Analysis
-
max time kernel
178s -
max time network
147s -
platform
android_x64 -
resource
android-x64-20240611.1-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system -
submitted
14-06-2024 08:03
Static task
static1
Behavioral task
behavioral1
Sample
a8a64528b1fa44ec82e2f9bfee249729_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
a8a64528b1fa44ec82e2f9bfee249729_JaffaCakes118.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral3
Sample
a8a64528b1fa44ec82e2f9bfee249729_JaffaCakes118.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
a8a64528b1fa44ec82e2f9bfee249729_JaffaCakes118.apk
-
Size
3.3MB
-
MD5
a8a64528b1fa44ec82e2f9bfee249729
-
SHA1
58f7b00c07f9655338a937f0779fc777218273e7
-
SHA256
6fb05ee43a3fd51223722d847854ed9219593cf9c1490e90a733ce48ad0d29ee
-
SHA512
32498ba7e8dd21e3059a201f28556fa7269177486254c4e06db3941b059ab628f93c62740fa926ba830107743a11e07ecb3a9f170e9bd07897ef78ce4d9465db
-
SSDEEP
98304:CJy7KPSx9r0FNL5D+g64j7BVMHDgXHT/epxOtywXN3P0ZKPSW:CRI9r9QdaArh
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
Processes:
sistemavitto.viplanches:Metricaioc process /system/app/Superuser.apk sistemavitto.viplanches:Metrica /sbin/su sistemavitto.viplanches:Metrica -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
sistemavitto.viplanchessistemavitto.viplanches:Metricadescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses sistemavitto.viplanches Framework service call android.app.IActivityManager.getRunningAppProcesses sistemavitto.viplanches:Metrica -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
sistemavitto.viplanchesdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo sistemavitto.viplanches -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
sistemavitto.viplanchessistemavitto.viplanches:Metricadescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo sistemavitto.viplanches Framework service call android.net.wifi.IWifiManager.getConnectionInfo sistemavitto.viplanches:Metrica -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
sistemavitto.viplanchesdescription ioc process Framework service call android.app.IActivityManager.registerReceiver sistemavitto.viplanches -
Schedules tasks to execute at a specified time 1 TTPs 2 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
sistemavitto.viplanchessistemavitto.viplanches:Metricadescription ioc process Framework service call android.app.job.IJobScheduler.schedule sistemavitto.viplanches Framework service call android.app.job.IJobScheduler.schedule sistemavitto.viplanches:Metrica -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
Processes:
sistemavitto.viplanches:Metricasistemavitto.viplanchesdescription ioc process Framework API call javax.crypto.Cipher.doFinal sistemavitto.viplanches:Metrica Framework API call javax.crypto.Cipher.doFinal sistemavitto.viplanches
Processes
-
sistemavitto.viplanches1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
-
sistemavitto.viplanches:Metrica1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/sistemavitto.viplanches/files/ZPkFS.logFilesize
12KB
MD570ecafa49f7c45bc2b18a6fdcd4d152d
SHA19a6ec9b1889145ebdb08d35797c755e001e6edac
SHA256a833448fa2a55a054c6a09ad591760a543ae65671d69fa50cd95ea9093ee1d3e
SHA512b314eac4bcaa32ea2e54bc2c295a24dc9f980223aa5e56e5224ef53e500322339de1db2bf46ebba1c56c3d365d12c472fed9fd8c8d0440ffa5febdc6a06571c8
-
/data/data/sistemavitto.viplanches/no_backup/credentials.datFilesize
234B
MD5c8bfacef82f7b91dd2b92bbff4a824a1
SHA14cda0df8e663bd63b86dc7d3b5af8c505d73bfa7
SHA25683121700e174192c3d90130e2fe1eb00a0c47213354e0461673e16bc593c62ba
SHA5126e17a210cf176976f6387bb4c96709ed2e84e0420e3e30f648334b7159bde1b092b68645d655820002d20579f7d7498f27f8dafcdd48d84cc990f3250208100e
-
/data/data/sistemavitto.viplanches/no_backup/db_metrica_sistemavitto.viplanchesFilesize
36KB
MD5db7923b72ebb238dcbcf64cc90ef2aa3
SHA1731ab9e8d8197f9ae7c5fbc2ac1980b98f35bb7e
SHA2560e1846e583241abd4502b328acd07bf4ded6af8804a22ba0c12bc7fec0bc6ce6
SHA512b58a266921bfd558fa6ccd702f3c2e612eb10ce1bdf2939b53b389a430d3aeaa83dbe91241b8c15b707264febf54e392bdf6bca80db0f640586b82e225e51b34
-
/data/data/sistemavitto.viplanches/no_backup/db_metrica_sistemavitto.viplanches-journalFilesize
20KB
MD579a9293795a6f04e8486e1cd8b2e6d65
SHA1e0327ff46b9f5538d6e1d89bd54aaf8c5e1dbc23
SHA256e93184f9ffd6d5580d41322e5247a0212db241ac5f3daf4fe74353dad681f534
SHA512200af2ab98c4f66c052f722577b5b82dd933778a60fe086521d70b54003cdeae8a7630e870059c9e151b2dc2f2beabb3d6707a7c8ed83778c22ac27424d497c9
-
/data/data/sistemavitto.viplanches/no_backup/db_metrica_sistemavitto.viplanches-journalFilesize
8KB
MD5d7c20cd09f4bd60c13dd7dadb379d85b
SHA142306266801ed4c74045f0b2ba1a7ad36aca1a59
SHA2568f8fd1445a3b62a88981c10932172862dc5241073d4e0229758abfb7b98fdcc7
SHA5128f94000b495134dcc41313179e4a2bb6e84cf5adbc1f28e3ba3a09d81276b6ea0dab6f8d1414647091cc7718449a1ea70c09aa7a83e57e18619919f900dbc76a
-
/data/data/sistemavitto.viplanches/no_backup/db_metrica_sistemavitto.viplanches-journalFilesize
8KB
MD55550adccc61ef9a5df78f4013a5de546
SHA188b65dd06d54b635e446c253716f165d48ee6874
SHA256bba7415972e62c7ff348e311bc9cafae27f37b34d4e1d44a7fa3118f8d2a26b1
SHA5129889171bc84b54fbeddfeae11082b3b6568f169ceea8d475b03cd267fa44941ede78be843fdd759a4a972e69b7d3c512ac07b0aff6b5626446241a6ed8cc7f8c
-
/data/data/sistemavitto.viplanches/no_backup/db_metrica_sistemavitto.viplanches-journalFilesize
12KB
MD572702ee14711a09c8bdb7a94528ad7ff
SHA11ce524953ec5242d48c6585928f4095a4f027f89
SHA2564ddf86f13aaa107c2444d980310beb2d73e0e3ae22c0c59903c4e582fb32d422
SHA5127a1be8fb57f606359caf03a8907c58477e33e37b1892a29782d5ac5b06dc4b1f1f0963b76def435565b5bca916bb5e51357be3d70769cabbdd4442ce1de7ebc4
-
/data/data/sistemavitto.viplanches/no_backup/db_metrica_sistemavitto.viplanches-journalFilesize
8KB
MD530734cbddb8f2ea9508662d0f9599d8b
SHA1a0020f6f85cddf0dad7fe23b809d794c07facb62
SHA256711efe3c8b061bba30ba4849df15c25da2cbd3519388d18e1023c9a2c712a5c7
SHA512920b313750d4419e3903e63c9629d4aa7ebdddaa579be4ebdea81c487c05a747cef3b157cbc3746c7f13e51189f058d543cb34fce286358a614528940ad3a622
-
/data/data/sistemavitto.viplanches/no_backup/db_metrica_sistemavitto.viplanches-journalFilesize
12KB
MD5c054b140c4823dcd271a5edd7dd32cc1
SHA1851ec2d072126469eef2202704d26c9c59d06c4e
SHA256a56265586441fdddc84ccafceab9da5df7d137498cdb870a9b6c11e070ae8dfb
SHA5129ed482d6693745211d4a29af025da61f6b8be51f3260081347b1cd82c9def4df2649be5291d6045f7ff76c24237b86811ab1ddc18d9f82a85ccf97eeb61f803c
-
/data/data/sistemavitto.viplanches/no_backup/db_metrica_sistemavitto.viplanches_20799a27-fa80-4b36-b2db-0f8141f24180Filesize
36KB
