Analysis
-
max time kernel
175s -
max time network
171s -
platform
android_x64 -
resource
android-33-x64-arm64-20240603-en -
resource tags
androidarch:arm64arch:x64image:android-33-x64-arm64-20240603-enlocale:en-usos:android-13-x64system -
submitted
05-06-2024 18:13
Static task
static1
Behavioral task
behavioral1
Sample
98e2bfe512283b86a8eb13d6868149df_JaffaCakes118.apk
Resource
android-x86-arm-20240603-en
Behavioral task
behavioral2
Sample
98e2bfe512283b86a8eb13d6868149df_JaffaCakes118.apk
Resource
android-33-x64-arm64-20240603-en
General
-
Target
98e2bfe512283b86a8eb13d6868149df_JaffaCakes118.apk
-
Size
3.9MB
-
MD5
98e2bfe512283b86a8eb13d6868149df
-
SHA1
3ea5a9da21b003663ac7409e0da321c56bbfbdc2
-
SHA256
b308e2f74a8b380629eb7b219960c7caae020491a6d40d143472c89423b229bd
-
SHA512
eb2adb1f0c14cb4fa843542dd4a0511d2fd51cc9ffbabb62fe6389f9d822b33e50a1994c0ea66065d2826a26c517190626fa8f0c5cfb6e0ca8cf16a4db281a4c
-
SSDEEP
98304:pZnuJaIxkySoUpIB2IsiKGEIpCCOeVSJReccU0YYpNt5gKE7:pYDzeU/XEJCXSknUZK5C
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 3 IoCs
ioc Process /system/app/Superuser.apk com.wRoyalGrocery_8098929:Metrica /sbin/su com.wRoyalGrocery_8098929:Metrica /system/bin/su com.wRoyalGrocery_8098929:Metrica -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.wRoyalGrocery_8098929 Framework service call android.app.IActivityManager.getRunningAppProcesses com.wRoyalGrocery_8098929:Metrica -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.wRoyalGrocery_8098929 -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Schedules tasks to execute at a specified time 1 TTPs 2 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule com.wRoyalGrocery_8098929 Framework service call android.app.job.IJobScheduler.schedule com.wRoyalGrocery_8098929:Metrica -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.wRoyalGrocery_8098929:Metrica Framework API call javax.crypto.Cipher.doFinal com.wRoyalGrocery_8098929
Processes
-
com.wRoyalGrocery_80989291⤵
- Queries information about running processes on the device
- Queries information about active data network
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4216
-
com.wRoyalGrocery_8098929:Metrica1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4282
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
20KB
MD5f22019f4499653f59b36f4bedf88e32e
SHA1be5ed537efa236e52043c0e4ff51d4663fe95797
SHA25679540a459588fad7187d5a0293e1e556a773d49d5f8bcb8df3f94e5ca2aba1d0
SHA512b21879ec035ae7afea716dd5f8819faccc0e983f26d5520ae99ad9fed2491195c11362bb5f36e7e226dffbb470b73538b579cae5e050cbb307d6bf7aa5f61619
-
Filesize
235B
MD55e5fa3d52da5fb3b278a1353a3698aec
SHA12beb4d4bd43b8383e2b6fc94eac52e2c8c4f79bd
SHA256fe8116349344d47bfb7d78673ea09ef6cffa769a607a66eb356e08e3e018fbe6
SHA51241b149874fe6d957c0f32d3683eaa171a7d6fdafdd26391909fa25aa3d9fbae64fabef81020522ad89581d291920b026a8168c6d3797956b0ff7af6f199aa50b
-
Filesize
36KB
MD5e90aed881c2c866d982a31b7ea892247
SHA1271e59054dab0a879d2c2cb1961840ecb5ac0e94
SHA256f27b2b0f4e0c9fb448898022d6065a30c0be146ad4fc81c83a8addf4a7cb5532
SHA51272335e456e24c39abfa5ed6c4316ca21c12b3a6e1960aa5de2bec0bf05e18a5778106f8d18d9131415d39eb74f7bd1cf2be1e3b4f95d32fbc838d886db535ac4
-
Filesize
20KB
MD5d0fefc5ff40c7f2fe2049a24c6d0f04e
SHA128f21f2193757d7dab8e228830ea906feb86b5e5
SHA256e39bb01a9caff7997d7a8447497df6ddfd7271c13f3622fc0026837b53ec1e0e
SHA512d590c8a065174b789ecd57de63648f656afce07fc1d17608e3cb09f660b32f24364f3856ffdf91c7c88e93545956774d74db8ac46d24f69157a4c8b3d0f293c5
-
Filesize
20KB
MD51097037b0c1b686bd8bd57d76d1ce7f3
SHA1c308ea1f0a1bb46bc20c325eb7587f943ba54962
SHA25642f083e2a8dabb60fcfffc42a304e629385d71debc6f2425167575e229687057
SHA51252c6fe96dc1c7ce69e100e8f60e960c4ab4c4390d9b4142c4406f67941b6e913090bd36b3c2554eaaaf3a409e439b606b31c61a658b382cf4b9ceaa9789fa310
-
Filesize
8KB
MD551ab7c2e32a02e7efe1d56f27172eb45
SHA124ddb77c539b3d1a04dec3d0082ee846f1200200
SHA25699a7d80287224d7b7099106461f5104c1d9b0bd9dfe174a92483bae9174fba56
SHA5120540332b1c0d88dbd72650955167dc336694861e1775c60e5d17daae34bf94c1299e6eb708003d492d5a019909782b083d1f6833904726dacb314af8b5ae0726
-
Filesize
12KB
MD5afd650c8ba333aefd8ee7bfe7de99598
SHA10ad730cac4e75449552e03585cab2526aed77cb9
SHA256478d87b0219fbf479180fe8b6e09b2b221a6c48151393c108a3e194462413799
SHA5124758a93316fcf523b568e02e635155d18075f0b601d818918b1eb202840d55dc9832d408fa43426e5786202322c9fecea2044871be91bffb82518b0a0d16e4bb
-
Filesize
8KB
MD5d1e6d8a82951e10542e349e5d61f5a00
SHA1d05a34a524ed62a8eaee2740c10dd4144dd81042
SHA2561ce51272c38848dee4949fa24dc85453432c3afcab741c6b430eac3b9f0cae97
SHA512c2add1502e0bf808f069a7ba4c69fa2391aee1462ab3bb19993c2aa11a54acd6a4228d3a79f2bb8474d7b91cc3850acca50ced49d261f9814e57ae286997e4e4
-
Filesize
12KB
MD587619c72c0531bde12f9d16614ff9cc0
SHA19b3b499febbe731ce7cab3f0dd7880521112520e
SHA256c5cecfdbfff5666a957173fb0ce2cfc06f109cec27637deb17d3c1af5bd9a520
SHA5127279008041a1b464960ed4e31f9b48d0226960db04249c73541177fc3339d8c91e0786468ba41edbe89d6b779fef9616e02a091888e4fb3d1bd3e0653277a1ad
-
/data/user/0/com.wRoyalGrocery_8098929/no_backup/db_metrica_com.wRoyalGrocery_8098929_20799a27-fa80-4b36-b2db-0f8141f24180
Filesize36KB
MD5891763a987e0dbf2468f5e486919f5f1
SHA1231bed4c310b1bbdce6dcfd1df95a3ae7026438b
SHA256fea4e20a7a868c421b1b8f58c0c46fd5b30b9212f6dd2f05493d57d5c044dee1
SHA5124a369a0ab1f126aa5abe50239a4c09071aa1d61520bbaa5d7e8d3cbe3de8a88ea3532e5489e57ecfbbdd566c2ae0b091050259ce541792a9a22e06912a7b5fc7
-
/data/user/0/com.wRoyalGrocery_8098929/no_backup/db_metrica_com.wRoyalGrocery_8098929_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize512B
MD53744849e5924addb4cf210cde83568de
SHA19e633022ac929e5698eec069d20d59c5a3fa1cb5
SHA256471313ffdffbe4de7469c86b879f465befc0af111414b0f374ea5f3497b9b4ea
SHA51288140636d2013b7bd093ca20d7ca905b190738c6f95d7bc2055e7a021c8fadfbf66498078a92551d50a77fd64be61c367dd2d8d49c5912d289d5eacacd5a631e
-
/data/user/0/com.wRoyalGrocery_8098929/no_backup/db_metrica_com.wRoyalGrocery_8098929_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize8KB
MD5a271f1e6e3844282db0c0da5b5d610f0
SHA1e57038f9393733496448e482ce3a65829818e6da
SHA256fdaff121b163afc8d1b6f841a0eb29b3727cc750bc4f8698cfba1a26789cf712
SHA5122493dcb1d908373b30890566a4ca4f9ea05c3dad320fdc497e7af24ef5072134a50f98aa79497901a0238b460e9a2a7eaa08bf7cd797b582b79b3c4cd33a263e
-
/data/user/0/com.wRoyalGrocery_8098929/no_backup/db_metrica_com.wRoyalGrocery_8098929_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize8KB
MD5f590272305e3e03569ca78c9aed587f8
SHA118b2329209534401766b4603904fb28e2b9bdc7e
SHA256bec12266192399268b4176b4aaebfc82e72f1dd8a8ce8ab099a26c74993e09aa
SHA512addf51b0b65ed94eb0957aba7a83745c6829538b43f674dc2962e9e1838377afeacba410fa65082eeba75bf6768b152e34334d7042b51abf214452d4c36e10bf
-
/data/user/0/com.wRoyalGrocery_8098929/no_backup/db_metrica_com.wRoyalGrocery_8098929_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize12KB
MD5d49908b0a446821ffc3f232c23232577
SHA1386b641c47b08ee9c86dc9a53aacedc76bae3c09
SHA256878d5d2e504134be860695f76d3091e89e0a69687150fa51f19a502599c7149a
SHA51209ec1aabbe99446932a7231a4dc0ff927427fb2a246a87c135260004e3eb0e7db6b51f56f3b271ea58de0d1f1c8b207d0e449ae5223401f2a0bac6d04bc43e70
-
/data/user/0/com.wRoyalGrocery_8098929/no_backup/db_metrica_com.wRoyalGrocery_8098929_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize12KB
MD569097f294e1dea1110d89ded94c1358f
SHA1d96e3d16e3d1f80ee1adbead0e2730833751c05f
SHA256b0b14332cf5d71acd125904f95919230f76ad5dbd447b618f2cf53203d84f913
SHA51266f2b5b051da7689b1449348b4f6b6b9358a4eda188d96a5cf5900c00ccc403aca62bdad14f091651c5d3f837fa4f08b065bba9f593ffbf8d88a7bd10246d732
-
/data/user/0/com.wRoyalGrocery_8098929/no_backup/db_metrica_com.wRoyalGrocery_8098929_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize12KB
MD5727558500e8c032c948a18eb26b7fe72
SHA1b4e0bbf390babda54f7308d137434d80cdf4fa3f
SHA25639980f89a9271356b66586915dac43246ee4ca02f5f1711aae7753df867af368
SHA51202b85cc163b9fecb30672488253303d6398ae183db0bb1c057206bb6da8081a3787ef3af535fbfce3f3160220bda0b3eb4c4db94289616f50a27c5dc7bca03d0
-
Filesize
20KB
MD58bcbf89b7702546ac1ed84394d3be359
SHA161061b61e250e25e9650b790d55f4fdea4cfdee7
SHA256d492c98e7723ac49d4542c5049a49b4d75df34bd8f8ffe91040f3accb11df53d
SHA51214b29e65ae8f12557be450e31337fd5651c8326de70991add690661f47d6619a566ca28251cb749cee01fb9c00442bea4e5cd3d24bfd5ef5aa183947cda15822
-
Filesize
20KB
MD50066dab59a877d8cf5af6b2ec7af4c04
SHA12d2539dea178f906e50d90c229381fefb2ad6856
SHA25646014a83efa7bee4d037f2a8a8faefb2bc302f31f26b95afeb6c33f56e105aac
SHA512d03c780c008015b3662f33d1aec4042bb2b473cd6b3cd38e8c4512bba58cd8c670e02cb9f795d038b1faf68beab37976dbf2a36b22dba1722dbf11667b9094f8
-
Filesize
20KB
MD5c2ebd993f194d2f2beb14c315308ff64
SHA14130202bd86c6bff0ebeaec5833337b08656d246
SHA25644335e368723a658ee5c8f707c4239780906ae95ba1dbb06b8a8c67810af286a
SHA512570e1687eca0293b73f1db9e13971b011181f91655edfa85decdc6d41b6c33a1e0e7479eb6e8b4b47e891bc8717ad720fb8601b02931bd2b383ff9785150117f
-
Filesize
8KB
MD573c210dcfa4264f9824e8a2dd92440a9
SHA141ba89fdeee7b0093404df399ae06a236f10261f
SHA256103245bd0ee8b515372a402e8398559277d0c53f0b5d70a0c42eb391f06536c2
SHA5126daa548a63f25089c126c8ef53dfa6166961cf5bec1fc2a2feb895c7e35ea480bdb6896a46973de1122a552c041e706a8d44f01cbe94e1a157f5707a6c9e6051
-
Filesize
8KB
MD54682f731f1201f3cea12fb91248287eb
SHA159485e6a5a6fb7633b3e5c5c7380513fcc8d599e
SHA256cabb5258b4159281a8cb68a01e01536c45b08565278f89438cd2b986ca7f2b33
SHA512e5032ca9684ef3506c4aeed7127959b64fe6820f66217347cdedbb5ae54895d39008d6e4af83807d36ad18fc5ba6821d24f286c6bb6208fe39fef26b9a972409
-
Filesize
12KB
MD5d5ff04e49aa3e075d7d04538d997ce11
SHA1bada464fa4ed93aa9d8ecf003ece21ed38a1771c
SHA2569648bf28915226cf6dd39dd33ba0fd0dffdff09ef8d1305ead118a45eecb4ce7
SHA512c500f71bd885a84915b793e155d3e9586a43892adf983395d54701c12246b1c35a42f0d0dfc03f198ae554456c7ac6b2d4378ff48f2a516f68c15ea66555241b
-
Filesize
12KB
MD550ff5bc9a2d6fefb15e3f33c1e46ceca
SHA129fcb41fd8acfee1dc534367021f1e3fd92fd97b
SHA2565b346368f711a7a6b32838eccc75b38087ec3f066998b6241408ad674668455e
SHA5122cabd99612fe1c47b6fadbf6c457568fadecad853cded14536cfd5f16b2edf1bf6df54baf908ade81b1e74bad67ebd1efb15f7e444beb55ea67b3d07845e9d1a
-
Filesize
12KB
MD519e911c65a5ae918514d64d540f5160a
SHA18f1695abbc49fc40ae4b96950862a17cb634de40
SHA2564e02041d8a5131794603d6a4d18f05500ff884e06774dd957672ac974a302939
SHA512a6975d3d381c281bdd23ea062a77c15623712c90de403bf12d06008543df1e5f46d506fc379e556bb3f392a8cf1150f089a3baa788c1911e5703a424cd8b568a
-
Filesize
44KB
MD5c448c1f71ddb0959a00c82e073294cf8
SHA165b3b61ffd294f8504d9bef52b27ad16b2b84f58
SHA2563a8e3cb1dbe1a6738541e2914faf9bdb59cab9b365bbdc908b1ea346f5735d4e
SHA5121d63c415cfb8118678cfad6ccb85a09ef88c7aac03d8868b0ccd19652e50551fddb114e3cebca8e911446ac4337a7c906d4843b34342f97f3368070656aa9db4
-
Filesize
12KB
MD591f10f29fc676cccba651c5361d0f188
SHA116f45b22f067b66f314fe5a54cc9c7d344e298e7
SHA2563d138cb0669c74a48f0b2b50526e4f135723c12a31d19ead533fb6440d910c1c
SHA512c34b5b0d104943bce09d7c9e33a38f1842b37b219d7275ccfddfb80d1f010fd8c3b064a82e9f6a70de4ba7460e52d5470079885c0126babd1c98bfdd28eae545