Analysis
-
max time kernel
179s -
max time network
151s -
platform
android_x64 -
resource
android-x64-20240514-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system -
submitted
03-06-2024 08:17
Static task
static1
Behavioral task
behavioral1
Sample
91166d014ba911eed2e34efbf2bedfae_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
91166d014ba911eed2e34efbf2bedfae_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
91166d014ba911eed2e34efbf2bedfae_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
91166d014ba911eed2e34efbf2bedfae_JaffaCakes118.apk
-
Size
3.3MB
-
MD5
91166d014ba911eed2e34efbf2bedfae
-
SHA1
4d3683fd4d4fe7748065dab04d7d66f710b5ddc1
-
SHA256
5db8a8ba679ec72512ee4cf8b4baaad9ebe1276811e520278e8f8aed023d890b
-
SHA512
2a15a46c5b227ffc6f1f15c1b5e1b263faf196530812e990a0fc3271865764d6a97fa6df0336a87036c84d6216a89fd81f385dd8eb9d74bc1b9d718a3fa1d5b9
-
SSDEEP
98304:fPrL/jD6ZNvBoknQqBDCirqDMaepvb3LHOtywXj3kYK1pGE:fDDSZNKkBQe5J
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
Processes:
com.producepro.checkout.marchese:Metricaioc process /system/app/Superuser.apk com.producepro.checkout.marchese:Metrica /sbin/su com.producepro.checkout.marchese:Metrica -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.producepro.checkout.marchesecom.producepro.checkout.marchese:Metricadescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.producepro.checkout.marchese Framework service call android.app.IActivityManager.getRunningAppProcesses com.producepro.checkout.marchese:Metrica -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.producepro.checkout.marchesecom.producepro.checkout.marchese:Metricadescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.producepro.checkout.marchese Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.producepro.checkout.marchese:Metrica -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.producepro.checkout.marchesedescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.producepro.checkout.marchese -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.producepro.checkout.marchesedescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.producepro.checkout.marchese -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Schedules tasks to execute at a specified time 1 TTPs 2 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
com.producepro.checkout.marchesecom.producepro.checkout.marchese:Metricadescription ioc process Framework service call android.app.job.IJobScheduler.schedule com.producepro.checkout.marchese Framework service call android.app.job.IJobScheduler.schedule com.producepro.checkout.marchese:Metrica -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
Processes:
com.producepro.checkout.marchese:Metricacom.producepro.checkout.marchesedescription ioc process Framework API call javax.crypto.Cipher.doFinal com.producepro.checkout.marchese:Metrica Framework API call javax.crypto.Cipher.doFinal com.producepro.checkout.marchese
Processes
-
com.producepro.checkout.marchese1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:5174
-
com.producepro.checkout.marchese:Metrica1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:5224
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
12KB
MD5c5afc1e1098246fe71551dbb2191612c
SHA1d6cdc8a47c8ffcf95db4cb3f5e3b4714da564a9c
SHA2568ba2a2b08977e7b4fa96da086bc6ae7f01edbde53b39838d3e610383e7c41cb9
SHA5126652fa608ec3ab20ed2303ea7b28d466d66e40b4c6397f47a18ed76b8504abd1ae0ae2dbbfb470afd2f53e0c9d5ecf61cf278686b4d04e7e2eca80c7dea0587c
-
Filesize
233B
MD53ba93c13900d91db71170c467c3736ff
SHA1b210542e49baa1913dcdd454d6154f623a3e8d9d
SHA25612e15134727efe5ec1822c7e19162b3c48b8c17afa29f622880ceb67729a082c
SHA512d1024a8621692550cb20918a2976056faabcfd8f76db8cce0e2681972b87eee64fb0b1037826d07b85f613a7f2014618686a34f2f257646dd71c4eebec5f8dd3
-
Filesize
36KB
MD5e29f572e6203f535b4fca684a43bc046
SHA120a43512907030b1bad53c085cdc3a4b0ac7c8f0
SHA2565b619fc937c9efa835d3645290b5f954c942ed63de6dbd39b8c138fab6ebeff7
SHA512a1aae804d1dcab3d267dc6d7fc91fad8488608aa0b7b2e00a248c9599fba9815124498f25444240dcc875a7820380e9f39c3c92fafd79e8a58e11ddefae678d1
-
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese-journal
Filesize20KB
MD523edad61398bcac36b37650eff6cb6e5
SHA16b957630611de0aeae15440ca7dc46e265f13cf6
SHA25631ad812ada7ceb3089da85916ceed1d58cec40fa043b9086fc1269ca4b7cf791
SHA512b3d5b0bd2ffa3ab3954bf60d5cf50fd380c1377174dc283fc7328a84a54032f21cfab9428049e8e739827548806c67481b91acf945955cfe934d49c26fbfb09d
-
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese-journal
Filesize20KB
MD5eceadd4187150bd9ce726a6040e665d6
SHA170a72422262b84d37b7a52d7c2a4d8e2ca6a637e
SHA256ce33bdc33fa2f4dee53824921f2d5be6616bf1d8a7a5cea1a7af88df7b74fe65
SHA512f94c31448e2958d0d20191033a9bde2e29a0c35eb013ae92bb9f088a9cf55f05db9a6fbb6696013d2c6eb0d7e812d7ed9541d4c0c0b16fb7505ec09307f1d132
-
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese-journal
Filesize8KB
MD503e7ed0d6076a0bb65b21b9406a8f231
SHA1301473f88ccd9b1e828d02a9eb3af857fbeb6d0f
SHA256070c36dc44348923281f7af7076ab5f7a519ddef30b91a7eee7377d49b71e0fe
SHA512c542a31199473e42ef4ec22cde350af2af8664d4e5a969814dc59f824d32a75b0d54f43016b9165180f40b93f8e559a3c14b66be0d7d784969972e95d68a9276
-
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese-journal
Filesize12KB
MD532a3a3f9e4b5d4fc8bf178971dfef622
SHA14cd2c231ec5cfd6141f74be9e8680550813bd2a4
SHA25688e59e358ea2aec598d7f23ecb757646d46e03501fb6fa502938182518c8688b
SHA512efc0f1148e63145329281fd3d76c20a2975d0d84c1276433654f4f0630185edf19f09b761302b10e0ce19e24039507b6753277fcbccc6af40bd5c61d9e7f4dc0
-
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese-journal
Filesize12KB
MD5bd3de75a21d57cc7a509f54a2c95ad1f
SHA15fb47008768f8bcbcb2686cdcadc4101b1399573
SHA2561a00c5bf1381ea360dc36ec78584e22d20f4de6812b9e7a64223f17043e10480
SHA512adc9505f9670f85639624f0752abee954251ba79c53a10f4324015e6942d4ed503db210a4afd045eb041b43a4cf0cc3b4a874ec1ef86b3682d387a099ce79f53
-
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese-journal
Filesize12KB
MD5c32ff26e5cbeca396873e901032bfbc8
SHA15e4aa96a2d9a0a042af58dafeeb1c39f8c573021
SHA25657084e326c136ca046203c1029b3c0d0bf355813ac8981e1f3eb9e5becc1aa04
SHA5126d5d4b8441f27f8490ad24ef6d7ae8da9f31564b7a98fce95850b86bce2b5faf3d09e3b8f4ec9f6325d7647eba0f70b748fc429190a282894f15af68b4f00c3e
-
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180
Filesize36KB
MD5b6e603fa84cc865ef682adce43769948
SHA18548eb62c5b95dcc982488ea9ce41999728e886f
SHA2567511619dbf4898b852384a4d19a7382b41acaff75ec53d228c4428008b3c8f55
SHA51223ad23ab3f6cfc2b72f076a89c101303df8a78605fee4b2ac631f733b1d1259ef8689867f230b76897ac42cb6d9f300d5ef0637645d009d1e952da82ea031fbe
-
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize512B
MD5ebb2e3631a31eef8a06d653830ab193b
SHA1a37d707eaf94d8e80ff663a2bcedda05ab6452c5
SHA2569f4c34e7e7b53dabd7e836db70f7be03d2c6ed951459495d8e8ed3aeaa071688
SHA5123e68d33cf2b47eeeb17f9d3d7902ec5373e8ffefbcdc76b444b69f4b8e084fabc98d70cbe0c4601a6d5573d107784389ceed10c74fdfcc86e7fe1c050b260b75
-
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize8KB
MD53c3cf8e9f697bb16b955eeb26dca8f43
SHA1cb5c90f9865b910b26fc0df93337c4c6bb34da93
SHA2563fa3a5b279cd4b77c460cd7108e00842f5d15bd12a549834f7c150b6ee7f68bf
SHA512f817f60964791d1622afb409135a1963d598efef737bc0e5fdae5aa93260a795c839cada85cddee71af34948a5fd95a757499dde87686549bb255b168f1402ec
-
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize8KB
MD5d78747a322c1b5195e06ff80fc8a0705
SHA1adeab24da7489851625c68c6b0199858b3c65828
SHA2561acb6787e24cd476404551822443c958374adcc2403e410e86001e0787e71e63
SHA5127852e6ab50d5af7291311afab154304e19b9a6dbd6d2b084e97135ed2e0f925c598a0ebb6a7199daaacbc79f49b730fc924df3b3b8752e6733661eb644486b9d
-
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize12KB
MD50bc7897c695152a879bde1eb6ae4ffa8
SHA1e0930112e90914ac22c4d87b4e3cca7f41a54e65
SHA256d83bc1fd161eeeff74ad2d5656b6858453d899d0733f2baba11d433a2e566003
SHA5126f17f4e9bb09a4078703f87bc91b019f48defebc3598b2f3fd75609113e447c897e671dd6b9bace219a76a1cf65d785378fd589ede0d86bbadc855e4091c1b99
-
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize12KB
MD5f54ef8238dfc9dfefb40fc3cf11299ac
SHA179d26255892b8ea41dd33cf46bfd10562d9deb35
SHA256b258f252acc19c273d3a5056188cb69b58956a6f744459b914b57d7ac6d9e85b
SHA5127861de07943e74c1ac523be1fe21f984943d972a6263234ee35eeef1e8381c95434f14e01eef94f05d3a058866b425a651f3ca27e4944c6e85b319c177551a63
-
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize12KB
MD5a117117b4477ce03350c418a42a8b2ab
SHA142f7998904ddc99b547cc03c5e44beb8afb6a79a
SHA2565931b7158e1a067d255ab454abfb8c03c7739271baefc9056271ac1ab6a18920
SHA51242a46e87ca70c07094bd7ac1b1ab1e13f5a7261a8d0083d2950804e2a37396b8af22351b92aec31424d7bc5699ef0456b634b9ce98b4120b613d6f12be1fb3bf
-
Filesize
20KB
MD52df3cbf3b3acf2be12ceaf716202790a
SHA15e73e3ac54588a5c7b28547ed5c8a6df14e2ced5
