ec2cff3406831a6fccf542b74b65663127b0ac70edce03802ef49f7c6d7a0d46

Analysis

max time kernel
179s
max time network
151s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
16/06/2024, 05:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b1d985ae5040a65cb24c65e17229b3d4_JaffaCakes118.apk
Size

3.9MB
MD5

b1d985ae5040a65cb24c65e17229b3d4
SHA1

9f4a75d7ae6f41ba2fad195edc4e705259771b5b
SHA256

ec2cff3406831a6fccf542b74b65663127b0ac70edce03802ef49f7c6d7a0d46
SHA512

2d5edf0e541cde4fc9d6fbf7e3c6df3de2e6559a14126745d0ae944e3c99e1d2d3397da440000964a0328f470725e613b240e25a2ce8827f3f1da38eae755798
SSDEEP

98304:Q2czwjp0q09rmUSqeVf4cr3t8DpVm7o0YItqIgQWolpNt5gK4S:QuVCl7neVfZrdupVsoZAqlQWo/5b

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	net.junios.saenggogi:Metrica
/sbin/su	net.junios.saenggogi:Metrica

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	net.junios.saenggogi
Framework service call	android.app.IActivityManager.getRunningAppProcesses	net.junios.saenggogi:Metrica

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	net.junios.saenggogi

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	net.junios.saenggogi
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	net.junios.saenggogi:Metrica

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	net.junios.saenggogi

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	net.junios.saenggogi:Metrica
Framework service call	android.app.job.IJobScheduler.schedule	net.junios.saenggogi

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	net.junios.saenggogi
Framework API call	javax.crypto.Cipher.doFinal	net.junios.saenggogi:Metrica

net.junios.saenggogi
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4202

net.junios.saenggogi:Metrica
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4236

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/net.junios.saenggogi/no_backup/credentials.dat

Filesize
234B

MD5
0f7a9b434797dbe08442b790282b5742

SHA1
947506315344cd58860b15933d9eb851e21bb444

SHA256
180651cac412bac84ad55678c8904d91dc3782ff73eafa4b85a5ced1c017fcb4

SHA512
91c37d32852083324c277f7e708793e04dcf165216436d6d1c700ec7054dbf4484c52cd746d33d2909ba1ba3d15b3d9b08eea45033d2b9d0e08778c711f828d8

Download Submit
/data/data/net.junios.saenggogi/no_backup/db_metrica_net.junios.saenggogi

Filesize
36KB

MD5
e5a10d6264dcb306e13f27ceeeabfc27

SHA1
33c941e4ee92c0120607e10bf5dd651bdbf7fbce

SHA256
4e1a033dc4db91fa6e1c900d7c0540033f57132342c4c0099fd71835ec8b44f7

SHA512
c60010cb706142aa15add3423244e928897b80bd03299c20acff98e0411630dd4f825383f077158d31198035b2d73d15af7dc91672ba933b259fc8cd8ea3347d

Download Submit
/data/data/net.junios.saenggogi/no_backup/db_metrica_net.junios.saenggogi-journal

Filesize
8KB

MD5
af1043124a3e148e4f4af7e1865f06b4

SHA1
3135cd50b86e8c01a458c3730dcaf35675b92b1a

SHA256
e933e9cdde68d4861518a869b4a8895f66d7eeff1021f65487d45ab0eb8d7f33

SHA512
258bfee9d020e5e1edd66d3eb1724f6cc026835d55aca115b5d11233093a16af203bce5cbed53ab45a8730e8432e649bf50c40d53123b75525014c166759b7ac

Download Submit
/data/data/net.junios.saenggogi/no_backup/db_metrica_net.junios.saenggogi-shm

Filesize
32KB

MD5
f0149f51d56fe7b75bb2ff995a824f58

SHA1
9414896d6b214f91ff3a959e45413b703bea111b

SHA256
cd753f049646f8da76a774606584d29c6036ceb10c2c7576e97a2d9ac6c40f1a

SHA512
1a7e3a28d1f962542242e492c4cf99a89b83759047d1ba7d054e4cff00d493d6e8856ab637b7389b5fad3d30f7025bcca43c31fb239d5f68c10e344c811f4d32

