Analysis

  • max time kernel
    178s
  • max time network
    132s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240611.1-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
  • submitted
    14-06-2024 08:03

General

  • Target

    a8a64528b1fa44ec82e2f9bfee249729_JaffaCakes118.apk

  • Size

    3.3MB

  • MD5

    a8a64528b1fa44ec82e2f9bfee249729

  • SHA1

    58f7b00c07f9655338a937f0779fc777218273e7

  • SHA256

    6fb05ee43a3fd51223722d847854ed9219593cf9c1490e90a733ce48ad0d29ee

  • SHA512

    32498ba7e8dd21e3059a201f28556fa7269177486254c4e06db3941b059ab628f93c62740fa926ba830107743a11e07ecb3a9f170e9bd07897ef78ce4d9465db

  • SSDEEP

    98304:CJy7KPSx9r0FNL5D+g64j7BVMHDgXHT/epxOtywXN3P0ZKPSW:CRI9r9QdaArh

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 3 IoCs
  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
  • Reads information about phone network operator. 1 TTPs
  • Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

Processes

  • sistemavitto.viplanches
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4425
  • sistemavitto.viplanches:Metrica
    1⤵
    • Checks if the Android device is rooted.
    • Queries information about running processes on the device
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4473

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/sistemavitto.viplanches/files/ZPkFS.log
    Filesize

    20KB

    MD5

    d01115ab3b3ab6cd76adfbc07994cd9a

    SHA1

    2e7e72949ae2c3c9fc3faef4ff50f29153ce10de

    SHA256

    477bd41c92d45d060b57856b501048725ba8cd344d54d65459d2f6a0d5c38e68

    SHA512

    bdf67bda728f6ba75d0f993d24b0feb954d5cbc369d522ea553400482ccb65ed6c9fb042608d7ecb2940bfae1df0e47a7cdb37409561581c8aa31a774334092d

  • /data/user/0/sistemavitto.viplanches/no_backup/credentials.dat
    Filesize

    233B

    MD5

    41d4045b97e5ece2c50618ed49f14ccf

    SHA1

    7ea3145c76eb53c6fd97debdf9825f526bbc98e1

    SHA256

    29fab544a47d44c8f9899ae46a298bcd9b096ef50dc1bc50cafa5e6bb106d876

    SHA512

    edcbd2fc1d0aa64d9807d517b7ab8a1482ab0823b3a4e168269c2d0b93dd195d7c17961b192c27e993ca3ffff19e957a21b790072ef196080687343cb77985a8

  • /data/user/0/sistemavitto.viplanches/no_backup/db_metrica_sistemavitto.viplanches
    Filesize

    36KB

    MD5

    1083e021f6e25f1a3f56ab4240fc4c75

    SHA1

    20866d53dd3841aae2515bc67c4fe83b1159212d

    SHA256

    d1f2db52902dbad128d8cded866ca6b38b9f16a659bb697628be50a563e0f2dd

    SHA512

    dcaf3fd5c678ebc24912d40edb847e0249f346329c838e678c2e7281094b5dd6e8c62b4ccecac1bbeecc1d51b51ee12d3c229c22608252bea465da28d5f34a8b

  • /data/user/0/sistemavitto.viplanches/no_backup/db_metrica_sistemavitto.viplanches-journal
    Filesize

    20KB

    MD5

    07b2410b5217f01d537c5bbeb4708b67

    SHA1

    56860c9ab5b5994f1b77ee107d6b40769f8cbac9

    SHA256

    f26c997de5a03097391478486b1414232192bb83570559931795c9e39be8ec94

    SHA512

    f4fdefff16af3388981f4618cc11522b9fba3cc1961893d912947af74b38901627c7186c71a32af4c99be12d359c318dad479b085a1c08b485057a039399969a

  • /data/user/0/sistemavitto.viplanches/no_backup/db_metrica_sistemavitto.viplanches-journal
    Filesize

    20KB

    MD5

    405041672fadbfe8b70e77637de54f5f

    SHA1

    5b70569ec2db2fa474ac05f1b83b60a9a6a0701a

    SHA256

    a9f0889491fe7b9ed7bf55c2ee2e334c04b43f24240610b977d6baa4bf8bf43c

    SHA512

    8a825def0b9fcb60128b203fd2a6c60bf33aae5113240aed742c496463e43482ce5332bed45b6355000b52abf360fa66f1e2b7a3d871e8f31b470495793c1742

  • /data/user/0/sistemavitto.viplanches/no_backup/db_metrica_sistemavitto.viplanches-journal
    Filesize

