Analysis

  • max time kernel
    178s
  • max time network
    131s
  • platform
    android_x86
  • resource
    android-x86-arm-20240603-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240603-enlocale:en-usos:android-9-x86system
  • submitted
    05-06-2024 15:03

General

  • Target

    9875f723ffcc97f2d077bff8a00603bd_JaffaCakes118.apk

  • Size

    3.3MB

  • MD5

    9875f723ffcc97f2d077bff8a00603bd

  • SHA1

    20c3a11851fe878bfcee1b83a8459e1bf9490ab3

  • SHA256

    62e9dc9326292c64a9a2abbefcac45bfcae2ecd084a58e232cc94ce0faa07933

  • SHA512

    2a0eac901340342c36abf9defe682d3d3d172bfce35961af15d6a5208590f1c10379b39e4bbcbea8959b92d81d761fd0224f174c68266d64000e339f605f2823

  • SSDEEP

    98304:RohWAo3eZru6tvBsYrcnfRrxgzKnUTxWohL/BH2OtywXF3oyVAoVgIU:RogneZS6BBrcnfRrxgmnQzRO

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 2 IoCs
  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
  • Reads information about phone network operator. 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

Processes

  • ua.FoodSoul.DonetskSushiTaun
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4272
  • ua.FoodSoul.DonetskSushiTaun:Metrica
    1⤵
    • Checks if the Android device is rooted.
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4310

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/credentials.dat

    Filesize

    234B

    MD5

    a24a27fc9e465395a00cd613eee7fc90

    SHA1

    ca9c7023df556bbd1bf28d19c35efab9cb43a878

    SHA256

    e6dde08d33e3bf2d7e99f740afed528450922294f07442b0c8328ff14d52a473

    SHA512

    04c322d72f79e8d51f791c9582e33279f4e12d13a907c2b6d20b7a9766aa7ef88777071daa4a4084e76b93628a53c260f9cb10032a684e01a12a72b7bba88bc5

  • /data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun

    Filesize

    36KB

    MD5

    d79be6f1dd22fcf14592ff15b49a242c

    SHA1

    803bccfda0e51d65e0ef8cb4dc7f67b048286338

    SHA256

    f8c9b3ef82d1c2612d44e5dc2a2839830872088507873aaab67138dd300c67a9

    SHA512

    f50839abe46765add6562a9a245d8c97f5a05aa62d51fc7c1a8f39e4641d8c0dab42d0bea98fcb4d0c613f07881b49041447ae5fe318408587cc7f9e759ac7dc

  • /data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal

    Filesize

    8KB

    MD5

    fde0d09cdd988493fc834ef804af34af

    SHA1

    f4ad68ad8174c659545a8b18540f3c653b99a5a5

    SHA256

    af32d711a007cb66f2ceec7f4a47a435880c14812c0bef8e5fcedfc15372dbb2

    SHA512

    0c44ee460afb4382ec00346dd44cbc9fbc7359afc9b22c711b1fb8f9ce9136bdda6ae1e46e2822603884eaec5c9c281bf86789ec2471caf2392a9459f75d7403

  • /data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-shm

    Filesize

    32KB

    MD5

    162796fede5944ce4920b8de3e11ce21

    SHA1

    5c24ce1df9f63a7b735512157367fd4b30c1818e

    SHA256

    434da657be98b11c029ae9b0d79157ba19e0fb36318aec863e0afbefd399cc65

    SHA512

    16c99f0c24787cdd490ceb3602a5a5d558e12dda1b8b7954e75af99a4731d674e3e4ec3393971ef22c65f32eaa989964264e7dc27e96b8afbec698572b7198ee

  • /data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-wal

    Filesize

    406KB

    MD5

    ac07789d239ce56973988fecc438c91c

    SHA1

    ddcff003c842018a8a74829fb283e6fbc321737f

    SHA256

    73856f4d9940560ded2ad0197bc0e15f631b68c7a0e62edd948e812c74930724

    SHA512

    bec3b2d0f29a61bae3f676e0b6826f226a4536fefb8c3d87d94197bfd59eab4a193503778a26b55e576140950a049c92971c57917a222bbbed77044a38ac2cfd

  • /data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180

    Filesize

    4KB

    MD5

    c77c1432be9f5cccc417ae61040dead5

    SHA1

    a1cdd90d0e2fb3617da8bb94e69f293eb2355b13

    SHA256

    06f13926c20ec3f43eeca803eb34bffb7910fb5b491aba4f371553738357a2ff

    SHA512

    1113230e59a89f7ba6e1a6221b4f36d43c8d3055eb7728706620085f9a3b77caecf9d8b6308631c9c7f7b25b09b25cda28c16860a3dad732e4576e5f256b72cc

  • /data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    512B

    MD5

    5d04b33fa75c3e5cfa57bf3bca59faf0

    SHA1

    1bf809a7b37292040f56e04bebb99cee4e091e7e

    SHA256

    f815a5a823e0d9be7c3552731a043deeb6ed1c849c96bca432bbb06dddf0f8af

    SHA512

    e0972120c94e2bd8b3d2f0ee2c051e66dd09641d51877b15660bf23b299fb26b3e230c73f2580276d2d52e18d83df44fefa0f4e5b9eb4cc89b2d79430199f9a1

