Analysis

  • max time kernel
    179s
  • max time network
    151s
  • platform
    android_x64
  • resource
    android-x64-20240514-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
  • submitted
    03-06-2024 08:17

General

  • Target

    91166d014ba911eed2e34efbf2bedfae_JaffaCakes118.apk

  • Size

    3.3MB

  • MD5

    91166d014ba911eed2e34efbf2bedfae

  • SHA1

    4d3683fd4d4fe7748065dab04d7d66f710b5ddc1

  • SHA256

    5db8a8ba679ec72512ee4cf8b4baaad9ebe1276811e520278e8f8aed023d890b

  • SHA512

    2a15a46c5b227ffc6f1f15c1b5e1b263faf196530812e990a0fc3271865764d6a97fa6df0336a87036c84d6216a89fd81f385dd8eb9d74bc1b9d718a3fa1d5b9

  • SSDEEP

    98304:fPrL/jD6ZNvBoknQqBDCirqDMaepvb3LHOtywXj3kYK1pGE:fDDSZNKkBQe5J

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 2 IoCs
  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
  • Reads information about phone network operator. 1 TTPs
  • Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

Processes

  • com.producepro.checkout.marchese
    1⤵
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:5174
  • com.producepro.checkout.marchese:Metrica
    1⤵
    • Checks if the Android device is rooted.
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:5224

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.producepro.checkout.marchese/files/ZPkFS.log

    Filesize

    12KB

    MD5

    c5afc1e1098246fe71551dbb2191612c

    SHA1

    d6cdc8a47c8ffcf95db4cb3f5e3b4714da564a9c

    SHA256

    8ba2a2b08977e7b4fa96da086bc6ae7f01edbde53b39838d3e610383e7c41cb9

    SHA512

    6652fa608ec3ab20ed2303ea7b28d466d66e40b4c6397f47a18ed76b8504abd1ae0ae2dbbfb470afd2f53e0c9d5ecf61cf278686b4d04e7e2eca80c7dea0587c

  • /data/data/com.producepro.checkout.marchese/no_backup/credentials.dat

    Filesize

    233B

    MD5

    3ba93c13900d91db71170c467c3736ff

    SHA1

    b210542e49baa1913dcdd454d6154f623a3e8d9d

    SHA256

    12e15134727efe5ec1822c7e19162b3c48b8c17afa29f622880ceb67729a082c

    SHA512

    d1024a8621692550cb20918a2976056faabcfd8f76db8cce0e2681972b87eee64fb0b1037826d07b85f613a7f2014618686a34f2f257646dd71c4eebec5f8dd3

  • /data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese

    Filesize

    36KB

    MD5

    e29f572e6203f535b4fca684a43bc046

    SHA1

    20a43512907030b1bad53c085cdc3a4b0ac7c8f0

    SHA256

    5b619fc937c9efa835d3645290b5f954c942ed63de6dbd39b8c138fab6ebeff7

    SHA512

    a1aae804d1dcab3d267dc6d7fc91fad8488608aa0b7b2e00a248c9599fba9815124498f25444240dcc875a7820380e9f39c3c92fafd79e8a58e11ddefae678d1

  • /data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese-journal

    Filesize

    20KB

    MD5

    23edad61398bcac36b37650eff6cb6e5

    SHA1

    6b957630611de0aeae15440ca7dc46e265f13cf6

    SHA256

    31ad812ada7ceb3089da85916ceed1d58cec40fa043b9086fc1269ca4b7cf791

    SHA512

    b3d5b0bd2ffa3ab3954bf60d5cf50fd380c1377174dc283fc7328a84a54032f21cfab9428049e8e739827548806c67481b91acf945955cfe934d49c26fbfb09d

  • /data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese-journal

    Filesize

    20KB

    MD5

    eceadd4187150bd9ce726a6040e665d6

    SHA1

    70a72422262b84d37b7a52d7c2a4d8e2ca6a637e

    SHA256

    ce33bdc33fa2f4dee53824921f2d5be6616bf1d8a7a5cea1a7af88df7b74fe65

    SHA512

    f94c31448e2958d0d20191033a9bde2e29a0c35eb013ae92bb9f088a9cf55f05db9a6fbb6696013d2c6eb0d7e812d7ed9541d4c0c0b16fb7505ec09307f1d132

  • /data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese-journal

    Filesize

    8KB

    MD5

    03e7ed0d6076a0bb65b21b9406a8f231

    SHA1

    301473f88ccd9b1e828d02a9eb3af857fbeb6d0f

    SHA256

    070c36dc44348923281f7af7076ab5f7a519ddef30b91a7eee7377d49b71e0fe

    SHA512

    c542a31199473e42ef4ec22cde350af2af8664d4e5a969814dc59f824d32a75b0d54f43016b9165180f40b93f8e559a3c14b66be0d7d784969972e95d68a9276

  • /data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese-journal

    Filesize

    12KB

    MD5

    32a3a3f9e4b5d4fc8bf178971dfef622

    SHA1

    4cd2c231ec5cfd6141f74be9e8680550813bd2a4

    SHA256

    88e59e358ea2aec598d7f23ecb757646d46e03501fb6fa502938182518c8688b

    SHA512

    efc0f1148e63145329281fd3d76c20a2975d0d84c1276433654f4f0630185edf19f09b761302b10e0ce19e24039507b6753277fcbccc6af40bd5c61d9e7f4dc0

  • /data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese-journal

    Filesize

    12KB

    MD5

    bd3de75a21d57cc7a509f54a2c95ad1f

    SHA1

    5fb47008768f8bcbcb2686cdcadc4101b1399573

    SHA256

    1a00c5bf1381ea360dc36ec78584e22d20f4de6812b9e7a64223f17043e10480

    SHA512

    adc9505f9670f85639624f0752abee954251ba79c53a10f4324015e6942d4ed503db210a4afd045eb041b43a4cf0cc3b4a874ec1ef86b3682d387a099ce79f53

  • /data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese-journal

    Filesize

    12KB

    MD5

    c32ff26e5cbeca396873e901032bfbc8

    SHA1

    5e4aa96a2d9a0a042af58dafeeb1c39f8c573021

    SHA256

    57084e326c136ca046203c1029b3c0d0bf355813ac8981e1f3eb9e5becc1aa04

    SHA512

    6d5d4b8441f27f8490ad24ef6d7ae8da9f31564b7a98fce95850b86bce2b5faf3d09e3b8f4ec9f6325d7647eba0f70b748fc429190a282894f15af68b4f00c3e

  • /data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180

    Filesize

    36KB

    MD5

    b6e603fa84cc865ef682adce43769948

    SHA1

    8548eb62c5b95dcc982488ea9ce41999728e886f

    SHA256

    7511619dbf4898b852384a4d19a7382b41acaff75ec53d228c4428008b3c8f55

    SHA512

    23ad23ab3f6cfc2b72f076a89c101303df8a78605fee4b2ac631f733b1d1259ef8689867f230b76897ac42cb6d9f300d5ef0637645d009d1e952da82ea031fbe

  • /data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    512B

    MD5

    ebb2e3631a31eef8a06d653830ab193b

    SHA1

    a37d707eaf94d8e80ff663a2bcedda05ab6452c5

    SHA256

    9f4c34e7e7b53dabd7e836db70f7be03d2c6ed951459495d8e8ed3aeaa071688

    SHA512

    3e68d33cf2b47eeeb17f9d3d7902ec5373e8ffefbcdc76b444b69f4b8e084fabc98d70cbe0c4601a6d5573d107784389ceed10c74fdfcc86e7fe1c050b260b75

  • /data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    8KB

    MD5

    3c3cf8e9f697bb16b955eeb26dca8f43

    SHA1

    cb5c90f9865b910b26fc0df93337c4c6bb34da93

    SHA256

    3fa3a5b279cd4b77c460cd7108e00842f5d15bd12a549834f7c150b6ee7f68bf

    SHA512

    f817f60964791d1622afb409135a1963d598efef737bc0e5fdae5aa93260a795c839cada85cddee71af34948a5fd95a757499dde87686549bb255b168f1402ec

  • /data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    8KB

    MD5

    d78747a322c1b5195e06ff80fc8a0705

    SHA1

    adeab24da7489851625c68c6b0199858b3c65828

    SHA256

    1acb6787e24cd476404551822443c958374adcc2403e410e86001e0787e71e63

    SHA512

    7852e6ab50d5af7291311afab154304e19b9a6dbd6d2b084e97135ed2e0f925c598a0ebb6a7199daaacbc79f49b730fc924df3b3b8752e6733661eb644486b9d

  • /data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    12KB

    MD5

    0bc7897c695152a879bde1eb6ae4ffa8

    SHA1

    e0930112e90914ac22c4d87b4e3cca7f41a54e65

    SHA256

    d83bc1fd161eeeff74ad2d5656b6858453d899d0733f2baba11d433a2e566003

    SHA512

    6f17f4e9bb09a4078703f87bc91b019f48defebc3598b2f3fd75609113e447c897e671dd6b9bace219a76a1cf65d785378fd589ede0d86bbadc855e4091c1b99

  • /data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    12KB

    MD5

    f54ef8238dfc9dfefb40fc3cf11299ac

    SHA1

    79d26255892b8ea41dd33cf46bfd10562d9deb35

    SHA256

    b258f252acc19c273d3a5056188cb69b58956a6f744459b914b57d7ac6d9e85b

    SHA512

    7861de07943e74c1ac523be1fe21f984943d972a6263234ee35eeef1e8381c95434f14e01eef94f05d3a058866b425a651f3ca27e4944c6e85b319c177551a63

  • /data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    12KB

    MD5

    a117117b4477ce03350c418a42a8b2ab

    SHA1

    42f7998904ddc99b547cc03c5e44beb8afb6a79a

    SHA256

    5931b7158e1a067d255ab454abfb8c03c7739271baefc9056271ac1ab6a18920

    SHA512

    42a46e87ca70c07094bd7ac1b1ab1e13f5a7261a8d0083d2950804e2a37396b8af22351b92aec31424d7bc5699ef0456b634b9ce98b4120b613d6f12be1fb3bf

  • /data/data/com.producepro.checkout.marchese/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    2df3cbf3b3acf2be12ceaf716202790a

    SHA1

    5e73e3ac54588a5c7b28547ed5c8a6df14e2ced5

    SHA256

    40c5c2ac49cebb8b0afe1a0f61421e7a79e3f78da37eeca769fb881bf394ae74

    SHA512

    1e4573ea66ee27fd165d880c1f0175e3419e15aa92a002a06950482c80aee33bd83e2ad6e93ba04708649f5b488fa429183fcd7a9b9a72747f7ef13b192874be

  • /data/data/com.producepro.checkout.marchese/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    484df068dc370197c0e37af4f433f772

    SHA1

    5d071329bf5182e60b2d268adca542901d492001

    SHA256

    3ebaaa9fc7a9245b413f62f91d9e689d468456dd4b6ce2408bcd2003cbdbfbd0

    SHA512

    587e7b68f2c167d39dd50744f2892a461a67cb073e8cf9f6eb2ab752e07841440dbe212af32958248d15af5d4001e7fa12f86cad62578ef31999355a86c3b0b5

  • /data/data/com.producepro.checkout.marchese/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    ea9c2dc01d788f2ed7ad6a455e32335a

    SHA1

    3da6ee06226734e9a402c3ef2b542af3b509b6af

    SHA256

    ddcb0e1970efc2dcb42a4dd328ef8c10f3512b39a47277d5b075fd3b92dfc3a7

    SHA512

    5b834f25f6f8afea98eec78cf8e148671ceca48aee8019e09308389c1f336e47e55666fedf66e09c97e827c375ade0fad635b98686ebd2f72240108670d25e76

  • /data/data/com.producepro.checkout.marchese/no_backup/metrica_client_data.db-journal

    Filesize

    8KB

    MD5

    dcafcaa55c565970ce910666cbc2784a

    SHA1

    d7f402bcbd1d5ad956cb2ad0feb46dda6b9c524f

    SHA256

    9395e80509113f5a8c6201ec8c75ad7b5d0673c1a9d99467d62bdaf1b32672d3

    SHA512

    f55886537d2232d2372b94b05a3d1332ed7dc56e58f7fa77406a8e539edd4889d1aea25fb2ef5adf621daa3dc343e2e6e1bc54cf94d1ef4b9f3466616412f39b

  • /data/data/com.producepro.checkout.marchese/no_backup/metrica_client_data.db-journal

    Filesize

    8KB

    MD5

    11ccc4ee46bfa88b77cafbeaed88357f

    SHA1

    86e0ec321037b80ce31f436f7af83b4950b41bb3

    SHA256

    44e900ff88d911e1ee1854b10ae8077cc51994a75bd5ca5898c8b2a644bf4afc

    SHA512

    c795d331d3c5df2fba4b6c2556e19790424d6e048eb3771ada40ba0574aa8371d04f733b0c3a532f0f43c6f4d4f85ae628adfec497be616b495baea48eedbccc

  • /data/data/com.producepro.checkout.marchese/no_backup/metrica_client_data.db-journal

    Filesize

    12KB

    MD5

    ca5b72650ae03e873d5d6c29677fa1d1

    SHA1

    57a95310c9f8b775e095c78aba8e12f15d6e0201

    SHA256

    93784e9fbfe4e9fbd18964bae9d5f96d99d36b18d060801e9b202e1105669450

    SHA512

    cacba44f160e73e244c1bd0b7af28231ae1ac9c5f22af1aa0684accb77b7610820f5677fde78fb11e6b07dac346a6c8e3ae06b8433a5ca278567535ebfe0d708

  • /data/data/com.producepro.checkout.marchese/no_backup/metrica_client_data.db-journal

    Filesize

    12KB

    MD5

    eef8ade74b9a83f23c209e158f45920d

    SHA1

    110eaca4fb2899ca8456cf8144a4e6542fab592d

    SHA256

    f4dffd7ab765cd577980f1a3bb2c2913dc45aba82dc08b797e1f655f69bca580

    SHA512

    842ffcc176804c1e9ff870fee1df8d47ef613dd743d0f8df23cb78ac7cab5da26c60d10ad96b36392cb1afc9472ccd3df454d7f91f67d45d6923600a8a337c49

  • /data/data/com.producepro.checkout.marchese/no_backup/metrica_client_data.db-journal

    Filesize

    12KB

    MD5

    ad328de05efa771724c768365ea79d88

    SHA1

    add5e9a0c27d76e18e10a87b6a76ea200122aeec

    SHA256

    e55c16d9beaf2e34873b99f4504e71d5be335694bfacd54d8afec7a2996c83eb

    SHA512

    ee5e78f8e67037bc140b33ce0115b079f73b162f3758bbcda78993b1c02d003dfdfa9ef755ab017bbe86a56e4ced2aae305e066de1960eee169e747f1a14f712

  • /data/data/com.producepro.checkout.marchese/no_backup/metrica_data.db

    Filesize

    44KB

    MD5

    f3d211c4fa48718985307783cbf99a7e

    SHA1

    0fe4203c1c0da99876890db9f315b349a112b4e3

    SHA256

    da65dd93fc923ce7965a60e139095abd68d4fb57b8c376ee16da06b67f91c14e

    SHA512

    42d37d987388b071b7724a4415ae44db7f860f9edc0973efe61deb9775cc8ee634f00eacd446baef38878e6a48c1a6b2c2ffd00616fe00ec6c60459928ba6bbc

  • /data/data/com.producepro.checkout.marchese/no_backup/metrica_data.db-journal

    Filesize

    12KB

    MD5

    db1f7ccc7bddbb448bc5fd512bbed4b4

    SHA1

    fceabe8a6413901f3a2f7c555552ce1d0fa004de

    SHA256

    216c145b36ce3f98a35cb0f53a852135605f7de06cd3dcf4810137fd758c8e58

    SHA512

    db158b3a96f76fbd740f85b108e8d15dbde90c755a4209b94546d45f5443e4244cd20fb6ce95145d8885fab8a5579403e86536ab8257adce88db96547e636cf3