    8KB

    MD5

    d832731849c8414867b237d778c8e2c6

    SHA1

    48bacc697842214696a0108bc8e1958e4cbcab1e

    SHA256

    6426aa66c980ad4229d37b8ba992d37733812bf7b8180ada966763bf6809967f

    SHA512

    af2fb52c4b53d2e235f6d9ab79dade70277e581f75ef75736f5825ae509d00b8c75b6797bc5e5adbe620b4bf59e9a98f1a6d8f81e57f570de23a075cc8e7fab4

  • /data/user/0/sistemavitto.viplanches/no_backup/db_metrica_sistemavitto.viplanches-journal
    Filesize

    12KB

    MD5

    61efd66ceec60064fda01f780193c101

    SHA1

    3e7afe0ccc5d46a02c9e1d2878ba30c577d8706a

    SHA256

    de2077d4417f8b81644011882013f8fa3a30d26f948146d385e633bdf8c07ffc

    SHA512

    75b60e1a41d9046594c54d7331cd09360687ee7ceb8ae315b2298a0b706c1944067ee8b4fb3657da5bbbbfd3e919f8c5fc011d20e06b1f071222d91e2c18762d

  • /data/user/0/sistemavitto.viplanches/no_backup/db_metrica_sistemavitto.viplanches-journal
    Filesize

    12KB

    MD5

    0dfa88868a2c5b6b939cae924767ad3c

    SHA1

    89eb7b7887dd2e1c644b509e9970e455b7e2192a

    SHA256

    bcb9f91c460c0c24ca341f011f88aad4e2c0f3712da5d1edb73646bde44803ea

    SHA512

    cd9de412101da02ef55afc0e0ded270775a8e0cc35fd76285b103d116580ffa92cab69a4f4d928407e94afd9def13fcdc755f922fe59f13b9bf4ef3eaaed70de

  • /data/user/0/sistemavitto.viplanches/no_backup/db_metrica_sistemavitto.viplanches-journal
    Filesize

    12KB

    MD5

    b77383fc7b893dd62e3a341ba56ca018

    SHA1

    cccb0c33c68e98b4afb566ad64bc7b3455f07db4

    SHA256

    8be63bf2097a224156bfff7dd871cdd8a78b96cec26f762c5bc0d9faa00a43e7

    SHA512

    2456928f5882dcbf3cb1381dc90a71f02ae75b0c9284975bc94a71e2c498216845636d90b5e804085161d2bbb8c1fd55841d9e581e88b5a84ad24d7e460d5dca

  • /data/user/0/sistemavitto.viplanches/no_backup/db_metrica_sistemavitto.viplanches_20799a27-fa80-4b36-b2db-0f8141f24180
    Filesize

    36KB

    MD5

    0a6d13eebd1d2e97e483a0cf79ae82c3

    SHA1

    b6091a9b40314d9b7ee4e129b6c59affa335d58c

    SHA256

    dfe5bf428d0b948a7eff101909e2800d998cfb884cbeea823e2ea4a77753dfe6

    SHA512

    589e9866faa645d8fe810d7c621649aa1115b72286f471e6b470c3d4686be4861adf8909af2dd67c0dd01d646f75473999da5c4fbc7a9b14ea002360a732680d

  • /data/user/0/sistemavitto.viplanches/no_backup/db_metrica_sistemavitto.viplanches_20799a27-fa80-4b36-b2db-0f8141f24180-journal
    Filesize

    512B

    MD5

    f25a55d334b53b60c74abbe2358ad616

    SHA1

    1b4fddc4c0727f93c89bafa2817082b5df975ecf

    SHA256

    0ec12f73a6cd8756408d2abf033652c6e4b87511c5ee97471153810b3eb394a5

    SHA512

    aa8c8c4d100934d4011e04d94e5aba9abb2ad930deb58ff1c5a48ae506aa12150e8a9002218b95f317f6a92720c710bd531014bbdb628c9fec6b623d732449bd

  • /data/user/0/sistemavitto.viplanches/no_backup/db_metrica_sistemavitto.viplanches_20799a27-fa80-4b36-b2db-0f8141f24180-journal
    Filesize

    8KB

    MD5

    32f9eab580d2ab7b6234db880514bc31

    SHA1

    bf70010563db51451ee7aff76232a5c31fe80e06

    SHA256

    738ea2b73230029fde85bb8e2d8a6cf024be8be5b8ac87ff1f97ccf6f8e052e7

    SHA512

    cb9fe7bfc8aa391a09429728bb6ec3907667cd98d1fab961feb68d3049bc713c5f2203f6c722abbc40457b65a15b6c75d02204b662797326bbbf815d881e54bb

  • /data/user/0/sistemavitto.viplanches/no_backup/db_metrica_sistemavitto.viplanches_20799a27-fa80-4b36-b2db-0f8141f24180-journal
    Filesize

    8KB

    MD5

    c07d96e76a64b67376a3b01df692e9fd

    SHA1

    24652f4f32d0456ca3583190a650e1bddf319b20

    SHA256

    2eedc02e33db768751fd886861255640da7ed314302cafc9780937416c37cbe6

    SHA512

    0bfcc591f0a91ad338b6ec51d0d15c1c86b2081684569a5482375bdde3643b67f7f0bd808210f8eb8b566592fc709a91606abd1af5e64534dc97c3a16dab82db

  • /data/user/0/sistemavitto.viplanches/no_backup/db_metrica_sistemavitto.viplanches_20799a27-fa80-4b36-b2db-0f8141f24180-journal
    Filesize

    12KB

    MD5

    f126a81ed1687320f38c9f0bd81d8b57

    SHA1

    ddaf5cc3a85ef7c4b91f8ed40311015a2a19cdc3

    SHA256

    4bcf257644ff605382459d514a86d86747d98187e788e3a32a6015e132696ec6

    SHA512

    59788cc9f4364152d60bb517bb45c0e679c973405e87995e1f0932b55786206c36fc7621796dd4cf356a05268fab05ba13e7932e8ad9f7d1dd6fe2ca751d37fe

  • /data/user/0/sistemavitto.viplanches/no_backup/db_metrica_sistemavitto.viplanches_20799a27-fa80-4b36-b2db-0f8141f24180-journal
    Filesize

    12KB

    MD5

    534edda538e4e6d3337ea08e8615363f

    SHA1

    dbf4e12cc680b44b832c45072fc2984733f6eb7d

    SHA256

    62ee13f82c1b02b875bbbe176155798cab2f5c68334f41372c29853df5b65c43

    SHA512

    7196f38257b26a9d68565d23589c896c1297454e4f0372932a7b7d951297c3216b2651f3106b7b9b9bc081d8855ec0bcc61ed04507e898a687f3ccce6a93c3da

  • /data/user/0/sistemavitto.viplanches/no_backup/db_metrica_sistemavitto.viplanches_20799a27-fa80-4b36-b2db-0f8141f24180-journal
    Filesize

    12KB

    MD5

    4553b02201a91373ba2cfebb3fb289de

    SHA1

    1489db324b0a067f558d3b7d19d46a65a51a4593

    SHA256

    1c3f02a3cc4b93f84b78034f56fb31d1ff0c05e586b5264d15b8ec67ad6074b6

    SHA512

    77d80b30f7209ed94ff8653c6ae87f398cb5181a8ea4a3116cf4061da341ccf99d11fe560b2404b86c52077d5454f153c5bd64058cc98a05296c9c81b085cf0c

  • /data/user/0/sistemavitto.viplanches/no_backup/metrica_client_data.db
    Filesize

    20KB

    MD5

    042a8e94dd75df6defeee5abc02a6d21

    SHA1

    1b323538aec88049fb712c4f4211d9a3237413d1

    SHA256

    66d251a0500925c7f105da4d2c7c416a8d568f8a82fd047087b56f02ea529bc4

    SHA512

    4a5585ceb6407b9aa4e04a14625965fe5474e0ff454665d6c7d519cc3da851891e065d8c3d384b4734b4979e4841c9f7be6cab8bbbedde8d2153c651f615ad97

  • /data/user/0/sistemavitto.viplanches/no_backup/metrica_client_data.db
    Filesize

    20KB

    MD5

    09932e97a92832a7fc9714deefa59214

    SHA1

    5518505e61a100ecf22a6e545d5ee1095a74fe52

    SHA256

    13385f97680fe65eb4f3393c7b4ede8be07e0bdf51e5f0b3ce0cfb7bb55ce4b7

    SHA512

    756ce2aa8f0d60d36ac85cd6dd1651d812490d3a3c103c7afba33ef760207c45e7b479c3ed50c7b13e90623aa4e5aea221e299ab9e3b68aaf2fe1facb91281fd

  • /data/user/0/sistemavitto.viplanches/no_backup/metrica_client_data.db
    Filesize

    20KB

    MD5

    e5639b469346d3d19c79ae3bdc2f4a9a

    SHA1

    b4d9041b94176f65417e63e77f0f324b81e8dded

    SHA256

    cf283c9f2c282ef339f1ac0c4eae7d6f44f86bc1744cbf8a9b5703edc7368aaf

    SHA512

    273aa09cf7f4de26661bbedf2ecd180b5adb537022cd824d2185beaf7eb1784bd1ea1f1f22c01e4762729bdefeb81964f1a47f13e90b883beb27ce7c8d1f03b4

