Analysis

  • max time kernel
    179s
  • max time network
    150s
  • platform
    android_x64
  • resource
    android-x64-20240603-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240603-enlocale:en-usos:android-10-x64system
  • submitted
    05-06-2024 15:03

General

  • Target

    9875f723ffcc97f2d077bff8a00603bd_JaffaCakes118.apk

  • Size

    3.3MB

  • MD5

    9875f723ffcc97f2d077bff8a00603bd

  • SHA1

    20c3a11851fe878bfcee1b83a8459e1bf9490ab3

  • SHA256

    62e9dc9326292c64a9a2abbefcac45bfcae2ecd084a58e232cc94ce0faa07933

  • SHA512

    2a0eac901340342c36abf9defe682d3d3d172bfce35961af15d6a5208590f1c10379b39e4bbcbea8959b92d81d761fd0224f174c68266d64000e339f605f2823

  • SSDEEP

    98304:RohWAo3eZru6tvBsYrcnfRrxgzKnUTxWohL/BH2OtywXF3oyVAoVgIU:RogneZS6BBrcnfRrxgmnQzRO

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 2 IoCs
  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
  • Reads information about phone network operator. 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

Processes

  • ua.FoodSoul.DonetskSushiTaun
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4977
  • ua.FoodSoul.DonetskSushiTaun:Metrica
    1⤵
    • Checks if the Android device is rooted.
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:5027

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/ua.FoodSoul.DonetskSushiTaun/files/ZPkFS.log

    Filesize

    12KB

    MD5

    66ff4d67a064a78b1d76cd2eda0dc11f

    SHA1

    6f279f51d775d77d6e2225c47e10ebd61a443da5

    SHA256

    10e702434a9f3cb389b0873fc75d542e6f2ad4a2bb5bb220a2ff42326ba51af1

    SHA512

    70697cf6eb3234bb99a00211b8adbe64382dd0c7059b811ea9e3511a8a35f8ad7e71495cb11e2dde44a8d138a414d932362d97e3ca7e12491e483819678f5d99

  • /data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/credentials.dat

    Filesize

    233B

    MD5

    8083e36c31105d8224de7b7f4cc54dce

    SHA1

    aa2ac005a918a0ae8cdb17f91245aba87eed70d4

    SHA256

    7962137ef15aee3c78e8812c38bf066b91f8a25e3ecb9558de5623cae84ac5e3

    SHA512

    50c160e8ffec8afd783fe16b4bf1ba9c88fcdeff033ac6edbcf097e83e1de18873f3f9b33b3616912599513cf7dca3d101adbfeb99ce30aa6f040e8265c0298c

  • /data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun

    Filesize

    36KB

    MD5

    b0a4506e1b3facf9f8557c1f710eedea

    SHA1

    8f6682f8702958f199e8661221c9e70fd087460c

    SHA256

    9cecda4749a884195482c861f06108d9ba74c19f9a78c737f88b34e7252150fb

    SHA512

    80dca0b2551b94874ec779597894a8cf6c653243083ed616c4b81413c2e4e40e1394705d73083aa40a2b6df210d8c9d3f7300b6ac207a8d1ba8c5e88c227b490

  • /data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal

    Filesize

    20KB

    MD5

    639945ddb1aad3d569946aa21ea100b9

    SHA1

    cbad0f96f4dbc5256b8ca4d5cd2324f2294970c5

    SHA256

    77ab51c078105291964cd7d753646e5279b84cc200284f273495542891b1adf2

    SHA512

    680ed7f686587fafdc1e0bad82da8cef1a82f641b41dc28134a55d12485d1e52342e0ae1e2cba5d4e6c836bc6b62776eec0dc763d05e9ae6c002053930bdba26

  • /data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal

    Filesize

    8KB

    MD5

    65200ee25bf2e0e3510dac01a329f5ad

    SHA1

    0073b9b149faa748f08b41eb26143afcb5df0d25

    SHA256

    2b2e3612ed0e7d94c3a696295fab31abb425884dea950390ce9e89e712509cb3

    SHA512

    50df70ec0d0c5fa0546ce0790debb390125d74e0f851e0d399754c9c4e08f65c80d22ba8f7111606e80a1dd6edcab271bf90a311fd05154469ec28eb61f9664a

  • /data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal

    Filesize

    8KB

    MD5

    df8b4c2aa95d156dbeb94679f8c6c84e

    SHA1

    19298b0ce3c48ea3a797f99bef2f03e70a471fc9

    SHA256

    c3b51aed122498e430a8a167bb6e4e070985933c8a998624b8dc1e320600f04e

    SHA512

    065179fb2450c38cc2606aea539cfae5f4d85734abf3794923c1d5a205320f42b9fe19d70cf8b1a9a456ea1f46ecf754ecbc3702f76fa77d2cc41fccbb442e42

  • /data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal

    Filesize

    12KB

    MD5

    b3a5a4d2a80bfcf09dc6a4a068f6a12f

    SHA1

    0c22d935fd7d38409a4e6e8da869084fe269b5e4

    SHA256

    6ec42d7d49a1e9b8d2b41cb83cf46d07900fe159db5184fce99575dca3a81ccc

    SHA512

    6a549e6111cfd83a7bed3103e8bdcc538191b527a9f31b4f5ec676a3557b08645b0e6d982352388cea75d12305f9cada56cb024bd06527becee06555187b9973

  • /data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal

    Filesize

    12KB

    MD5

    ea438b67f65a71c9931df44bf017cdf8

    SHA1

    3991705ff656a277165bd6da3ca32391bc3510ec

    SHA256

    121378b2a2b87d46ad651175618be3adf05cccfb0cf3f8dd4b5051f4b41b269d

    SHA512

    bfe22619fe812263d18c3fffe50e9b09651e74394e6771222bc4eb393676bd6535c7eb5cb44017519cef385e9c9baf7f5d04b5cf9e2f75d4a25cb195b1812e74

  • /data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal

    Filesize

    12KB

    MD5

    df8dc8a1a04384781e662102e089b8ec

    SHA1

    f00dad687a9993ba45b6b2ba8960b32f007868ec

    SHA256

    77ff4befdc4da8c8456052d95b59bc47ab90f237e09c714d4209f46e4b40d18e

    SHA512

    30548ead54897e88394308d4af7f973c86d3901ca481bb733f35856e16b89f6e0a2cebc1e0a83f8eeb423ba7854678b00f69b1f8955ce486df85415ffdb72a3e

  • /data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180

    Filesize

    36KB

    MD5

    1cb457a664c621c7168842dd843f3c26

    SHA1

    cfd20e36e60aa07ceb4c129e5fac5cdc8eae0ee2

    SHA256

    a76418e947800e58521c375f7bc9d4785cc298da8b75873bfad409f465257a24

    SHA512

    916347e0392bb4531e5ed5418cb42e6becae6608d6c5e9ca44e16b2d77b670ded3cbc9cd9bcea8a5ce8c5b6546590d73d27e411b960aa47e846df3c2f47da281

  • /data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    512B

    MD5

    c4b1130b0533b31034defe0327a2c700

    SHA1

    6cfd2d69a516977a3eb95383b9083730f324fe6c

    SHA256

    56402018c788100f929540edf376a13b4e7a35343c3f094785b778e678d198c3

    SHA512

    916eb9deeafb6527a80d984f08c7326f79ad29d721fc40f11e9e017d2d66c14444bfd6256a488f378f5accfd45d41c3ad821cbc030db71e405deac945cef4769

  • /data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    8KB

    MD5

    fa77c7f03e6e254e82d017526f42c23a

    SHA1

    007db0f9f4d397f8f71421c6fc0c31f01acdfd91

    SHA256

    a530cd931a1325705633eae6403a587caf0e31695e9d1a15bc5d1f0103d4e4bd

    SHA512

    fc46556984bfa7258f3a95ed2d8766660a4fcf9fc8475e39a2a3cbbaf0a871d5f34a97fce3f14c624ea1c0945142593b36d68bcacebedfe53bd50c7ed32abb6a

  • /data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    8KB

    MD5

    efee98b5e297a6ea0877e7a235a35b96

    SHA1

    0720ecca0262c79be2bf8ebcfbbec44e8101702c

    SHA256

    3eeccf8e31ff5a1b3b9835a5fb6740763e69692e7232c874c851da1e3df0c131

    SHA512

    a85d48e4b7c7eb8b93dfe2be9cdea1f99ddeb930c50146291a63708ca509f4869444d0e47d02ec7ca291561d77da427310b3b1d64c32125390b427dfcf73756f

  • /data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    12KB

    MD5

    36447152ee0b5b2b004ccaa35d41f8c2

    SHA1

    858e017f988f7e547b6c7a38eca4fede61224bd5

    SHA256

    1c541d5d02326e9c7b189dc32a1ef65311d862732bd415bbcf132bb4d71e6e5b

    SHA512

    98d92623ed55beef8a3fdba6814671bd8a9dfdc038d3563de5eb94881abb01725eb4b4f862ce690c79cf13f734df81a57190a247605b181894b9e813767df715

  • /data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    12KB

    MD5

    939e3a675bb0ca99593b3499defae775

    SHA1

    759efaffb146e7c1c6370cfa28a5f67f8873c7b5

    SHA256

    34b9191cdd3ee3588c392734004a8636e397166f54155a6856c7889b4a8209a4

    SHA512

    31e211ef8e21350be2eab07fa0d84f79253b38e62562d08e859dbd6f16d55e546bce8ef9fbd8c6c97971646dbcc169fe487ce2911431499ef46b5b5e4ad3922c

  • /data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    12KB

    MD5

    b04a3f89e37e2c7a3694a7cd6daa49a9

    SHA1

    0efa3f2674dca585892c61e2ad6a378ee9d17e0f

    SHA256

    948677cd450a7a07bc66e1e2163f12234c6aed8b81b634039264f8c6507c3082

    SHA512

    2c36f2088a31b3574c72ff6b8bdcd6cfe10c436150441d7d3316f7a4c0e29b7274dd65a71d3d9cbedb641c32cef4691fe0166283e67a383f4525aa97d75ac4e8

  • /data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    481841e76734ae5a4723aa38fe93e5ab

    SHA1

    f10c6523ccb2cebee1820663a6ef07b6570d8961

    SHA256

    ef1b03f210ec71721d25072317962730fc500c634b72fe8add004f0ddbb71fb1

    SHA512

    27105d3f627c8e63ff1e60a623601342a236f616260110bc1da3c7af7c6dd3d25a345b2c555c023d48b92b53bc96fd4a1db91248ba6d1a4582520fe260378ed2

  • /data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    484df068dc370197c0e37af4f433f772

    SHA1

    5d071329bf5182e60b2d268adca542901d492001

    SHA256

    3ebaaa9fc7a9245b413f62f91d9e689d468456dd4b6ce2408bcd2003cbdbfbd0

    SHA512

    587e7b68f2c167d39dd50744f2892a461a67cb073e8cf9f6eb2ab752e07841440dbe212af32958248d15af5d4001e7fa12f86cad62578ef31999355a86c3b0b5

  • /data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    ea9c2dc01d788f2ed7ad6a455e32335a

    SHA1

    3da6ee06226734e9a402c3ef2b542af3b509b6af

    SHA256

    ddcb0e1970efc2dcb42a4dd328ef8c10f3512b39a47277d5b075fd3b92dfc3a7

    SHA512

    5b834f25f6f8afea98eec78cf8e148671ceca48aee8019e09308389c1f336e47e55666fedf66e09c97e827c375ade0fad635b98686ebd2f72240108670d25e76

  • /data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-journal

    Filesize

    8KB

    MD5

    dba9a7c827345aec166901945753d4ad

    SHA1

    d9475bbd1f4fc27b736e59a198f4ebcd8162581c

    SHA256

    44bdeed7943db645ef84ffa579fdf3c03d1a9fe1736f49ab67de5797b503e33d

    SHA512

    cfe2c05df0c5b34a605f9d0dc17c7355aa0a1a8ce870d107dbef706687723a882862296dbce2789729e2c91ffbd1e4044e03a048ea976cb611414f822404a78b

  • /data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-journal

    Filesize

    8KB

    MD5

    51484df224dd9704cfa33f3b94ff54e9

    SHA1

    b88910e7433b79877ccdde08a0937d1bedc28a67

    SHA256

    e519beba603f66bd9422b5d5a814d5f9bc743fa844692135378f0957b39c8d7d

    SHA512

    426cf60217fe6d0ea832cd86a25cd3a64276df0639514ba39faf57d7281a1034b1cdb9dcec1645764d2fb238271bd1c6579a7d98445d72080bddd28130142a4f

  • /data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-journal

    Filesize

    12KB

    MD5

    e914e942a89bfb9bd6354de14ef72c02

    SHA1

    cfa2f2c3069f85b52e92a703106a7a016a0dcced

    SHA256

    3677cdb9c3f65580f69a3c56a8764356f5800f069563f3dc8b14d50dfa0bc008

    SHA512

    1d9b7b91e265a1df3d5aa6253e415f574578ddd0bf68a377a0b4e96566a5d0573565ee0a4c302503001f9f286161ea9136efed2ccf6fa402bce273efed283c42

  • /data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-journal

    Filesize

    12KB

    MD5

    f1cf9b579e5e09dabe967503bbbbe158

    SHA1

    284897bf5f413606ff8b245cfc520aec374b8d5e

    SHA256

    decaca49545e7573355da24beae0442f9dfa2e06d6c1c7b2f52ed9313ba58849

    SHA512

    b974be171d2cd10a43aa1246f145bb2db70ce4e6396639dba14bf1efbe7004a1aeabbf81a7730a067eb13a6a807d660d2d57779b2693beb97db0e81143b741d4

  • /data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-journal

    Filesize

    12KB

    MD5

    b828039840c871e894d1061b058d2af2

    SHA1

    ac48624f6347194ad376e3fee1da496f16e2dd91

    SHA256

    fc84e19094e213818c5df0d8104a2d3221ea1cf5de97c946993a2c61b3263e84

    SHA512

    2f9cc4488a258ec4849b4cd1ca6567ccf476d00d440640669316f674f82f8622ca9feda289eb69ccb344945633bd193c6624c282c43f28163d507d7ed495d02b

  • /data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_data.db

    Filesize

    44KB

    MD5

    ee3b904b5ece1d8ed82c465686f5fae9

    SHA1

    d061713520b3682937335e92c2887b6e6dd57c90

    SHA256

    cad7ccf487e28919572308d669035a5018f9f1a23094b04c89b30c6268352935

    SHA512

    e0cf11395575114207a9ed5697ac16cc0271b7a5d6903dcbf99cea081da5e834a518ceaff89ad9dbc8279174aca8de7d957f8e80ea1c1695954269ae58a90159

  • /data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_data.db-journal

    Filesize

    12KB

    MD5

    9ac7af205b8be882fd642f43e1eb6448

    SHA1

    1c1b31fad1932844126864fcfa16dae77ae257bf

    SHA256

    893252cbb4cabe1ecae0f57c3fd7acca19a28bc996b9ea17da6157e203245c13

    SHA512

    13f0aedfd5b66e6955ea78b9b43c80c5dcf0b817d28dad71ca8d40c66e7eab9a7c8162733fec586c14fffcdb027317b48dcb7aba5d13565d5300c2c8d1f101c5