Analysis

  • max time kernel
    175s
  • max time network
    171s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240603-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240603-enlocale:en-usos:android-13-x64system
  • submitted
    05-06-2024 18:13

General

  • Target

    98e2bfe512283b86a8eb13d6868149df_JaffaCakes118.apk

  • Size

    3.9MB

  • MD5

    98e2bfe512283b86a8eb13d6868149df

  • SHA1

    3ea5a9da21b003663ac7409e0da321c56bbfbdc2

  • SHA256

    b308e2f74a8b380629eb7b219960c7caae020491a6d40d143472c89423b229bd

  • SHA512

    eb2adb1f0c14cb4fa843542dd4a0511d2fd51cc9ffbabb62fe6389f9d822b33e50a1994c0ea66065d2826a26c517190626fa8f0c5cfb6e0ca8cf16a4db281a4c

  • SSDEEP

    98304:pZnuJaIxkySoUpIB2IsiKGEIpCCOeVSJReccU0YYpNt5gKE7:pYDzeU/XEJCXSknUZK5C

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 3 IoCs
  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
  • Reads information about phone network operator. 1 TTPs
  • Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

Processes

  • com.wRoyalGrocery_8098929
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4216
  • com.wRoyalGrocery_8098929:Metrica
    1⤵
    • Checks if the Android device is rooted.
    • Queries information about running processes on the device
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4282

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.wRoyalGrocery_8098929/files/ZPkFS.log

    Filesize

    20KB

    MD5

    f22019f4499653f59b36f4bedf88e32e

    SHA1

    be5ed537efa236e52043c0e4ff51d4663fe95797

    SHA256

    79540a459588fad7187d5a0293e1e556a773d49d5f8bcb8df3f94e5ca2aba1d0

    SHA512

    b21879ec035ae7afea716dd5f8819faccc0e983f26d5520ae99ad9fed2491195c11362bb5f36e7e226dffbb470b73538b579cae5e050cbb307d6bf7aa5f61619

  • /data/user/0/com.wRoyalGrocery_8098929/no_backup/credentials.dat

    Filesize

    235B

    MD5

    5e5fa3d52da5fb3b278a1353a3698aec

    SHA1

    2beb4d4bd43b8383e2b6fc94eac52e2c8c4f79bd

    SHA256

    fe8116349344d47bfb7d78673ea09ef6cffa769a607a66eb356e08e3e018fbe6

    SHA512

    41b149874fe6d957c0f32d3683eaa171a7d6fdafdd26391909fa25aa3d9fbae64fabef81020522ad89581d291920b026a8168c6d3797956b0ff7af6f199aa50b

  • /data/user/0/com.wRoyalGrocery_8098929/no_backup/db_metrica_com.wRoyalGrocery_8098929

    Filesize

    36KB

    MD5

    e90aed881c2c866d982a31b7ea892247

    SHA1

    271e59054dab0a879d2c2cb1961840ecb5ac0e94

    SHA256

    f27b2b0f4e0c9fb448898022d6065a30c0be146ad4fc81c83a8addf4a7cb5532

    SHA512

    72335e456e24c39abfa5ed6c4316ca21c12b3a6e1960aa5de2bec0bf05e18a5778106f8d18d9131415d39eb74f7bd1cf2be1e3b4f95d32fbc838d886db535ac4

  • /data/user/0/com.wRoyalGrocery_8098929/no_backup/db_metrica_com.wRoyalGrocery_8098929-journal

    Filesize

    20KB

    MD5

    d0fefc5ff40c7f2fe2049a24c6d0f04e

    SHA1

    28f21f2193757d7dab8e228830ea906feb86b5e5

    SHA256

    e39bb01a9caff7997d7a8447497df6ddfd7271c13f3622fc0026837b53ec1e0e

    SHA512

    d590c8a065174b789ecd57de63648f656afce07fc1d17608e3cb09f660b32f24364f3856ffdf91c7c88e93545956774d74db8ac46d24f69157a4c8b3d0f293c5

  • /data/user/0/com.wRoyalGrocery_8098929/no_backup/db_metrica_com.wRoyalGrocery_8098929-journal

    Filesize

    20KB

    MD5

    1097037b0c1b686bd8bd57d76d1ce7f3

    SHA1

    c308ea1f0a1bb46bc20c325eb7587f943ba54962

    SHA256

    42f083e2a8dabb60fcfffc42a304e629385d71debc6f2425167575e229687057

    SHA512

    52c6fe96dc1c7ce69e100e8f60e960c4ab4c4390d9b4142c4406f67941b6e913090bd36b3c2554eaaaf3a409e439b606b31c61a658b382cf4b9ceaa9789fa310

