Analysis
-
max time kernel
178s -
max time network
138s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
14-06-2024 08:03
Static task
static1
Behavioral task
behavioral1
Sample
a8a64528b1fa44ec82e2f9bfee249729_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
a8a64528b1fa44ec82e2f9bfee249729_JaffaCakes118.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral3
Sample
a8a64528b1fa44ec82e2f9bfee249729_JaffaCakes118.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
a8a64528b1fa44ec82e2f9bfee249729_JaffaCakes118.apk
-
Size
3.3MB
-
MD5
a8a64528b1fa44ec82e2f9bfee249729
-
SHA1
58f7b00c07f9655338a937f0779fc777218273e7
-
SHA256
6fb05ee43a3fd51223722d847854ed9219593cf9c1490e90a733ce48ad0d29ee
-
SHA512
32498ba7e8dd21e3059a201f28556fa7269177486254c4e06db3941b059ab628f93c62740fa926ba830107743a11e07ecb3a9f170e9bd07897ef78ce4d9465db
-
SSDEEP
98304:CJy7KPSx9r0FNL5D+g64j7BVMHDgXHT/epxOtywXN3P0ZKPSW:CRI9r9QdaArh
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
Processes:
sistemavitto.viplanches:Metricaioc process /system/app/Superuser.apk sistemavitto.viplanches:Metrica /sbin/su sistemavitto.viplanches:Metrica -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
sistemavitto.viplanchessistemavitto.viplanches:Metricadescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses sistemavitto.viplanches Framework service call android.app.IActivityManager.getRunningAppProcesses sistemavitto.viplanches:Metrica -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
sistemavitto.viplanchesdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo sistemavitto.viplanches -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
sistemavitto.viplanches:Metricasistemavitto.viplanchesdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo sistemavitto.viplanches:Metrica Framework service call android.net.wifi.IWifiManager.getConnectionInfo sistemavitto.viplanches -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
sistemavitto.viplanchesdescription ioc process Framework service call android.app.IActivityManager.registerReceiver sistemavitto.viplanches -
Schedules tasks to execute at a specified time 1 TTPs 2 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
sistemavitto.viplanchessistemavitto.viplanches:Metricadescription ioc process Framework service call android.app.job.IJobScheduler.schedule sistemavitto.viplanches Framework service call android.app.job.IJobScheduler.schedule sistemavitto.viplanches:Metrica -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
Processes:
sistemavitto.viplanches:Metricasistemavitto.viplanchesdescription ioc process Framework API call javax.crypto.Cipher.doFinal sistemavitto.viplanches:Metrica Framework API call javax.crypto.Cipher.doFinal sistemavitto.viplanches
Processes
-
sistemavitto.viplanches1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
-
sistemavitto.viplanches:Metrica1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/sistemavitto.viplanches/no_backup/credentials.datFilesize
234B
MD5af62031d868e74bc15c8b78adb57f0dd
SHA15cc34bd675b75e70f5ae87200e740857f64d9e16
SHA25650415cc63dfb624501bdf3f236953fd1b77ee48bae9ac8110ace607aaa3452ae
SHA51289355e7a698c6cdea71c574353b917b6335e087e3ef140d3e6390d862f8cfc8b39b69b63088d4ffceacc30e79d3b53150c1362a3bb16f0b11c6a90f27b23214a
-
/data/data/sistemavitto.viplanches/no_backup/db_metrica_sistemavitto.viplanchesFilesize
36KB
MD5b26b0f94b3d5a76f521ab4c299332e93
SHA1275ed2c56f682db97d9d159e81d6b8ab87607dd1
SHA2567aa14233d18fb4b5c3c731d6a219256e0634c4d615d565c7ebaa1714f035563f
SHA512906735b13c753e6cc24cfd7f45cc54dc91fafc1551882fb8da8c8b99c76f0af6239946c8e56d8d19af6072762f3c0ea627c12b14f132ec44b35aa0ce4f288a6a
-
/data/data/sistemavitto.viplanches/no_backup/db_metrica_sistemavitto.viplanches-journalFilesize
8KB
MD5ce8b5f3e23fc6ff3936ed597629cbf23
SHA11eabe526cd799335b13efd4c479e1c89096b058e
SHA25693fd932d02733c430bda3afd711ef9ab180f187af6a3d4a2344151a6e0c1041f
SHA512c53116ec45534adea60f25d53189d1fe3e1f292cd1e6cbeaf263c08eaa95083bf3faa27a109c39d7929e06e07c917195d8cbb9adeccb6fdb235d3ecded8a9f60
-
/data/data/sistemavitto.viplanches/no_backup/db_metrica_sistemavitto.viplanches-shmFilesize
32KB
MD5180d0d08ee93ff0bb6ee0023cde79b88
SHA130dffa52f5c00e370ddd22af6e3a73119b94de4c
SHA2568cf87ef1a597813a56afe10103e65a0089082c488fd39b74c9fad6a689bc05c0
SHA512f2fdaa993b76178bb429c7f05ff21de03856033eff1cdd5266e4f69322f4cf8631fc7c25001ea72cca5e231ced2d01387c0b38fde57296876d1846dea887588a
-
/data/data/sistemavitto.viplanches/no_backup/db_metrica_sistemavitto.viplanches-walFilesize
406KB
MD5211d1b171a759e4e2ca91164d960c844
SHA1ff24b78cb18addd3c42a8efe63a5f91324fc330f
SHA2566dd3d33c8316bcefe7da084b36e2da7d28644920b5bc1ec8b7f6f7f73967cb21
SHA51281b88f5da140c940090605f73a9ee2909d857bad89e1838d399592c94c33d3829cbe975e7c72651778f5dd29cc4dd1741cfe4fc89efdf33d439af7564ae63d59
-
/data/data/sistemavitto.viplanches/no_backup/db_metrica_sistemavitto.viplanches_20799a27-fa80-4b36-b2db-0f8141f24180Filesize
4KB
MD500b4b8716d5656ca2a1ad7fe3eee98b8
SHA13dbb913fb318eb4fe6a3d8e58c7a095671badf6c
SHA2561b20c436af3fc7a8a0258fed953949ec91214ba45024812fcf76e51d8dd215b1
SHA512c9442fb4b70fd181cb75989a3e6983a0c3f4e7f5698f5be07dcb72f6ef08eec7c58df7034544a502d8f2854062c413718d8347eac90680fb399ccf0a02239dc2
-
/data/data/sistemavitto.viplanches/no_backup/db_metrica_sistemavitto.viplanches_20799a27-fa80-4b36-b2db-0f8141f24180-journalFilesize
512B
MD5da35494e7528ef18714adfae644686d1
SHA158e2f43752848314c1450158caf46d44e473497e
SHA256331989f810a8cf8efb19d92042b604fffd968aee17d5635f4db56bcfadf276a7
SHA51237f9b962f4af67dd94e5dce9a0210be0917e822bdce76ffcb893e423aed939667542e0eba2c19c15e9b8e99645301ad381739d02dd305f232668a4f043de14f2
-
/data/data/sistemavitto.viplanches/no_backup/db_metrica_sistemavitto.viplanches_20799a27-fa80-4b36-b2db-0f8141f24180-walFilesize
148KB
MD555ec8a0d4526527019319885404217bd
SHA1f9ec65539535c960fe67dd080f18efc11f4287a1
SHA2568147c1934224b5ce271c5a3d3260a6448fc95e49ac024fe21d24f51dfa981da8
SHA51239dabfe97f2e8e9f4871d8e234d16b70699a06ae18641f02b2ba95eb66b335191237063c2bf8e3d3af6100d168a4fc17573ac37541c3eb6b23c50facb569d68e
-
/data/data/sistemavitto.viplanches/no_backup/metrica_client_data.dbFilesize
20KB
MD56b4d5dfd8646ad6e9518328e0ba88a7b
SHA133998f92ee7cf525c424e7a8cfe4bea0eaeb5024
SHA256708c692c9e539f3d276d54a6000950a16b10bf20e12b556f2d731369fb17bceb
