29f044901b5c92c90aa3802dad6f8b6124671f05d480a318e7797d8f7a289d84

Analysis

max time kernel
179s
max time network
157s
platform
android_x64
resource
android-x64-20240611.1-en
resource tags

androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
submitted
15/06/2024, 17:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

af9a80127d37376411248ed008a3576f_JaffaCakes118.apk
Size

3.3MB
MD5

af9a80127d37376411248ed008a3576f
SHA1

b91fc445915b0db6d94aee5bc55bf6c758999c05
SHA256

29f044901b5c92c90aa3802dad6f8b6124671f05d480a318e7797d8f7a289d84
SHA512

ad7f5d826469cc1c288866e6a636d79f42073462200cbc1000a89ec33a6fe097740c8f3e8ac8c49488e81a18e080de84c3628417bff7a75163c1d5e7495302ed
SSDEEP

98304:RohWAo3eZru6tvBsYrcnfRrxgzKnUTxWohL/BH2OtywXF3oyVAoVgIE:RogneZS6BBrcnfRrxgmnQzRu

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	ua.FoodSoul.DonetskSushiTaun:Metrica
/sbin/su	ua.FoodSoul.DonetskSushiTaun:Metrica

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	ua.FoodSoul.DonetskSushiTaun:Metrica
Framework service call	android.app.IActivityManager.getRunningAppProcesses	ua.FoodSoul.DonetskSushiTaun

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	ua.FoodSoul.DonetskSushiTaun

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	ua.FoodSoul.DonetskSushiTaun:Metrica
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	ua.FoodSoul.DonetskSushiTaun

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	ua.FoodSoul.DonetskSushiTaun

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	ua.FoodSoul.DonetskSushiTaun
Framework service call	android.app.job.IJobScheduler.schedule	ua.FoodSoul.DonetskSushiTaun:Metrica

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	ua.FoodSoul.DonetskSushiTaun:Metrica
Framework API call	javax.crypto.Cipher.doFinal	ua.FoodSoul.DonetskSushiTaun

ua.FoodSoul.DonetskSushiTaun
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:5074

ua.FoodSoul.DonetskSushiTaun:Metrica
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:5130

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ua.FoodSoul.DonetskSushiTaun/files/ZPkFS.log

Filesize
90B

MD5
c0c22a1b45790ffe4ed48d696f8097b9

SHA1
69e89aa4d8481cc07e04e6119d8859865a876585

SHA256
8b6a051a21c1994fe3dc63a0583bba4c8bb9386538fac8a196ca29a87db3c2da

SHA512
5bee6e5684c90580f7b7e2ea9c4f8354aa108c41621f41252a4093d1e803abbc6e2ca3a9b96ec2bd35df083558eb08e130e4a018dd2321584c8463ffc07dd820

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/credentials.dat

Filesize
234B

MD5
e0014d39c292c841bcc50fe35722d0e4

SHA1
d07fb381429c43494f4735980997a4ab57e6713a

SHA256
ac46a775cf4abd951b4ad4063a903879d4d6cbca56551056b2ea35116df55474

SHA512
8a650364cf6e746d0c52888abc6dcfc618d7c7de22dfb29006a7dffce2c0c503a4e2e4317a32f398b44e60258992c6bb7f3d49a2f0b8c8328eab126cae1c0ec0

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun

Filesize
36KB

MD5
9b511301d17b335bde52fb3086dc4a3c

SHA1
cac0fb47d08012e63d5f527e91103d445d84bd05

SHA256
d4e322f06e9bb9a166ae34363972af7f3da684467adb58116dd1a34041ea0331

SHA512
085d12b3fa8911e05374bdb6a2aaf96fa6d20db611cc227940569f51f3f40713a533b9224052f619daeaeb1bdda8c8146144a2aecef6b7e825d71de9deaabfb4

