Analysis

  • max time kernel
    178s
  • max time network
    155s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    03-06-2024 08:17

General

  • Target

    91166d014ba911eed2e34efbf2bedfae_JaffaCakes118.apk

  • Size

    3.3MB

  • MD5

    91166d014ba911eed2e34efbf2bedfae

  • SHA1

    4d3683fd4d4fe7748065dab04d7d66f710b5ddc1

  • SHA256

    5db8a8ba679ec72512ee4cf8b4baaad9ebe1276811e520278e8f8aed023d890b

  • SHA512

    2a15a46c5b227ffc6f1f15c1b5e1b263faf196530812e990a0fc3271865764d6a97fa6df0336a87036c84d6216a89fd81f385dd8eb9d74bc1b9d718a3fa1d5b9

  • SSDEEP

    98304:fPrL/jD6ZNvBoknQqBDCirqDMaepvb3LHOtywXj3kYK1pGE:fDDSZNKkBQe5J

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 2 IoCs
  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
  • Reads information about phone network operator. 1 TTPs
  • Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

Processes

  • com.producepro.checkout.marchese
    1⤵
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4335
  • com.producepro.checkout.marchese:Metrica
    1⤵
    • Checks if the Android device is rooted.
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4372

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.producepro.checkout.marchese/no_backup/credentials.dat

    Filesize

    233B

    MD5

    49221f427f55e6d55081e2a68839dd1e

    SHA1

    725ba5ce6a9c9c7eb1705a3ac523d9a17cb98998

    SHA256

    cdf2929ceec7af307f8a83da14bf429e7ba72c98ad89b8fe0a736d3aba988959

    SHA512

    c62f8af6314f96db26542a98ef288104c723e6f9bd3f95c0e73012f89baafbc6d08f9f6384657156fe1a588543161ea18aab6debe3ad36296f3e20112347f65a

  • /data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese

    Filesize

    36KB

    MD5

    32f0f2d39a03f206d2d2c1dd8bb64d44

    SHA1

    66394cbba6fe7619c384b3985c38729555f24c59

    SHA256

    9e911b1476357beb534241abb73c53c1b04c591dddd0756925be2b835c60f07c

    SHA512

    f980239e8017490d0625583df64e2af31ae6182f4680f2c5a9a1517d146e1782c6548cdbf3cf06db345d44ab763040a5c3e844347baca1626684d6d931e38dbb

  • /data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese-journal

    Filesize

    8KB

    MD5

    87d4429a832abf8e112d7f827bf1992e

    SHA1

    f663adcbd02996a080797e2caa889c9e1e8bd528

    SHA256

    4ceab35d19ffb2f47f0c4a44d6efffc3c8292d865322875ba6364d871f8e7c6c

    SHA512

    05cd097f399dde0eb1c6395ad9a259fb2c71a5cc863069d0b517094ce13487e7c6e9e5842cdd86e16f10991f659308908c334fb3f4160a1bd1dc8bce882ec75e

  • /data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese-shm

    Filesize

    32KB

    MD5

    2158460361d030be5e84300d330b06af

    SHA1

    6ff13938193a3a860232e5a190250bb95858aa48

    SHA256

    98a5b6571f6cc66b7f4c68543f19624e4d159312808fa46febe701a5d522c591

    SHA512

    3749fff44eb6d9d31efae12032f591a97aebba557c502577728ddd22b0a2b8e5b991a52b36f9812582e3d2912d0bd4b58aa87ed8bbc09058843ca68ac28f2fc3

  • /data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese-wal

    Filesize

    406KB

    MD5

    499f8526767e7e54b9a0dc8197b2b09f

    SHA1

    a208d9ba40f4ce1007cecbd12a246563b28e3085

    SHA256

    99cfe80778d4b2962691816e1595b291d376a3bf0d69ff040eddb5cac18c83bf

    SHA512

    9261dc22f8b0c6952225e958abe14f410a5b79032219a7eed47bc274c7d6a363971e1e0f42ab371e9af6e19112149329b7c497f533f01c20cfe506f3319ad93e

  • /data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180

    Filesize

    20KB

    MD5

    d04ca56951a6d3682bc0fde9b6534c83

    SHA1

    5a55f5c39f8818ed1ca4a11ffcf3ef95c3b4e592

    SHA256

    12852ab627ad603cb5b19a8d36bfc7f5cf86aa3716409c01c79e164408533c71

    SHA512

    50dce3fd48cb1b4384e724905cb23ddb6ceebb9a218239c7ccd164ab3170640c5308f7e373f379a09fba84b1d6d95928d2b5b2a2b0d3d65583f716ae10d2cd77

  • /data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    512B

    MD5

    304935121b7543b50ebe617a80ee0b05

    SHA1

    1143a861302bb0f04a1152db825f149ecf1ac803

    SHA256

    107535acf7e9a8ee341d1b909fe5506e0e45ebb2b142a03adc6dfa32d1ac070c

    SHA512

    92411a5347f1bda2901b19ebc0f66617d3d55fee6b14caf3ef36c6754469ec4deb388a8dfde5177c09c5239eeba3ff6cb73b7215bd9a2651c8f256805a86a266

  • /data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180-wal

    Filesize

    173KB

    MD5

    cc9e299d5dc034c14cadd08600ae31fe

    SHA1

    1a64e71f52cd40aa8881c5192989d0f6a4131cb5

    SHA256

    e7fc919e3d9315ccd593ac23373f4aef8be55106244222abef3c3be9cbdf8496

    SHA512

    1e81708948ed773d8b5d2b41b7adb8a520da0aa4d66aa4839b3502c52f62e71a78f9ad6de6051c4891085661c58e56c4a17658cb29be8968dcd6dcf9794cf936

  • /data/data/com.producepro.checkout.marchese/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    3bdc65195057d42de81b0ec2e3d4f6ee

    SHA1

    6b96e603ca1de87a8543145ea9e204301fdab29b

    SHA256

    b508df49e3da96d08d635eda96612bc583f2454d98a3243870b7318289893033

    SHA512

    09e8cd2b2c10045f03b16cb6aa894e96faf1d14882ce7482f447af2e08d1483a867a0781262b0f34e1ac9e01eadca5712308421d0ca01a3228fd0c4f7cc2cffb

  • /data/data/com.producepro.checkout.marchese/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    62c46de5f29a051a1dd3c1160e9453c7

    SHA1

    a1e12d8cce62b55bd3c533fd883898021576cab2

    SHA256

    3ebb015bf8356a02dbcfeeacb094329b4ada2532dd35269dc2d83679b7ccc383

    SHA512

    fa8b5639300968003cb330e234a4f2a77796e40e51441b75da4d191ff53d825d002297713acc4b018f2911f4a487061c97f10fa6092522fd48553e209c9fc621

  • /data/data/com.producepro.checkout.marchese/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    06956fcd61dde81412cb470eaaf15574

    SHA1

    d2c4ce7f735d5f7d834928e5e1b1e635d1edeed0

    SHA256

    3dbf28ea5983f0dc2d1f012b666219bf75e7e13ed73de897a9b68cf6bae2a20f

    SHA512

    8116faef3c3ddf6433dedc38420fe569e29a884cdbd7dec8bf454a22db41f9f5fd80b14a5c36a2357f9bc448024c77f619ab6f1a0b71fd2a195334b7d4726ba9

  • /data/data/com.producepro.checkout.marchese/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    db274079e49a32b5fff25908321f0965

    SHA1

    99a33c46c439127aa008fc0c8b95721e0000391d

    SHA256

    1804f9e0fc77de51202d81d87f6848151633cbb63f8445b2c9968e2fca58de6c

    SHA512

    51c7cf3e766226183598717c90982b58f091f66e0f19fe2bcbea4ce23f426b018794c137c52cb2116ad795763ead4e072c520d4193ddf2687b76ad29e5507dc1

  • /data/data/com.producepro.checkout.marchese/no_backup/metrica_client_data.db-journal

    Filesize

    406KB

    MD5

    11a18237245e4824a5518015e0e90445

    SHA1

    27119b5a589a6b1aa41bcb340d277f9397ac9589

    SHA256

    6d59f2f2dd4970a8f33311a76abce8e73ee073d3f18fe6e1f6fad875c6a835e8

    SHA512

    dc97ac3245b2ad1136710cc117ac35049cf4849fa94e1a8165478deec19b10f8a9d8cabff0248097de118b5beb31f7648efacf9369ef4ac0bbd5881f6bcbb0f9

  • /data/data/com.producepro.checkout.marchese/no_backup/metrica_client_data.db-shm

    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.producepro.checkout.marchese/no_backup/metrica_client_data.db-wal

    Filesize

    32KB

    MD5

    6feffe180d93bd41732fee0ea9a7486b

    SHA1

    b7283d675ebc67e564ce63fdaf0e67563fd008b7

    SHA256

    d0e8d773217450370e46263f5ff053634301bacffb2e30155bf364e8e382661d

    SHA512

    fd9588a2e9f4815be4b31359d561e154507acea61b3098f9877a64dda2a5e43da3c1e87af36ce2a3605f87cafa22d3b3b6b7e98b8e99d6ce150f5d23cbdacabf

  • /data/data/com.producepro.checkout.marchese/no_backup/metrica_client_data.db-wal

    Filesize

    8KB

    MD5

    1f630113d156d31bf55c8a2c04740729

    SHA1

    a0eed0a4859cd79d6cd9ca879a28e62bd7ead4b1

    SHA256

    b31570c6aca5b115cf4ba298b617155d13952e4a999eb418c6e883c98a996229

    SHA512

    a0b5fcbeaa14fb55c147b391fa8e03d847cd289cea9897a6c1060d4015801aefc8571e1d1cacff8c3bc7d55c7eb67839d3c7c9170017a051e2477c632a3a3082

  • /data/data/com.producepro.checkout.marchese/no_backup/metrica_client_data.db-wal

    Filesize

    32KB

    MD5

    a2275b54ddc3722e4e80e4ff1e5a6a96

    SHA1

    7d19e0b076291bee0fc4da17c25b359b5c512900

    SHA256

    44fbe8835f1fa5e921e7170da9602414a0882a48a430642367d9ac726ded4e34

    SHA512

    80a59c7a484a54d830a3c363d7164a5337294925604144107155417b90c4eb1e4759a0e0d0da495883067ec6d6e67a18a400f965dd2e72de5ab2d41eddaeba20

  • /data/data/com.producepro.checkout.marchese/no_backup/metrica_data.db

    Filesize

    44KB

    MD5

    b1cb0d07b66a22928daf0bd5827cdcb0

    SHA1

    6013842b41d368b721514c44ab86c7df7d5e8f1f

    SHA256

    4c22642f9e470a4690cf753b87a38b32f02ef7835c4370c4355119107c7a6f01

    SHA512

    ec70b1069f913632ec89f98f4e9bccf76a755ff9851704858b89131af1ed828798a30132625de43cfabcc385dc83f9f5a1102f4315b699084932550a63a9629e