Download Submit
/data/data/net.junios.saenggogi/no_backup/db_metrica_net.junios.saenggogi-wal

Filesize
406KB

MD5
ec92c71d987a7ddcee54ed249d0690e5

SHA1
efe122139796751eee896295bec7de9a934fef71

SHA256
08f6ac756d28623b8a111d37ebf938316adebc9984db8d151a76f10661c3a384

SHA512
3eace18ec4fe64e6859addd117700b712be0b9f55ab2e71e03b722ee0f8efe1eb8e1da0cb020685016d738ae8c0d717c49ced1d243f3756a73ba8bb06e241d77

Download Submit
/data/data/net.junios.saenggogi/no_backup/db_metrica_net.junios.saenggogi_20799a27-fa80-4b36-b2db-0f8141f24180

Filesize
4KB

MD5
6a82373b62bd665628e95d1761b3fd25

SHA1
d64ce61bedcce6360b254ef3adb7084710810c35

SHA256
ad2351553103d0ebc29b3ce11a255d5babde76ba85e8195ace38de42ffecb344

SHA512
2b155610fc3e45b6a33a32b17a8f8ed08ab979fdb395ddc6cdce48a6d8d3ecff6c02002774c816c81fd663907d9a0e6928e1a73d2f37e16df1485c821d85fc3f

Download Submit
/data/data/net.junios.saenggogi/no_backup/db_metrica_net.junios.saenggogi_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
512B

MD5
6026e020e1ae09c8475430bff1a00e70

SHA1
4733d012f2f4d0bd539fc5e15b81bc68eb73a9ab

SHA256
9190bb78321f016863918e8b0b3a4f26c2411ffd7ab6ee0207468ae8d542bf65

SHA512
b3dbd5fee9070c4ae73726f2665a2e01e35cde7ee8d13e08afc84472e4594c415029e703af14580173a6119c965e7908f02f2828db61329e763391351211a52b

Download Submit
/data/data/net.junios.saenggogi/no_backup/db_metrica_net.junios.saenggogi_20799a27-fa80-4b36-b2db-0f8141f24180-wal

Filesize
164KB

MD5
2d7371d183a0d0454b2bbfa7172dfd09

SHA1
c18946bf20c824dc130ca674a06e96cf30dbb52a

SHA256
0fbe7744f29dd57bf0ce000de6d45b94cb810cb4227650d17280a0b0f30343cf

SHA512
71a6e8d3309e88159cc59e97827fc3d07862d0daf452398d9369f4906e139df17a660801de0537016ec74963b7bc739b3d73f61cb6691d3a5eb20ed439487b27

Download Submit
/data/data/net.junios.saenggogi/no_backup/metrica_client_data.db

Filesize
20KB

MD5
32cfeb6b387cca09e217a49ec8968476

SHA1
3ac66f8c8f992cc625fd81663c8150dab6059569

SHA256
85e62c94994641e417a3fdfdca66327f6d6e1d23bf188085dd9f9925a06d2a3a

SHA512
ec760c164d18afa2087c976dc4e56aa7d5745a82ef73502a65eb9c929c9811a9dc71ca5db1335b3f10b8e96ce7289b01865185eb1f49682ab4ee7a99fc23182d

Download Submit
/data/data/net.junios.saenggogi/no_backup/metrica_client_data.db

Filesize
20KB

MD5
3cc81fdf2d3fa01053283bd37ef5fe4a

SHA1
046d61b07321cfecd3de210604ada42b00d36e1b

SHA256
a7951334bbb35a035ba5be0b58b7f60c06fe7e01efb41d2d0c78937a4f4f66ba

SHA512
9e5fac24b35dda65c884751466f1965c69bef19fd6ab81a67593e7b383b2475d3bee345f3f222a720e0b28582a44f468d85210ff91e9a2642a1ab6a7c6290264

