Analysis

  • max time kernel
    177s
  • max time network
    157s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    12-06-2024 12:35

General

  • Target

    a0afa1db0734de8050df151ad4c92357_JaffaCakes118.apk

  • Size

    18.6MB

  • MD5

    a0afa1db0734de8050df151ad4c92357

  • SHA1

    86a9ee4ae1804fe5bb460e622cc12ac55b1ceff4

  • SHA256

    4d1e6be467d6d8ae1ecd19fae94281a2e0e75dd7d74afc50646f79eee1a0251e

  • SHA512

    61393a3268e9f3e533b8395b32727e1d0474e00f9fad4a0969df028c0ee04b8733a645db09401a05777e7a3cb251e58569f153acb764ccd52fee22420946c95a

  • SSDEEP

    393216:9byYrbvXadZtNZQLsSDdbI4cmWhaOVJF7ca6Q2Q698N3cSinK/VSCKd:pyYfvXQ3ZbSh+cQ69o3cSIK/VTKd

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 3 IoCs
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

  • Requests cell location 2 TTPs 2 IoCs

    Uses Android APIs to to get current cell location.

  • Queries information about active data network 1 TTPs 2 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.wTheOldWitch_7675058
    1⤵
    • Checks if the Android device is rooted.
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:4265
  • com.wTheOldWitch_7675058:Metrica
    1⤵
    • Checks if the Android device is rooted.
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4392

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.wTheOldWitch_7675058/cache/volley/-694382621281852850

    Filesize

    32KB

    MD5

    dfd10357863183307e72ce8e1a205530

    SHA1

    bf1556d8ee152a4307ecd149d6d0c72ee23cef01

    SHA256

    2d4be46195d6f7ed3d35e1436877202110fae26052955816e1a9ced0c39227e2

    SHA512

    63c8ca1f3ecbeb6d1b0d0d54fff927420ff1e6f15077a4d8a6063800e7873ac326552435b62c955077d27fe564181ea8afe51a097f79c47e1e548f10aa44af93

  • /data/data/com.wTheOldWitch_7675058/cache/volley/5917902771060619102

    Filesize

    32KB

    MD5

    d42dc9d3791650dce48458b9d7d07e19

    SHA1

    01a2ed71362d758e48ef4377cdf9466e2f2e6186

    SHA256

    4572fa51b61a65cb768b03d694fa5321bc4bc8b3dab0e703500597c07fbccbc7

    SHA512

    aaf5b9b9e01e0efaf33c2abf17f00f064b216e74c5fb9938d9d3c136125d4d7b750a013c3a692bd852e56f424aa80770456fd411d2654ef10bfba67b27dcbeb7

  • /data/data/com.wTheOldWitch_7675058/databases/OneSignal.db

    Filesize

    8KB

    MD5

    9a553921b377e8f951daf2cbf7996b3e

    SHA1

    8690f69bb7aa45a10711fb34bd1726e4363bdadc

    SHA256

    9cd42d2e9d42c9018f7e23bbc7cc0b8cbe6134ecbd517179a5b7324c02929d43

    SHA512

    d17614230d45ca610a2fc0efd89f236b50f8570229b01f8fa2f0128829d6ab8121e6753039a376f5558f940c6c84a420d47c78ed2e9584ebc0ee7408159bafe6

  • /data/data/com.wTheOldWitch_7675058/databases/OneSignal.db-journal

    Filesize

    20KB

    MD5

    89b9347e919d25b8051334b2aa33b2de

    SHA1

    e36e43c609211ede5788b7e72a656e62bd04e5f4

    SHA256

    2f3b62be87ad3cd6479a3c732d3609393af61e5978bf48aaaa6a4c5d0d8e6ece

    SHA512

    d5eca1edf987a5b7f5f15e5a3bd2b813d5fdfeafd14d254e79dddc1dd29915315d74f1b13ad0ebc62e989ef9a1d454f9dde16c794533391d51addbdd2fc245b2

