Analysis
-
max time kernel
179s -
max time network
149s -
platform
android_x64 -
resource
android-x64-20240611.1-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system -
submitted
16-06-2024 20:50
Static task
static1
Behavioral task
behavioral1
Sample
b5238516dafa2c9547216184a2ea50ae_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
b5238516dafa2c9547216184a2ea50ae_JaffaCakes118.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral3
Sample
b5238516dafa2c9547216184a2ea50ae_JaffaCakes118.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
b5238516dafa2c9547216184a2ea50ae_JaffaCakes118.apk
-
Size
4.3MB
-
MD5
b5238516dafa2c9547216184a2ea50ae
-
SHA1
3d2b31a870d565d498e0358be1afc0c0d1094a43
-
SHA256
ee35f832a4df294a1aedd08360f110312bd63ff013d9ed541f7ecfdc05802b65
-
SHA512
8f011cc598b38560aa92715afec2f21235a14ea1e7e381f6c9b2e14d089ed96e05e1802c5e24078fa6c17279fe2f5d1e485a948fa8d7e9e8fc0040d3a78b4ce0
-
SSDEEP
98304:Qq+g8MRjrWqr7jxZ2ocoY7SWqeosSjyUbWYJ/B0auvIUl6qeZaagTxsm:JEMBJzxjc32WHoDjyK5L7uAUMq8aaeD
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
ioc Process /system/app/Superuser.apk ru.dvfx.vilfoods:Metrica /sbin/su ru.dvfx.vilfoods:Metrica -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses ru.dvfx.vilfoods Framework service call android.app.IActivityManager.getRunningAppProcesses ru.dvfx.vilfoods:Metrica -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo ru.dvfx.vilfoods -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo ru.dvfx.vilfoods Framework service call android.net.wifi.IWifiManager.getConnectionInfo ru.dvfx.vilfoods:Metrica -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver ru.dvfx.vilfoods -
Schedules tasks to execute at a specified time 1 TTPs 2 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule ru.dvfx.vilfoods Framework service call android.app.job.IJobScheduler.schedule ru.dvfx.vilfoods:Metrica -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal ru.dvfx.vilfoods:Metrica Framework API call javax.crypto.Cipher.doFinal ru.dvfx.vilfoods
Processes
-
ru.dvfx.vilfoods1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:5153
-
ru.dvfx.vilfoods:Metrica1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:5260
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
12KB
MD5170eb151a5c7cda91d7a643ae20d55cc
SHA1324dd1502ddbb08aef3327582fcd70941b77704c
SHA256033c3df8deed1c92bddbf3e97c42915f0ad3057e7852a25e822d8225e210857c
SHA51289e2a5823006b81b16ad58be8006b6a336afeec2c765cacf98c77d35f1afadc15c73f1d8b6f565740acf66c5984e66e3b7ff4c04f6ee2d19ae07b47212258f0e
-
Filesize
36KB
MD5f9c75a0f1ec6da7a34ca24e85cf4acba
SHA1f091dd7e08883391fe67bf03b67cc4bc4573de6f
SHA2564fe1fcb15f43874876dbe213d213b9ac97b06525f7cd99288a08add2a418b86b
SHA5128bbac74be4d50264dc4cb725fb0572176223432b1014ddb766f956c9e853564ca490f9c5f0911c0628b9eff79b7ab6d209b0fe2e96d4a9f7cc0d0b9cc7a3710e
-
Filesize
512B
MD5814863a94ca47fffa9f020aefdddfa97
SHA1f49617414210459a055217197d0afaf392054f6c
SHA2561cade3f6e9b5e74884dcf4b49f517b47fb02060f73e8e442f8bd5e8587e7b586
SHA51276049af7bb2863c6db8f41f6d813082be5360f3f223f226514d71223830cc9abce008c6d1c0ee64c6d52c01f65b59ae1135a3bf465a6155f925a1d58475c6e8a
-
Filesize
234B
MD5238370dcb5435d24335f5e93d2603290
SHA1ca9b437e1faf44d332ab967bfc2037580416be03
SHA256a6982213418d531ad6f12bc0a943370e5539c5624f217504501936976c184aad
SHA5124a9f715a68713567cd55f044abad0d5c0993faf4d567293be57b9623d27e92244894a80404525189707cc42ecf5571244ccb59c5f81dace8cd4cdd0a3f923afd
-
Filesize
12KB
MD5dfad7adf264b4558f575f23e00e0f916
SHA1a4ba91e7fc13f307e8ab4e377dfce9843f802276
SHA2560e51c34c68150e7cd56c1dff37c028453c849eec6397cb4945a829e85a747492
SHA5126c2a0fc8c26630f305806e038b94460759c4055c096fd6a2267aa9b21e5ee7db03221f088febf1ac561dc182cc44d15c30d2694c37d21ea5c0a4c793eb3d0256
-
Filesize
20KB
MD5545267920d3b897be2f66c29dc1b673b
SHA16995ed5e807794ec6899425cc4fca96d6632fc60
SHA2565350cd60158acd4def15efa303f1c94518478fbdfb4d44940cd3ba866731e4cd
SHA512ef9af810db8bc7a47364706388a18183307bcf429d27e556c1db0c3c4fd051c8a014ec6eb794594dc22cf37629211619da06bbb3d4c1064252f2b1cdd325d616
-
Filesize
20KB
MD50484d37503c8b241b8714fc5f1c4e485
SHA1c4ffc5232967d127beea4dab47e1e1bf6524c146
SHA2561a90dfcd7c1068c307332041f40fea602e3578d02ec1474cba08f434b65533d7
SHA5129500aea25490c5bb04940b03a273e53025a6627323d536669158bba24a05ae85d9de6c06c68420f2e0209e6dd279cfe1a192095056fddfe21745985868ae7b8e
-
Filesize
8KB
MD554d69e497283444b847f925651ddf737
SHA1798ec9430cfb4b8a67c4fc134cfa4d9482a8c48e
SHA2563f432c2ba0085d5232f3efa6102c5136fcd521b276cbf76afcb8c0c42df44973
SHA512ed6e702b3b8e902d810932e2cb7dc2d9dc0b42e9bdb9bb367aee2b467b80b4b8bc441033d3aef8bf3971ff747bfe5b7acbca41c5eafa3f818e0b982bbdb5de1e
-
Filesize
12KB
MD50f91b0d15afd7216e3fd6aa858f5a9ca
SHA1a8cc65e93b3eaab697c9b465c6d082b9afd64b7b
SHA256e2b87f88d077697c5c4852732d7a210db13d8774e0526acb747609021a999fed
SHA51247569d77e8274261579bcd0e839c5e2d38d614677ac58b8aa98d148a03695f97cc1c31e7de62d82050980a3cdaa75926f1f28871167643aa6c5c340ed7f23238
-
/data/data/ru.dvfx.vilfoods/no_backup/db_metrica_ru.dvfx.vilfoods_20799a27-fa80-4b36-b2db-0f8141f24180
Filesize36KB
MD5853f388e4ebf2cc8b4bb444f5a4f2c69
SHA1eea7941d9afbd97d8dc858ff7548382d6e6c2646
SHA256b4bcb27bc5e3644deb4739bf9b6b8c145720e3d125049b63ba2079114ac05475
SHA512e4e96c07c2e6d121bb895fc9701a03ef8ef80e1a0c96921bbd10b781f3ba597a10a499b0de1a46a32386df6faf5c88ca1184c0114e751f850acebd65c454bdc9
-
/data/data/ru.dvfx.vilfoods/no_backup/db_metrica_ru.dvfx.vilfoods_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize512B
