Analysis
-
max time kernel
179s -
max time network
140s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
16-06-2024 20:50
Static task
static1
Behavioral task
behavioral1
Sample
b5238516dafa2c9547216184a2ea50ae_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
b5238516dafa2c9547216184a2ea50ae_JaffaCakes118.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral3
Sample
b5238516dafa2c9547216184a2ea50ae_JaffaCakes118.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
b5238516dafa2c9547216184a2ea50ae_JaffaCakes118.apk
-
Size
4.3MB
-
MD5
b5238516dafa2c9547216184a2ea50ae
-
SHA1
3d2b31a870d565d498e0358be1afc0c0d1094a43
-
SHA256
ee35f832a4df294a1aedd08360f110312bd63ff013d9ed541f7ecfdc05802b65
-
SHA512
8f011cc598b38560aa92715afec2f21235a14ea1e7e381f6c9b2e14d089ed96e05e1802c5e24078fa6c17279fe2f5d1e485a948fa8d7e9e8fc0040d3a78b4ce0
-
SSDEEP
98304:Qq+g8MRjrWqr7jxZ2ocoY7SWqeosSjyUbWYJ/B0auvIUl6qeZaagTxsm:JEMBJzxjc32WHoDjyK5L7uAUMq8aaeD
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
ioc Process /system/app/Superuser.apk ru.dvfx.vilfoods:Metrica /sbin/su ru.dvfx.vilfoods:Metrica -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses ru.dvfx.vilfoods Framework service call android.app.IActivityManager.getRunningAppProcesses ru.dvfx.vilfoods:Metrica -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo ru.dvfx.vilfoods -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo ru.dvfx.vilfoods:Metrica Framework service call android.net.wifi.IWifiManager.getConnectionInfo ru.dvfx.vilfoods -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver ru.dvfx.vilfoods -
Schedules tasks to execute at a specified time 1 TTPs 2 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule ru.dvfx.vilfoods Framework service call android.app.job.IJobScheduler.schedule ru.dvfx.vilfoods:Metrica -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal ru.dvfx.vilfoods:Metrica Framework API call javax.crypto.Cipher.doFinal ru.dvfx.vilfoods
Processes
-
ru.dvfx.vilfoods1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4293
-
ru.dvfx.vilfoods:Metrica1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4342
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
20KB
MD58505581679df59a804a6d67db47c2e31
SHA15165ec210f0feddedb4cefea81b62360c1debbc6
SHA25678b1711930509a61fd0031334704c8dec4b8557409b0fce854d05ca8b330e07e
SHA5127217319637dcb4e159b17a03f5b6d8202cecb60e9c240d10200ea0b1a1489825b16c8c22010e13f7e3e0080ea9c49ad9ddc47d7d79fbbf50b24c8608d5409f48
-
Filesize
32KB
MD5060477c6088e9cacca7000ad99e0520f
SHA10df075b686b170664b7337839746e6fc68904f3c
SHA256dd896644778233463796ad9e803b5bf2e90cea65f7c001ae46eb9b9d0ab5403a
SHA5121444272fe3024c6a613e55f9e989262f775a246df8c1560ac101f2223f7ea9dc3ae2b5f452555195bbbe3ec92a1e7f13d4c295e5e1ac17bb676129dcd6d95153
-
Filesize
234B
MD5de071ea7144febe59a3578adec3f2f0b
SHA1be26b1a41d5e196a084f488a43d536cc399c21a0
SHA256788230c35f1175b37732da9d516641775d31651082d405d8b6c5fbcbe0a81d98
SHA512ee23cb82304224ca444030ba2f26f0a07c305bcf320ad199a47688d8587dc0d4beb3fa650c032497457e9f2c383a0a4a70beed678babcac79be544b75b6b5c55
-
Filesize
435B
MD57e0971fbb5c7efc0ad8badfb7a21a722
SHA1a74e782f2401d6c43aebabe3768c79e575b40cf4
SHA256039d68649dc3e043a8cf9b883571566b6787f6c182d6c251c2bcc74c28b684e7
SHA5129def5607bb8e501fd748bed8419f40b5a8e51f0e1d3ced6e7df7e7fec4e56610c6d2967d8ce7101448ab5c84e20ca92fd5e3881b4828f50428c08b15d45e6173
-
Filesize
32KB
MD529bcbcd4568db392c833ff032132cd20
SHA15681f9f51f987e2761ec98b62bd37645e3c4c22c
SHA256f1f6bbdabcb2460c3e3ab57f0f038c66c52651f9ef6e106c5fdcefe11f13a6d8
SHA512711d59ed44b1986acce00560a96d044a7175aef04c0586f36ebad4ad8f92297953c2f8eb13ea92d5c2f7ed016621253ec2c5aadb5e44c76d83318f32d1c32f00
-
Filesize
406KB
MD5e1d462246b308177e6a22638888eec24
SHA116f3b0c370cf3f5f8a5cd80924518fe623110ed5
SHA256940f0bb433d40901acffa6aa2f23beced780fd23ec5429e091d42293a6c48a99
SHA512f7adeeb9f4b8ec5b9227d5d525a199aa137cfc7fe64feef50a19f898bf7bb48f74f1feb39857e3ba3eb14915d92110f507661c35e1e44e224108d8e80c43bbdf
-
/data/data/ru.dvfx.vilfoods/no_backup/db_metrica_ru.dvfx.vilfoods_20799a27-fa80-4b36-b2db-0f8141f24180
Filesize8KB
MD5e63510aa0ed2d40cb115295ef1094ea5
SHA15e29e9daca644dbc23a63c87b09e672d695822d4
SHA25667eb5b106e316313bec2317824a248a962028e33b16b84963613b7ab0c0b3043
SHA51279073a870395907e4f8a4bd05d4a483a39b04cfd559310abe8c3316a011e3b9784d6cf68799eec8e2e23007f22b5bd44bf451c192866fd4e342fd369afefd690
-
/data/data/ru.dvfx.vilfoods/no_backup/db_metrica_ru.dvfx.vilfoods_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize20KB
MD59b72a70011dd06127b1b3b92e9ca933e
SHA1b6adb9987242c8d3bd07afb0cf1f5e9405c8cec8
SHA2563fd8043ea33e8db17514a5c5e017593a1fb82540956cf75c1b7140355c2aa4de
SHA5125123759e9b8eb9ca45c56b179b635f667865a68551286c49a854910a267ec4c54c529552ef64a4d7e43ef784300cfaa1c01cbc64648a706e2fa83324139d261a
-
/data/data/ru.dvfx.vilfoods/no_backup/db_metrica_ru.dvfx.vilfoods_20799a27-fa80-4b36-b2db-0f8141f24180-shm
Filesize32KB
MD50c8134ad90630ec35d5ca28710d86fc3
SHA119778abdef2acc730e548dbdbc64ebcc29a99437
SHA25627ec17cc1f0f364982e3a528c2029ed9c104ec8f7221aaabaa397774362cd2a8
SHA5127ab85cdb89b89fc6c7cde0a4f0a053e02b35c6c7a788d9d9bb1a590cdadc6c172b9a3fae9929460279e3cb9aa307d796c1b10d0abf5e038226b4afafd45d4c14
-
/data/data/ru.dvfx.vilfoods/no_backup/db_metrica_ru.dvfx.vilfoods_20799a27-fa80-4b36-b2db-0f8141f24180-wal
Filesize164KB
MD5483be161f2bae4c32687676383cb67ea
SHA106d7b105b7d4978264ffd97e34c739639ade2240
SHA2563f073c3cb2034fa5f27cb6c65ccfc47b7acbfc1e6ed8fb6af53805c55e8ae432
SHA512408bc977c261ec044625b47878d88001f91fd8922c6088f511fea276b988e0869cd9dfd876ab366866403e7367457854b9293e59017d67c0816d2a62ad710e52
-
Filesize
20KB
MD5413134f4672ee805d3294d5b8f068141
SHA1d7ead140fb59d7d43f6a410c132c20ff9b63c75d
SHA256ea0792be76282b43c8422d8ec25cf10d0c2a990dec1ba5f8b1691237a91bab45
SHA5122e4e2512dc55f494268a13147634c426e881036f1a6093e4d7eb399ece41a55523ecc45821e8cf8ae6a8faaa996e764c8c66d2e448c251f4e1ffcf14bda8b6bf
-
Filesize
406KB
MD5dc7b46977e3b2669c18854a2d7bfbfa8
SHA171c72905289ed3301b3615ed6249ad1ea467f45b
SHA2564ea00aba9cf56fde6ad018ed12802171483f91e099f7b8235c761dd215b5ed1d
SHA512f8baf6f041a3350355556d36c6f081eb0f287d8a69b10bcd59068c7b1884935e8ff319643fb5078eed0f0d8009119471063210ccbbf4a00a7eb36d8fc1e57434
-
Filesize
20KB
MD5141aa328784d3e7b287dc5281c5be519
SHA19e450006570e2c2b573c0704256ec7fa8ba1764f
SHA256d0e8bcd0e44c9edeb41df9169e58dcb2100b4c364d8bb0d562e4dcdb88e9c4c6
SHA512b307f5ab57bae9d9c2a99faea811685e80dae5d5eb0a5c955ed0e30d265f04e9849646c6119b597923bf8b37157180c4ba21d6e9c00691449b4dee542d5a277d
-
Filesize
32KB
MD5c682dccce48c291fb80439384fd321aa
SHA1ae76eb9f562c282a07713753860ec8cead1fb833
SHA256bf06dc04e40eba07d69dc4e8d2fb2af6a8a2a66d6636cdae7619f6601e1b8b8d
SHA512b4babad56389f453ddeaf52af2dc42c187e36292b4cafa6684ec89b759fc30608bebdecf3ef8243537f0c7d965a531e211ea976ecb48e68876f15a65724801db
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
36KB
MD5990f26bb7d5adb3eae67e2725668ae6d
SHA1f776a8a2ed4539d25b71c8bebeef1fb153e8d9d3
SHA2565678f2c16cf9b0ba1408dd24a7c8db261da703841b72ea51ebdefa8f602f69cb
SHA512ef5faba77ddc8c91723e4a1fcffbb71917d7b456ff286906d173e62cee1ddb6dfd9bb6f2ae4c3b972710d967d0cebc904a47edb473e2e4b0facfaa52334db326
-
Filesize
32KB
MD5d041e1188739e9be4589f0892968e404
SHA1a24c42ec5bbc67eacfba7c722251a58ccfbaca59
SHA256187c432aff516222307bf350c54dd566aa7a4931760b5c30d1c036c3b8281fc6
SHA5127acdd66a3b7b2d63aded946f1b49ee5604c4df2b2a4256e7f6ff1ef525dfc2662fd2487438157369db44eae14d8bcc5f8bed83629bf73b05c85a5ae934392877
-
Filesize
8KB
MD520f461bf62f867b88e5745b3f518f575
SHA19b9c88d9c865cf54dc73e6d2ff2bb2019ce8eaa5
SHA256b1b485b932a22a12a91d1af74c4357c484d3d1d46ce8ab409a7f787cef408f55
SHA5126883061f5e960001bf8740e746e0131e5131624b3aad78a8d9649ab292f302653ccde246934e1cbdc478d03d8192afaf4f6d665bfd6b5d4d4a187e19e754a698
-
Filesize
44KB
MD58a81e2c05c4ef397e68c54ba09a267fd
SHA1232fcaef13a21963a55876a24d55002f56c6d914
SHA2568ba63284bfef4f00d23baf9f353537ce3e88137c690e4dab97049cd20a18a7f3
SHA5128636c7d343e46ab73f10c3e51bc1419b298550b6d4f0a2fa8704fe02f5dff5993e9b70e00941d7c2dac65be63beba017ebd084597264db07cfeed702e48f6814
-
Filesize
512B
MD5e3979fe35b34b8cc9aecea59e9c8572d
SHA16b7b9fd591821da764cc9d1345871b2040801928
SHA2567dd14406337d1a777a8e573b628030805f479943369c5bc4883312bab89d0267
SHA5129f7f05ab9d4eeaadf291958b00811453308670484720b081673b1474fac7254094ecab47c3a2daf05b9b2690d6f44a4f8990c8bddff6df7339e9a16ac9ec9665