Analysis

  • max time kernel
    178s
  • max time network
    153s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240514-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
  • submitted
    03-06-2024 08:17

General

  • Target

    91166d014ba911eed2e34efbf2bedfae_JaffaCakes118.apk

  • Size

    3.3MB

  • MD5

    91166d014ba911eed2e34efbf2bedfae

  • SHA1

    4d3683fd4d4fe7748065dab04d7d66f710b5ddc1

  • SHA256

    5db8a8ba679ec72512ee4cf8b4baaad9ebe1276811e520278e8f8aed023d890b

  • SHA512

    2a15a46c5b227ffc6f1f15c1b5e1b263faf196530812e990a0fc3271865764d6a97fa6df0336a87036c84d6216a89fd81f385dd8eb9d74bc1b9d718a3fa1d5b9

  • SSDEEP

    98304:fPrL/jD6ZNvBoknQqBDCirqDMaepvb3LHOtywXj3kYK1pGE:fDDSZNKkBQe5J

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 3 IoCs
  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Checks if the internet connection is available 1 TTPs 1 IoCs
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
  • Reads information about phone network operator. 1 TTPs
  • Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

Processes

  • com.producepro.checkout.marchese
    1⤵
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Checks if the internet connection is available
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4631
  • com.producepro.checkout.marchese:Metrica
    1⤵
    • Checks if the Android device is rooted.
    • Queries information about running processes on the device
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4678

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.producepro.checkout.marchese/files/ZPkFS.log

    Filesize

    12KB

    MD5

    674dcc8e6d748712ef8a58143d677e71

    SHA1

    aa2db363626ff38cac6df2c0cf68366b6da4f60f

    SHA256

    be9b3120dc62ddd732cf11ac1a35fa3e60820e6813c111eb33553487f8e7e64a

    SHA512

    a175049a6b1b62752eb1553cc98d0c0423da10fbe23d1b50a67a57c353bf2b3256daf41e6120a201f7aad9ac435708edac8c783f72a9e78b27c2c328808505c2

  • /data/user/0/com.producepro.checkout.marchese/no_backup/credentials.dat

    Filesize

    234B

    MD5

    b6ab93ff3438beeabf1afcc314390ab6

    SHA1

    29f0a31d5c5d3afdb063bb95ad847b7821290b11

    SHA256

    29cc7c3a21e038b965ecf3dea291f83a759a22af8b0de8921a4db86b4ba725cd

    SHA512

    cf9f70bd02e8dec92adf3fb7f3a1eae60d48603ba918b8f5864d7c44ae8be72944f4eebf216b32ea81f0e5fa2e7421a9d0a58fc01bfb111ec95cbb3787def1b8

  • /data/user/0/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese

    Filesize

    36KB

    MD5

    121eb8aac48f0b6b6c0683084e748da3

    SHA1

    eea574651bc0d8992a5ace6eb6002dc714327449

    SHA256

    9ea81fee82f1709760bc7a20770a51af1a5617512adf8bab98f39f4e99891143

    SHA512

    a18da0b25343e72f1d30c88cf582f54a7e9d046b68cce223dffd3a1aafd76fadf28ccab4756921a8d14d7aa84a205cef0f697e222a72df2ac073cdda9a2fd203

  • /data/user/0/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese-journal

    Filesize

    20KB

    MD5

    3189d35ccfee8b7d37dbc468479809b3

    SHA1

    9fbd603edb9da83cca8b741cddbc2df5c069d476

    SHA256

    28c30ff96570ce27e946b4c530960c9734176870aaa0c3644cd5a83ffe04dc5a

    SHA512

    739aafaeb5560e3ff2bbaa45c4c56cbc0c598a1f2d0bae9d985d8ed7a25618a6aeccb641c97a62ba2d1ddaadc891f641ac5875176ea119076af00755838e6161

  • /data/user/0/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese-journal

    Filesize

    8KB

    MD5

    c7713d5f6dfb25101a5804cc06c9c56c

    SHA1

    28785226edcfe46fa17b9d5125d0f6d03c6174d7

    SHA256

    fd99a504a0ed3e8e9e13c9b5bfe886d67ac66726b9949e008ce1d21c6c86ca43

    SHA512

    9f1fc9c9b1e70f9bea8e65d38cc6de4e556e94d10e53e36e04a8164329bb622f1de7952632e2cabf052883749734f6612c42c85468298a6c54a55e322e208ea3

  • /data/user/0/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese-journal

    Filesize

    8KB

    MD5

    f2dcc6c1541fbcea7a62312acc3ae986

    SHA1

    c75960f90203844db51392065237e3e94348d9b4

    SHA256

    ae9986ac76c5c4515ad0954c7bbbd8a60605a0857ac7b649d565f8d4604ce916

    SHA512

    0b8dd72253a2659268b8cad7c33d439d76e63d835b8135193a0b94dd0d3322ee9023868ab41832fb0f21d205ef32d1cf67b5869ee0b60f8f47c5f1faf8805fa3

  • /data/user/0/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese-journal

    Filesize

    12KB

    MD5

    04f34749e80a868de5ee061a5603d6c7

    SHA1

    10b541c088ab583875f5ac93c030551f84988f32

    SHA256

    984f281446fb48b89e1d9b8d3ff0ef15f1653823bb3ffdacab31c3f9a0f24a10

    SHA512

    6bda8dbc9e4926a8e063f9152257392dfa497ec00a4b55c99cf15a268eef56b6ae1c454ce09a72ec03cee0d3dec82450d5c71a8833c2bb3ed9f3b2064ee286b5

  • /data/user/0/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese-journal

    Filesize

    12KB

    MD5

    cd34b8517f0f1a3106fd53b609e7a673

    SHA1

    9b6d1f3409d2e2014cd09d0f570b6686452c7838

    SHA256

    4ee5a6483249e23af58c157ccb2138403ef40eba258216d8f3a9eabe36985fc0

    SHA512

    660662e9516852c5477b7be443449c410f416b9c7e1ad48a7d50c1288d1df6e6ef88be126cbfeaaaa1f85f914f1dc32dbef0808bbeb575f11e03fe5d77f0445c

  • /data/user/0/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese-journal

    Filesize

    12KB

    MD5

    b4c5872252e177658682f781a00f1b70

    SHA1

    7fab05b24c0052f837d766bd2c4421a15e4b09fc

    SHA256

    1ff1fe1334c67a2f81570073d7e271cdc8e49a873ce4cc7030c11ce9856464af

    SHA512

    9179489e269f5d3858cf8bc02774877707b1dfec7eec8c13da04d1fab8db6e2e8eec24930fe1fe4ae3b293f1f4be2334146f9f45191d82bc2372af61110b8c77

  • /data/user/0/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180

    Filesize

    36KB

    MD5

    15959f736e0252798bbc0c17c74f655d

    SHA1

    752bfa892e26622deec4b647bf723d31d641d548

    SHA256

    12a5b20da260a3095b53c75a981a56c953101da3b2b9eb06fd44e56dc74a87dc

    SHA512

    c231ca8a6cd82a5a39c93c9e8e675f557276656e3cdf4af668dbd578ebb1a4c45893db0ef0d165ee93fdfe54464e86063390341d8cea94eb364f84e6072e17a2

  • /data/user/0/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    512B

    MD5

    d71497e7d3085d02ffb404d3143ecd33

    SHA1

    07bd80715719e9e6a9edf14170f606a03be642ed

    SHA256

    dfa0e649004feec97331146e6ade6cda6b991091185dfb7f4038cd5a44145f6c

    SHA512

    60a9e06e15684ddf16d150458d9b8477bb93788ab6aa20bcc2baf8506547f4b6cde540899eef5ac6b0a32146ee9ad5f7a9b52bab28b9464bc32a6c954498cab9

  • /data/user/0/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    8KB

    MD5

    7f17f3c1c151035fe4179b8e57071b80

    SHA1

    458f54178c13f3ecb3e3fecb3ce9a8fb8a3fea19

    SHA256

    14aaaec24856ff06a77de432ac2658ed48c2f4db1e7cb6c7ed829d849c929465

    SHA512

    321e53ed9dbf61f6030c1e336d312e203d1651f384b15348c114d446881a6cca18b6b344ef87af601795caefc37a9c60ee197ace7e4a1e2c8c8ad961a4278799