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal

Filesize
20KB

MD5
5526b24a75175e04674a8ffe14397e51

SHA1
a1caebd556d411e7f05e98d1be42e7ab9ffedb46

SHA256
5d7d87a0afd24a16d8cf326f25b9cfb26ad745b0ea4171c9cde31c9ce08b6365

SHA512
7def9b1437f3199b610c55e9c889da5bd660cce4ea4c49feb0508193f107bfb8d995620927fdaae3841e6008b7e8b361bf10a4e88152c3ae2c6afb23aea20a1b

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal

Filesize
8KB

MD5
97bc30b937514f2df89d84ab826062cc

SHA1
807e5c217bc2f5d4619e95058b9d7fe79762ec0f

SHA256
d06fd65a9cd797ac717b7aab09f71206a4e0d2d4fbfce7efbb438cfe78898e8e

SHA512
2f8d0c7f4c37460ecffdff6c2210bbd7564856b134be11583b19a0eef9b740a971f5c03d9b4d8eee827623f5abac2ed6d46018fb972ea6b7408cf19d4cce8126

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal

Filesize
8KB

MD5
7e83bec75ec45c2300a03c64215da116

SHA1
bad7e7e95b91d3498f741c714a6aa6cb4cc756ff

SHA256
95d57c6dde85a0101523f15229445724b890ac2401c5ae95a12f226304a93616

SHA512
a7b88593a165b789049b99a61d4ee71dfd1c9eae46596651cbda01bb7c22e174e6ed607b0743b274a9b7f272d31f61776a7646ad4d6cd237df0fee4597d821c7

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal

Filesize
12KB

MD5
78b4d0a361b27107ec8c435f808528cf

SHA1
d001a47b5b12040b872f114e90882d1a7ae0486f

SHA256
9805ab1960a72989a3ee97bfb022a85b217a445432918f3baac6316b98c7abd8

SHA512
bc0af2c31ec30ce2c5c6f9935eba9563590bca1c498ebac048d5aa2a77342ab9e7ae4386c1e6e1db7a89a7c05dd8d5106d1af0ba7f311a210d1887cdcc0db817

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal

Filesize
12KB

MD5
7b183c799ff1ea8a01cb809b1d2b29b5

SHA1
24286eb26e3589919e5215ca7ae8706400d097df

SHA256
3824c9002d303a3ff6c56dd2da4cd3744dd86cfa6b61abdeae01b0df3906de91

SHA512
1688db825451279fccc33e7c0a5b316a0c6c83dfed6e17fa19932146f2df66f59e5720210ee13e995809d09858764135b21f63da3bf225b788389161b46a06c8

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal

Filesize
12KB

MD5
743c34675c505615aac605e2118b044f

SHA1
134a3cc74a96a10b8a620012f2b26b0485687b23

SHA256
f66f9c8af484edbfa4ebb069071a9fa7b2ac3876b3c4ea439e93c7477d2f0648

SHA512
a26e91734767e5e3f23d426db49328c17ec1c91a8cb311699034c6a4224f207c0420051a289151af2702fdae63da0479b90d5b7396cdc7804237644dbdfc81a1

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180

Filesize
36KB

MD5
4f0e80fa302aee02cb406df2f4fd56fd

SHA1
cb16b84169e087d6f1528eb4e310a73e773bd8c5

SHA256
317afaefd4580491f09432ffdb9ac605cb6bd0d60d8b25df9a2f33a65c41e0a1

SHA512
75e56b9bbce0810bb35bb2d14b21d4e1321b245532d9a7774ebbcfd426c66956cf4ff855221f32a2e7281ad0448603565fd1357abd12b97b78d612a2eb37007c

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
512B

MD5
cb25e92aece006a5f0035530e24b17a1

SHA1
25fed083be6965f1185e21685ad5053920d753c1

SHA256
0851a0ea182089e0ec14ea9d37f802d99e7e40dbd0d572772191b6197550c103

SHA512
cf867ebcb082162880a3b3206e5fc9264027977e9eb851273dcbc68336987329473e50bff94f2717a6cc162c94a656e334872ca21b8cc731d02545968fc8f61a

