29f044901b5c92c90aa3802dad6f8b6124671f05d480a318e7797d8f7a289d84

Analysis

max time kernel
178s
max time network
157s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
15-06-2024 17:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

af9a80127d37376411248ed008a3576f_JaffaCakes118.apk
Size

3.3MB
MD5

af9a80127d37376411248ed008a3576f
SHA1

b91fc445915b0db6d94aee5bc55bf6c758999c05
SHA256

29f044901b5c92c90aa3802dad6f8b6124671f05d480a318e7797d8f7a289d84
SHA512

ad7f5d826469cc1c288866e6a636d79f42073462200cbc1000a89ec33a6fe097740c8f3e8ac8c49488e81a18e080de84c3628417bff7a75163c1d5e7495302ed
SSDEEP

98304:RohWAo3eZru6tvBsYrcnfRrxgzKnUTxWohL/BH2OtywXF3oyVAoVgIE:RogneZS6BBrcnfRrxgmnQzRu

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	ua.FoodSoul.DonetskSushiTaun:Metrica
/sbin/su	ua.FoodSoul.DonetskSushiTaun:Metrica

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	ua.FoodSoul.DonetskSushiTaun
Framework service call	android.app.IActivityManager.getRunningAppProcesses	ua.FoodSoul.DonetskSushiTaun:Metrica

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	ua.FoodSoul.DonetskSushiTaun

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	ua.FoodSoul.DonetskSushiTaun
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	ua.FoodSoul.DonetskSushiTaun:Metrica

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	ua.FoodSoul.DonetskSushiTaun

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	ua.FoodSoul.DonetskSushiTaun
Framework service call	android.app.job.IJobScheduler.schedule	ua.FoodSoul.DonetskSushiTaun:Metrica

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	ua.FoodSoul.DonetskSushiTaun:Metrica
Framework API call	javax.crypto.Cipher.doFinal	ua.FoodSoul.DonetskSushiTaun

ua.FoodSoul.DonetskSushiTaun
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4256

ua.FoodSoul.DonetskSushiTaun:Metrica
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4295

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/credentials.dat

Filesize
234B

MD5
ba0b93224a40091b8911c75783074103

SHA1
2a061df10a585253c7e23a78c6df4c63bed951e7

SHA256
639b344a6194c3fb6b4773ea518344b3e25c890a0df2a48f812edc268525fc97

SHA512
cc1121de3ee05443744637b9aaf0096a2fc221e83d69a33b48a60a011a06099a50bc718bbd8db37dd453b564549aaa5b1292cb296ea911fadadd3f67fe6ac1b2

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal

Filesize
8KB

MD5
4c80ab78135e0f7a83f0ef211aa0ff22

SHA1
27f930c49bb6a8aae4e0abf617650ebc28e39cbe

SHA256
d6983fd1d28c004771b0ccc2d2fab8927284f195cdf03642b467293ede8b5a96

SHA512
92914f8e4065f83d4a99627f50caf8de5b92b0c13a1ff9aa66f9444b3a906792d8be6ca7b741bdde9a2ce8b5d8b37cf2f7e8c74d94597c1237eac5ca53a162b8

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-shm

Filesize
32KB

MD5
e8260d4e24680ac41c513fe76cc2b1fa

SHA1
c8a94da7d56478a96eed98b9160bb31c474bbe9c

SHA256
b12a8b9d4359041bd604235a065e8741a3398a3b8090ba8590bacc37064dc568

SHA512
4ad5bd01d607cbbfff588c05c7ad9704b846745fe81de6475e929217447c140a2dffaf811c0fc5000bd5e41010e160b683e8794831c58843d1e81ce510dad41a

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-wal

Filesize
406KB

MD5
271e07df4287206c6c983cbfb95bc330

SHA1
c8df2d622354abc0fb01808e35eaa13673f2b079

SHA256
ec93c4ed7a5197f073ecc66c0da61ad29970b786674ce6c410a54302d046d34a

SHA512
5ac52b969b086d1eb7ef09da54c36ce776bd706ee132c685b3d5d126b2c1d43a73188ec97fb6660dbe09ec8e00ce48b659ac1242559e3221c68efb1908b4f694

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180

Filesize
20KB

MD5
6f851a9106a511d40df36db3cff4b878

SHA1
802d4e380c32a7e564f27f837086b1c402f3c256

SHA256
2cd3c1d2a2fb3486ae003e56f9c77c981097a7f8a39f71d430dcfa9f10b9ff18

SHA512
6ab5bca0d1684b677c1931282c7d85f5fdc2fd9b832294120df9ab3ff2d892a7ff93ed5e8156450c3183d553047133ba09c41f06e11624e1fb11c94e84ee6bfd

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
512B

MD5
a8d00030aee1c567b66b82c92214d033

SHA1
d1f4d605ef60dbafa5e70dbee7d12856b1e424f1

SHA256
2cd47c4e37f719f65f3f2be376373de3cec9986c2c4eaef6e91d1ccb27c22d78

SHA512
4020f88dbee6dd6670e62555b9e8688cb2e2ab54c73d78433c7b3c5eeedef5acbbed29742ae1ed454776f5ba18ca7d2f025a4428cf2ef5822a7a182bed60ffb0

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-wal

Filesize
156KB

MD5
cb9908fd15248e277b1347e08067148a

SHA1
6726a9f9b53ae85beb573098855cea2ca9ef7fb3

SHA256
390d6e6b58a46cfe0dd32460786d31b468da4e6969702ef5c2c700523e22754c

SHA512
b7e5710641ed9147e9872b3016e3c1ee52746aa0bb46b63ae1ecdc2f75bc5923477c8467692ed10022eb896b740ed75ac1adb8fa5b39d195d65addac1cd3bb1e

