fd3064e387678fd86f045fb33b5d27ada379fc1e16a5f3432fa3379ba5e229eb

Analysis

max time kernel
178s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
13-06-2024 07:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a47d0578f905dcc56360019ee6e3efa1_JaffaCakes118.apk
Size

3.3MB
MD5

a47d0578f905dcc56360019ee6e3efa1
SHA1

6da53ef292e3594c4df0ee559c166e7f2b49eb6a
SHA256

fd3064e387678fd86f045fb33b5d27ada379fc1e16a5f3432fa3379ba5e229eb
SHA512

3c73269c09be0a3dc36752b4d7b4bd686b4cb2a326faaaaf8326f5cb28bacee810e507d5a6804c37b8db0378f042baeab7d081e7abfb2e24d4421b39086d9a28
SSDEEP

98304:RohWAo3eZru6tvBsYrcnfRrxgzKnUTxWohL/BH2OtywXF3oyVAoVgIE:RogneZS6BBrcnfRrxgmnQzRC

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

T1426

Processes:

ua.FoodSoul.DonetskSushiTaun:Metrica

ioc process

/system/app/Superuser.apk ua.FoodSoul.DonetskSushiTaun:Metrica
/sbin/su ua.FoodSoul.DonetskSushiTaun:Metrica

ioc	process
/system/app/Superuser.apk	ua.FoodSoul.DonetskSushiTaun:Metrica
/sbin/su	ua.FoodSoul.DonetskSushiTaun:Metrica

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

T1424

Processes:

ua.FoodSoul.DonetskSushiTaunua.FoodSoul.DonetskSushiTaun:Metrica

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	ua.FoodSoul.DonetskSushiTaun
Framework service call	android.app.IActivityManager.getRunningAppProcesses	ua.FoodSoul.DonetskSushiTaun:Metrica

Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

ua.FoodSoul.DonetskSushiTaun

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo ua.FoodSoul.DonetskSushiTaun

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	ua.FoodSoul.DonetskSushiTaun

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

T1421

Processes:

ua.FoodSoul.DonetskSushiTaun:Metricaua.FoodSoul.DonetskSushiTaun

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	ua.FoodSoul.DonetskSushiTaun:Metrica
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	ua.FoodSoul.DonetskSushiTaun

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

T1422
Reads information about phone network operator. 1 TTPs
discovery

T1422
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

ua.FoodSoul.DonetskSushiTaun

description ioc process

Framework service call android.app.IActivityManager.registerReceiver ua.FoodSoul.DonetskSushiTaun

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	ua.FoodSoul.DonetskSushiTaun

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

T1603

Processes:

ua.FoodSoul.DonetskSushiTaunua.FoodSoul.DonetskSushiTaun:Metrica

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	ua.FoodSoul.DonetskSushiTaun
Framework service call	android.app.job.IJobScheduler.schedule	ua.FoodSoul.DonetskSushiTaun:Metrica

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

T1471

Processes:

ua.FoodSoul.DonetskSushiTaunua.FoodSoul.DonetskSushiTaun:Metrica

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	ua.FoodSoul.DonetskSushiTaun
Framework API call	javax.crypto.Cipher.doFinal	ua.FoodSoul.DonetskSushiTaun:Metrica

ua.FoodSoul.DonetskSushiTaun
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4275

ua.FoodSoul.DonetskSushiTaun:Metrica
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4319

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/credentials.dat
Filesize
234B

MD5
09ece7fcb33f061a46bbd0fad9927809

SHA1
5687f2de7ef7128c247fed0bbd912d3166a48e32

SHA256
bc0713e5aff70879e71e2d3049ecf5fa249acdbe68b659d71b1e1faccd385f0c

SHA512
0d356d15323dc28df82be700306661830a47cb6ee1bc109d62c0149387bd710aa86146f414f490d2d6b77fbd7d101b0ab018a1ca204e7399db371d8a6aa1adfd

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun
Filesize
36KB

MD5
c739ffd026683aba14125e7552c706a2

SHA1
c3a340ff56d4b2b5dcc675c30ab7eabf17baf780

SHA256
94b2001f0a4575dfe3383a40cea7c713b33a995fdfc015837b308325c009ce17

SHA512
3cc2dece4f46bcbbc94caf97223678a87cf81289126e26980c9efab0d170457bf5f8a2636b260e4c334da75e4a0949ae5552591ac75a768565b55eeb999c7703

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal
Filesize
8KB

MD5
e097835b47fef7ba7ff56548b73c1c5a

SHA1
45104988c7a9c785f5ab50a11aabd8422dc79836

SHA256
8b896e367431839ddb3e18c3695377f5ee859d3dee791c804fcc1ae74b6341d9

SHA512
77b198e4ccefb07b4d3d19196f7c2fd3772d20c239863caee0a3e2ffd160c928728ddc865cfcbf65592416b271d513a94de5e6ea2819d80594dccd5c361c2cf4

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-shm
Filesize
32KB

MD5
f333d71d7ad3209c9dd6da77287b18c5

SHA1
6dbf847a7e994ff49a0b19a1237d0a21a72aa549

SHA256
f522e8156b1688dd5d9eca128d2e554da76d1048f3ded460471b57629c8687fb

SHA512
8a1083f666d9c185001a1a77220e607ba18f0b638ddc4236b1ea77a5bafee0b140104a725b90855686f9091462dc8177b3a0f43d4707dba1ac30a01f5f01b73d

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-wal
Filesize
406KB

MD5
2cb98c4c9a7911b2bad0020c32693817

SHA1
839bfe7ab641ecf94d3e72eb737c35c213504dc3

SHA256
f60e273e2db58aedbf21cf717f1ec163de9eb1e82e1775815ac20c57071eba7c

SHA512
72803289df652e6d9d55d0ebf321155e9d0f123f2542f3c1ad104709cbc9d80374065ede91af54c255fbaa0ef86ceb1f3250d2f9f811b6969432364cd7a2ad3f

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180
Filesize
4KB

MD5
aea1aa012919a8587e4b5d8fe933a59c

SHA1
a62def51d26b5e513f10213a7db1e359289945e2

SHA256
c8a9e587e7ebfeb715563ef451f94d9b2943d58fce2969ad549e8fea1a4f248f

SHA512
96ddfc0fac503e3999eafb00c040d4eeee3feb477cd3a7a265452ec836dbaeefd16ae3f78a45ad7c47989693a3d24d15784efeb00037536a2af36867c63ab2fd

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
512B

MD5
5caaee15e5b8b9f472388c3b72965e71

SHA1
36737b645d99dc621662c0270f228b64a3f3f5ec

SHA256
b6020f37677303b74bcaf615997d17ad24b6c2f8305655a5d2efc95a227a1e59

SHA512
ebb483c25bc5ed7fdc030e8db77115c46c66737e802c627bf5916fad92607dbe7f1d2062a3906e4592206b4ce0cfa4e4a5a97298ecbddccbc9ab8b67446aa97d

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-wal
Filesize
164KB

MD5
f3239b7efab17414ff46dbba49fdd260

SHA1
3f953ea255757362d99dc7e9d22b81a5cecaa945

SHA256
62f4190c03b9133883c4d0c878b6272cda0561957777922f640d4e52770f0f34

SHA512
056889da7dc25044e922da5d6a9ecd43687123d00a53f2cf6b4957ed692801af2234ed58feddf1fa1936fa679666d2bd2ef5203d2560289d5b1ce7aab04aded8

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db
Filesize
20KB

MD5
68c273d3b34099200a134fe1ba5f31ab

SHA1
359443d63845e2686947d88dbf28dac285ac9090

SHA256
72f1ce27576f8130397bbedec64951eb310965b6d8ba35af165333d3f8706911

SHA512
24016cf92c8dc82488b4da217ec4096f92d1ec84dd4fd34314aa89d7306c9f6680b1a860315cfaa15d33e70faf6fb4c8a3161e17c43d06e6570c2cd3a2c1e271

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db
Filesize
20KB

MD5
021913095c3b0d440c16edd436e844a4

SHA1
af51aeaba583e29e804c5a2de3cc49e01d812ad4

SHA256
820361baeaff4fb38f853423271069c6827890775ce0c8158859ac8aaa206a7e

SHA512
003c4bc452512ec16753b9d7c15b1400565e6eba68706057454595780bcf71ecd302cf36c4b8639716407c82b18f9745b244794e63324ad8e3ad6bf729b9a877

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db
Filesize
20KB

MD5
f98b5269d083af12f2096f4bbc84ed38

SHA1
0a3b68cd33e2f5f5bdc418797319e77d6f4c5c5e

SHA256
edcc16c122e6b8005f5c01ee60b2d177b881cf1d443042ac73ba8e327d9e5cc4

SHA512
db2c9f4343401b01bc28f546feb79edc6f023d852251f74fd655153105d364943520dc268d738ea57b8478b6782713cb5f5a2fdd5497b986eee9976ed025d8a6

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-journal
Filesize
406KB

MD5
99cdcddc57eb56e94d43d1075ff49b3b

SHA1
32ea9630cc36482d7c3c16822e45fc31fe58a052

SHA256
2bf37cf7ddfe4e4aee662ae958ea2e3a3c382fca417d0962cee179086429a23c

SHA512
1d4fc0e5db1de2da032a89664be27cfaea7b81e350b28aea37a2318b12a7b2603b3ebd32c9f443321771cfd3bc04574b417ce8c3aee2304a8480d2d076892ae4

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-shm
Filesize
32KB

MD5
75ee2af3fc623eb519fb4a8fe18fc93e

SHA1
6f5375a5e9a5855b114cd4fde30042da9b6ad2d9

SHA256
0a0625b04448a157c54f9395c5792a3fffd85af3ab2f9caae73677f3764303f3

SHA512
897db3196e6be66c3e828a9e7d64d44a9581c1d1bc146b6758cdd261152e16e45e8234ee8a15eb996645d76bd8edcbb5ee3f8766f10ce195b5fec9abf100bc8b

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-wal
Filesize
32KB

MD5
7f766965d3e9a0f277316d1589881d37

SHA1
3194c7ecf7f91cf17f5008ddf85a84c641839128

SHA256
86be020a866b9415a163adddb3aa31323c4eadb62b7833e10f1b277eb14936aa

SHA512
2f6ef359f160033521163398e8315fd5054de0f75616b6a144fc0f5bd01d1099a3e937d2494020b1ccf83f78bc82c6a074ef0cb50228433067d991961c34c931

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-wal
Filesize
8KB

MD5
3cd485095dd931a6db9ca4f62c5d672a

SHA1
46b155b319a7d3e184bba0f0de5fa19c0840d760

SHA256
d60917d779e9d4049709159f6a3f9eb62696e124c5f3cb85315c92b4fd7d5aa6

SHA512
3f9e9e65f09ffc0507200600b9e2f369e882de3180ae1f0ca33f8b66088fd46e718bcf4b7b3ebf2ae79cd8a5fd60ed3066321551d549b545c1b2dce13e3a67ce

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-wal
Filesize
20KB

MD5
cf0a75ede429e56ea5c49c599d7f4144

SHA1
3ac29b15284a1ed1055d3ba2463ff7e7e1069a16

SHA256
3742b60613a265bbaac5162e519eff6b9c3273c0c4d1b4e48a373a885d98f303

SHA512
8bcd16b68d0308e39481de7577c9fe750d0d29617c579a912cbc6c65a2be0e6260708acacbd6131e3baa6854cc5fb22b02b7246b734c127fe292650b0811cd85

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_data.db
Filesize
44KB

MD5
0307b06209c5fa13d65f716ba88f2114

SHA1
703d09688e6409c880d3b048ef495d59a06a43a6

SHA256
eb1965937a52f6b5eef7bf6771ef4b8c0feed42f454e984cf82b8c1a7fb54a32

SHA512
91fe939da3d0b5e221488902b64cbfde40d928c722e46698351f54077c06292011f2a0845edae943fad87d9748de873b9e06624d2be0cec8219c545216eb5063

Download Submit