MD5442544dc484187747a4e9e6669ce9eec
SHA14064ff1d6612d12d31921fccb84822b923bb93e3
SHA2560983505092e072e962febff54fe71771d250d20c118dd7de3fedee8168377a09
SHA51295af72ee487e1c0e2a5dfcfeda36a2d7ffa5db1f41724d62bae3742e978fb77dcde4641dcd36f9f8986bb5ac37ad025640bb0be5ee94bd50e0cef75b1cd81460
-
/data/data/sistemavitto.viplanches/no_backup/db_metrica_sistemavitto.viplanches_20799a27-fa80-4b36-b2db-0f8141f24180-journalFilesize
512B
MD5002a5896eeabf5e5dbf322834450411a
SHA14cbd114ac607e17256f7092c861424c68f443b1e
SHA256adc71b70c96182f10d294f3270b6b58a249a1b947d635c01d4d8aeb7a7c07009
SHA51240213b78e6579ee2b3adfd56d2f4da3e8e549b571abfde23fba5f8d51e406e58591c73f9a2ddf2153bd20ada55e09d9926390c236031ab8b5b8f824bf320e2f5
-
/data/data/sistemavitto.viplanches/no_backup/db_metrica_sistemavitto.viplanches_20799a27-fa80-4b36-b2db-0f8141f24180-journalFilesize
8KB
MD53edcb5edf01cf148730b85a4afb57a2f
SHA169cfbb250b0a8f5561cc92b149f6dfa6534c702e
SHA256be5ee38e793036d85ac8b10611ba9ed010b96a67e923b11c7f742ed648497235
SHA5128a36aea8b8b8bcb6db8f4e65a550e00101dad648a1285912897a2e06e4717fbd201ba6bd5727db8f3752698143ff22f0841e979d8d44a92439cd71e41215d6dd
-
/data/data/sistemavitto.viplanches/no_backup/db_metrica_sistemavitto.viplanches_20799a27-fa80-4b36-b2db-0f8141f24180-journalFilesize
8KB
MD50c71271e2c5ea34ed231d060cb1b2edc
SHA15acdd119448ef99676d324464a963c9fd583941a
SHA25655d1d56df7078000f2224291a159534eec6c1b6f3d972eae2d163117cec853a5
SHA5125728d23fb420c2e2f46a8b4f1653b7f122abccfa6027bdc51c8f5a32a2e2bd9adb5619659832522ca0508b96e91f81c7da173ee1a53a688699a0cecef6cc7c4b
-
/data/data/sistemavitto.viplanches/no_backup/db_metrica_sistemavitto.viplanches_20799a27-fa80-4b36-b2db-0f8141f24180-journalFilesize
12KB
MD5fd83517f5ba873c9f84b2ee2f14552ce
SHA1a2305b1d03f9f3774fd9637f64cd9afe5535ab1a
SHA256cb67d7856e6936d9e3992813827df230cb131338ad1a25c91692a914dbeddf84
SHA512c8aeae8a915128dafc849844bfd98acd2e7c687bae0e9c02420cddbe9a903671613931bead3557efb5bed933474059e6e2515270ff354762e30dc3bd16c33cc0
-
/data/data/sistemavitto.viplanches/no_backup/db_metrica_sistemavitto.viplanches_20799a27-fa80-4b36-b2db-0f8141f24180-journalFilesize
8KB
MD573b640734af0a2787fe2c6c8aa14dbe0
SHA1332958dd74b95874489054162a47401712814d46
SHA256d9aeb475fa65d5ad85c700b2638f318173bfe7508364cfe64bde26cbb9e3171f
SHA512b0d3ea3b849162f73d872b804b1601451ee7de43c0bc49d2f0ce1416c49bea3af129c0cb0e7ab085e35b93c54766f474b2e3b8bf18086ef10717ac6300df0c05
-
/data/data/sistemavitto.viplanches/no_backup/db_metrica_sistemavitto.viplanches_20799a27-fa80-4b36-b2db-0f8141f24180-journalFilesize
12KB
MD5c8e662d6f6d43a140b886d7c99a99b6c
SHA163b715d91b1285e1d626d3481ca82360672249b0
SHA256c1956169479242be669ba39c95bb8c18532cfe04202c365474cc6fc9bc5b6a95
SHA51203bcd090e80ea1811f3052f9afe46c04df9a7d898efbfd71b8666a230bc79fe6addd896b0c4398b2b7a980ea0623e0a16afdabb6e323ac709d2cd90e6759db1d
-
/data/data/sistemavitto.viplanches/no_backup/metrica_client_data.dbFilesize
20KB
MD54938be400000da887e1210b475d0cb70
SHA14feca1cf26235584febbe144ec8cb5c318b98cda
SHA256253c1fbbd3708cf40173123e5b67308eccb54b2a175f45bfd3cb60dfbb3dc14a
SHA512f406e19d407af245f57cf094c6c230a5c9e6bd96d10144d69ea6aa2d1249c20cad4b54b29b9e50e48e561281d684856c9afe5151f69dd4b386dbd98bfe6d35c9
-
/data/data/sistemavitto.viplanches/no_backup/metrica_client_data.dbFilesize