SHA25640c5c2ac49cebb8b0afe1a0f61421e7a79e3f78da37eeca769fb881bf394ae74
SHA5121e4573ea66ee27fd165d880c1f0175e3419e15aa92a002a06950482c80aee33bd83e2ad6e93ba04708649f5b488fa429183fcd7a9b9a72747f7ef13b192874be
-
Filesize
20KB
MD5484df068dc370197c0e37af4f433f772
SHA15d071329bf5182e60b2d268adca542901d492001
SHA2563ebaaa9fc7a9245b413f62f91d9e689d468456dd4b6ce2408bcd2003cbdbfbd0
SHA512587e7b68f2c167d39dd50744f2892a461a67cb073e8cf9f6eb2ab752e07841440dbe212af32958248d15af5d4001e7fa12f86cad62578ef31999355a86c3b0b5
-
Filesize
20KB
MD5ea9c2dc01d788f2ed7ad6a455e32335a
SHA13da6ee06226734e9a402c3ef2b542af3b509b6af
SHA256ddcb0e1970efc2dcb42a4dd328ef8c10f3512b39a47277d5b075fd3b92dfc3a7
SHA5125b834f25f6f8afea98eec78cf8e148671ceca48aee8019e09308389c1f336e47e55666fedf66e09c97e827c375ade0fad635b98686ebd2f72240108670d25e76
-
Filesize
8KB
MD5dcafcaa55c565970ce910666cbc2784a
SHA1d7f402bcbd1d5ad956cb2ad0feb46dda6b9c524f
SHA2569395e80509113f5a8c6201ec8c75ad7b5d0673c1a9d99467d62bdaf1b32672d3
SHA512f55886537d2232d2372b94b05a3d1332ed7dc56e58f7fa77406a8e539edd4889d1aea25fb2ef5adf621daa3dc343e2e6e1bc54cf94d1ef4b9f3466616412f39b
-
Filesize
8KB
MD511ccc4ee46bfa88b77cafbeaed88357f
SHA186e0ec321037b80ce31f436f7af83b4950b41bb3
SHA25644e900ff88d911e1ee1854b10ae8077cc51994a75bd5ca5898c8b2a644bf4afc
SHA512c795d331d3c5df2fba4b6c2556e19790424d6e048eb3771ada40ba0574aa8371d04f733b0c3a532f0f43c6f4d4f85ae628adfec497be616b495baea48eedbccc
-
Filesize
12KB
MD5ca5b72650ae03e873d5d6c29677fa1d1
SHA157a95310c9f8b775e095c78aba8e12f15d6e0201
SHA25693784e9fbfe4e9fbd18964bae9d5f96d99d36b18d060801e9b202e1105669450
SHA512cacba44f160e73e244c1bd0b7af28231ae1ac9c5f22af1aa0684accb77b7610820f5677fde78fb11e6b07dac346a6c8e3ae06b8433a5ca278567535ebfe0d708
-
Filesize
12KB
MD5eef8ade74b9a83f23c209e158f45920d
SHA1110eaca4fb2899ca8456cf8144a4e6542fab592d
SHA256f4dffd7ab765cd577980f1a3bb2c2913dc45aba82dc08b797e1f655f69bca580
SHA512842ffcc176804c1e9ff870fee1df8d47ef613dd743d0f8df23cb78ac7cab5da26c60d10ad96b36392cb1afc9472ccd3df454d7f91f67d45d6923600a8a337c49
-
Filesize
12KB
MD5ad328de05efa771724c768365ea79d88
SHA1add5e9a0c27d76e18e10a87b6a76ea200122aeec
SHA256e55c16d9beaf2e34873b99f4504e71d5be335694bfacd54d8afec7a2996c83eb
SHA512ee5e78f8e67037bc140b33ce0115b079f73b162f3758bbcda78993b1c02d003dfdfa9ef755ab017bbe86a56e4ced2aae305e066de1960eee169e747f1a14f712
-
Filesize
44KB
MD5f3d211c4fa48718985307783cbf99a7e
SHA10fe4203c1c0da99876890db9f315b349a112b4e3
SHA256da65dd93fc923ce7965a60e139095abd68d4fb57b8c376ee16da06b67f91c14e
SHA51242d37d987388b071b7724a4415ae44db7f860f9edc0973efe61deb9775cc8ee634f00eacd446baef38878e6a48c1a6b2c2ffd00616fe00ec6c60459928ba6bbc
-
Filesize
12KB
MD5db1f7ccc7bddbb448bc5fd512bbed4b4
SHA1fceabe8a6413901f3a2f7c555552ce1d0fa004de
SHA256216c145b36ce3f98a35cb0f53a852135605f7de06cd3dcf4810137fd758c8e58
SHA512db158b3a96f76fbd740f85b108e8d15dbde90c755a4209b94546d45f5443e4244cd20fb6ce95145d8885fab8a5579403e86536ab8257adce88db96547e636cf3