  • /data/user/0/com.wRoyalGrocery_8098929/no_backup/db_metrica_com.wRoyalGrocery_8098929-journal

    Filesize

    8KB

    MD5

    51ab7c2e32a02e7efe1d56f27172eb45

    SHA1

    24ddb77c539b3d1a04dec3d0082ee846f1200200

    SHA256

    99a7d80287224d7b7099106461f5104c1d9b0bd9dfe174a92483bae9174fba56

    SHA512

    0540332b1c0d88dbd72650955167dc336694861e1775c60e5d17daae34bf94c1299e6eb708003d492d5a019909782b083d1f6833904726dacb314af8b5ae0726

  • /data/user/0/com.wRoyalGrocery_8098929/no_backup/db_metrica_com.wRoyalGrocery_8098929-journal

    Filesize

    12KB

    MD5

    afd650c8ba333aefd8ee7bfe7de99598

    SHA1

    0ad730cac4e75449552e03585cab2526aed77cb9

    SHA256

    478d87b0219fbf479180fe8b6e09b2b221a6c48151393c108a3e194462413799

    SHA512

    4758a93316fcf523b568e02e635155d18075f0b601d818918b1eb202840d55dc9832d408fa43426e5786202322c9fecea2044871be91bffb82518b0a0d16e4bb

  • /data/user/0/com.wRoyalGrocery_8098929/no_backup/db_metrica_com.wRoyalGrocery_8098929-journal

    Filesize

    8KB

    MD5

    d1e6d8a82951e10542e349e5d61f5a00

    SHA1

    d05a34a524ed62a8eaee2740c10dd4144dd81042

    SHA256

    1ce51272c38848dee4949fa24dc85453432c3afcab741c6b430eac3b9f0cae97

    SHA512

    c2add1502e0bf808f069a7ba4c69fa2391aee1462ab3bb19993c2aa11a54acd6a4228d3a79f2bb8474d7b91cc3850acca50ced49d261f9814e57ae286997e4e4

  • /data/user/0/com.wRoyalGrocery_8098929/no_backup/db_metrica_com.wRoyalGrocery_8098929-journal

    Filesize

    12KB

    MD5

    87619c72c0531bde12f9d16614ff9cc0

    SHA1

    9b3b499febbe731ce7cab3f0dd7880521112520e

    SHA256

    c5cecfdbfff5666a957173fb0ce2cfc06f109cec27637deb17d3c1af5bd9a520

    SHA512

    7279008041a1b464960ed4e31f9b48d0226960db04249c73541177fc3339d8c91e0786468ba41edbe89d6b779fef9616e02a091888e4fb3d1bd3e0653277a1ad

  • /data/user/0/com.wRoyalGrocery_8098929/no_backup/db_metrica_com.wRoyalGrocery_8098929_20799a27-fa80-4b36-b2db-0f8141f24180

    Filesize

    36KB

    MD5

    891763a987e0dbf2468f5e486919f5f1

    SHA1

    231bed4c310b1bbdce6dcfd1df95a3ae7026438b

    SHA256

    fea4e20a7a868c421b1b8f58c0c46fd5b30b9212f6dd2f05493d57d5c044dee1

    SHA512

    4a369a0ab1f126aa5abe50239a4c09071aa1d61520bbaa5d7e8d3cbe3de8a88ea3532e5489e57ecfbbdd566c2ae0b091050259ce541792a9a22e06912a7b5fc7

  • /data/user/0/com.wRoyalGrocery_8098929/no_backup/db_metrica_com.wRoyalGrocery_8098929_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    512B

    MD5

    3744849e5924addb4cf210cde83568de

    SHA1

    9e633022ac929e5698eec069d20d59c5a3fa1cb5

    SHA256

    471313ffdffbe4de7469c86b879f465befc0af111414b0f374ea5f3497b9b4ea

    SHA512

    88140636d2013b7bd093ca20d7ca905b190738c6f95d7bc2055e7a021c8fadfbf66498078a92551d50a77fd64be61c367dd2d8d49c5912d289d5eacacd5a631e

  • /data/user/0/com.wRoyalGrocery_8098929/no_backup/db_metrica_com.wRoyalGrocery_8098929_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    8KB

    MD5

    a271f1e6e3844282db0c0da5b5d610f0

    SHA1

    e57038f9393733496448e482ce3a65829818e6da

    SHA256

    fdaff121b163afc8d1b6f841a0eb29b3727cc750bc4f8698cfba1a26789cf712

    SHA512

    2493dcb1d908373b30890566a4ca4f9ea05c3dad320fdc497e7af24ef5072134a50f98aa79497901a0238b460e9a2a7eaa08bf7cd797b582b79b3c4cd33a263e

  • /data/user/0/com.wRoyalGrocery_8098929/no_backup/db_metrica_com.wRoyalGrocery_8098929_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    8KB

    MD5

    f590272305e3e03569ca78c9aed587f8

    SHA1

    18b2329209534401766b4603904fb28e2b9bdc7e

    SHA256

    bec12266192399268b4176b4aaebfc82e72f1dd8a8ce8ab099a26c74993e09aa

    SHA512

    addf51b0b65ed94eb0957aba7a83745c6829538b43f674dc2962e9e1838377afeacba410fa65082eeba75bf6768b152e34334d7042b51abf214452d4c36e10bf

  • /data/user/0/com.wRoyalGrocery_8098929/no_backup/db_metrica_com.wRoyalGrocery_8098929_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    12KB

    MD5

    d49908b0a446821ffc3f232c23232577

    SHA1

    386b641c47b08ee9c86dc9a53aacedc76bae3c09

    SHA256

    878d5d2e504134be860695f76d3091e89e0a69687150fa51f19a502599c7149a

    SHA512

    09ec1aabbe99446932a7231a4dc0ff927427fb2a246a87c135260004e3eb0e7db6b51f56f3b271ea58de0d1f1c8b207d0e449ae5223401f2a0bac6d04bc43e70

  • /data/user/0/com.wRoyalGrocery_8098929/no_backup/db_metrica_com.wRoyalGrocery_8098929_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    12KB

    MD5

    69097f294e1dea1110d89ded94c1358f

    SHA1

    d96e3d16e3d1f80ee1adbead0e2730833751c05f

    SHA256

    b0b14332cf5d71acd125904f95919230f76ad5dbd447b618f2cf53203d84f913

    SHA512

    66f2b5b051da7689b1449348b4f6b6b9358a4eda188d96a5cf5900c00ccc403aca62bdad14f091651c5d3f837fa4f08b065bba9f593ffbf8d88a7bd10246d732

  • /data/user/0/com.wRoyalGrocery_8098929/no_backup/db_metrica_com.wRoyalGrocery_8098929_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    12KB

    MD5

    727558500e8c032c948a18eb26b7fe72

    SHA1

    b4e0bbf390babda54f7308d137434d80cdf4fa3f

    SHA256

    39980f89a9271356b66586915dac43246ee4ca02f5f1711aae7753df867af368

    SHA512

    02b85cc163b9fecb30672488253303d6398ae183db0bb1c057206bb6da8081a3787ef3af535fbfce3f3160220bda0b3eb4c4db94289616f50a27c5dc7bca03d0

  • /data/user/0/com.wRoyalGrocery_8098929/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    8bcbf89b7702546ac1ed84394d3be359

    SHA1

    61061b61e250e25e9650b790d55f4fdea4cfdee7

    SHA256

    d492c98e7723ac49d4542c5049a49b4d75df34bd8f8ffe91040f3accb11df53d

    SHA512

    14b29e65ae8f12557be450e31337fd5651c8326de70991add690661f47d6619a566ca28251cb749cee01fb9c00442bea4e5cd3d24bfd5ef5aa183947cda15822

  • /data/user/0/com.wRoyalGrocery_8098929/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    0066dab59a877d8cf5af6b2ec7af4c04

    SHA1

    2d2539dea178f906e50d90c229381fefb2ad6856

    SHA256

    46014a83efa7bee4d037f2a8a8faefb2bc302f31f26b95afeb6c33f56e105aac

    SHA512

    d03c780c008015b3662f33d1aec4042bb2b473cd6b3cd38e8c4512bba58cd8c670e02cb9f795d038b1faf68beab37976dbf2a36b22dba1722dbf11667b9094f8

  • /data/user/0/com.wRoyalGrocery_8098929/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    c2ebd993f194d2f2beb14c315308ff64

    SHA1

    4130202bd86c6bff0ebeaec5833337b08656d246

    SHA256

    44335e368723a658ee5c8f707c4239780906ae95ba1dbb06b8a8c67810af286a

    SHA512

    570e1687eca0293b73f1db9e13971b011181f91655edfa85decdc6d41b6c33a1e0e7479eb6e8b4b47e891bc8717ad720fb8601b02931bd2b383ff9785150117f

  • /data/user/0/com.wRoyalGrocery_8098929/no_backup/metrica_client_data.db-journal

    Filesize

    8KB

    MD5

    73c210dcfa4264f9824e8a2dd92440a9

    SHA1

    41ba89fdeee7b0093404df399ae06a236f10261f

    SHA256

    103245bd0ee8b515372a402e8398559277d0c53f0b5d70a0c42eb391f06536c2

    SHA512

    6daa548a63f25089c126c8ef53dfa6166961cf5bec1fc2a2feb895c7e35ea480bdb6896a46973de1122a552c041e706a8d44f01cbe94e1a157f5707a6c9e6051

  • /data/user/0/com.wRoyalGrocery_8098929/no_backup/metrica_client_data.db-journal

    Filesize

    8KB

    MD5

    4682f731f1201f3cea12fb91248287eb

    SHA1

    59485e6a5a6fb7633b3e5c5c7380513fcc8d599e

    SHA256

    cabb5258b4159281a8cb68a01e01536c45b08565278f89438cd2b986ca7f2b33

    SHA512

    e5032ca9684ef3506c4aeed7127959b64fe6820f66217347cdedbb5ae54895d39008d6e4af83807d36ad18fc5ba6821d24f286c6bb6208fe39fef26b9a972409

  • /data/user/0/com.wRoyalGrocery_8098929/no_backup/metrica_client_data.db-journal

    Filesize

    12KB

    MD5

    d5ff04e49aa3e075d7d04538d997ce11

    SHA1

    bada464fa4ed93aa9d8ecf003ece21ed38a1771c

    SHA256

    9648bf28915226cf6dd39dd33ba0fd0dffdff09ef8d1305ead118a45eecb4ce7

    SHA512

    c500f71bd885a84915b793e155d3e9586a43892adf983395d54701c12246b1c35a42f0d0dfc03f198ae554456c7ac6b2d4378ff48f2a516f68c15ea66555241b

  • /data/user/0/com.wRoyalGrocery_8098929/no_backup/metrica_client_data.db-journal

    Filesize

    12KB

    MD5

    50ff5bc9a2d6fefb15e3f33c1e46ceca

    SHA1

    29fcb41fd8acfee1dc534367021f1e3fd92fd97b

    SHA256

    5b346368f711a7a6b32838eccc75b38087ec3f066998b6241408ad674668455e

    SHA512

    2cabd99612fe1c47b6fadbf6c457568fadecad853cded14536cfd5f16b2edf1bf6df54baf908ade81b1e74bad67ebd1efb15f7e444beb55ea67b3d07845e9d1a

  • /data/user/0/com.wRoyalGrocery_8098929/no_backup/metrica_client_data.db-journal

    Filesize

    12KB

    MD5

    19e911c65a5ae918514d64d540f5160a

    SHA1

    8f1695abbc49fc40ae4b96950862a17cb634de40

    SHA256

    4e02041d8a5131794603d6a4d18f05500ff884e06774dd957672ac974a302939

    SHA512

    a6975d3d381c281bdd23ea062a77c15623712c90de403bf12d06008543df1e5f46d506fc379e556bb3f392a8cf1150f089a3baa788c1911e5703a424cd8b568a

  • /data/user/0/com.wRoyalGrocery_8098929/no_backup/metrica_data.db

    Filesize

    44KB

    MD5

    c448c1f71ddb0959a00c82e073294cf8

    SHA1

    65b3b61ffd294f8504d9bef52b27ad16b2b84f58

    SHA256

    3a8e3cb1dbe1a6738541e2914faf9bdb59cab9b365bbdc908b1ea346f5735d4e

    SHA512

    1d63c415cfb8118678cfad6ccb85a09ef88c7aac03d8868b0ccd19652e50551fddb114e3cebca8e911446ac4337a7c906d4843b34342f97f3368070656aa9db4

  • /data/user/0/com.wRoyalGrocery_8098929/no_backup/metrica_data.db-journal

    Filesize

    12KB

    MD5

    91f10f29fc676cccba651c5361d0f188

    SHA1

    16f45b22f067b66f314fe5a54cc9c7d344e298e7

    SHA256

    3d138cb0669c74a48f0b2b50526e4f135723c12a31d19ead533fb6440d910c1c

    SHA512

    c34b5b0d104943bce09d7c9e33a38f1842b37b219d7275ccfddfb80d1f010fd8c3b064a82e9f6a70de4ba7460e52d5470079885c0126babd1c98bfdd28eae545