MD59e4a992519df14857823e330f962350e
SHA1fad376e39aafb48ec525138272a87307106381e4
SHA256721fe17ebf2e6e48fb7d491f25bc398dac40284e14ed972ef0046f4720d10293
SHA512cda1e54cef1849d13727c91e7d72cf01bb0ab12928106119db981c107356f416f81c197775563e7aa568c3ab48beeae8bb7c89dbf1971423086838a230c91ed5
-
/data/data/ru.dvfx.vilfoods/no_backup/db_metrica_ru.dvfx.vilfoods_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize8KB
MD52c112d552fb9ac178af26305c9970e44
SHA144e100d35e6688f62ca70551458d14ddbb74790c
SHA2568617f4e20c64277905240c6f23abe288b67198d4fa01da59f96cffba94c93140
SHA512d9a585429d97bf4a1b53aca63891918532ae40dafc27f781dae9520fc3e8475ccebccc82f1efb184785d75a0e781262b58dde992235239550f39069ae464fe8e
-
/data/data/ru.dvfx.vilfoods/no_backup/db_metrica_ru.dvfx.vilfoods_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize8KB
MD53e58a0be1b531ec6770412c5a7f61341
SHA19053e74e78d70a950f6fc8ccdc4c70b2713f9493
SHA25640c1cfe16bc69ed96b5dabc86a21ce25a628c38cb4233ef08ae3f1756817dbea
SHA5129c7e9bf073550d07aef42a162260601737a587080c7043468b3ac8154e9f4bee0b37fa383ae45226e7638ca47f4b0a9bb14f6706b35f553dd1cb56ab1bec91f8
-
/data/data/ru.dvfx.vilfoods/no_backup/db_metrica_ru.dvfx.vilfoods_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize12KB
MD5dadc69490a1973fa79945884f8a0979b
SHA1f3dc6aa1843c8a76edb3b85bc2badd11ab36892f
SHA2561da0c78e3be38e2ad223a25b26146e37895b5c4c8104faee184bc5d32aabda86
SHA512757e5b0ae377829b058c5f7a19b23ccb7e8add6a579a0532c851b53479695e698c3e54a1b3c7e632680924b5d13b0fe8f503b87b8a64a26066f344e3dff92c5a
-
/data/data/ru.dvfx.vilfoods/no_backup/db_metrica_ru.dvfx.vilfoods_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize12KB
MD5a077e16d85dcf40c9f7b7b3fafeacda2
SHA1cb3dd6ee6720f67f4d281c5cff7144ce80de4c60
SHA256844e84b61692fc83f1456cb1e9cf618079cd75b90486eb279a4b40d5374bba2c
SHA5127b961220427a82e062bfa2b30d7811b49ef216ec88f03de0d158a3bd585e81447f13b1f834938fdcd298abd672424e0dbfa843a1caf17378a30a2fea0a337791
-
/data/data/ru.dvfx.vilfoods/no_backup/db_metrica_ru.dvfx.vilfoods_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize12KB
MD59fe7f65716887d88a6c834e9ca19ee58
SHA10705ec96633633c90bdf1878dcdf180d22b2c0f4
SHA256820c0d3912a173168b87b14e7b4ad186ec9450abc6f2b97387e75048229d2457
SHA5129619663ac0cc77b832ca2b248b006143155f40fde43ea04e5b9a1b51ce604dc04bec1f5c9ac6304245e87b94dffb3b9ee734a8687585df084033512a7553e165
-
Filesize
20KB
MD5fa209629c40403fd1b9474fbf619d0c2
SHA1516530e0c6a2f3b3b62f35de7457f965a069b632
SHA2564d910053968d850e9e217c9876a607cd6d8673f313a17c7d45ecae5316ef725b
SHA512bdcee42bdf95fb7fd6aba30d4f3095e133569a47ec27b0b4edc00c56d9814e36011d38028c2f3e2622a2f008b8b20562164e81c5d546d060c4d813bfeb047fb0
-
Filesize
20KB
MD5af7ac1e9574b0cee4471baa246353738
SHA1bbbde2679fcf4a08ef3cbcd97af5628fa92c108f
SHA256dc5758d98cc97062cec5dd17336204e197c60b4ca10bea96e4b4b5ec4908781e
SHA5124ca15ec574bc5a9cfd54dbe001c38452458f8e90889e2671cfd09ef14149c7099f58488c3510bd0652eb497130954968ea09ad5a18620b13a8257e2061244639
-
Filesize
20KB
MD5c96753e510ea537e86ece0572eb5dc0f
SHA1445185ecadbd88419c29488879ba1f400708c0a3
SHA2569eb02353b25a2858dfb2a461b97006c25e1665ff54af8c8f7188902a074e0c89
SHA5126b7a9f869bcb1d38399eb9c34108dcad087bf562e5cba6b8d0de4a1e2f4c6abdf0c1b27ee8e1ab57078b520b332d3849dd29bbb8a9760956e84c9078dee8f62d
-
Filesize
8KB
MD5c3a2c31f8b3db0da09c7b4d0dc4e0299
SHA16e44816eabf0554fbd23cddd01a41ec0903c08b7
SHA256f1ed53469a6b5b58f677dc5dbaaa47fe5502a2d440958d0f6e65a1fec16e59cc
SHA5127655a61bd96d2ca5682f32ec0cbce23fe1bffc4a50d8d45b118ac75d83d2a1156cb6f3d82d0eda640e149e2b27261d43b493b1ce7a0c2b1039a755302e45a5d3
-
Filesize
12KB
MD5602a424babc7139c802eedcb399fe8ba
SHA1cbd8bcae34af557b3763930a943113af852e771c
SHA256ab42a544dcbb494aed3bfb5a469f54c53c13041aaa24d129a9ba8ac63f4ffe8e
SHA512541fb54c2fa19498ef7dc0958a8fbe30f3bae8c6041a9529cc168dca57ecff8887d556e229c41bb3e17ac546d238071fe1354cd069f68f0225cbe1965c429fd5
-
Filesize
8KB
MD549d530c08d2283344751e5665743079a
SHA122bd00518fa3f8c47bb08ac075deb3bb6fd1aeca
SHA256de24b5720175e37719bafe5eb6338b669a492d7a0f993ed69b86050d31063778
SHA51204d238d9754250ea1018de7c67b35ad5d661218f5ee34f82ac19e1fc76d9287ee03dbe4a047b35d085be51a6980fa345ad05c93fef6d51b7f5c8619cceebf085
-
Filesize
12KB
MD526b407c883fdb34389fb0193dc14e10e
SHA1cf58f273c2254e488bead541649fe788d445eb26
SHA256d8f01236e50dae8376484932d988da7ee042e6382a8750bf4e98de52db764ac3
SHA512547e5bb305f0a0037e5c89219461a13665824f6903f280884450b4765de5cf805cf117acdb04cf92c2520a460dd294c2d789a12fbb4cc3c9135c52567854cd25
-
Filesize
20KB
MD52fd6066a86ad8adf644b89e6894863f5
SHA19934a07322f59ab4eb0a49b669e2f99ad420b334
SHA256ab6b102de2f8b0dbd18666ad163db717d7902e498a26ed862ec2c6b6d28e0005
SHA512bb9bfec40b6abdff855fb0a57db284221511ad6986b2f2c2b94f536d0dde870e22375815c0fe74e4ec87058498ae6a5bd7827c63755ef92775b0af1a443bcebe
-
Filesize
44KB
MD55c927c0c5f1014dc9000703851e064ce
SHA1d41b11508c0c7a5c157a7164760734ec6ef2ed0d
SHA2568fad42eb92d28382ca2077935d52badf7ada6590b45cad80e86b211f7b8d44c0
SHA5127c5562d15b4e72c81954e282766412d712a2fbd21396ff76d1dea24244a915e0d7730bf043c08afa4400b23d8ab8441ca4433a6ba2272fd9c984c90a80725ce0
-
Filesize
512B
MD54b823f4fb1f033bea3bdf69116cb6d7b
SHA17477c5ccbe008c4138802a408fcd70984b0c9262
SHA2560c5f6838cd370f95c82a3030d3cb5959b2650ae1df3c85146f8d6b04e3457125
SHA512b31af930e920f590bfead99c3c1c19923fe938e28eed95490e24d6b61c1d3f2b06d804190bb4257840dc654143c50798f4ab03e0685027d20791f9ca738326c2