  • /data/data/com.wTheOldWitch_7675058/databases/OneSignal.db-wal

    Filesize

    32KB

    MD5

    bd66dcb46a0161e61ae0656f74dc4b24

    SHA1

    cea62a292dd67b883b867ef4e32eb182475e7556

    SHA256

    c7f36c868d8e37c9d2dce66c6bdf9278fb26c538ae3be032bf71fbfed70990a2

    SHA512

    bd5b1726acb8a28dc95998d57cda7abe27a15b9e2887302644b5c97bbe06f741d2bf6881fbc80a9421b55df814281c9e3b70989da38a6fb92c444256ec0612ce

  • /data/data/com.wTheOldWitch_7675058/databases/db467

    Filesize

    40KB

    MD5

    94827aab6dc02dfe9606e91f844a96d4

    SHA1

    01ede4ded508436374784ade4c68d8a6a7b02ed1

    SHA256

    a50ffdf4137770355df34c94d3eb1edfe9567cc903e68eef3c0457172dc3fb39

    SHA512

    068ca063b75dfda9344bff4cc5b60d0c86b5855f382f1730a735c2a7b26ea3fd770230d3911a7c40b614740069eca398f2c4285ab0d866be06c09a15a15cd3fa

  • /data/data/com.wTheOldWitch_7675058/databases/db467

    Filesize

    36KB

    MD5

    967575234b8a9e064eac2e069293db56

    SHA1

    61f34022f97b2b9fc4b8d265d45b2e8fb740ad61

    SHA256

    47fa9c9724b4065cea8afc5db3109462b7ededdeadc43506ae7ed3797f7a853f

    SHA512

    2e1957b228dccfded29fc9102b8f5cf267bacbd13b73a4bce595f9bc861eb7a29f33e18ec71688643595d988fb68ff33691169a3d444c2b2b5132bbd545f3a64

  • /data/data/com.wTheOldWitch_7675058/databases/db467

    Filesize

    406KB

    MD5

    9d2149a632962978a7a1eecdb5c4e474

    SHA1

    6037af9538023521fb79e7d64372f6e6824e7196

    SHA256

    838ae406231aabdea2305ee5567eb7645d035ea88b0106e210dd3e77601e6eb5

    SHA512

    a4dd23d48be3b3dfdedabaf31c654cf9ae91db0a996a3a831c29d149c5a7e77a52957b54a5e7c4fca8de9cf00957c4cc18a361c72cef6975af9fb021128828cb

  • /data/data/com.wTheOldWitch_7675058/databases/db467

    Filesize

    40KB

    MD5

    dd42a7643c383f6aa383ae34bdc529c5

    SHA1

    f4fbb1d60628710adf8a17522f9d332ad1e3be3e

    SHA256

    c4568291b733af50cb3843dda5e19d8380dd67a447cb168ea4fa2b7a60ee3c5a

    SHA512

    2cb5231ab240306c758cdf69e4ae5a7b63514b71d910ca90d18e0e1b6b8d84a713f9c0009681eda8a4f2aaad7e5cde336f85135e2dac2830adfc36fd74fc2d87

  • /data/data/com.wTheOldWitch_7675058/databases/db467

    Filesize

    40KB

    MD5

    3302e5513705acb31ed7c649c53a776c

    SHA1

    8b9162970d24954b2aa5002c86dce9df979f53ed

    SHA256

    9543aefaa155d586edb5dfa8797d4e8242e59b6e8b4ad5697d58c74a170a5d6a

    SHA512

    63b3de3fc12e338ae72c6b4b6ace1223be060a1cf19c32d81fe25f22ff49398a8378ddb899fb6c019be000d14c30b6352cd67e0b1fe434109f8b3cc7c44ad123

  • /data/data/com.wTheOldWitch_7675058/databases/db467-journal

    Filesize

    512B

    MD5

    5628cbe83e3ca8a32cc4a77f4875325e

    SHA1

    5ef7bc9a27b90ce4fe96b9d7ed047ba9c093dfea

    SHA256

    2295aab340c0080a0defbb0f2670d86c4fb3c691a19287f502867e344df77701

    SHA512

    8d082eb64ee9378dc84b88f55a79405726635c042523e5a666c1b13718bbbfdf5f914c5a3a777d9aa6faf80ce894d4a2c275c5e168adf35ce9666c570d47fb47

  • /data/data/com.wTheOldWitch_7675058/databases/db467-shm

    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.wTheOldWitch_7675058/databases/db467-wal

    Filesize

    52KB

    MD5

    2ad680933dd8f14effe04840f5fd377b

    SHA1

    c6fc0809ea57b9360715f3836fc18a73f6f02585

    SHA256

    00f17ba649bc3e4e33f76f47c0cff9b59ba0794fee160c7e84767590bfc55dad

    SHA512

    e18d89259a70a284157283d0926e56a60e9cb691e8a3aac02c2e4b6c6911d5f62f7cbd5adb3d4bf4bd41c125b8dabf34863300e67cba7e50e048053c6dfd84c1

  • /data/data/com.wTheOldWitch_7675058/databases/db467-wal

    Filesize

    32KB

    MD5

    85ffc36ad8667b955e418302c806161b

    SHA1

    c9deeb4704134cc888d30c26d966f7980225cef6

    SHA256

    a5e8c059bb1f2cabeeab33f435ffc726d250afb9386a67519bf84ec0393290e7

    SHA512

    b6a4fa99b7df0137c20eeb691aac424a2db1bf12981d82a2ad3a715580de499dd45494ca2aab901ceae6666d295e0481ac2b2995c5a5a841664d9921ddf7ca87

  • /data/data/com.wTheOldWitch_7675058/databases/db467-wal

    Filesize

    8KB

    MD5

    94a71b1b9498e4fa8952a6d37ff24a1b

    SHA1

    9e349c78a1893a3d5dbde7e1394d04b01ed8253f

    SHA256

    c35a5d4e3fbd17114eab1abc717c8b3865574e1debc30a2d93b7f8a90f08964c

    SHA512

    1c12288580947d12fc1a6661183c598d751a636ffa026c6aba7b7eae54f878ce2eb1d7c7905c478ea74b26d93659c1feb3533684e890e452e21aa7f5d6059500

  • /data/data/com.wTheOldWitch_7675058/databases/db467-wal

    Filesize

    8KB

    MD5

    20126044d6424c3369362708fe686a4b

    SHA1

    5067546588b873e8b3c93b6a3732577be7df5c8f

    SHA256

    d91b92b390b0b8bcc2ed528c617c96fe6767a188ab45db018426feb5046bc5db

    SHA512

    07939a00472ef6da44391031efb5a2aa8d3d364d18a7347a127bed0c5422c1ac349bccc93958732f074d6dfc503af1a5a96350d7a982e8bf00d8ec31f15a08b4

  • /data/data/com.wTheOldWitch_7675058/databases/db467-wal

    Filesize

    8KB

    MD5

    d540f98c45a0fdfb477725476117d0dc

    SHA1

    525ea8094677059330f8bd4da528777e99c0dbb2

    SHA256

    eb5591c2836f9d0b145a64186bf60602e03c54d5e3a34680486695a9e698f789

    SHA512

    c51b401a23f2a7561f9a5c495b4fb620b2bc7f87ce7c2d2336b5d2451bc66327547f1e318b38bee74d9d0d8361609b096e66b46255804761cccd94e8ddd0aa9a

  • /data/data/com.wTheOldWitch_7675058/files/data/appnext/videos/video-741148-15_o_1691532153.mp4.tmp

    Filesize

    3.8MB

    MD5

    ac8aa8b2c51df621404d4a947d521399

    SHA1

    6060c3cb17552ad9ca126e0eed34665df6f1f296

    SHA256

    2ea34f4b0a777d01c90e8a0040ccb62a210444a189d127065411fc156844bdf5

    SHA512

    35006e582f51264e2071e4e695bd8b02b6057bccb1ce16086f55f5b9f9ae9c1c9e41fbb0d5d02df69941c9cf168ecbb965ce00c185be8a60cefea19c5c4d5ab1

