Analysis

  • max time kernel
    178s
  • max time network
    138s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    14-06-2024 08:03

General

  • Target

    a8a64528b1fa44ec82e2f9bfee249729_JaffaCakes118.apk

  • Size

    3.3MB

  • MD5

    a8a64528b1fa44ec82e2f9bfee249729

  • SHA1

    58f7b00c07f9655338a937f0779fc777218273e7

  • SHA256

    6fb05ee43a3fd51223722d847854ed9219593cf9c1490e90a733ce48ad0d29ee

  • SHA512

    32498ba7e8dd21e3059a201f28556fa7269177486254c4e06db3941b059ab628f93c62740fa926ba830107743a11e07ecb3a9f170e9bd07897ef78ce4d9465db

  • SSDEEP

    98304:CJy7KPSx9r0FNL5D+g64j7BVMHDgXHT/epxOtywXN3P0ZKPSW:CRI9r9QdaArh

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 2 IoCs
  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
  • Reads information about phone network operator. 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

Processes

  • sistemavitto.viplanches
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4169
  • sistemavitto.viplanches:Metrica
    1⤵
    • Checks if the Android device is rooted.
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4205

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/sistemavitto.viplanches/no_backup/credentials.dat
    Filesize

    234B

    MD5

    af62031d868e74bc15c8b78adb57f0dd

    SHA1

    5cc34bd675b75e70f5ae87200e740857f64d9e16

    SHA256

    50415cc63dfb624501bdf3f236953fd1b77ee48bae9ac8110ace607aaa3452ae

    SHA512

    89355e7a698c6cdea71c574353b917b6335e087e3ef140d3e6390d862f8cfc8b39b69b63088d4ffceacc30e79d3b53150c1362a3bb16f0b11c6a90f27b23214a

  • /data/data/sistemavitto.viplanches/no_backup/db_metrica_sistemavitto.viplanches
    Filesize

    36KB

    MD5

    b26b0f94b3d5a76f521ab4c299332e93

    SHA1

    275ed2c56f682db97d9d159e81d6b8ab87607dd1

    SHA256

    7aa14233d18fb4b5c3c731d6a219256e0634c4d615d565c7ebaa1714f035563f

    SHA512

    906735b13c753e6cc24cfd7f45cc54dc91fafc1551882fb8da8c8b99c76f0af6239946c8e56d8d19af6072762f3c0ea627c12b14f132ec44b35aa0ce4f288a6a

  • /data/data/sistemavitto.viplanches/no_backup/db_metrica_sistemavitto.viplanches-journal
    Filesize

    8KB

    MD5

    ce8b5f3e23fc6ff3936ed597629cbf23

    SHA1

    1eabe526cd799335b13efd4c479e1c89096b058e

    SHA256

    93fd932d02733c430bda3afd711ef9ab180f187af6a3d4a2344151a6e0c1041f

    SHA512

    c53116ec45534adea60f25d53189d1fe3e1f292cd1e6cbeaf263c08eaa95083bf3faa27a109c39d7929e06e07c917195d8cbb9adeccb6fdb235d3ecded8a9f60

  • /data/data/sistemavitto.viplanches/no_backup/db_metrica_sistemavitto.viplanches-shm
    Filesize

    32KB

    MD5

    180d0d08ee93ff0bb6ee0023cde79b88

    SHA1

    30dffa52f5c00e370ddd22af6e3a73119b94de4c

    SHA256

    8cf87ef1a597813a56afe10103e65a0089082c488fd39b74c9fad6a689bc05c0

    SHA512

    f2fdaa993b76178bb429c7f05ff21de03856033eff1cdd5266e4f69322f4cf8631fc7c25001ea72cca5e231ced2d01387c0b38fde57296876d1846dea887588a

  • /data/data/sistemavitto.viplanches/no_backup/db_metrica_sistemavitto.viplanches-wal
    Filesize

    406KB

    MD5

    211d1b171a759e4e2ca91164d960c844

    SHA1

    ff24b78cb18addd3c42a8efe63a5f91324fc330f

    SHA256

    6dd3d33c8316bcefe7da084b36e2da7d28644920b5bc1ec8b7f6f7f73967cb21

    SHA512

    81b88f5da140c940090605f73a9ee2909d857bad89e1838d399592c94c33d3829cbe975e7c72651778f5dd29cc4dd1741cfe4fc89efdf33d439af7564ae63d59

  • /data/data/sistemavitto.viplanches/no_backup/db_metrica_sistemavitto.viplanches_20799a27-fa80-4b36-b2db-0f8141f24180
    Filesize

    4KB

    MD5

    00b4b8716d5656ca2a1ad7fe3eee98b8

    SHA1

    3dbb913fb318eb4fe6a3d8e58c7a095671badf6c

    SHA256

    1b20c436af3fc7a8a0258fed953949ec91214ba45024812fcf76e51d8dd215b1

    SHA512

    c9442fb4b70fd181cb75989a3e6983a0c3f4e7f5698f5be07dcb72f6ef08eec7c58df7034544a502d8f2854062c413718d8347eac90680fb399ccf0a02239dc2

  • /data/data/sistemavitto.viplanches/no_backup/db_metrica_sistemavitto.viplanches_20799a27-fa80-4b36-b2db-0f8141f24180-journal
    Filesize

    512B

    MD5

    da35494e7528ef18714adfae644686d1

    SHA1

    58e2f43752848314c1450158caf46d44e473497e

    SHA256

    331989f810a8cf8efb19d92042b604fffd968aee17d5635f4db56bcfadf276a7

    SHA512

    37f9b962f4af67dd94e5dce9a0210be0917e822bdce76ffcb893e423aed939667542e0eba2c19c15e9b8e99645301ad381739d02dd305f232668a4f043de14f2

  • /data/data/sistemavitto.viplanches/no_backup/db_metrica_sistemavitto.viplanches_20799a27-fa80-4b36-b2db-0f8141f24180-wal
    Filesize

    148KB

    MD5

    55ec8a0d4526527019319885404217bd

    SHA1

    f9ec65539535c960fe67dd080f18efc11f4287a1

    SHA256

    8147c1934224b5ce271c5a3d3260a6448fc95e49ac024fe21d24f51dfa981da8

    SHA512

    39dabfe97f2e8e9f4871d8e234d16b70699a06ae18641f02b2ba95eb66b335191237063c2bf8e3d3af6100d168a4fc17573ac37541c3eb6b23c50facb569d68e

  • /data/data/sistemavitto.viplanches/no_backup/metrica_client_data.db
    Filesize

    20KB

    MD5

    6b4d5dfd8646ad6e9518328e0ba88a7b

    SHA1

    33998f92ee7cf525c424e7a8cfe4bea0eaeb5024

    SHA256

    708c692c9e539f3d276d54a6000950a16b10bf20e12b556f2d731369fb17bceb

    SHA512

    d903713bdcd978f022c8220b13690849230c141ee611126858a232b30d433b9dcbcdcd046bdc990e66046c84b5f2b8f3fe852118c6c0e6b7f0f133ad19fcc948

  • /data/data/sistemavitto.viplanches/no_backup/metrica_client_data.db
    Filesize

    20KB

    MD5

    e584629e56fc04269b233ebab62f08b2

    SHA1

    600df18408f5fc7026c3b6c6e0f89f6953182adb

    SHA256

    7ca02700afa5b6e396a4f425f983758422e6b681c2ed08612f2ee7558058d393

    SHA512

    1c414ca76ded9084c8f2089b2fad89019a78a7c9edbd5689a5555e1c5d25ea4dff208f284e9e864b7c00ecbbea8c06cf262d27018c9189ea66b6aa2bf5662fad

  • /data/data/sistemavitto.viplanches/no_backup/metrica_client_data.db
    Filesize

    20KB

    MD5

    44def4f6e42c3ec63f229d23af8c804a

    SHA1

    f5956d9295778b539bced03215343fd3cf7a9dd8

    SHA256

    882faff2a0f007164d5dbda7bd7f803306423b5eb48a88b1bb72bde65b77e50a

    SHA512

    a14770398044635a8a8fc0d59dc95af3a97ae78146a9ace3795d600a44098a5ff7099aa3d0ac40442f8ff8c5d3b5ceecb4b360bf47f3e8c7c902879e2e76228d