  • /data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-wal

    Filesize

    156KB

    MD5

    bdc8b50f2c6f7d03dfab631cb11b594f

    SHA1

    46ce80c65fe9e97666d9ba8f162ed069bf02317c

    SHA256

    e420df3fbd51bcc47cb68389d40bdd81fec108d236c77350c907345057233d0a

    SHA512

    87a25343d38b1f3772d085c94ff8c6b778b0afa4779b9fee71008f3053c14d89978fbccad8612673ae283d7a78f4cbe4520191e3949bc5120f944fbf0e213f2b

  • /data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    2cd521f1198ee000801dcb06f40c2793

    SHA1

    e4ce8ce7ee1c2fad800973ecba48b88c7199c1d0

    SHA256

    ec95aa6f251fd33494e15b076a546e18bfc3813b4c29f28d15deeb23c946b883

    SHA512

    ffaea94e1b0b97ae8ab4c82f5bd1168e9694e9fe49bf0946a389da1b91e8671a794613d4a9225e8c4370ef73683ac719f831d82de4b0615597b05a5ddbf3a34b

  • /data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    87c3822f19d9b52075dca44fb5d64a9b

    SHA1

    fb784878f9ea2b0e8fc801a391c53b779b284c58

    SHA256

    73cd97b90d4af7775a3f2ee0e106d7b866d41e60834fb7b5d7285f1e91f42e00

    SHA512

    d6b603993529ff6048485f29314457ce450945538baf03edca74682ab61dab9e8e693dcb1027fbd9ad5b9dc8492a9a921711cf6b588aadb10e339323cbf6a859

  • /data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    06956fcd61dde81412cb470eaaf15574

    SHA1

    d2c4ce7f735d5f7d834928e5e1b1e635d1edeed0

    SHA256

    3dbf28ea5983f0dc2d1f012b666219bf75e7e13ed73de897a9b68cf6bae2a20f

    SHA512

    8116faef3c3ddf6433dedc38420fe569e29a884cdbd7dec8bf454a22db41f9f5fd80b14a5c36a2357f9bc448024c77f619ab6f1a0b71fd2a195334b7d4726ba9

  • /data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    6c5f9c6f5fd1364697504174451870a9

    SHA1

    ad8417a90511cacbc39ee223b5c214dc28bb4efb

    SHA256

    ad3a04ea19ad7df8ef7e95280dc76425a86621196d0d3f3e07524bea039fd01d

    SHA512

    07e5fe9009e5a257eb63f2ed65a003dc9f5735b96e31fbc6cb471b002a6c5a356a073eeb7384941e5a2dbd1f23beb17f21ff5b0b8dc122a69894d4e066e1eac2

  • /data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-journal

    Filesize

    406KB

    MD5

    0941ccd278e4a25a11f01b8f73e59bfc

    SHA1

    9d46336b175b081722695f8c0257c9bfa76329d6

    SHA256

    d8e36098bc76adb5d6c8d06885a94117a43979ace839f973d7fcfd8e1edc71d8

    SHA512

    e0006a9a8794e315f7f5c2f43dd127fc145ef867615cfe0c48d66cee908e975a5a50274879916aaebbb803161c7c8bf68a4b305785a916d4523b16c5714db7c2

  • /data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-shm

    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-wal

    Filesize

    32KB

    MD5

    d7cbec647b73bdeab13bd43ce910f28f

    SHA1

    4f223622d525312d4dc149efcbe593ab1c035585

    SHA256

    c0c020bf6901ef1db2568c9ccc8dc3fcccc983d00d9e451ebef09345ace47e4b

    SHA512

    479c22bab0ae6c64e776665b7ee12ab6a6a661ae3c90eb23e3f079af064dec4373498ac66a87a01212968dd8295c6678058e82c9b9343ccd29ca3574eb19ad46

  • /data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-wal

    Filesize

    8KB

    MD5

    86a21053e8a5d6dfdd2f59cdc5e24f66

    SHA1

    a2595ce2576e44d07f5809fc59efdb0d721f0392

    SHA256

    1375049c10e1d64c4ad0b41e5f4aba5a9d0627a5dceea3764d3a6a89dd08eabf

    SHA512

    9bfbf2c66558137a89e3ac260061dd310fbbdfdcc7c245b7934a1b9d71fc1c293955220b0a8384933fc964358b3522df89a53bec2302f1060cf0894af3a8b882

  • /data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-wal

    Filesize

    32KB

    MD5

    b166ddecad1bf2fe9164ed7140802304

    SHA1

    f97ec65cfdfe3fb1b069f931ff1c0f0ab0bf491b

    SHA256

    1b6488683673fdd417b9a9b2b9fd1b9a834d8d66668f5937373030ab04c801ea

    SHA512

    0a5d7ccf639a54d0be16335ae4bec16b4dd49ee9340b0f5427cf774d3793257921fa16549278b0d809d64d145c29f0cf880e490bc2df8fb980d1d63aacdd2359

  • /data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_data.db

    Filesize

    44KB

    MD5

    2fa9b1a7ae5450fa4f08e52c459df940

    SHA1

    528f86e095494562c8101bd09f5fbe29e0a640ba

    SHA256

    75497424027b7b4005dd129c22859ce99ef2bb72078e6aac7c7e59b2090821a8

    SHA512

    5e633293dd6cc5f601c685b0ad4a5396e7cb387545b17957648c3710f00dbefce4a135fe864bdd1c1f7d54d987d6e02f71e564143f2ca264b4735d67b7a38c9c