20KB
MD5484df068dc370197c0e37af4f433f772
SHA15d071329bf5182e60b2d268adca542901d492001
SHA2563ebaaa9fc7a9245b413f62f91d9e689d468456dd4b6ce2408bcd2003cbdbfbd0
SHA512587e7b68f2c167d39dd50744f2892a461a67cb073e8cf9f6eb2ab752e07841440dbe212af32958248d15af5d4001e7fa12f86cad62578ef31999355a86c3b0b5
-
/data/data/sistemavitto.viplanches/no_backup/metrica_client_data.dbFilesize
20KB
MD5ea9c2dc01d788f2ed7ad6a455e32335a
SHA13da6ee06226734e9a402c3ef2b542af3b509b6af
SHA256ddcb0e1970efc2dcb42a4dd328ef8c10f3512b39a47277d5b075fd3b92dfc3a7
SHA5125b834f25f6f8afea98eec78cf8e148671ceca48aee8019e09308389c1f336e47e55666fedf66e09c97e827c375ade0fad635b98686ebd2f72240108670d25e76
-
/data/data/sistemavitto.viplanches/no_backup/metrica_client_data.db-journalFilesize
8KB
MD527eb2b9873915ae10d83a4f09605768f
SHA1d7b87e21f50c43b7dc7a739e9ec8ce3dcad9de60
SHA256edf21b527b160f456ec482ee1fac9652ae098390fb820279fb380cf79056e114
SHA5124670ba10ad19d286bf184f245318038af7ae75c7cc28b5ab0ce0380228c394a889e10cad6ac1a73c554875c7e551362e24c6a0ed5fbaef9e7da757f641e65440
-
/data/data/sistemavitto.viplanches/no_backup/metrica_client_data.db-journalFilesize
8KB
MD56ec280f8db4e33212c727c2e98790d9a
SHA18abd31f0778c52fefdc2f015fc99c10cb6338f15
SHA256b2232155b62c54c7317cca304e3c1862a4e9293d563796737489be1f0ee54722
SHA512d739e448c96bffcebad8160919b30db3f94abf4cdc1521286c4c268f3095c94ddb3fa4852992bc6d43419425947886e31955a45c83ce0e225cb764b9bff72ce9
-
/data/data/sistemavitto.viplanches/no_backup/metrica_client_data.db-journalFilesize
12KB
MD56665332833cb70035a05e251366b749f
SHA109685cc008383e92256998b91a33e596e43f4135
SHA256c0e3236ef13336ecb305a49277ec02ed68e492c603d947f87e6535e3f05453a5
SHA512696c41683d7e6aea453c31c8aa6e62b05d35d741c9c3a2ace2ab87fefb52e3bde8f912ab06604754d9dd3827f66665501789e1462ded5a38656581cd7746a7f7
-
/data/data/sistemavitto.viplanches/no_backup/metrica_client_data.db-journalFilesize
12KB
MD57f6d3684ca33ec41e8651f8adb15d86f
SHA1444f8bd18ba88fd050fee5cf8ae29a66ef4a1eba
SHA256c848c92a93d50a952d084ace37d3cb261d4f45fd8d413b8482f9b30f215f420d
SHA512b959ca400523e181744cc15b336264d2891faad60da6815ed34c610071636b9add4fec29af2b510e9f44b1d05faaaf88090d3cb27d3f02a48c0122f2f7de68e4
-
/data/data/sistemavitto.viplanches/no_backup/metrica_client_data.db-journalFilesize
12KB
MD5abae94ac1954e63b5c94f175ca713477
SHA1f12e87feb74d47be34fec8f4ca513a04c4d3ea3e
SHA256df3fbbbf3659636233474ab1edd840c6dce2bae33ec7d399534fe6c0d04c56a4
SHA512e0106be69f404945316b57c395145b43d5b2fb57d94d8b8f6cae0f3ff35fd5a92563d89dd1c27c4c643a83db29f26084f091cb6fa75b9904af01f0ef1bf13984
-
/data/data/sistemavitto.viplanches/no_backup/metrica_data.dbFilesize
44KB
MD5a8a9f9d3c516875ad9ac4f7c13ec8283
SHA1704fd7ac4f535b7929a1f43da1e30f99a0f9413a
SHA256a33ce07fa8c5bbd0ab0618f5f5d89d32745ed02f6f36374f9bb8e8ce11bfea61
SHA512810df6c0339c374b1a1acf459aa559d29a18f3db448667ed5ff5b78244d75819b8d6bc0955e075dea9770c484a2198f70bff62b4acc0675f692863d43f14bef5
-
/data/data/sistemavitto.viplanches/no_backup/metrica_data.db-journalFilesize
12KB
MD5bd3ae77762bcd9f6a036a8c343a293f1
SHA1f41200cc2cb8e35aeadede96fe875cf6a381f3c2
SHA256eb54cbe5c4d3af50160e55a7ed3d131a3884c06b9cf9f454790b5f9f92c384b4
SHA51215d4fc1ec1b226d198c6d4f40764d604826d606502b65c9bfb9960c414e30ff437f2b6020e994035ecf7d26cab8c6fad98048170bc3ac7b7d1b197ad5b34bb83