  • /data/data/sistemavitto.viplanches/no_backup/metrica_client_data.db
    Filesize

    20KB

    MD5

    5501ae956d55c8c6625a0960a6a0932e

    SHA1

    6a38125a3cabf043abe4d5ff39105a3d7adb164e

    SHA256

    e2c99c552eea77cf8b6cb9d11fcfd2361d6acdb4905f1dac9e91a9a141643553

    SHA512

    6f3d063e182b69346641de96bbabe0b29b3b267c70a0685bd7f902d40bf642770b3e4d533a7f518a16e1cc76bcdb42066383276a4f841642369fe9a26db06a95

  • /data/data/sistemavitto.viplanches/no_backup/metrica_client_data.db-journal
    Filesize

    406KB

    MD5

    e5bc68a16130af7cc875c8a1ecb191bb

    SHA1

    83f94e6e818d782cbf38f0e0e9d19e10e29ffcf6

    SHA256

    7165156dbcea792680c11d20c8515b8ab164711da4933da31d6b3c005295fbd8

    SHA512

    81d33fc45fa178b42a0918cdabfc43f4471fa1f1b78bd92f051f7c3eed6cafd195853cb1da622740140c6825acb22705b4990a04833ca7a1ae4b3d072396cc22

  • /data/data/sistemavitto.viplanches/no_backup/metrica_client_data.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/sistemavitto.viplanches/no_backup/metrica_client_data.db-wal
    Filesize

    32KB

    MD5

    b7a027716808e9da02ab74f263e4b00a

    SHA1

    26814d70b660953bbacaf70ce2657747aabfe57a

    SHA256

    998190ef115ffa9d432dbc25838f5edc901c2f1ef8c33d11198c97f64474bbb2

    SHA512

    28e2194fbb9d6debe5ca48085295d2c6d29bddf4b227833645a828d1c28b132ce11ced596e737a91076b7899071fb5fd2d5ab030eb1136cca947c74344ec2f32

  • /data/data/sistemavitto.viplanches/no_backup/metrica_client_data.db-wal
    Filesize

    8KB

    MD5

    c62ab25d6c7277bea2bf52e8e7a4ea68

    SHA1

    86ffbab146464e0a7d153d3c313a6dc13c314bdb

    SHA256

    3cceb666ee1c34a2e77a63f65c5c37224a36ef80fb77f037c6f8306691e4edc5

    SHA512

    1c1fbb80b8d312d0da4267054774e7fccc6c46d399dcdf5d70dbd368543142460fe064b5db151a83f43cc84ac06708d1eac19adedb6e4c5a848a1b2667ba6783

  • /data/data/sistemavitto.viplanches/no_backup/metrica_client_data.db-wal
    Filesize

    32KB

    MD5

    2a0c4a280b2918d1779c2b49568c0bb4

    SHA1

    0c030e8b858fc648416c8c0cb8087ce8ee34c406

    SHA256

    25799f893c1ed79eecaa43411a0c3dc1ffb8b0672f24ce3abe02946fc68c640a

    SHA512

    d38bce06c3c1b2826db1265caac16998967cb2e4a324212a946a4015346c207db61595d50e90ad8f4c4e30db14063a4a549fed523946d76f9f13760c372c27ae

  • /data/data/sistemavitto.viplanches/no_backup/metrica_data.db
    Filesize

    44KB

    MD5

    162d40cd37e1e20339f1f6ce04f9488a

    SHA1

    e450a1dd470a59031e25aae650ebab54e93ae820

    SHA256

    71c003451d92e6360ce376781722867b5274050ac0a6a87e5257a366e3cf13e4

    SHA512

    6355f923bd28839b664dd9be7f1e7b5c5cbe94a5cd9a0cc92ba8b63c1942be6ce58505a31f81f289a9773c58b5e3ad33d093afc126a25273b79f6b1eb843a602