Download Submit
/data/data/net.junios.saenggogi/no_backup/metrica_client_data.db

Filesize
20KB

MD5
44def4f6e42c3ec63f229d23af8c804a

SHA1
f5956d9295778b539bced03215343fd3cf7a9dd8

SHA256
882faff2a0f007164d5dbda7bd7f803306423b5eb48a88b1bb72bde65b77e50a

SHA512
a14770398044635a8a8fc0d59dc95af3a97ae78146a9ace3795d600a44098a5ff7099aa3d0ac40442f8ff8c5d3b5ceecb4b360bf47f3e8c7c902879e2e76228d

Download Submit
/data/data/net.junios.saenggogi/no_backup/metrica_client_data.db

Filesize
20KB

MD5
43b81d8adb5dc0b28b6e672d6a7135a2

SHA1
a78855e0d17f6ea0d2990f9057a174a6e3690145

SHA256
51c292e4174c7b5e2ccaa65d01efb75cd6c7e3014a2787c63ee4bafbe388edc0

SHA512
086ce59d228737e5a68366b35bb9633b03dc7b85cd1c0ea115375c35710426872aa63552ce6e50ee3c52faa90f8e8f074db06725b811c4d5eae2cf38f90536ab

Download Submit
/data/data/net.junios.saenggogi/no_backup/metrica_client_data.db-journal

Filesize
406KB

MD5
e3c7bb3011e8feab00ba68edb35b0d6a

SHA1
9b43cddc5f9fe628f358f66d60a06cc42b86d597

SHA256
4e74ec02bbb1abeef426e58d49a7b2503857e1dd28f2469d2c5cce746c6b2af5

SHA512
44e081c548aed4e93207559c5cc6d45e2686a48c79a9dd8d30d82314235dff8c0403d5a0d71c22be4adf9a1f3d02c0be39be05b895be3b11124c84f6e2125d2f

Download Submit
/data/data/net.junios.saenggogi/no_backup/metrica_client_data.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/net.junios.saenggogi/no_backup/metrica_client_data.db-wal

Filesize
32KB

MD5
ac8d051985b809b677714073d3eb8f31

SHA1
3023cf9ea9a681356ce05de1286b093128ca19a4

SHA256
23514a74ef3ad4e9905635ccb94c980b8f6a075632fd31647b0651faae468010

SHA512
46451eb44c714d28ce7b01a707738835393a7db18b3dfc0d49b5b149aebde614c5d11a95e6b91ca7fdf32047fb38b325b6187cae09cc4e3a7739835ca72f7152

Download Submit
/data/data/net.junios.saenggogi/no_backup/metrica_client_data.db-wal

Filesize
8KB

MD5
e93b44bf967f6111fdbcf8ac47f7f312

SHA1
a2da89755913b21432c2c7f5d304b100d3971848

SHA256
5837236e37cb7458c54b1f93af98b2471e7a58a15069a0595d4d7b8f0354eded

SHA512
9fb4a3269dda2f727fc37d8da9bc31f0d924ea4b0cad7e94c892b8db42dcc7ddd9176524fbae0dbc270a78b10f53ecd5725574758ee0053429ceea2b823c54bd

Download Submit
/data/data/net.junios.saenggogi/no_backup/metrica_client_data.db-wal

Filesize
32KB

MD5
f6e3ecfc548c4cf0b5f5eeaf9c227292

SHA1
ef083123059810b6a09b1baa1655396db926564e

SHA256
837f9b616856c4531877c6dcd2ccc19bc66944a692d666c33fd24c9660029cf4

SHA512
11bd9a55ded54096d7a8fa6459cb359a80dae77b7bea6ce2f40688b31fae4e0382084bca08a1719edb7738953e324ad9a80453f1c98f5b0e0d32db2af80ad43f

Download Submit
/data/data/net.junios.saenggogi/no_backup/metrica_data.db

Filesize
44KB

MD5
7869c43acd5182fe24b07aebd343b341

SHA1
9265f8b6e1298e6579d49b308c3db7d2d069a3f0

SHA256
9e071dcfdf6001bbfcdcfaaa1743b223b1fb4bd93068ed017f76f9a3cb0ffd7a

SHA512
fda8dbd20c0b72d4b814542463d06ebd36fac6ed9f48135d09f8abe150a879a5c58c2f6b984277c5569523a2fc5d7ed9e57ab7bc1d1974bdc6632049f252a869

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads