Analysis

  • max time kernel
    178s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    16-06-2024 20:11

General

  • Target

    b4fb9223210ae001b3545e26f3e4bd1c_JaffaCakes118.apk

  • Size

    3.4MB

  • MD5

    b4fb9223210ae001b3545e26f3e4bd1c

  • SHA1

    33744e86f0b8cb840e2aeb951da8ee405f59fa73

  • SHA256

    dea9c0605a541e8fa3a941e1d1f1073abe2c59eb41a7495ac151c388d356d347

  • SHA512

    fcd53e223db0e5969431bd70a09494afa2453b71264ab8423db8b0480a4e0999a2893143d9f7914c567ad9738518878de47072b2e90df20115001270b057f992

  • SSDEEP

    98304:cxKjn3SfcfeQ2RuXnF5yL3fLbA8+kZHHX0:cxVx0zyfLbjZX0

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 2 IoCs
  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
  • Reads information about phone network operator. 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

Processes

  • com.foodtinda.deliveryapp
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4305
  • com.foodtinda.deliveryapp:Metrica
    1⤵
    • Checks if the Android device is rooted.
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4348

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.foodtinda.deliveryapp/no_backup/credentials.dat

    Filesize

    234B

    MD5

    1ad560330eb34e829028a300ceacb282

    SHA1

    e40acaf4609e89a338dd6b8024cab3ce120bc2f0

    SHA256

    5da7891ebbc2c5021e3b144b77c74b05b2db8cd22f0fbedbc6496c3738f26a3b

    SHA512

    d3367f07c557cd094dd94d227153db4e9ae1b4012df829c9c6c9f8dfae08a0c8f2d336ae7b686af69b73bd886134a216d9a2a4be39b8d9319f39bb4295952f50

  • /data/data/com.foodtinda.deliveryapp/no_backup/db_metrica_com.foodtinda.deliveryapp

    Filesize

    36KB

    MD5

    67a5515410d5f2e1936749d9f078fdf2

    SHA1

    f3f30878775904db74549e0f396385ec1d6e6f66

    SHA256

    3a96962f1e6517e6236dfb92fd4c6f90f99f64022214a4028c959b27d02ab0a2

    SHA512

    be3c347b5f0cdb8bec98d937648a66f96a8f4132c84cf5a6a7995f1f44c59e4b7d783c42ad7fe7db7106f071cac857f0c03517af877479094b0898f6e1b8b516

  • /data/data/com.foodtinda.deliveryapp/no_backup/db_metrica_com.foodtinda.deliveryapp-journal

    Filesize

    8KB

    MD5

    ac0ad7f6646b043312b11f8c339fdd3b

    SHA1

    650a7d3e99679790de26a7af0f565129889361b6

    SHA256

    68a540da3119fff29b1930b119d157a4a443a77087cfada21ddcd8cc4499aabf

    SHA512

    24690e03184fabb34b878e3dbce76c5b849526392d889fa1b2a99d979b4298beeddc124dd2cec33d9492e945771cabd1cf9368d45b61633023020abd67ca5342

  • /data/data/com.foodtinda.deliveryapp/no_backup/db_metrica_com.foodtinda.deliveryapp-shm

    Filesize

    32KB

    MD5

    bfeb3b86e7fe7d9ad07eaefc8706cc19

    SHA1

    1bf12f35e42d012146c79db4d1366abbf385b1d6

    SHA256

    e22f083b212167dd22e6116d58316d66579127c80e405b15a7e5cde3b3227f86

    SHA512

    da1f96c84e48b89044a13006437a4b961559efc165d3bb10046c648e8d04fd9a29665453df9a2ca945d74f801f2d3c44a313721f6268115eff3b77103c15d767

  • /data/data/com.foodtinda.deliveryapp/no_backup/db_metrica_com.foodtinda.deliveryapp-wal

    Filesize

    406KB

    MD5

    bcbac58531d06d1de2799f165d39185c

    SHA1

    a9e594cd45a6e8313097f3735684fc88f64246e4

    SHA256

    9c17702279867de32d5fb8f226aad6d3453cc8e2b927b7ee4b7f0375af29a634

    SHA512

    75a1ad557d320adc6c6791e7edb967d474ab3638ddcfc739f276e28c99bdbb4ae41b47b2b5cf485cbbc9ee9eec66580f0e2ae90cdd7fec87b4cbb769a654ef28

  • /data/data/com.foodtinda.deliveryapp/no_backup/db_metrica_com.foodtinda.deliveryapp_20799a27-fa80-4b36-b2db-0f8141f24180

    Filesize

    4KB

    MD5

    4d4f25215a10216eb44952ae4d42dd6a

    SHA1

    ed9dd96e1ce900fce442bcd668f18a7f638b75cc

    SHA256

    cba07a01460c3ff7b9e5e8bdc454d529dea416d3ff638cc06716bbec4d317dec

    SHA512

    905d0dc25f208d811ad9851225b3ece6e55a34ddd64e916d556d5f89c786ce6584195b2ef016fb499e5cc2351404f81b5bbcf99068a5635401f76cae1753c27e

  • /data/data/com.foodtinda.deliveryapp/no_backup/db_metrica_com.foodtinda.deliveryapp_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    512B

    MD5

    9eda193c778432f9cf42ba16ee2aaa89

    SHA1

    5b6b36c82134078a074d60c1c7f759c9a3109faa

    SHA256

    9aeb84f4c6d8cca88ea41453de1de6a46505f8bf5a2e2af4f3cae831c2454201

    SHA512

    a85d69768b1d3e11c8e8ab0c05243a1209a945133634a4d967cbee955c36326c2ce2e9dfef1d74583032cdd313240553be0adab19e2ec135ac89d001d5209596

  • /data/data/com.foodtinda.deliveryapp/no_backup/db_metrica_com.foodtinda.deliveryapp_20799a27-fa80-4b36-b2db-0f8141f24180-wal

    Filesize

    148KB

    MD5

    dcc365c4ece873dbd1bc2d30ffd8cd79

    SHA1

    257124081ab2c6bcb8048079298a5ec3d2dbed1f

    SHA256

    126ef0c36458febf1739afe88ef103d6527ca26d3421eadd49809c1b343555b1

    SHA512

    072cd68429e4b1862e9cfc0d4e3027f41c9d717bc2a2ce0e7180436a12f59d2d19fa9d6bb42a815359d4b2ada13a5ced6c8ee8c85e76dbe5ac36a757f64034f5

  • /data/data/com.foodtinda.deliveryapp/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    bfc36f3c0e30726091712b82544f5ca9

    SHA1

    6c1b31513703e25d4f91368326130bcb9075232d

    SHA256

    2515fef38ae51536b144a3b407c1789064495baa93bce393b49084ae7a712bb7

    SHA512

    4003ce07b89f2a1724908fee65ce9306e89ef5adfe6197781bc636bcd79a8981e7926a5235b29bcb96311137a93b93bad9e5fd7577646ca78f58ae9038d6d387

  • /data/data/com.foodtinda.deliveryapp/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    1c32a7aab0f08fff8eeb0a9fa2ebc4f5

    SHA1

    056376a68381917f04633fdb63befaca706bd545

    SHA256

    7894aaaddbde772c1e4aae285475f5eef5fba4a593fde7c877a761ed56810422

    SHA512

    8a5170be1831b9e02a4e407d1b653eb29c5a1c6a9192153d6723553d5a2ed68adad943be48300094ad24d2c05e0398236762f8b38aed2bdb05a7173ff2b7d48d

  • /data/data/com.foodtinda.deliveryapp/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    44def4f6e42c3ec63f229d23af8c804a

    SHA1

    f5956d9295778b539bced03215343fd3cf7a9dd8

    SHA256

    882faff2a0f007164d5dbda7bd7f803306423b5eb48a88b1bb72bde65b77e50a

    SHA512

    a14770398044635a8a8fc0d59dc95af3a97ae78146a9ace3795d600a44098a5ff7099aa3d0ac40442f8ff8c5d3b5ceecb4b360bf47f3e8c7c902879e2e76228d

