f19624e4d159312808fa46febe701a5d522c591
SHA5123749fff44eb6d9d31efae12032f591a97aebba557c502577728ddd22b0a2b8e5b991a52b36f9812582e3d2912d0bd4b58aa87ed8bbc09058843ca68ac28f2fc3
-
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese-wal
Filesize406KB
MD5499f8526767e7e54b9a0dc8197b2b09f
SHA1a208d9ba40f4ce1007cecbd12a246563b28e3085
SHA25699cfe80778d4b2962691816e1595b291d376a3bf0d69ff040eddb5cac18c83bf
SHA5129261dc22f8b0c6952225e958abe14f410a5b79032219a7eed47bc274c7d6a363971e1e0f42ab371e9af6e19112149329b7c497f533f01c20cfe506f3319ad93e
-
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180
Filesize20KB
MD5d04ca56951a6d3682bc0fde9b6534c83
SHA15a55f5c39f8818ed1ca4a11ffcf3ef95c3b4e592
SHA25612852ab627ad603cb5b19a8d36bfc7f5cf86aa3716409c01c79e164408533c71
SHA51250dce3fd48cb1b4384e724905cb23ddb6ceebb9a218239c7ccd164ab3170640c5308f7e373f379a09fba84b1d6d95928d2b5b2a2b0d3d65583f716ae10d2cd77
-
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize512B
MD5304935121b7543b50ebe617a80ee0b05
SHA11143a861302bb0f04a1152db825f149ecf1ac803
SHA256107535acf7e9a8ee341d1b909fe5506e0e45ebb2b142a03adc6dfa32d1ac070c
SHA51292411a5347f1bda2901b19ebc0f66617d3d55fee6b14caf3ef36c6754469ec4deb388a8dfde5177c09c5239eeba3ff6cb73b7215bd9a2651c8f256805a86a266
-
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180-wal
Filesize173KB
MD5cc9e299d5dc034c14cadd08600ae31fe
SHA11a64e71f52cd40aa8881c5192989d0f6a4131cb5
SHA256e7fc919e3d9315ccd593ac23373f4aef8be55106244222abef3c3be9cbdf8496
SHA5121e81708948ed773d8b5d2b41b7adb8a520da0aa4d66aa4839b3502c52f62e71a78f9ad6de6051c4891085661c58e56c4a17658cb29be8968dcd6dcf9794cf936
-
Filesize
20KB
MD53bdc65195057d42de81b0ec2e3d4f6ee
SHA16b96e603ca1de87a8543145ea9e204301fdab29b
SHA256b508df49e3da96d08d635eda96612bc583f2454d98a3243870b7318289893033
SHA51209e8cd2b2c10045f03b16cb6aa894e96faf1d14882ce7482f447af2e08d1483a867a0781262b0f34e1ac9e01eadca5712308421d0ca01a3228fd0c4f7cc2cffb
-
Filesize
20KB
MD562c46de5f29a051a1dd3c1160e9453c7
SHA1a1e12d8cce62b55bd3c533fd883898021576cab2
SHA2563ebb015bf8356a02dbcfeeacb094329b4ada2532dd35269dc2d83679b7ccc383
SHA512fa8b5639300968003cb330e234a4f2a77796e40e51441b75da4d191ff53d825d002297713acc4b018f2911f4a487061c97f10fa6092522fd48553e209c9fc621
-
Filesize
20KB
MD506956fcd61dde81412cb470eaaf15574
SHA1d2c4ce7f735d5f7d834928e5e1b1e635d1edeed0
SHA2563dbf28ea5983f0dc2d1f012b666219bf75e7e13ed73de897a9b68cf6bae2a20f
SHA5128116faef3c3ddf6433dedc38420fe569e29a884cdbd7dec8bf454a22db41f9f5fd80b14a5c36a2357f9bc448024c77f619ab6f1a0b71fd2a195334b7d4726ba9
-
Filesize
20KB
MD5db274079e49a32b5fff25908321f0965
SHA199a33c46c439127aa008fc0c8b95721e0000391d
SHA2561804f9e0fc77de51202d81d87f6848151633cbb63f8445b2c9968e2fca58de6c
SHA51251c7cf3e766226183598717c90982b58f091f66e0f19fe2bcbea4ce23f426b018794c137c52cb2116ad795763ead4e072c520d4193ddf2687b76ad29e5507dc1
-
Filesize
406KB
MD511a18237245e4824a5518015e0e90445
SHA127119b5a589a6b1aa41bcb340d277f9397ac9589
SHA2566d59f2f2dd4970a8f33311a76abce8e73ee073d3f18fe6e1f6fad875c6a835e8
SHA512dc97ac3245b2ad1136710cc117ac35049cf4849fa94e1a8165478deec19b10f8a9d8cabff0248097de118b5beb31f7648efacf9369ef4ac0bbd5881f6bcbb0f9
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
32KB
MD56feffe180d93bd41732fee0ea9a7486b
SHA1b7283d675ebc67e564ce63fdaf0e67563fd008b7
SHA256d0e8d773217450370e46263f5ff053634301bacffb2e30155bf364e8e382661d
SHA512fd9588a2e9f4815be4b31359d561e154507acea61b3098f9877a64dda2a5e43da3c1e87af36ce2a3605f87cafa22d3b3b6b7e98b8e99d6ce150f5d23cbdacabf
-
Filesize
8KB
MD51f630113d156d31bf55c8a2c04740729
SHA1a0eed0a4859cd79d6cd9ca879a28e62bd7ead4b1
SHA256b31570c6aca5b115cf4ba298b617155d13952e4a999eb418c6e883c98a996229
SHA512a0b5fcbeaa14fb55c147b391fa8e03d847cd289cea9897a6c1060d4015801aefc8571e1d1cacff8c3bc7d55c7eb67839d3c7c9170017a051e2477c632a3a3082
-
Filesize
32KB
MD5a2275b54ddc3722e4e80e4ff1e5a6a96
SHA17d19e0b076291bee0fc4da17c25b359b5c512900
SHA25644fbe8835f1fa5e921e7170da9602414a0882a48a430642367d9ac726ded4e34
SHA51280a59c7a484a54d830a3c363d7164a5337294925604144107155417b90c4eb1e4759a0e0d0da495883067ec6d6e67a18a400f965dd2e72de5ab2d41eddaeba20
-
Filesize
44KB
MD5b1cb0d07b66a22928daf0bd5827cdcb0
SHA16013842b41d368b721514c44ab86c7df7d5e8f1f
SHA2564c22642f9e470a4690cf753b87a38b32f02ef7835c4370c4355119107c7a6f01
SHA512ec70b1069f913632ec89f98f4e9bccf76a755ff9851704858b89131af1ed828798a30132625de43cfabcc385dc83f9f5a1102f4315b699084932550a63a9629e