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
8KB

MD5
aec1d366bd902f2f6eb56f1955006061

SHA1
5a2fd1b80d4bc63dde0000c8e0205a11a7aab1bf

SHA256
7934085011d4352642b5d6b081fa560e26fd63b05c77b2946bcc50789c54a52b

SHA512
54d9e1acf152a56ecad0098a3286412da06304210ae168e5de73716a5130012551b83a97990b7ff8deb62e6b47392c9ff5c55e68836de393871c5364825c5814

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
8KB

MD5
6f3a4da447b0b4f83b3ebefd4af04797

SHA1
4c818d6d28a643ebbd1838fc6ef701e3b88e8810

SHA256
c6e23c919b838ec77055ae39c1a2f73c0d9c28e98eafc982af0a2b5f0a384b31

SHA512
5da1fa3272d7a9f190c1c58f08a99b0cf10da2ac21b8481ae7270675ea0665cb2992f316ff2fdcea27b81cd1dffcdc75569f64853a2858ba8b2df5e33270ca71

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
c5c0883ea0a4c0dfe791787765ed0852

SHA1
388482774feb39a3e6cff7ec4e3e4bb277a21413

SHA256
ed75979a6515d41cb964fbe106a7e1596dffb3172d995b25652a9c38d0901060

SHA512
e99f4502c6130389385c7684acb8e5ef4e58c0bc8a2d7eac80b0c10e7a26604bd4f1271725986d2ce7940bf540af54858ef3e72fd9d5ccfb480cb43265dab70f

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
03347735fb35005c49e3de1becc84e52

SHA1
7d1bb4badfe40cb039a01ad9110b6d09bb620fca

SHA256
c1b19ea92fbb16693a18665dc9f0069750a0b1ad4c6435667df9aef84ec58aad

SHA512
c719d16e3bb57160365f5185cd7988eb9969475422d290be3df04890fe028ad0b055b58e5a2e5dc51a7c1cbd09994a1e0b180031e266d75bbb26f570322e7bc9

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
6bc4485feb00b8ad2961b45ba825bf5a

SHA1
b096f752f567947c2bdac457cdcc2cc97598a640

SHA256
5aebe8a5cb7aa66ec9d57cd2dc1599814d9e544a56d0dfdb06c1c6c17b64167a

SHA512
1d69cf072bbefbc0af4a2891717b83b0fe5832827c5fa40665207b8c18b767dacdaf6f4a8899443a7b20ba61b9717a69c40e641ca6545af39063756fb32bbcaf

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db

Filesize
20KB

MD5
55c8e0f3788437f66574d604f6c69dd3

SHA1
7fda1481959ebe2f6c09028d91d5d5f61176a9c4

SHA256
5c43b25b19744c03982ba9dfbcda4b6fdced6d7d472af57bd15c59a7abdd9cf8

SHA512
eb80079340ce4b8c2d121318662062019bade6bc89fa5e405bd72c675b2e24d96760c722226e597e41b4a7f659d2f6909c21961a103fe55561a62df02ff7fa21

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db

Filesize
20KB

MD5
5366529042240c221b30261ec7946d30

SHA1
54dc1894d3dcd659cac64d461c02a5c230354f60

SHA256
63618fd8a21bdf6cfdff7d08d52677514dd885043c72e17fb4c558179af805e5

SHA512
ff8fa16cc58cef7db8537b2e6bdb61b7d031e9511c71506a266865ad86dfc7135a61b281021faddc7d7e968869ee1af9d877098d57061053d2bc4f9131e158c0

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db

Filesize
20KB

MD5
cc4c57dab98ef634603bbf7e1db7e69c

SHA1
b6ae0c4edae26b6c2c9255c5694ec700088b31ee

SHA256
092e2e8deb931b5862a8aaf554eb7461a16eb5ec0cb6719d565f763eb625d5a1

SHA512
6904df6eb6d79da68b5e1e2c8cef91de6b4e0edd43400fcb67586a9176082f8c88d05f06759fbd366b766249f961307038c02f9366daf4f1dc3557d19cd4689f

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-journal

Filesize
8KB

MD5
c5b3d49c5165e4abbfbfe1545074d3d3

SHA1
32ec1d938409bbbc0ae1dfda39075a76853f3b71

SHA256
0c357ac12ee5952294d105546163abef98597d9a2974319127802b43c4f74e1e

SHA512
37fd17af1e410bbe2aa93cc3d0d90f9031e3eb0ed335eef6fd3b11c208bb7af0ed05055925e2443e0894ecbdd18360babe690339593356ae07e43e3e2d58be59

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-journal

Filesize
8KB

MD5
b3d69562154bd4f42e91f50f4fc6ba11

SHA1
59f26a253f0fab98881b612265fab39db4f78ebc

SHA256
edc5d714a1037830e25dcfc63dd86a0a02de2cea30c4d8d46b980f9e948b8f66

SHA512
959e10a52e67ad31cdd073ad235e9b13c5bd78aee316ca53fd0992fb15c2df4b820478256afb2363d54d19ea9137ea3f1f7f07376b7c24e8f86d4780917952dd

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
01b1e9696e084e056bd8c5048bf3a3ba

SHA1
a7eff27e587d771e957e7e807169e4f93c62a912

SHA256
7ffaedf0c953b3c2bacbb1074598f41fe62d7e043ce126fa9ad6a59067910f1d

SHA512
bdb3de7464c4fa8e47dcdcf0dc27576a6d9c6cd46204aa0ff5f1ed89bcb75778e52b990bb3f700b770337f3743296e0f22baac72ee835a35c834be6d0c1f4adf

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
770316e2785b7f6f62bc7741ea73f90b

SHA1
8b5c20580bec02d28f8adc035bae1e4b466fd6b1

SHA256
d8ba276c1c57e0db478baa333ab6ee2516a1931d6db80f68cdd2b9202bf1a390

SHA512
bb0cedcab4ee9f935aafa00cb7ec80b2221b26a4eb8240652e4fd06550e92f299735218470381fb7f1b85a54edaee3c65c9ea8da1932a97f8a0d7f7a3219a863

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-journal

Filesize
20KB

MD5
0c3e8a9ad110bb4d094d1fbec132c4a7

SHA1
94dba1e4fe2c5d705ae4c7f78326a7dcb7883ea2

SHA256
6166992726d8ca7dea0495ca437ac680a02652a0e8e9c13f00df6007f95f53f5

SHA512
8d402b66c7acfb0a9d09986ca4151108c798be441f3d8aec5ddfbcb64287a6121acd015adf978d2d36266a2d41d9a4fdd86dc06f961faa67d92699c06531f7bf

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_data.db

Filesize
44KB

MD5
66d5ddc14d917dc599685a8f96182c8b

SHA1
cb3a736dea204a889876b92c0f9ac48a2b08fe9b

SHA256
c75566c6050b37068ec82de6ee7021e658d68b5a741f54a25fc7a05992cd3127

SHA512
8514d1d1ac8e1b8976713d40a647975a254a33a7636133ab14cacc4f0fbbe3f2b416082d0ff1f00ed2eebb5fe298dfe55045936be8e1237f98ac492363c27aba

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_data.db-journal

Filesize
12KB

MD5
62d0a63f4a98782e916fa4f16296f123

SHA1
34361661acf63a7a4a8b17563791739b1ef183ae

SHA256
846ac592c604f68f6168e6ef262021a8dcf99871ada73223b895cf6b1b5a1ea3

SHA512
fad931ce3d351398bee78b5bfe2e8913378827f353c66950b5be31320790c2a644581768ce5ed5d9535bc7166b7463c8251e17c18406d764e3ef5c8d9ad1975a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads