Analysis

  • max time kernel
    179s
  • max time network
    149s
  • platform
    android_x64
  • resource
    android-x64-20240611.1-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
  • submitted
    16-06-2024 20:50

General

  • Target

    b5238516dafa2c9547216184a2ea50ae_JaffaCakes118.apk

  • Size

    4.3MB

  • MD5

    b5238516dafa2c9547216184a2ea50ae

  • SHA1

    3d2b31a870d565d498e0358be1afc0c0d1094a43

  • SHA256

    ee35f832a4df294a1aedd08360f110312bd63ff013d9ed541f7ecfdc05802b65

  • SHA512

    8f011cc598b38560aa92715afec2f21235a14ea1e7e381f6c9b2e14d089ed96e05e1802c5e24078fa6c17279fe2f5d1e485a948fa8d7e9e8fc0040d3a78b4ce0

  • SSDEEP

    98304:Qq+g8MRjrWqr7jxZ2ocoY7SWqeosSjyUbWYJ/B0auvIUl6qeZaagTxsm:JEMBJzxjc32WHoDjyK5L7uAUMq8aaeD

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 2 IoCs
  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
  • Reads information about phone network operator. 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

Processes

  • ru.dvfx.vilfoods
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:5153
  • ru.dvfx.vilfoods:Metrica
    1⤵
    • Checks if the Android device is rooted.
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:5260

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/ru.dvfx.vilfoods/files/ZPkFS.log

    Filesize

    12KB

    MD5

    170eb151a5c7cda91d7a643ae20d55cc

    SHA1

    324dd1502ddbb08aef3327582fcd70941b77704c

    SHA256

    033c3df8deed1c92bddbf3e97c42915f0ad3057e7852a25e822d8225e210857c

    SHA512

    89e2a5823006b81b16ad58be8006b6a336afeec2c765cacf98c77d35f1afadc15c73f1d8b6f565740acf66c5984e66e3b7ff4c04f6ee2d19ae07b47212258f0e

  • /data/data/ru.dvfx.vilfoods/files/ZPkFS.log

    Filesize

    36KB

    MD5

    f9c75a0f1ec6da7a34ca24e85cf4acba

    SHA1

    f091dd7e08883391fe67bf03b67cc4bc4573de6f

    SHA256

    4fe1fcb15f43874876dbe213d213b9ac97b06525f7cd99288a08add2a418b86b

    SHA512

    8bbac74be4d50264dc4cb725fb0572176223432b1014ddb766f956c9e853564ca490f9c5f0911c0628b9eff79b7ab6d209b0fe2e96d4a9f7cc0d0b9cc7a3710e

  • /data/data/ru.dvfx.vilfoods/files/ZPkFS.log

    Filesize

    512B

    MD5

    814863a94ca47fffa9f020aefdddfa97

    SHA1

    f49617414210459a055217197d0afaf392054f6c

    SHA256

    1cade3f6e9b5e74884dcf4b49f517b47fb02060f73e8e442f8bd5e8587e7b586

    SHA512

    76049af7bb2863c6db8f41f6d813082be5360f3f223f226514d71223830cc9abce008c6d1c0ee64c6d52c01f65b59ae1135a3bf465a6155f925a1d58475c6e8a

  • /data/data/ru.dvfx.vilfoods/no_backup/credentials.dat

    Filesize

    234B

    MD5

    238370dcb5435d24335f5e93d2603290

    SHA1

    ca9b437e1faf44d332ab967bfc2037580416be03

    SHA256

    a6982213418d531ad6f12bc0a943370e5539c5624f217504501936976c184aad

    SHA512

    4a9f715a68713567cd55f044abad0d5c0993faf4d567293be57b9623d27e92244894a80404525189707cc42ecf5571244ccb59c5f81dace8cd4cdd0a3f923afd

  • /data/data/ru.dvfx.vilfoods/no_backup/db_metrica_ru.dvfx.vilfoods-journal

    Filesize

    12KB

    MD5

    dfad7adf264b4558f575f23e00e0f916

    SHA1

    a4ba91e7fc13f307e8ab4e377dfce9843f802276

    SHA256

    0e51c34c68150e7cd56c1dff37c028453c849eec6397cb4945a829e85a747492

    SHA512

    6c2a0fc8c26630f305806e038b94460759c4055c096fd6a2267aa9b21e5ee7db03221f088febf1ac561dc182cc44d15c30d2694c37d21ea5c0a4c793eb3d0256

  • /data/data/ru.dvfx.vilfoods/no_backup/db_metrica_ru.dvfx.vilfoods-journal

    Filesize

    20KB

    MD5

    545267920d3b897be2f66c29dc1b673b

    SHA1

    6995ed5e807794ec6899425cc4fca96d6632fc60

    SHA256

    5350cd60158acd4def15efa303f1c94518478fbdfb4d44940cd3ba866731e4cd

    SHA512

    ef9af810db8bc7a47364706388a18183307bcf429d27e556c1db0c3c4fd051c8a014ec6eb794594dc22cf37629211619da06bbb3d4c1064252f2b1cdd325d616

  • /data/data/ru.dvfx.vilfoods/no_backup/db_metrica_ru.dvfx.vilfoods-journal

    Filesize

    20KB

    MD5

    0484d37503c8b241b8714fc5f1c4e485

    SHA1

    c4ffc5232967d127beea4dab47e1e1bf6524c146

    SHA256

    1a90dfcd7c1068c307332041f40fea602e3578d02ec1474cba08f434b65533d7

    SHA512

    9500aea25490c5bb04940b03a273e53025a6627323d536669158bba24a05ae85d9de6c06c68420f2e0209e6dd279cfe1a192095056fddfe21745985868ae7b8e

  • /data/data/ru.dvfx.vilfoods/no_backup/db_metrica_ru.dvfx.vilfoods-journal

    Filesize

    8KB

    MD5

    54d69e497283444b847f925651ddf737

    SHA1

    798ec9430cfb4b8a67c4fc134cfa4d9482a8c48e

    SHA256

    3f432c2ba0085d5232f3efa6102c5136fcd521b276cbf76afcb8c0c42df44973

    SHA512

    ed6e702b3b8e902d810932e2cb7dc2d9dc0b42e9bdb9bb367aee2b467b80b4b8bc441033d3aef8bf3971ff747bfe5b7acbca41c5eafa3f818e0b982bbdb5de1e

  • /data/data/ru.dvfx.vilfoods/no_backup/db_metrica_ru.dvfx.vilfoods-journal

    Filesize

    12KB

    MD5

    0f91b0d15afd7216e3fd6aa858f5a9ca

    SHA1

    a8cc65e93b3eaab697c9b465c6d082b9afd64b7b

    SHA256

    e2b87f88d077697c5c4852732d7a210db13d8774e0526acb747609021a999fed

    SHA512

    47569d77e8274261579bcd0e839c5e2d38d614677ac58b8aa98d148a03695f97cc1c31e7de62d82050980a3cdaa75926f1f28871167643aa6c5c340ed7f23238

  • /data/data/ru.dvfx.vilfoods/no_backup/db_metrica_ru.dvfx.vilfoods_20799a27-fa80-4b36-b2db-0f8141f24180

    Filesize

    36KB

    MD5

    853f388e4ebf2cc8b4bb444f5a4f2c69

    SHA1

    eea7941d9afbd97d8dc858ff7548382d6e6c2646

    SHA256

    b4bcb27bc5e3644deb4739bf9b6b8c145720e3d125049b63ba2079114ac05475

    SHA512

    e4e96c07c2e6d121bb895fc9701a03ef8ef80e1a0c96921bbd10b781f3ba597a10a499b0de1a46a32386df6faf5c88ca1184c0114e751f850acebd65c454bdc9

  • /data/data/ru.dvfx.vilfoods/no_backup/db_metrica_ru.dvfx.vilfoods_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    512B

    MD5

    9e4a992519df14857823e330f962350e

    SHA1

    fad376e39aafb48ec525138272a87307106381e4

    SHA256

    721fe17ebf2e6e48fb7d491f25bc398dac40284e14ed972ef0046f4720d10293

    SHA512

    cda1e54cef1849d13727c91e7d72cf01bb0ab12928106119db981c107356f416f81c197775563e7aa568c3ab48beeae8bb7c89dbf1971423086838a230c91ed5

  • /data/data/ru.dvfx.vilfoods/no_backup/db_metrica_ru.dvfx.vilfoods_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    8KB

    MD5

    2c112d552fb9ac178af26305c9970e44

    SHA1

    44e100d35e6688f62ca70551458d14ddbb74790c

    SHA256

    8617f4e20c64277905240c6f23abe288b67198d4fa01da59f96cffba94c93140

    SHA512

    d9a585429d97bf4a1b53aca63891918532ae40dafc27f781dae9520fc3e8475ccebccc82f1efb184785d75a0e781262b58dde992235239550f39069ae464fe8e

  • /data/data/ru.dvfx.vilfoods/no_backup/db_metrica_ru.dvfx.vilfoods_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    8KB

    MD5

    3e58a0be1b531ec6770412c5a7f61341

    SHA1

    9053e74e78d70a950f6fc8ccdc4c70b2713f9493

    SHA256

    40c1cfe16bc69ed96b5dabc86a21ce25a628c38cb4233ef08ae3f1756817dbea

    SHA512

    9c7e9bf073550d07aef42a162260601737a587080c7043468b3ac8154e9f4bee0b37fa383ae45226e7638ca47f4b0a9bb14f6706b35f553dd1cb56ab1bec91f8

  • /data/data/ru.dvfx.vilfoods/no_backup/db_metrica_ru.dvfx.vilfoods_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    12KB

    MD5

    dadc69490a1973fa79945884f8a0979b

    SHA1

    f3dc6aa1843c8a76edb3b85bc2badd11ab36892f

    SHA256

    1da0c78e3be38e2ad223a25b26146e37895b5c4c8104faee184bc5d32aabda86

    SHA512

    757e5b0ae377829b058c5f7a19b23ccb7e8add6a579a0532c851b53479695e698c3e54a1b3c7e632680924b5d13b0fe8f503b87b8a64a26066f344e3dff92c5a

  • /data/data/ru.dvfx.vilfoods/no_backup/db_metrica_ru.dvfx.vilfoods_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    12KB

    MD5

    a077e16d85dcf40c9f7b7b3fafeacda2

    SHA1

    cb3dd6ee6720f67f4d281c5cff7144ce80de4c60

    SHA256

    844e84b61692fc83f1456cb1e9cf618079cd75b90486eb279a4b40d5374bba2c

    SHA512

    7b961220427a82e062bfa2b30d7811b49ef216ec88f03de0d158a3bd585e81447f13b1f834938fdcd298abd672424e0dbfa843a1caf17378a30a2fea0a337791

  • /data/data/ru.dvfx.vilfoods/no_backup/db_metrica_ru.dvfx.vilfoods_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    12KB

    MD5

    9fe7f65716887d88a6c834e9ca19ee58

    SHA1

    0705ec96633633c90bdf1878dcdf180d22b2c0f4

    SHA256

    820c0d3912a173168b87b14e7b4ad186ec9450abc6f2b97387e75048229d2457

    SHA512

    9619663ac0cc77b832ca2b248b006143155f40fde43ea04e5b9a1b51ce604dc04bec1f5c9ac6304245e87b94dffb3b9ee734a8687585df084033512a7553e165

  • /data/data/ru.dvfx.vilfoods/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    fa209629c40403fd1b9474fbf619d0c2

    SHA1

    516530e0c6a2f3b3b62f35de7457f965a069b632

    SHA256

    4d910053968d850e9e217c9876a607cd6d8673f313a17c7d45ecae5316ef725b

    SHA512

    bdcee42bdf95fb7fd6aba30d4f3095e133569a47ec27b0b4edc00c56d9814e36011d38028c2f3e2622a2f008b8b20562164e81c5d546d060c4d813bfeb047fb0

  • /data/data/ru.dvfx.vilfoods/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    af7ac1e9574b0cee4471baa246353738

    SHA1

    bbbde2679fcf4a08ef3cbcd97af5628fa92c108f

    SHA256

    dc5758d98cc97062cec5dd17336204e197c60b4ca10bea96e4b4b5ec4908781e

    SHA512

    4ca15ec574bc5a9cfd54dbe001c38452458f8e90889e2671cfd09ef14149c7099f58488c3510bd0652eb497130954968ea09ad5a18620b13a8257e2061244639

  • /data/data/ru.dvfx.vilfoods/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    c96753e510ea537e86ece0572eb5dc0f

    SHA1

    445185ecadbd88419c29488879ba1f400708c0a3

    SHA256

    9eb02353b25a2858dfb2a461b97006c25e1665ff54af8c8f7188902a074e0c89

    SHA512

    6b7a9f869bcb1d38399eb9c34108dcad087bf562e5cba6b8d0de4a1e2f4c6abdf0c1b27ee8e1ab57078b520b332d3849dd29bbb8a9760956e84c9078dee8f62d

  • /data/data/ru.dvfx.vilfoods/no_backup/metrica_client_data.db-journal

    Filesize

    8KB

    MD5

    c3a2c31f8b3db0da09c7b4d0dc4e0299

    SHA1

    6e44816eabf0554fbd23cddd01a41ec0903c08b7

    SHA256

    f1ed53469a6b5b58f677dc5dbaaa47fe5502a2d440958d0f6e65a1fec16e59cc

    SHA512

    7655a61bd96d2ca5682f32ec0cbce23fe1bffc4a50d8d45b118ac75d83d2a1156cb6f3d82d0eda640e149e2b27261d43b493b1ce7a0c2b1039a755302e45a5d3

  • /data/data/ru.dvfx.vilfoods/no_backup/metrica_client_data.db-journal

    Filesize

    12KB

    MD5

    602a424babc7139c802eedcb399fe8ba

    SHA1

    cbd8bcae34af557b3763930a943113af852e771c

    SHA256

    ab42a544dcbb494aed3bfb5a469f54c53c13041aaa24d129a9ba8ac63f4ffe8e

    SHA512

    541fb54c2fa19498ef7dc0958a8fbe30f3bae8c6041a9529cc168dca57ecff8887d556e229c41bb3e17ac546d238071fe1354cd069f68f0225cbe1965c429fd5

  • /data/data/ru.dvfx.vilfoods/no_backup/metrica_client_data.db-journal

    Filesize

    8KB

    MD5

    49d530c08d2283344751e5665743079a

    SHA1

    22bd00518fa3f8c47bb08ac075deb3bb6fd1aeca

    SHA256

    de24b5720175e37719bafe5eb6338b669a492d7a0f993ed69b86050d31063778

    SHA512

    04d238d9754250ea1018de7c67b35ad5d661218f5ee34f82ac19e1fc76d9287ee03dbe4a047b35d085be51a6980fa345ad05c93fef6d51b7f5c8619cceebf085

  • /data/data/ru.dvfx.vilfoods/no_backup/metrica_client_data.db-journal

    Filesize

    12KB

    MD5

    26b407c883fdb34389fb0193dc14e10e

    SHA1

    cf58f273c2254e488bead541649fe788d445eb26

    SHA256

    d8f01236e50dae8376484932d988da7ee042e6382a8750bf4e98de52db764ac3

    SHA512

    547e5bb305f0a0037e5c89219461a13665824f6903f280884450b4765de5cf805cf117acdb04cf92c2520a460dd294c2d789a12fbb4cc3c9135c52567854cd25

  • /data/data/ru.dvfx.vilfoods/no_backup/metrica_client_data.db-journal

    Filesize

    20KB

    MD5

    2fd6066a86ad8adf644b89e6894863f5

    SHA1

    9934a07322f59ab4eb0a49b669e2f99ad420b334

    SHA256

    ab6b102de2f8b0dbd18666ad163db717d7902e498a26ed862ec2c6b6d28e0005

    SHA512

    bb9bfec40b6abdff855fb0a57db284221511ad6986b2f2c2b94f536d0dde870e22375815c0fe74e4ec87058498ae6a5bd7827c63755ef92775b0af1a443bcebe

  • /data/data/ru.dvfx.vilfoods/no_backup/metrica_data.db

    Filesize

    44KB

    MD5

    5c927c0c5f1014dc9000703851e064ce

    SHA1

    d41b11508c0c7a5c157a7164760734ec6ef2ed0d

    SHA256

    8fad42eb92d28382ca2077935d52badf7ada6590b45cad80e86b211f7b8d44c0

    SHA512

    7c5562d15b4e72c81954e282766412d712a2fbd21396ff76d1dea24244a915e0d7730bf043c08afa4400b23d8ab8441ca4433a6ba2272fd9c984c90a80725ce0

  • /data/data/ru.dvfx.vilfoods/no_backup/metrica_data.db-journal

    Filesize

    512B

    MD5

    4b823f4fb1f033bea3bdf69116cb6d7b

    SHA1

    7477c5ccbe008c4138802a408fcd70984b0c9262

    SHA256

    0c5f6838cd370f95c82a3030d3cb5959b2650ae1df3c85146f8d6b04e3457125

    SHA512

    b31af930e920f590bfead99c3c1c19923fe938e28eed95490e24d6b61c1d3f2b06d804190bb4257840dc654143c50798f4ab03e0685027d20791f9ca738326c2