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db

Filesize
36KB

MD5
b69996b9562ab4e678ee707814b5231a

SHA1
f1a3366b8101ea35b8fa7653736121701263f26e

SHA256
882955b304e2193d9dd7e63134d9fcb58a00a3723004070e95532ac02cd93d23

SHA512
f6e537daf92378b678f6bc6001611f4585eec622d3fb8135d40290b6f1485df611329156369ce699ca5c746675b8ec14b5db2cb44a8034907f2754a0f6dbeb48

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db

Filesize
20KB

MD5
f2dc9a264f701c44f2431ec37d80243a

SHA1
4abe1291b84e5afa464ae3a0475a6e87980542fd

SHA256
90eddcc4fc86d1e2f0e1e9e56f5af3366eec93aa7f87660b933cdab6a055631b

SHA512
ffb1c1c7370c7f4cf85c1c4148d8aae6143a824408bf4818db10a224503763439322af8a0f5aea6778f983552c22caf86c98812c62bdbdbd3f0b8d7ed1ff9571

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db

Filesize
20KB

MD5
44def4f6e42c3ec63f229d23af8c804a

SHA1
f5956d9295778b539bced03215343fd3cf7a9dd8

SHA256
882faff2a0f007164d5dbda7bd7f803306423b5eb48a88b1bb72bde65b77e50a

SHA512
a14770398044635a8a8fc0d59dc95af3a97ae78146a9ace3795d600a44098a5ff7099aa3d0ac40442f8ff8c5d3b5ceecb4b360bf47f3e8c7c902879e2e76228d

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db

Filesize
20KB

MD5
c11e70e2c82d2068dd19704c3d84712c

SHA1
b81c135cec64bbb8bcc69de68b01e886859e9c8c

SHA256
19c614c635a4823931b31f5ebb28a324393340d3f4d073100f6e8161f999e5ac

SHA512
5f39d021d4c87ff95ae81ad2e4546c76c820f1d526ecdc12f1130581eec0d87e83cceb049775d27cb97ad8e41f445e84fa30cf9c14c96fc0f6ef336b9cb19f8f

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-journal

Filesize
406KB

MD5
e951e2d5cd08e837b982b5e449a05ad6

SHA1
8c8c15ccaf7de95e99da20b4cfb6a2995517f122

SHA256
fadc79b0dc1f250dd51d3fde0e446a287d140973f961ec5976efe7c0eecc66b2

SHA512
c01534f4d945207c150e5ddd994cd928f4fa3d8d2a9971e353cfca0529fc2e22a6ccd3828a9da835792f39584b0f5e5443bf7e43ceb73a3433eb65393779f1e5

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-wal

Filesize
20KB

MD5
b58c41e30a7fd574cc3bd231c9b1aa13

SHA1
a7ee9e21700bc85ec7e9c60f77128e356e20fdf1

SHA256
09ff4900d6e02536c29445bba3bf46ddb34fc16cc777c28c985284efb8527a7d

SHA512
9204b198bd530c5aa73499c3ddeea6c2d80eb60c378e1f418f5b67ccbc3bab02145fdb9eb1289672d5b35057cd5b79f4ea9d0a40dc3930e285e86ed9a57c1656

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-wal

Filesize
32KB

MD5
88d09a9ddf9b6a20922bb4c83bb321b4

SHA1
aca67a8f981735b7f8830b74eaf7424e3a939699

SHA256
7ecb0a52df8435c4223c1dd464d5b05899c25e200a0f54876eb344be8ed23e17

SHA512
24e2282f2d7d056f78cd215d393a4f0001ccba6ed7fb81490ae8028d58353bd5e6f26f48167eee161a4e4542c0a3441e156b52556bf4f0a95673982bec1f415c

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-wal

Filesize
8KB

MD5
4682dd4cea8b5ad8212aadc559729862

SHA1
3d43a63bcaf6dc169142f41ea8de90a4fb4fa039

SHA256
58a92625b2d3de1355e903b0675ad133623ca88d2b7d39d549cd586b319ba35e

SHA512
a14b2a28e99e70274afed24d92269289fd480084cb8cafcd2103b48b5be7b47e0e046487ed8d9f35552ff91e5a2adfe8a06d3ea5df934b8acdcdf2a4bcb9abb4

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-wal

Filesize
32KB

MD5
78ca81eb36fcaafcc50aabebf322d941

SHA1
5fd416d2ccebcc68444a4d4154e435bd4a57ba23

SHA256
09e18062b7d251d0a19d2ae294cd549ffc9bb06edde9e305115cab124c04baa5

SHA512
69019e152b1048b1f5dd6aebb485b39e229448692cb37e1b09da4731522b4f2420eb471390d77995ec199635e5795701c7fc216d38bdc57b58b1ccc508c61417

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_data.db

Filesize
44KB

MD5
3e8bd555d81331f44d32b509ee9a9afc

SHA1
27e73d06d5aa34f029dd20814a9756311c1c8da8

SHA256
7c1635eb2d791b968526a46af222d9a55a21a9499f51657fa590f89efb62c374

SHA512
405a81b90e0c8296392690afd87f143e10f17377214b4428fb5a6bb43a0d0a71272fbeffdb1c1dae0a268d4dd5229ee69795457c003183b302f71058c29c2e76

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads