Analysis

  • max time kernel
    178s
  • max time network
    132s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240603-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240603-enlocale:en-usos:android-11-x64system
  • submitted
    05-06-2024 15:03

General

  • Target

    9875f723ffcc97f2d077bff8a00603bd_JaffaCakes118.apk

  • Size

    3.3MB

  • MD5

    9875f723ffcc97f2d077bff8a00603bd

  • SHA1

    20c3a11851fe878bfcee1b83a8459e1bf9490ab3

  • SHA256

    62e9dc9326292c64a9a2abbefcac45bfcae2ecd084a58e232cc94ce0faa07933

  • SHA512

    2a0eac901340342c36abf9defe682d3d3d172bfce35961af15d6a5208590f1c10379b39e4bbcbea8959b92d81d761fd0224f174c68266d64000e339f605f2823

  • SSDEEP

    98304:RohWAo3eZru6tvBsYrcnfRrxgzKnUTxWohL/BH2OtywXF3oyVAoVgIU:RogneZS6BBrcnfRrxgmnQzRO

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 3 IoCs
  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
  • Reads information about phone network operator. 1 TTPs
  • Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

Processes

  • ua.FoodSoul.DonetskSushiTaun
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4593
  • ua.FoodSoul.DonetskSushiTaun:Metrica
    1⤵
    • Checks if the Android device is rooted.
    • Queries information about running processes on the device
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4638

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/ua.FoodSoul.DonetskSushiTaun/files/ZPkFS.log

    Filesize

    20KB

    MD5

    d01115ab3b3ab6cd76adfbc07994cd9a

    SHA1

    2e7e72949ae2c3c9fc3faef4ff50f29153ce10de

    SHA256

    477bd41c92d45d060b57856b501048725ba8cd344d54d65459d2f6a0d5c38e68

    SHA512

    bdf67bda728f6ba75d0f993d24b0feb954d5cbc369d522ea553400482ccb65ed6c9fb042608d7ecb2940bfae1df0e47a7cdb37409561581c8aa31a774334092d

  • /data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/credentials.dat

    Filesize

    234B

    MD5

    e49d902b1a117c680eb0a628a28f8785

    SHA1

    64e4f767b5c149d71511f5b7749a67129d2cef04

    SHA256

    a6e96e653cee2a4eeb7f163ae6b8091b60d8927dc0cba9322720af61f50fba10

    SHA512

    9d40f7d31c2e118b4abe80885f2f86388efe94394dd0ef0491606d17f318cc135aff7760d65a57f98d89a6db95d7865da4fb9c7ab9be5d74375a611b19c94277

  • /data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun

    Filesize

    36KB

    MD5

    221d617c1ffb04f735f7aeae4853d470

    SHA1

    8ce14b8f6834814790417f4b82bd29494a7d1a15

    SHA256

    df90b06e58c0cb7d2648b148469870d0098b02043764d2df5ab145b75ca88555

    SHA512

    6b9a0c134fc6a4ca1f36b2ba043481c0fee2a515720e5f202faa9e7e0098df1c5f393a900c52d00782e8c87dfd6326d85ce3a9a7d7bd49d5f03fcddb3ca21bd4

  • /data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal

    Filesize

    20KB

    MD5

    6ca6902a1695dfb8e02a54c004e31913

    SHA1

    b4adc547e20c80a551293408344a121c737369c0

    SHA256

    1386d69d3e96754744ebcb09b341c69df633cdc241763d8ff2e1e90015ee85a4

    SHA512

    1045b18454a5370c7623219f2998a771832471edc2170f3a8240d421a5060e82ec5629c8f9ae69f08cff3254ce2de21506d2d9d0a5ab8ed5a233a0368695d41f

  • /data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal

    Filesize

    20KB

    MD5

    7ed474368d7dcfbd203260760e316a24

    SHA1

    43d525fda5ae2de6622edef97058be25c03bcd59

    SHA256

    8f079ac2937337615903fb6a143d3316e95159f9fb0a16f9bddcd1d4c1e524ec

    SHA512

    e88565d66afdba97dbe63b9d30a24e6ab4e5e7fe47be4d287c7dbb2efd6fb3ae034033bcdd25fa3227796895b61da8b2b2431ee4de4cb34b1284afbac6455ac2

  • /data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal

    Filesize

    8KB

    MD5

    b018ea23e23456a4ce03aa08248b248f

    SHA1

    497fd895f31110e41031a860d05a06535e23e7af

    SHA256

    c7e20b8e2a21441f807f08d1a904ca060bc9299a2ce7be077a2e4ac812659abf

    SHA512

    cbcf7e0367c98eaba6949b4bd6b4c443b72236ec499bbfe655afb36280c08eab15c03f25f328657a680872fe5c09e138bf08c2008dafd8de069987a78000d646

  • /data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal

    Filesize

    12KB

    MD5

    ffb7c6f113d650c31c2d80522bd0aad7

    SHA1

    a0277a1f3e4c261b0f96af2b83a77cf018198d3b

    SHA256

    11f293b7390f4a3b1ae23b7c7bf30d8127453689cde030b023b0e22dc1e66566

    SHA512

    03be631fae15ce2b01d672a203b0233bbeb15257db87a037ff4ef26c0525af2bf73770bb72573e19819a5a4f744b108d8f6620bfc3cd12ef2d9859a12b4a3e9a

  • /data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal

    Filesize

    12KB

    MD5

    78c1c1196b95e0bc75000405f32082cd

    SHA1

    461766effa6a53249152730da0f7170f9ce3e8da

    SHA256

    16bd6bea2ab2f91023559debd4c444bb99518430f4cbfdfafa2af880fab36de8

    SHA512

    85e30039214c278ff8b8962a09ebb2078f58bce5e2ec0b94cea5e3fca4210e86ac15977fcd2208cb1ac710d56c9560e66b04e9fa75c29a05d8f1567b4703e41a

  • /data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal

    Filesize

    12KB

    MD5

    84605fe77ac9fbc2999dbec5edb78bbb

    SHA1

    76d017faacd7e7564fd1f86b90a68db2d82e677e

    SHA256

    863574c8d723670c67aea9568c84cc2477b85fd17fdb293dc184c20ebb43c949

    SHA512

    d24067068522aab39b3b851336fa325cc0583a47f8d749fdb7e4312c8945d25b67d1936dfea0945a17c3e2502a48fb36d38a10e6fd4db2e30fd7095af451f473

  • /data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180

    Filesize

    36KB

    MD5

    355602dd26d188c7b56877f3d1fd338e

    SHA1

    1a601346727a65901ea84221737931d17a427e86

    SHA256

    903a61b59e8988e2df5ccb257442174558cbdc48c188a7d7762be7d6813b989c

    SHA512

    3a8ba8b8e194f56d6a660cd87ebfa9cfe0a71988121778c15585a7d3f1962029034786087a622f919491b20c6ca21f318ac79317670d7ddf4843e5405b144e7e

  • /data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    512B

    MD5

    7c386e590a5f9e0521815e9153369220

    SHA1

    d4034d9fa5d0875f947c419f40cd23a7cebd0b9a

    SHA256

    d7ed88e064d212063cb6cf2b9a7c42f3342f5bd7ed95443888d44e0269eef2f5

    SHA512

    6b5e2ecb05f1eabf2d4216b95b25b096229c5782954c49f3607c54a1357886961038d760e3a983235dae1144462c6ffc6c503006b2699b633cdc538c8527763a

  • /data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    8KB

    MD5

    22c4931805f2c0e43032638abde62341

    SHA1

    b45ef994fe48c6ce7cd1c1ca8239b1fb5a5a0925

    SHA256

    e2aaa634436b648198d22360192d80093de08be2eb05bf2302f01cd37617f82b

    SHA512

    c463324cbe511aa444ffd8165c92a42d1ad9d24b956fe897bf81f422aae734d45c3f0a6cfa3a31f0b173068c28ad6f614cc3f6676e0fecb5113351517fac9a56

  • /data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    8KB

    MD5

    c3e164b30f32492772fc848a8242eb88

    SHA1

    2bb14e8c31e197f669db8f9c01ef362c7abd5594

    SHA256

    9b9359e153a0b52fb546dd8af7928d5eae846c6f18fcad6306dee3b2a77bca5b

    SHA512

    3f4cd06da19eefc617a92b8fdb67e35740b5505b161bd4f5f2276f602f88f87dff5b4c4b8ae1bb3b9ac1c0a3a37fb7847ebb6a2afaeba0dbb0416f19a4109362

  • /data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    12KB

    MD5

    ce907db8a57d3145629e14bd3666eb92

    SHA1

    67299d21d31ce392bc99f5ca50b73c70a3a5f39c

    SHA256

    4103769aae3362d990ef4a4ec5640163532b28ea4583e819436f1acdcc8ff02d

    SHA512

    debf445adea4a4f76e87b1253e4838469bd4c81ab56649eb651ed47c989d2b0d2f80492a8e23a07078384d50c6a434e6041eac3bf7ba7c6bc0e4f0aec2932e15

  • /data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    8KB

    MD5

    fd9d66d068be965cae461c33706e1c25

    SHA1

    d06e240cb34300f3dd0638160b6b7f699d8b74d9

    SHA256

    455a792afd9feb3b759dbd0eefde4033c07184bb664245ea79decc926e29adca

    SHA512

    8179454d7cc0c92bef274805a3f08fbba76bee3ba33cf52efa5860cbb795930dfe51e4300653d9dcf81697c55670483bf51daeccad3623e5a848e6d5118d4be5

  • /data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    12KB

    MD5

    b610d1c4160c6870ed9cf6431c39dc4a

    SHA1

    5e848ad87682f0e4d90f97b27adda39bb39bcc5e

    SHA256

    5fe1e90e62066e86762bc0138989d67e5b86197949353f9e4ac9e3b12451aa2d

    SHA512

    512c3fc919f32513bfe02543dd09b365e887c1afa480bf50f2a60f22c3432ed7f4138da83da5d90dbdefa17f4bb2151c4c29f33cf714ab078e8087720f2b8af5

  • /data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    571d74328730f0bd149b82aeed174cb0

    SHA1

    4e6d622eae44406c3b9162123ea92ac0a49b06e9

    SHA256

    f5969a11a03de32cfc8e5a2b1a930a408cfce600c8197dede01e6c0d949368a1

    SHA512

    5440468f99dacfac516d3c456f3d12faf19f3fdbfc63cdd88f1240095385814eec843c920dc9e0b5464230fc6df17b171e2ebeec1e1ffbed6f7279702504cb1f

  • /data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    e5639b469346d3d19c79ae3bdc2f4a9a

    SHA1

    b4d9041b94176f65417e63e77f0f324b81e8dded

    SHA256

    cf283c9f2c282ef339f1ac0c4eae7d6f44f86bc1744cbf8a9b5703edc7368aaf

    SHA512

    273aa09cf7f4de26661bbedf2ecd180b5adb537022cd824d2185beaf7eb1784bd1ea1f1f22c01e4762729bdefeb81964f1a47f13e90b883beb27ce7c8d1f03b4

  • /data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    2b164b1bfb0876d901d61b2e05b09eb6

    SHA1

    e5420b861306300ab876911461d13b751b042415

    SHA256

    fa8baf11c444c2e9acb0c60e76b2bcd3a55e07730071eebd6ba2168b469debb0

    SHA512

    c572fd6f4f6001e9ec3f6b35cb4f0938608a2a6618b88e47bca6c761cc819d53220918f47af6fbec6d47ff369e0b75477a03e5e4e1dca8004f822329b060d82b

  • /data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-journal

    Filesize

    8KB

    MD5

    e5c8439d113cb4bd8edb066f85e94f49

    SHA1

    21bfef96a9abb906b36623f14cfdd06ba40d4aaf

    SHA256

    aa05cf79354dfe7f54890e27954f7d9918f043378084ba3ca8a9e0e0be66ea94

    SHA512

    c4e56a9e0ed5154592d7f68f723d5d7c9e1241a1493199bbfc193d51ce8b11e66898851f3406deded07908dd3fd22bb06d72671763a4e9109f4158bcace27c2b

  • /data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-journal

    Filesize

    8KB

    MD5

    6067a3048f13b17a6780c83ec7a04ed3

    SHA1

    c99267a940817b971c8f9368888228c9f44a6a5e

    SHA256

    8c374cd71e0f2d28cd4b07c8955820045a3ec1ef06195ab522ee3fc3819f27bb

    SHA512

    1a25e802584fc21fe2515c3c1349fa9ebd79c998396ccadc81175b1ea28d6ad27c628f32d12b93f76554355493966e287ba0e0cc3e28ce6910f3a3cf6d3ac09e

  • /data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-journal

    Filesize

    12KB

    MD5

    72b855e61110469dd9ca54d4c3afb198

    SHA1

    223b475fcc82b505cf8b8c81ca66d09330c661c5

    SHA256

    4c32dbd3a1e0edd336b630ff16232f7904ec5d2fb453623fb4024007f78b7d21

    SHA512

    860150c16c749df4aff0ccee272617ed9281dfd76a01906609d7a18c17b0ba2162ad8e8170e22b005a555cd59513c948403a8632a70f73a80c8990d33283d12c

  • /data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-journal

    Filesize

    12KB

    MD5

    48e16b54d069c11c6b4ddc2ac9e8021a

    SHA1

    ddb3458687643fec2cc8a016c95d8f36a49c45b0

    SHA256

    3c32bff7a7881123f459ced79ea2f8c78d7e2a24bad45da5e3bf0d32af76e2d5

    SHA512

    a4ec5d26f056c37a3ab5ead31e2ca03f1913bc52429cdef11fddd0fb6cf0ad1eff6e5f652b6432a8136ad3c858fcbb333cd933a7e726572f81fa86d6eb1898de

  • /data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-journal

    Filesize

    12KB

    MD5

    d393c5195962a1459f8c66f44aa23af2

    SHA1

    77a8c2bfeb21f0716e6b2337b14edac35d66a463

    SHA256

    fa30cb13352ae67eec7ab23501ba5ed14525c4bb7b5d0502d94158ecc4982f54

    SHA512

    c45a1dd053a20505d207eb7da6d91e986687e30095ce66e768aa421d217b7c7c3d946f0e5d22fe627e0eac0a9b41f4022d075bbebd14c8efbd679b6eb77c9561

  • /data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_data.db

    Filesize

    44KB

    MD5

    02281f000fd3a9e6ef90dac13d1c2283

    SHA1

    74cf8922753e7c0dce6d5148a76ad27504a4f0b3

    SHA256

    0c86830eedc8e42ab89ab0c702445f8cd5ef5694f0b9f7b289901a6778b16bed

    SHA512

    84a5964a6b6319d34ef47510d671c4a3c2bd91fc083640fee4a7414a5bdb649ef012b567267359dff00eb82d754b8cbbac2fc236f3c486dabe8d00a2a531b0c1

  • /data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_data.db-journal

    Filesize

    12KB

    MD5

    87562a6de45ac894a5c509494f9a3e30

    SHA1

    7bd1074573b1a115aa21ac6f77c867f22d50e2e4

    SHA256

    5308a303fd55373b5f9bb20cc1bfe6e7acc94ad310ecb5c1464eee80716c3843

    SHA512

    ab0e532641a1ae2232a5fac45aadfe1aad5bc286c9a62dca25d6980625e0a3ee31dfec136d0b3785bcc516ca1b3f451139673bfe66a11712b450bf0677368f21