  • /data/data/com.foodtinda.deliveryapp/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    da23eacab5f45778e83cb28f428a869b

    SHA1

    d0f0f64904c5173470bc46e0ca0dac5fd14ea3ac

    SHA256

    c1942d22afddb3eb722c2a8b085adb37b8a2e7892a928914873cf1f44ce0a139

    SHA512

    3fdf780579b5ef026dd813fab4576fe0765d8907eb1123b91a61cc1ecbe1e91f77c2b1e5ae0bad3e0a0a0e67a6fbfbc497fc009c07df0c079bbe6421ef23013f

  • /data/data/com.foodtinda.deliveryapp/no_backup/metrica_client_data.db-journal

    Filesize

    406KB

    MD5

    f5d4199d40547c5650b7f9afebca52b4

    SHA1

    7e75f577a9d1e4e88e04cfcea916fa126c427d23

    SHA256

    e74d375f400dd0de00ec18f14c0c7bfdb3f5b087260cc8339156c0413de1e737

    SHA512

    12fd0a436ec2d6ad9c33d3f96f989e1c04d1efc7726e202b55cee2c2b7d985a02c975f003b0a09b01b9232229856fa04a0b54b39c86c238ee5eb3e4f8aba999d

  • /data/data/com.foodtinda.deliveryapp/no_backup/metrica_client_data.db-shm

    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.foodtinda.deliveryapp/no_backup/metrica_client_data.db-wal

    Filesize

    32KB

    MD5

    2b1c562667ac9ec24cd720cf11c823b1

    SHA1

    17cb25c7b13ec3baa86a11e054c2a1075eec9a81

    SHA256

    b2944077294f5a950782e87e0b68d82d44c38488bafa829eed3ba960b9b68280

    SHA512

    5c79bb769215997e1e23f8cd37bde977f40678c65f4fb605c21b98f5c26758fa6a155a381629e13b4b2b8aa0507aab133c1034da797b5310abec1177f4152cfb

  • /data/data/com.foodtinda.deliveryapp/no_backup/metrica_client_data.db-wal

    Filesize

    8KB

    MD5

    4006f7bd31b90d184c505f6cc3c72849

    SHA1

    be37da197a46744bf5bc6e4e3334edb323b01ef5

    SHA256

    1d2a7f3c733042ab2dce38d2616334974344736ecfe1a28e64768cc280ea8145

    SHA512

    56379f4324f6585b5ffa10b8f5670df251b4c609a47621b90be7d765580da587c1115571cb7f7a2898f484f2a2ddb31c4b68ccbe3c961cfa1740440ab4a05424

  • /data/data/com.foodtinda.deliveryapp/no_backup/metrica_client_data.db-wal

    Filesize

    32KB

    MD5

    2bbf900cf01aa44cbaa83827288837bb

    SHA1

    8cd7a9d2ec458ffc17b591c3def9641d1eb972a3

    SHA256

    e5cea3d0d15053d37f5163f60c3303302680473dcee8939803653da8a83ccf94

    SHA512

    ab7eb5fad73ff12ad69c8d2ef361ccd4b3079f0091ee28643edffc588e968905155cd2276bdd21c02d1db0fc6b38e9ac66e47f4bdb2638ec2860dbe27d833bf2

  • /data/data/com.foodtinda.deliveryapp/no_backup/metrica_data.db

    Filesize

    44KB

    MD5

    a8de28c32695b7c94ac0a470a26186d3

    SHA1

    54156b5f278360a73545b916f23366a6f6e5e9ca

    SHA256

    6dfa3e6667901f28057423bd0e79e78d39c750fe744c5bb09fb63d740734704d

    SHA512

    389abe3c0b29db52e6b5f38c12349ce8ab07ce0d85f6dfa311cb59362f01909871f4420f744c739dc79e44661a59d4b89b76ffa8cc988db1e5308d8efe8c71a8