  • /data/data/com.wTheOldWitch_7675058/files/data/appnext/videos/video-752316-15_o_1708533133.mp4.tmp

    Filesize

    3.9MB

    MD5

    54c5a8e2736df861c1f2a42c91a750eb

    SHA1

    13cdf8d99809e9d1b131b2cb15e55f3fa6f4274a

    SHA256

    aab36846492a032ea9332529e3f1bb69c941fe177a3d309e580dba32810c56f3

    SHA512

    d0a02804293539d528370086a64064901be0929d557e23141cf6aec1ffeb4f258061afb78d93f999b63328de5f13d613ddbca88295886e2566c2ff9f8b0af4c7

  • /data/data/com.wTheOldWitch_7675058/files/webWidgetConfiguration

    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/com.wTheOldWitch_7675058/files/widgetsController

    Filesize

    908B

    MD5

    21c262bbe100f90b89a6a9685295f8ac

    SHA1

    f5c28d2866216122a49c07ee8e60f982d42d8266

    SHA256

    9a271bf47ac31d9862b31eb95eebe1366a914c07319d7e2cd19d9f4617d21a90

    SHA512

    7403af0c9b1a2f9ea0a06cb74bd16e65f567e573b2023112d4bdf9571eeae8f7807d2a958ba262532ed634d5746fa1534f25288ad238678d85832e950ee66171

  • /data/data/com.wTheOldWitch_7675058/no_backup/metrica_client_data.db

    Filesize

    148KB

    MD5

    075f5909df8260245814f0c0b0afe448

    SHA1

    206bf8ea9f10b1907378bcf5413a5d3565f3c5f5

    SHA256

    210cdb9e99f514168c2408ba437f240bd812b3b0162f26ed29ac383c71f603fa

    SHA512

    a0ba6cd4f02f4ddfe341135d86965cf8b8c28421f29532e50f352963f7eda68ba4c464416cafc1a27dc14bb38b7ff2a7da85aec1cc00b735d3cc31aeea9b947f

  • /data/data/com.wTheOldWitch_7675058/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    84e05be42d118d2e10887a16c9535b0a

    SHA1

    a5349a6f02dd79035a3bfa397875b4bc3bcb106f

    SHA256

    68207d184cf0b3f4abf91fc18d7917463ae20cc1cc45235e741f25752d99ad09

    SHA512

    ea5b483674583ff14421d310f8b50a179d5ef2172fc343dd682c747559c55173fa57d61c751327914a2946e0ed097034b3c38f8f06a7024efd8c0bfb597244c1

  • /data/data/com.wTheOldWitch_7675058/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    349107fd9a3bbdc234b93457918ac3d5

    SHA1

    7be656bff77d8719dadf3aa30482ce1dd53b2d0b

    SHA256

    e0ef9ce55f6ee38c04eba6f0d22affd616828152ee1c9cf86dae4e88ebba22da

    SHA512

    aca60def1df40c0792758deffbcfa35f684c250210225c9ee5ccfa8039e38a2e7a01b25d982300895225c688abdd6ad524c15d872b31f607e40b3c40f69ffda1

  • /data/data/com.wTheOldWitch_7675058/no_backup/metrica_client_data.db

    Filesize

    32KB

    MD5

    880011fa7df8bb90a5adfab8364e2e49

    SHA1

    8640c23913dc2b771465a63c5f9417bf5327522f

    SHA256

    b9b37a47c3aa2e7b718df97281ea8885b70c12c9456918127987552ab36098d7

    SHA512

    e32127b9e15767334e13903462b81df74cbb3bd894f35d64aac97e08260ecf3245a3574234f13021e6ad3cc8cbdcaa6824179442e06e2a18c28c44a22515a5c3

  • /data/data/com.wTheOldWitch_7675058/no_backup/metrica_client_data.db-shm

    Filesize

    56KB

    MD5

    4e71a46117c1c7a5f1bba42dc39305e1

    SHA1

    9c68cd69b984c87a7be52fff7c80bb11b57f2728

    SHA256

    bfda4d86896dc945153d1385c1989a3c830a89a1d40bba6a4284337bd11e8e71

    SHA512

    4b9f14cf8184b20226bb235450473a95f247b4df9a130fbde0c2a44f7f00830db24a160cb94620ef9ae37637be2b4fd1f4f39382397c8a9b36691805ff58e7fa

  • /data/data/com.wTheOldWitch_7675058/no_backup/metrica_client_data.db-wal

    Filesize

    8KB

    MD5

    16e4b797c3119b3c6294ec7d47c081af

    SHA1

    4732948a5fc7358858247931b29a6b6eb5f47d94

    SHA256

    96bef75945e0cc2cb30c1195eb5d2c1bb248a6e3a3e970cc20df3b57111d2713

    SHA512

    8a99a0116e1363b0327bd293aad3a020dc1df334e724d3c753b05721d75aa0a58a2434fe36a2ed927013dbc537a7d70f614d0e9b5c63e222fcc1e065f46eb757

  • /data/data/com.wTheOldWitch_7675058/no_backup/metrica_client_data.db-wal

    Filesize

    32KB

    MD5

    06750ae79edaf1dfcecd4f9c5a7ecb52

    SHA1

    ff5f75779be715fecf6c9d0cb9af3aa0eacb25af

    SHA256

    5072a3b3bc87fd56ca767142d1f6f7b138e395364c1c92941f3bb714b4f93b91

    SHA512

    0bc5df7ac082d35964cdeee73ca59b38fc5dd0cc2c9f672add5b84aeffa3750f877d0847535a43b2dc6bcad7e9f5379604ac9e45d13f3435f95a2f959c309bb1

  • /data/data/com.wTheOldWitch_7675058/no_backup/metrica_client_data.db-wal

    Filesize

    8KB

    MD5

    9e2ba21a5eb766367d074bcabb127744

    SHA1

    67a9bd1162294abd7cf3a58b5fb3a8b9a6d5c5a4

    SHA256

    c528ff6203073c2c1e6a0d12b76134ea6850ca2c4c02087b33582d22ad38503d

    SHA512

    60e507ae1452665a808dbc7306cbfd5f39d46e5b61102ddaa0ec3fc2dd9404234ec93625e70bfffdfa5b81834f6a047a86939f2c6aeab1f8c01d43fbe330e8e1

  • /data/data/com.wTheOldWitch_7675058/no_backup/metrica_client_data.db-wal

    Filesize

    32KB

    MD5

    bffca3f2e64368f3a6f62f822488c434

    SHA1

    213eac53f4416f10f137c14a70e0457e598cfe6c

    SHA256

    db104fa17b70da458ab0e1bdc99f082e43ea6e2526e06fc5b14a794eca309573

    SHA512

    f500854880bf88a1239aa0933159427337d9afc7fb91b28a2a837e70e2326bbc70d46fff50e3487608fc473d48099804ee0786ff7e3465f962b1d7ae4d33ff31

  • /data/data/com.wTheOldWitch_7675058/no_backup/metrica_data.db-wal

    Filesize

    144KB

    MD5

    f1f8d421164dc7737e2ebeed7fb913b4

    SHA1

    e073b2d6e37eb05147cf4f76bded3d4ead1b8e81

    SHA256

    ebf256945eb8ef1d21e3f3c801ca3e890a217e9a0651a252a6e028d1d0bb219a

    SHA512

    d7c55d79e3e6d8a1eda703b0eb5e8a5fb276dde16a651e24d5a7ca1d2c507473e4da585059d36ceac08044acb9f675fef9ddc7dbc7dd5d577885a1e73964eab8