ec2cff3406831a6fccf542b74b65663127b0ac70edce03802ef49f7c6d7a0d46

Analysis

max time kernel
179s
max time network
149s
platform
android_x64
resource
android-x64-20240611.1-en
resource tags

androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
submitted
16/06/2024, 05:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b1d985ae5040a65cb24c65e17229b3d4_JaffaCakes118.apk
Size

3.9MB
MD5

b1d985ae5040a65cb24c65e17229b3d4
SHA1

9f4a75d7ae6f41ba2fad195edc4e705259771b5b
SHA256

ec2cff3406831a6fccf542b74b65663127b0ac70edce03802ef49f7c6d7a0d46
SHA512

2d5edf0e541cde4fc9d6fbf7e3c6df3de2e6559a14126745d0ae944e3c99e1d2d3397da440000964a0328f470725e613b240e25a2ce8827f3f1da38eae755798
SSDEEP

98304:Q2czwjp0q09rmUSqeVf4cr3t8DpVm7o0YItqIgQWolpNt5gK4S:QuVCl7neVfZrdupVsoZAqlQWo/5b

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	net.junios.saenggogi:Metrica
/sbin/su	net.junios.saenggogi:Metrica

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	net.junios.saenggogi
Framework service call	android.app.IActivityManager.getRunningAppProcesses	net.junios.saenggogi:Metrica

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	net.junios.saenggogi

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	net.junios.saenggogi
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	net.junios.saenggogi:Metrica

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	net.junios.saenggogi

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	net.junios.saenggogi
Framework service call	android.app.job.IJobScheduler.schedule	net.junios.saenggogi:Metrica

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	net.junios.saenggogi:Metrica
Framework API call	javax.crypto.Cipher.doFinal	net.junios.saenggogi

net.junios.saenggogi
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:5048

net.junios.saenggogi:Metrica
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:5113

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/net.junios.saenggogi/files/ZPkFS.log

Filesize
12KB

MD5
3238bafb32cc0a770d62c6cab418e8bd

SHA1
f8fc4b15ae32933fb562d53f8b889df9a3e5ab4a

SHA256
c9ae9993c6a896ccf4739dd0fe9d6ad231e15fa166a1a754453134fec5c0f821

SHA512
7286cd4a7f4263d006470eab08d3359cb958a0a730a26f6bd5fa91405b101ec9e2e4030ded0830cbbe8544e593e722f18d19c7998f99cd0bc7bdae59e5e99035

Download Submit
/data/data/net.junios.saenggogi/no_backup/credentials.dat

Filesize
234B

MD5
daf4eaafd2ef405d97e0a4d3d004aa35

SHA1
8a09222008c7c288b8794838ca9b88c24a3c715c

SHA256
d796db30fa24783364164505ddcf34a40f6065a2091e689baf0f7c46bcc6662d

SHA512
9f6f1f6eb836a93b1d516db270d386a576bb2c146e557d413240352b0a585e9cc24351577534124235601d4a7876d7dde32cf38febeb478bff8f3e1806ad4772

Download Submit
/data/data/net.junios.saenggogi/no_backup/db_metrica_net.junios.saenggogi

Filesize
36KB

MD5
44d8016e446b50367f1977b542c85158

SHA1
ce2f01ee48934f2e2b513f834882a3f6dad39acc

SHA256
633fd6d34ed926b77f1402ed669cd461e38063fc7db009fbbf5c3e50d090391a

SHA512
2db77769c9125b66b35fcac248f1c1df262abb8f5998768e34759472d0fdf2ac80e594e0d1bc1ebb930efffac2872618ded8868dd7b9714aa41aee360a353166

Download Submit
/data/data/net.junios.saenggogi/no_backup/db_metrica_net.junios.saenggogi-journal

Filesize
20KB

MD5
e38b678019556d3abd24402d3efc7b55

SHA1
62f5578268c8f3c615529f1a5f632d5d89ffe79a

SHA256
d142d3d454e1f2c2b468a562eacd7b48aee8ee875f867c1567f8586adbba893e

SHA512
e753972cd3431505855579667b0a825cedd91112acfdc4d01500c661237b2912f37fd616ccfe49003a87173aeed334ce714e17c25debe68c0b1bd6d8c5be4835

Download Submit
/data/data/net.junios.saenggogi/no_backup/db_metrica_net.junios.saenggogi-journal

Filesize
20KB

MD5
971d618cd31cc5ddc388e3a7602e4079

SHA1
6698842dda893073c2b888eaf0b51b4229bdbe6c

SHA256
65a5ef6356311436f154cd8137225e1410f5a66de0ced293bc6365579e921591

SHA512
1638314dcca0204e45b7796367b3e2226a13e6ea880521778891dc08a2dfe902877e61d19b16a5ace17e185acdc7e9a80960018d0d8c42dba5987d8ab5517ea1

Download Submit
/data/data/net.junios.saenggogi/no_backup/db_metrica_net.junios.saenggogi-journal

Filesize
8KB

MD5
b4207654235e1cb73831a9827cd90a65

SHA1
86395b75398549abd94b8a0d0e672bbee6f61760

SHA256
a6abfa27c4ee15e27e379717e18cba9ad791ac613fc7a78cc5b5de3956989869

SHA512
4c59cdd45d28795618abcb997c8fbb5e0564f9f7600c53d878dea6149f1157445d04de2c237bc64b020ffa18be75501466f70ba0d1967a4fb4948d33601d2492

Download Submit
/data/data/net.junios.saenggogi/no_backup/db_metrica_net.junios.saenggogi-journal

Filesize
12KB

MD5
13bca33b597849fa9703fb291425e78c

SHA1
38995994169a61501caaf96a17ae586906d7935d

SHA256
f1dc888dbc5c8e5620741227a1b0c7ccfe6fbbeb9f65877abf6664ed366ad743

SHA512
1b30540aca48e0b272468b83ef05a7169c8e310d8ca0766606347adf92cc4228b1238ce9459e5a50db12423d852eec5447df90ee0a6d900360e0bc53504a0404

Download Submit
/data/data/net.junios.saenggogi/no_backup/db_metrica_net.junios.saenggogi-journal

Filesize
8KB

MD5
21d984764427538ad252817c0bd8d199

SHA1
b8be8054ec017dde927ff79098ed0ef8a13f3848

SHA256
f938839155d3b84d198c84bf63218da2cd5791dfa29f9b441bf7b856556b0058

SHA512
939da2c86f5a8c3e1b54ecabd5536cbfb80d3291d76bfdd3c663d3d0d626fc021b68a2dce64b1800a455f4e9768210a5284936069bd3367e275d0dfa83366c27

Download Submit
/data/data/net.junios.saenggogi/no_backup/db_metrica_net.junios.saenggogi-journal

Filesize
12KB

MD5
1e8dd8211aa14a84b76236f80872653a

SHA1
d5800c6eccba719c459ecf02f406eb26cb34b576

SHA256
3648c4061ebcd38d8646a318a8bf8e94f8fd252b2e1534535bce03595100783f

SHA512
747f7202be6a1b84e6d5b8b2a0d9f3a53aa9fd7864aeb4fb1ee61e7bce168401b55ee37a55a80c2a14893710c469433e0c0605b507a43f7d0c51f3ac6411d678

Download Submit
/data/data/net.junios.saenggogi/no_backup/db_metrica_net.junios.saenggogi_20799a27-fa80-4b36-b2db-0f8141f24180

Filesize
36KB

MD5
2b105f910a1f4e497576cdeb7686a3cc

SHA1
54ddcb782d50daa87a6a037ef9ea32ed3549a701

SHA256
8f470cc1ff8581b021d35f8e5a115a48501e8d9388133ca72f75de3a2a9458bc

SHA512
e0a4b052c0b93baf59b050ec03da7861450258020a97186ce52cb4cac22cefb5c4c4f37c361542c15d99c46e0bc3199fe209ddef6d2ef0c8ebaa1b4b2b50308e

Download Submit
/data/data/net.junios.saenggogi/no_backup/db_metrica_net.junios.saenggogi_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
512B

MD5
c46f870ff9b79e0a8d694b887adf0f06

SHA1
9e47c2fb8a4c729aa1986c14b54e0f8c41fffd83

SHA256
e61ca96eafcb1ab7c71bebe7f9b0eb3f2d01eeeab4b7da6689fb79ccb0491f36

SHA512
6fc8392d65e0cfaa321d4e2f087f140a88e72c0589e97c75166e29422d40857f4f4105769edd626cc2dc1c25269ca9a99a609e8a8390cff46e0467775713ee8a

Download Submit
/data/data/net.junios.saenggogi/no_backup/db_metrica_net.junios.saenggogi_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
8KB

MD5
15e86702b664d368a3424494293e4e76

SHA1
0f86322c9835541e6c863b23c34fd22e5f65531f

SHA256
7dc356d03c5c59eb512f1c8f31f39badcfad86c400ce3f0b44295e77396072af

SHA512
f66a30e3d40e57bcdf459589a3b8854b0ca794198406ea10df39b528332855971695065695edfbab05b19b2b881baa961c9316b65bc83fb5789111833322cd00

Download Submit
/data/data/net.junios.saenggogi/no_backup/db_metrica_net.junios.saenggogi_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
8KB

MD5
87356fcbbff9e88d9fdfbc055b92e58e

SHA1
395eec2413f48e490cacb9c2cc5a6fcb19754c2d

SHA256
33d2898aaa7b39ec8fb211ec29cca1bc3b577fddde30ab68f8384d31350d7624

SHA512
e367c8d2ff76a8b3fa788a2bb2c1f163233f75999d80b53ab996b1ddf05e7c8bbc6de909c849ca516ef29fd96a26b923b7b13d5a3884e378bd6495378f4129d4

Download Submit
/data/data/net.junios.saenggogi/no_backup/db_metrica_net.junios.saenggogi_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
0beee4cee201303f1191b0c113b4d2b8

SHA1
8a11785e5a8e16015fa1edced6cfcb0e5910f69f

SHA256
96b8b3a3a8f972039b518b37c6b07bc662b68e87475a9e58acd1f53e5166bfda

SHA512
62a9d499462ea161d18dc0e952decd63ae52b5b99d8b0dad18e4fc4b7045d214da8620af7e8922439000beb058758baeafb090c99ffbb9e69fb914b49f8b47a7

Download Submit
/data/data/net.junios.saenggogi/no_backup/db_metrica_net.junios.saenggogi_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
aed177b0d27ec056881b7c865a5286cc

SHA1
f9e585fe270ff979d9d20574144e9b57f575bd33

SHA256
df157ad52f357e13b45b4e2b81c344620b7e1b0ed6610a9adaaab8512f784fab

SHA512
dee88cd2e4548d145134e3b1bc17512ebc17abb7266a28aa879623e08b807509e6006b41acaeaba56f0089eca00c6236c7158c32d349900121578182377458c1

Download Submit
/data/data/net.junios.saenggogi/no_backup/db_metrica_net.junios.saenggogi_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
33ccece95380650ccf20d7efcff3366d

SHA1
05e85f8f6405b17d068b243424622146546219af

SHA256
a99455160536eb53fb8148be0c147355dbd11f097bdbdf60f5b8c974252f2db7

SHA512
7733adf3fcd1246808fd989ff3b80d894e0a36711916dfcab3feaaea8603fa816be88926120a9c81fca2dd5a6bfd94368f52424bd63d20904c4e83e0467d0a75

Download Submit
/data/data/net.junios.saenggogi/no_backup/metrica_client_data.db

Filesize
20KB

MD5
54a8b0ebc106a8d7558900d4c6682da3

SHA1
7101c38b30e8328d6ef209af1c7547214e701e83

SHA256
51fb9fedd1f39771bea3cf843fe5aebc2b17d20771acd15e569c4c14e1543c03

SHA512
2b63dd8df84013711a7c55192159701234b9080efd303f8ab7ea0b3cf2248b4b835d5d0c59b6506c4bfa35a1de12d14203debb187161e8c3b83922427a63fc95

Download Submit
/data/data/net.junios.saenggogi/no_backup/metrica_client_data.db

Filesize
20KB

MD5
484df068dc370197c0e37af4f433f772

SHA1
5d071329bf5182e60b2d268adca542901d492001

SHA256
3ebaaa9fc7a9245b413f62f91d9e689d468456dd4b6ce2408bcd2003cbdbfbd0

SHA512
587e7b68f2c167d39dd50744f2892a461a67cb073e8cf9f6eb2ab752e07841440dbe212af32958248d15af5d4001e7fa12f86cad62578ef31999355a86c3b0b5

Download Submit
/data/data/net.junios.saenggogi/no_backup/metrica_client_data.db

Filesize
20KB

MD5
ea9c2dc01d788f2ed7ad6a455e32335a

SHA1
3da6ee06226734e9a402c3ef2b542af3b509b6af

SHA256
ddcb0e1970efc2dcb42a4dd328ef8c10f3512b39a47277d5b075fd3b92dfc3a7

SHA512
5b834f25f6f8afea98eec78cf8e148671ceca48aee8019e09308389c1f336e47e55666fedf66e09c97e827c375ade0fad635b98686ebd2f72240108670d25e76