SHA512d903713bdcd978f022c8220b13690849230c141ee611126858a232b30d433b9dcbcdcd046bdc990e66046c84b5f2b8f3fe852118c6c0e6b7f0f133ad19fcc948
-
/data/data/sistemavitto.viplanches/no_backup/metrica_client_data.dbFilesize
20KB
MD5e584629e56fc04269b233ebab62f08b2
SHA1600df18408f5fc7026c3b6c6e0f89f6953182adb
SHA2567ca02700afa5b6e396a4f425f983758422e6b681c2ed08612f2ee7558058d393
SHA5121c414ca76ded9084c8f2089b2fad89019a78a7c9edbd5689a5555e1c5d25ea4dff208f284e9e864b7c00ecbbea8c06cf262d27018c9189ea66b6aa2bf5662fad
-
/data/data/sistemavitto.viplanches/no_backup/metrica_client_data.dbFilesize
20KB
MD544def4f6e42c3ec63f229d23af8c804a
SHA1f5956d9295778b539bced03215343fd3cf7a9dd8
SHA256882faff2a0f007164d5dbda7bd7f803306423b5eb48a88b1bb72bde65b77e50a
SHA512a14770398044635a8a8fc0d59dc95af3a97ae78146a9ace3795d600a44098a5ff7099aa3d0ac40442f8ff8c5d3b5ceecb4b360bf47f3e8c7c902879e2e76228d
-
/data/data/sistemavitto.viplanches/no_backup/metrica_client_data.dbFilesize
20KB
MD55501ae956d55c8c6625a0960a6a0932e
SHA16a38125a3cabf043abe4d5ff39105a3d7adb164e
SHA256e2c99c552eea77cf8b6cb9d11fcfd2361d6acdb4905f1dac9e91a9a141643553
SHA5126f3d063e182b69346641de96bbabe0b29b3b267c70a0685bd7f902d40bf642770b3e4d533a7f518a16e1cc76bcdb42066383276a4f841642369fe9a26db06a95
-
/data/data/sistemavitto.viplanches/no_backup/metrica_client_data.db-journalFilesize
406KB
MD5e5bc68a16130af7cc875c8a1ecb191bb
SHA183f94e6e818d782cbf38f0e0e9d19e10e29ffcf6
SHA2567165156dbcea792680c11d20c8515b8ab164711da4933da31d6b3c005295fbd8
SHA51281d33fc45fa178b42a0918cdabfc43f4471fa1f1b78bd92f051f7c3eed6cafd195853cb1da622740140c6825acb22705b4990a04833ca7a1ae4b3d072396cc22
-
/data/data/sistemavitto.viplanches/no_backup/metrica_client_data.db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/sistemavitto.viplanches/no_backup/metrica_client_data.db-walFilesize
32KB
MD5b7a027716808e9da02ab74f263e4b00a
SHA126814d70b660953bbacaf70ce2657747aabfe57a
SHA256998190ef115ffa9d432dbc25838f5edc901c2f1ef8c33d11198c97f64474bbb2
SHA51228e2194fbb9d6debe5ca48085295d2c6d29bddf4b227833645a828d1c28b132ce11ced596e737a91076b7899071fb5fd2d5ab030eb1136cca947c74344ec2f32
-
/data/data/sistemavitto.viplanches/no_backup/metrica_client_data.db-walFilesize
8KB
MD5c62ab25d6c7277bea2bf52e8e7a4ea68
SHA186ffbab146464e0a7d153d3c313a6dc13c314bdb
SHA2563cceb666ee1c34a2e77a63f65c5c37224a36ef80fb77f037c6f8306691e4edc5
SHA5121c1fbb80b8d312d0da4267054774e7fccc6c46d399dcdf5d70dbd368543142460fe064b5db151a83f43cc84ac06708d1eac19adedb6e4c5a848a1b2667ba6783
-
/data/data/sistemavitto.viplanches/no_backup/metrica_client_data.db-walFilesize
32KB
MD52a0c4a280b2918d1779c2b49568c0bb4
SHA10c030e8b858fc648416c8c0cb8087ce8ee34c406
SHA25625799f893c1ed79eecaa43411a0c3dc1ffb8b0672f24ce3abe02946fc68c640a
SHA512d38bce06c3c1b2826db1265caac16998967cb2e4a324212a946a4015346c207db61595d50e90ad8f4c4e30db14063a4a549fed523946d76f9f13760c372c27ae
-
/data/data/sistemavitto.viplanches/no_backup/metrica_data.dbFilesize
44KB
MD5162d40cd37e1e20339f1f6ce04f9488a
SHA1e450a1dd470a59031e25aae650ebab54e93ae820
SHA25671c003451d92e6360ce376781722867b5274050ac0a6a87e5257a366e3cf13e4
SHA5126355f923bd28839b664dd9be7f1e7b5c5cbe94a5cd9a0cc92ba8b63c1942be6ce58505a31f81f289a9773c58b5e3ad33d093afc126a25273b79f6b1eb843a602