  • /data/user/0/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    8KB

    MD5

    db509929559d4faccf7f2d7b2453966e

    SHA1

    46822a630cb5e0217f9de5b4d336ddaf0b8c0f06

    SHA256

    ca6a3e6fbe584b76e4a60ed533078436e06441d4f7a4511d88b5658a55a4d1ec

    SHA512

    bcde1c36aefa0d3fe25722b4e4e05b5c1db2287889d4a95d2bebfe06ebdfaa5de86bf279e1e46668e6fcf9e95cab8e28b0671e7ec09ac574e23eeb76bac81e8b

  • /data/user/0/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    12KB

    MD5

    77fecd54fb1cbb9b6f79418921ffbc9c

    SHA1

    074cea67a79b4d539fec080e2b65bba81e9b48d9

    SHA256

    53598116de9dca8d009886df1ca14fd4f1e66c4291461f7672efb40359400e34

    SHA512

    462d1587afba030596093aa0d844e2daae19361b1f36f4544ce75fb1132f8cea2d66e9af3e5aa27c3f2b8c60dd11f8cdea0be6438cad6a607b65669fb2d3c4ad

  • /data/user/0/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    12KB

    MD5

    c302b0666d1d82573f622d6d33545cdd

    SHA1

    56294116a8eeb381b57c33e80533612ff81b5386

    SHA256

    efd12458035ca7472f2446405becb7d174a5fcd52399af7248ef50f9a46952cd

    SHA512

    8b60764f49d8b10b7330d744e8de1ee34217339142ef1f7d91f74ff908d71e8c963d3670f6e4c2447694d027dd0c11c53ca08e5b731fc67693c60b5a1447b377

  • /data/user/0/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    12KB

    MD5

    9dd3395d51dba6074c041fe397aed94a

    SHA1

    a69d63c1e208c1ad6eb4cbf70e95df20edff4e9a

    SHA256

    78cde44e6f45d301727ec86bf4905f8f1c23c2b24f5961b0aa6e9ae55dd4758d

    SHA512

    f36df10930461334986c07a26c51ca25ed005fa87932d9ebc153fe6be01d344935391b3007ca6e39281ebfea95752f909a25fc59929c4f916c5af7aa970c29af

  • /data/user/0/com.producepro.checkout.marchese/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    d75309b1d73e2c593f9c74bb96d9b955

    SHA1

    cb5c9a10f15bd5098d669b6f7550d32cd5e95865

    SHA256

    e9b813db35e4520d63ad52833f0ec26b714e9810f3aea21f6225e18bc6a17367

    SHA512

    aca8994061f592f600702d52bce09fdf3c93926c57507adc72ffe56fe993a83b55f3caee6795d95dc35779a8279af51197920127d11a4849a86e3b80bc5756e6

  • /data/user/0/com.producepro.checkout.marchese/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    e5639b469346d3d19c79ae3bdc2f4a9a

    SHA1

    b4d9041b94176f65417e63e77f0f324b81e8dded

    SHA256

    cf283c9f2c282ef339f1ac0c4eae7d6f44f86bc1744cbf8a9b5703edc7368aaf

    SHA512

    273aa09cf7f4de26661bbedf2ecd180b5adb537022cd824d2185beaf7eb1784bd1ea1f1f22c01e4762729bdefeb81964f1a47f13e90b883beb27ce7c8d1f03b4

  • /data/user/0/com.producepro.checkout.marchese/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    d01115ab3b3ab6cd76adfbc07994cd9a

    SHA1

    2e7e72949ae2c3c9fc3faef4ff50f29153ce10de

    SHA256

    477bd41c92d45d060b57856b501048725ba8cd344d54d65459d2f6a0d5c38e68

    SHA512

    bdf67bda728f6ba75d0f993d24b0feb954d5cbc369d522ea553400482ccb65ed6c9fb042608d7ecb2940bfae1df0e47a7cdb37409561581c8aa31a774334092d

  • /data/user/0/com.producepro.checkout.marchese/no_backup/metrica_client_data.db-journal

    Filesize

    8KB

    MD5

    fd89d719988ce51b5bb5d70a186092b8

    SHA1

    5f79f65bb463e0f3abfd738a07d935a30bf7bd40

    SHA256

    3cbee7faf9b7772a9a9bf4adc3072848e53e45408e43b22e1446869c001a3033

    SHA512

    0d04d3f9f6d2703749293329293b04a011f35d809f5bc14e187ef7e610c1c333154a38f15cada6f147fec4cb358c2502a324b3d5d7b530ce17f595a3ca318022

  • /data/user/0/com.producepro.checkout.marchese/no_backup/metrica_client_data.db-journal

    Filesize

    8KB

    MD5

    0edac56517bc7908b3f66a747f3d1f48

    SHA1

    2ca7c547ac96ccd52baaa760984b111d3f0b452e

    SHA256

    8a7f516dc102c0f67c0aa5216c72b9c11648c716b62c6e79b6064e114d177710

    SHA512

    f8bb1892d6cf21df156bb47f78f54edc9ba016741d87e97492fd85560001f9264d7a906bd4e59c369d157dcdd00dbfe813f2e15f24f177a71a037197f144fa7b

  • /data/user/0/com.producepro.checkout.marchese/no_backup/metrica_client_data.db-journal

    Filesize

    12KB

    MD5

    05c68ca9ae2f2da3b7d3c57c94d95d1c

    SHA1

    2653ffe0cf1ce58e48bcb993b407021cc9055db7

    SHA256

    7ce6827e269c5cd6663bae1460b0d94228b2add182c221fc2da7fc7d29336cc6

    SHA512

    08904ae0223593cbf5047f53fdd9c64af9164bdb8b027ba38ca3c7d820637f4b4d40a54bad8f5e414440538dcb78d384da8b7e790a25646f30cd171866afba62

  • /data/user/0/com.producepro.checkout.marchese/no_backup/metrica_client_data.db-journal

    Filesize

    12KB

    MD5

    a8c1c7104f63e3d958c34a52678fef1f

    SHA1

    244d1b485cc854804b6776248916c51f14d0704f

    SHA256

    22734e9e834b6e43b4b743f8b3ba06f245d5584f18019df9bb853282206d7a8e

    SHA512

    f2767bc634e9daab8c121be49199d173fc94b844dc3918ce782dbf97ada7210026cf02d1eef53fe96dc2e5df08862b55250b17a564f5787483102efab77d065e

  • /data/user/0/com.producepro.checkout.marchese/no_backup/metrica_client_data.db-journal

    Filesize

    12KB

    MD5

    d9f443e486d62cd7776291ddbbbb36bc

    SHA1

    191474837f6dfdd75a5e13f81854c58e6b817592

    SHA256

    2b77f03f59babb023b1fbc8140488a0d62f1c4f895c5a87fac39e00a689753a7

    SHA512

    6687b7ff5c2f94dc05bd1b65447f554305e3899fa910258da807acf57d5d84bc6d2dbcbae30f056419d7b2700539e8ccf47f9207f28c903b7ee5f0484375fa1a

  • /data/user/0/com.producepro.checkout.marchese/no_backup/metrica_data.db

    Filesize

    44KB

    MD5

    91f1fdceaa5a8e823fc825c50eaffc3e

    SHA1

    cb0914744042ebd2ab1531f96aec6590be9154bc

    SHA256

    256e5e1bd037becbb00a2d7d67ba59d757244caef55a9e340363ec993453ef06

    SHA512

    6401f88b7d5ca998d2680d270c19b94c5799ac4462e7ac77424b2905ed0de8beb30ac02890a2edc68ef859a6737dfe5459bfc862d36aa5287f57f2a5123fb21f

  • /data/user/0/com.producepro.checkout.marchese/no_backup/metrica_data.db-journal

    Filesize

    12KB

    MD5

    b947b32815635c3fcf5d5aae0db8bf29

    SHA1

    ece06ed4f4d9e2e555b4cf4cca4856a9e7381f3e

    SHA256

    cdc3cae0fc98689c262419ca104f2d01557e7cd65d1a279efec30ce965347a8f

    SHA512

    e5344417b8b5085fe34bcec6b05a727452d812cba071b96f89da373b7f372b34fbf0781cf32b6af1eae70b478bc8b6b5939a3e22ea0a7e52c7fac0372cba5a7c