  • /data/user/0/sistemavitto.viplanches/no_backup/metrica_client_data.db-journal
    Filesize

    8KB

    MD5

    6fc1b3e2b4c802aa51efe698b198c429

    SHA1

    9f400beaaea535ddda2edd9d6a938455f26fb4b0

    SHA256

    585e60131f4ed853c6e75ef832bef150961b12c32525a5822f5813607dcf90ed

    SHA512

    ded87f23ef838ad98c6af1676bbe3b68e9a0a53018b041671b31f19c166bcaba569680a8e0fe712a4ffe6f7d4eb8d7a17fd9abe26b4deec57589c19a02c061bc

  • /data/user/0/sistemavitto.viplanches/no_backup/metrica_client_data.db-journal
    Filesize

    8KB

    MD5

    3ac603af63f49f430570371bfb0f6a32

    SHA1

    e38076c8858a55fd6dfbdf526d5427aa78e7fbc9

    SHA256

    38588b9fcc1858ea0dfd37723c235370b3d886d1ded071c1cd16b8e9181dedab

    SHA512

    1508fa2cfedeaf53410e7bf0ae15319cbe8e3053a848834929f9b4d412f73129783dfe097cc72aded28d61ad772907277ac2f92878dc25895819bed078886277

  • /data/user/0/sistemavitto.viplanches/no_backup/metrica_client_data.db-journal
    Filesize

    12KB

    MD5

    72e39a7e43956b232109036682fe7f81

    SHA1

    0fb92a285b65a3a2c23b3501346fc4bfa4436f7c

    SHA256

    c3a89628f7a1c41f65c2027897c930a9f9bfbbee7016cb3da13741cf39a232c7

    SHA512

    2b47f21d995e993192c933b5249af2363a2bd3ad18b1dd69650efc077874ab22804eabc831771c77ae051da7f59944122d325258939b97c14cf0b4341f9f8782

  • /data/user/0/sistemavitto.viplanches/no_backup/metrica_client_data.db-journal
    Filesize

    12KB

    MD5

    b908e461636f394492fc141013219a0e

    SHA1

    1f349fb66838190a716397a45f1c7bd5940ceca5

    SHA256

    7127a0dee97b2ba1d1897097b6fc6dc9b2d7157406ba05c97b660c1d59e38fa6

    SHA512

    762b5167395e76bc7cee3b714f1cc8e3cf2c1e3ca87c1dde19e8a5b080706c492b717a89c777cae6e6655c016c9e93e1ecaaadad69fe396522e9eb25101fdf66

  • /data/user/0/sistemavitto.viplanches/no_backup/metrica_client_data.db-journal
    Filesize

    12KB

    MD5

    be2949790846c35e179ec0fd26377f3a

    SHA1

    ef0a6aee559f1a650e8ac3eaf6e26a5f367d8bb5

    SHA256

    980cdf610490196c96cc47ff2cb7d50209b8a2c4060b13d46fb78fafba444120

    SHA512

    05251aa90f5c59f3b645fe317d3db1ed2ddf6a27ecddb8eadae447eefa74695876f813256c1accaec0c6d8f57887a70af44216baea446eac82cc5db37e76171d

  • /data/user/0/sistemavitto.viplanches/no_backup/metrica_data.db
    Filesize

    44KB

    MD5

    a8dd01f66f16769ccb88e8aa25811ebb

    SHA1

    5ae8f51d6c1e500c0226faf7e5830770acee5a9d

    SHA256

    cae7b7b6462b1c90abe4f064d4ed7125df737801ef17c60fc1bbb0d72b075d21

    SHA512

    704f812ff264f287ec2b26975b616cd86f02bf8b9a8412cc99d9178b86f4a24c85ba1469f1335629a68528bb998ba7b4568b1211c3d5047a4a5ee87691958577

  • /data/user/0/sistemavitto.viplanches/no_backup/metrica_data.db-journal
    Filesize

    12KB

    MD5

    ddab54d4d715177cc7c874d2b4b75a61

    SHA1

    c266ac9ce8a66d60c821fb04663999076bf272ff

    SHA256

    f47a8f8361c1cddd055d4167f3e94a1a7b045589f0018e6fb3110495c6b77759

    SHA512

    32637caa47a24236980fe9578ce471da28ed221825aa08b1d757ffd89653a45f6308455a0cddcfc71af3de80587b49c91457b02c6a2683ca6057434739f928fc