Download Submit
/data/data/net.junios.saenggogi/no_backup/metrica_client_data.db-journal

Filesize
8KB

MD5
40a33782424424073a1d409341746798

SHA1
b5f83dcf836c1783a8122093510eb51743ba92bc

SHA256
f867163e174b2981e246df1e7360975d325f76b68f9600521ffc495a70a83c9c

SHA512
f989a9eb961c4b7d0fc01e69915a6287ba2270bbdd63fdd119a3f793ea4a838d9afd126e5cf3eb1b2287a72955681c03d2f2b64e917e6f1ac430ce79f12e73ae

Download Submit
/data/data/net.junios.saenggogi/no_backup/metrica_client_data.db-journal

Filesize
8KB

MD5
05716d56bde6a7fd22ecc789b7a02d8c

SHA1
8356e2e710c12c5e9aa3a9e91f51554b53f4353c

SHA256
ab14509b3882dc2a672c952263ab021693fc94fdcc9d5f5d9c6a825279b58a8c

SHA512
8883ba8152724e64cc99af0c4aaf3bedeea74f99a3abfaa971cad665334b6e6cc9d87f7ec75d2055a76f784bcd71ca15735e0a21af7f08d25833dc68d0cf0b60

Download Submit
/data/data/net.junios.saenggogi/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
ef59d9226f5f345512dcaf5d6d5bf265

SHA1
4fd81445b38dc126231061f97b1342c394a0c48a

SHA256
1e95405e03e3c2c837e0f8eba2be12a7c4419d59ace97a414e3941799c265283

SHA512
aca1a6f7d784f9a23f3ed9dbfb402d11b93c8713a7f7feb8859293febe638690e37a3ff1b8ea3b1f5ad733b047d9bf43202fab7effe42df68d81fa4fe8b32ed8

Download Submit
/data/data/net.junios.saenggogi/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
165e555ed4bb39583debd4658eabcbdb

SHA1
d9185989397356a43ab13bd581d5725734f46cb6

SHA256
80c4a17644b5e36a0665b4a5191ed11426d550d29fe29cf68da1f586e4eff677

SHA512
df057270ebc0489889f9940432c7c7db35b966aeb0159ba9fbed2ae90224520c9f0d34c4d1131d8ff995a3088fa333a4ec9a4a5ebb2838901ebf1147f45cd1a8

Download Submit
/data/data/net.junios.saenggogi/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
4fc98bfeaba1a44ca6fe22d638cf4994

SHA1
2faca4f033cf4bf7e76d8b1ac82cf8290100a3bd

SHA256
8d324323a6d88c13b35ff8333b0b54352ea21128d072fa6836170490b8c49700

SHA512
0039d821554abf4f0310fab4fc6992b166d7f380ceec5c03a1b6ec552202794c752371a0048f56eb16d948d4e5a27efa416a3eb9bfb2c4aa62ab316c64f8a90d

Download Submit
/data/data/net.junios.saenggogi/no_backup/metrica_data.db

Filesize
44KB

MD5
44069de4a75338243366a2dc28a6410c

SHA1
65f10df4f5ca1399e6a880cd471957751a1e3142

SHA256
ce8bef512381df725580bacb86230047356119a66adc3afa10b4d16dbda18749

SHA512
8a0558a86a78cfe71c437cb3a2889c9e57b84479d6544b71b8f2768120d529ff39c68d2cfec1a25646dc7fe485839d6247d9980b9933376026aa255e77e1a325

Download Submit
/data/data/net.junios.saenggogi/no_backup/metrica_data.db-journal

Filesize
12KB

MD5
cc7d9eede00c56ac32ded88e6be197b0

SHA1
cd7eee540f608c0ce36d6bd494cb86c40850711f

SHA256
3e9dedcff38aa103ed497e196fe1e298a465cb1ec884c5f744678021e77fea37

SHA512
0c4deb7509fda79e851b8b019fb224b2ed8fe8ed1e40def7a9d84ad94f1043cc8d67072d8a44fc7e2594e367b9937d69d2bfd93645949e9e0e84ed3be2596d25

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads