Analysis

  • max time kernel
    178s
  • max time network
    132s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240611.1-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
  • submitted
    16-06-2024 20:50

General

  • Target

    b5238516dafa2c9547216184a2ea50ae_JaffaCakes118.apk

  • Size

    4.3MB

  • MD5

    b5238516dafa2c9547216184a2ea50ae

  • SHA1

    3d2b31a870d565d498e0358be1afc0c0d1094a43

  • SHA256

    ee35f832a4df294a1aedd08360f110312bd63ff013d9ed541f7ecfdc05802b65

  • SHA512

    8f011cc598b38560aa92715afec2f21235a14ea1e7e381f6c9b2e14d089ed96e05e1802c5e24078fa6c17279fe2f5d1e485a948fa8d7e9e8fc0040d3a78b4ce0

  • SSDEEP

    98304:Qq+g8MRjrWqr7jxZ2ocoY7SWqeosSjyUbWYJ/B0auvIUl6qeZaagTxsm:JEMBJzxjc32WHoDjyK5L7uAUMq8aaeD

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 3 IoCs
  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
  • Reads information about phone network operator. 1 TTPs
  • Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

Processes

  • ru.dvfx.vilfoods
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4465
  • ru.dvfx.vilfoods:Metrica
    1⤵
    • Checks if the Android device is rooted.
    • Queries information about running processes on the device
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4524

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/ru.dvfx.vilfoods/files/ZPkFS.log

    Filesize

    12KB

    MD5

    8c12f6f1dba6519b251ab7afee43a4d0

    SHA1

    a693f280aed5e3bba41b47f02fb7ca645a8ce2c6

    SHA256

    ae4b85455a4efe75981e5fe2cb2b14cbb887df9018f134c80a8f6794e962287e

    SHA512

    d8a4abc803815ea8dfa3684309451662b347f5b0f8c7b11e7528a3a0c0a59d1cdef039224c07a3549628d71b18e333002ddd072638fc761d67a50c853486953c

  • /data/user/0/ru.dvfx.vilfoods/files/ZPkFS.log

    Filesize

    36KB

    MD5

    bfd317067e4b211532e8e399c4a73aac

    SHA1

    80fb47013d05eb5568ecc15b45e559aaed4da4e1

    SHA256

    f703861a977834229547ed48e1e32f841537f8e625e571f56b934446074119ca

    SHA512

    9bf738e1d03563e0f2a600cb5c3a8724a7b3d15d28175f71c7660edffe30f39d50893f08edb5f87e6e1ec139c5195c8492ad0c55ae18ab575f8e757324764958

  • /data/user/0/ru.dvfx.vilfoods/files/ZPkFS.log

    Filesize

    512B

    MD5

    de12d01887eb43d377b00d43b014558a

    SHA1

    8b4e5dc2f550d7185a797ff11944842e05b24e93

    SHA256

    ec18dcd43c7e9fafe33755fa6c231955e701beeab5100352de88f33899c1af4d

    SHA512

    540a2681f3e8e11e4fa9d037cc8eec84a3a4be40426dec62dba290daf6af684f30d4819e8b07bc5a3b32df9456d00bdf86580bf48ed39806ded279c707d402fd

  • /data/user/0/ru.dvfx.vilfoods/files/credentials.dat

    Filesize

    424B

    MD5

    0df69117372444c072b1af0b51ea3c94

    SHA1

    1abab8d11a1926b3a3001faedd98d7f8f57ae85f

    SHA256

    89b737c6fade95157ae3d5c619eaa0bf5fa4b18af972b5df3e9196da21c25a25

    SHA512

    b5e1a01e8f5b3f45f366a6d453caf2ad5370bc8637c74794f23fae9483c77d3924366cbe9ca8503ddc15b75f331c3346171a05837d7ac29a24d338d175103180

  • /data/user/0/ru.dvfx.vilfoods/no_backup/credentials.dat

    Filesize

    233B

    MD5

    d54b77b4b1b6a4a1ab564a72c3a11e61

    SHA1

    b4ed05fab808862702dbe76d691bb6863009503a

    SHA256

    8b30c2064a5c9460cf8962dc7c12c3503ad9012b17d071065a59b83bd7d53ac4

    SHA512

    17af86ece64caa3b39009f7aede866cbeb759411580769ee3274bb4e876244047df874935de59d7aa26f0151bb6d2317b4f04d84d7443df99ca77ae03c13beac

  • /data/user/0/ru.dvfx.vilfoods/no_backup/db_metrica_ru.dvfx.vilfoods-journal

    Filesize

    12KB

    MD5

    336c3feae57ae927c37d298936e2d655

    SHA1

    1f5e9f4a5835c6914410a64a406d09beb6ec0ff5

    SHA256

    d1d24a52656d05209516203759fb46eb0386511b89d8dd1c09091007ea248514

    SHA512

    1f58f8d4e0644902578cf978a6bbf8d63f5350d5da5777e53b6e5fd658a38b30c70766e4b86dbbd393c94509e56b6ed76ac36854cf2ff4c1688d56d168eb0944

  • /data/user/0/ru.dvfx.vilfoods/no_backup/db_metrica_ru.dvfx.vilfoods-journal

    Filesize

    20KB

    MD5

    111abc0370cbc1dd6ce3b92d2ba992ad

    SHA1

    6d87c590072dfdf7b173904dc8179d7ae845a66f

    SHA256

    f1536a17ff59a2dfa1eec5585847eed8a8e7cc79c9e7ccb1e1e12784f1f88d39

    SHA512

    b16873f6a798d32cd0c663032417f235ee37d6d41363d0e35dd71e26193e5fd9c749e56daac012eb38170302d24c58b74d13eb372015f66ea07284d081eec5a7

  • /data/user/0/ru.dvfx.vilfoods/no_backup/db_metrica_ru.dvfx.vilfoods-journal

    Filesize

    20KB

    MD5

    0dd6062112728f6f6cb6cb0a938e00c0

    SHA1

    f02238a6d4ce92cf8338bb950bc11586d537d1c3

    SHA256

    47bda62b21e4a7f22ccee8247ca1c11d11d53313719c344e98e0714db3de35da

    SHA512

    6e907ee833a7fbe84a116d99dce9a1cf34db47436e11bc071d18cc045e1ad54b49faab152ad287c657b154bd97611ad6bb96fc040254f0aa986e29b6aa6933e2

  • /data/user/0/ru.dvfx.vilfoods/no_backup/db_metrica_ru.dvfx.vilfoods-journal

    Filesize

    20KB

    MD5

    e21809f9aca2537aa4875246e7a2b84c

    SHA1

    1be6fc149ce687481e102aa63e6a8db8d021b48a

    SHA256

    ceb9458c27a071ebc82d57d8948d6d7adb892206f161553e4eca360b1e530d9d

    SHA512

    bf88f0b156e886b2bd463edcd9fdd5e4a8a6059fcbd93545d21e997fdb6e24b6128e6872e2c9103513ed702a8013467cdf46bbe902db8b3ca3cdb983061d3ad9

  • /data/user/0/ru.dvfx.vilfoods/no_backup/db_metrica_ru.dvfx.vilfoods-journal

    Filesize

    12KB

    MD5

    32791558e6ee251761b71a35b443dbef

    SHA1

    a2cb4bc247bdcddd46e1639a52739ac0242bf51a

    SHA256

    55252583e99b387789c9d4fdce64ab98a93310918544095de763383225db0100

    SHA512

    5092f83d57b7c1b1df16440ce7eaa565aa5a6fc899e7ba0a98fc2e9e3fcef7360be57585aeb86254291a27d1d2b85c11e5d1379dc0647b97e7ebbf8e2904a4c8

  • /data/user/0/ru.dvfx.vilfoods/no_backup/db_metrica_ru.dvfx.vilfoods_20799a27-fa80-4b36-b2db-0f8141f24180

    Filesize

    36KB

    MD5

    3a97006c6685272a63b6966450452753

    SHA1

    25b0d8596a374c7b595d9c3c8d804aa9c88f1c2d

    SHA256

    3bd4bd708dd70137d52368458d410289e58dcaf38adf360fe7e578f745e28485

    SHA512

    8a693bca4b154883e5be1694f4913b63e1900f3abd1782c7017443b7b4decf53d785a3204354efd715cc21bb343377994946d3cad49f3cdf657aac5d5470d7ba

  • /data/user/0/ru.dvfx.vilfoods/no_backup/db_metrica_ru.dvfx.vilfoods_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    512B

    MD5

    85f2f7c54a35be1e70d68ae134c87369

    SHA1

    88b38e41afa32cccd395cba0f4fc1cb522cf7c3d

    SHA256

    96b0de03f14eccdbb1aea6d1faa4acd66fcda9ac0c82902c7ffdb1019828fef3

    SHA512

    524ff6cb7fcd8deeeb4960059e421b9734325cca47ab74bdbc501d7674b69cdf64426060b8918b7e82d7cda9e569c446a755dcaad564982c9844dfed2e720ad0

  • /data/user/0/ru.dvfx.vilfoods/no_backup/db_metrica_ru.dvfx.vilfoods_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    8KB

    MD5

    df35cf02a78b777464fdeec3a2777c26

    SHA1

    241f190924531b1e6d7a5ff96f863dae8e6049de

    SHA256

    42680786968556219d8c5dfd5caf46bc4c9b01f155688a2bc5a9912dabc1d876

    SHA512

    785a64fbaa04f5485bc61637b97259c50f9479161db199a2aec71a8f552453f27e7cf5c6ff395ef5b5e27b806e6705a25ac021dc7a19f61aed4b3bc77c9c5386

  • /data/user/0/ru.dvfx.vilfoods/no_backup/db_metrica_ru.dvfx.vilfoods_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    8KB

    MD5

    00eea60e916871af79ecbded365c6df4

    SHA1

    466287a6b2ebe1b7d6032e0002565141d21cc7da

    SHA256

    26523dd615c453d250c4d4f4051d06956c20038305fe4319d51a63db853919b3

    SHA512

    9662c4147e1e923d301af8f11900a006bb415ecd82fe42f3c9cfe862c4890e1f4eaf5ab98c8b1b68738673cbc2f9d35c6662ecb1d14e8f132bac0b354eab4e0e

  • /data/user/0/ru.dvfx.vilfoods/no_backup/db_metrica_ru.dvfx.vilfoods_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    12KB

    MD5

    f62bb2a5e93fcfb106f9071399a5c3d8

    SHA1

    b0afd0e387918ca842a6cd444af38496d7e6dd25

    SHA256

    6a1170ac0320e82418970bd44fb166e32d9e04e728473237f1a4ae36f64b38ca

    SHA512

    28a52139bc369a0b5a9e47d40bc5b08759945b034f27bc0697f9177b9e09c32ec47fa57bfc8c04114e8577fb5f88bd9f826a37d6434a622fc48bb3f398fe8479

  • /data/user/0/ru.dvfx.vilfoods/no_backup/db_metrica_ru.dvfx.vilfoods_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    12KB

    MD5

    2a80a2ec2da7984af02fa8c0d51f6a0c

    SHA1

    954f5e37a08adf14d8d85af7bbe7010b8a799ce4

    SHA256

    67ac43b2b03655054fdfddccfb6d6e4f373be94356d082627b6bbcf1963cff6f

    SHA512

    68f9ce39d83cac37abe2c8d8b7e3cbbe9dd43546c22fca9f1c9326bbcaa4760340d3a8e44632eb43e91193af5fb5c22a9aba812aa737f8556df99f82090485f8

  • /data/user/0/ru.dvfx.vilfoods/no_backup/db_metrica_ru.dvfx.vilfoods_20799a27-fa80-4b36-b2db-0f8141f24180-journal

    Filesize

    12KB

    MD5

    115e97f4f84dd9dd9cf0ef1d614dc333

    SHA1

    60ae5ac65d8e0252d091f26b0ad359eb42597bd2

    SHA256

    34491c24968ff33062ed34e10a806842bd2db4a3103b993c0935b93d8b169662

    SHA512

    a3b526398dcaefb531250ceaa8c94a6c635805f08108482f0b40979c805eb7d5abefa3608737e0dc92a20397bb39278e5196bac1ae9cadb47b192a9de340481f

  • /data/user/0/ru.dvfx.vilfoods/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    d0c6216468a004011fddf11d7cfd8777

    SHA1

    f59d660f0c7848925c77ca041725d00d3c43dd6d

    SHA256

    168982d1fc28361b0a4438fdb040fda0af95c6517189034b29827a6d26088f62

    SHA512

    c4836a64404e1eeb9544aeedce3d8a2b70b5375d2885d0ea86c86c60f89edf098962e2e4aa2e5f2627b74a1e65d3d34869408ab5def402883db130467d75e94f

  • /data/user/0/ru.dvfx.vilfoods/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    1fee06fa4e63cd173bd55781e53b2946

    SHA1

    596efdd97793de6c8b73a54f6b4d571496b34aa5

    SHA256

    b45772d27709e506445cbc8b46da35148886c31da1d195ff04a327bab54ddd19

    SHA512

    bc641d9ac8ae5860168197f394bb8d41eacd3b84b0b1f6fbe1b9608a160b2fe18e8dced47053a768034e242e8f2bd41b95a9a16a7e1fa8f8cfcd6db9b7cf6e90

  • /data/user/0/ru.dvfx.vilfoods/no_backup/metrica_client_data.db

    Filesize

    20KB

    MD5

    6070680668288aa9d818a036746a7c46

    SHA1

    1d7e9c7ddc7042e33e13522ba41c5af396c2f3ff

    SHA256

    9c864c223407c2162c85f7ab8804ff3c260aecf9c59d74962d9a506fea0832bb

    SHA512

    be7ecbfabf482eebca5aab99af3f4bb828304739189ac1d610902223c26f2957e8f951d7c9623f2ee53712c94d9414f3884af1f016d7c8f0f79da03c8409a57b

  • /data/user/0/ru.dvfx.vilfoods/no_backup/metrica_client_data.db-journal

    Filesize

    8KB

    MD5

    dd475d9470237e1f03326bb9e3b34167

    SHA1

    f1f784261994ab4650d2fac2c5048720b6b63348

    SHA256

    a61a169a2b470e616eb8f37164d69a39d40de425509194395a090fa8b076f484

    SHA512

    fcc48728e34011049ead9608ed48b36b5d7fbe4702f0bf6e716a496bea0fb3a5f808f60593a1f8d7f7969e09253f72c68a505425e737bc462cf5f1b01c75708c

  • /data/user/0/ru.dvfx.vilfoods/no_backup/metrica_client_data.db-journal

    Filesize

    12KB

    MD5

    5c51c484814a30070cbc795731027089

    SHA1

    0f004b5e11eb2cba7a048242234d5be8e690eddc

    SHA256

    166c2463351aabd944c4c5c66f15ca38b9097732df8e7101769efb182fb985d0

    SHA512

    e46759bda5ff7aa8b0c539f520f0457402da508d0f3060592bd3ebc8ea635d9488685cb85fcf2f58860ff704042116391cca782d7fa181382322927a0da63fc3

  • /data/user/0/ru.dvfx.vilfoods/no_backup/metrica_client_data.db-journal

    Filesize

    8KB

    MD5

    b21c1c63275474c6378c2b215b7725a8

    SHA1

    e0106a9cd9e445f8d58fc95eaa4785c7b93a6f42

    SHA256

    98d0658b82597db9bf50cab055a52624203924b99963285ce7cb629cc5126888

    SHA512

    c1ead5c82cf88c1e1bf703cc9740f780e86f2a662a00d3cdd08377f45283f7bf7b79a8f5b091b40d3b1355b8b2e05338f9657f9d433c5e5e159f45a0dd29df7e

  • /data/user/0/ru.dvfx.vilfoods/no_backup/metrica_client_data.db-journal

    Filesize

    12KB

    MD5

    4ee1ae5b2f1df68c73e3714b0a0b5f07

    SHA1

    cf1d205c9107b127b640fbde2610ac955e85c6f9

    SHA256

    187fc702ea6dd097e27dae834edbbe43f9098f1753eec069ac8e135d0f9d4d29

    SHA512

    de6ca1f76f2ef3b4b84ebb3bdfa9b8bd416fc603d2666ad65d02b2ef09c9a74240cae8f902156860850dd3bb4b107486135a01bd712d79948fc0af1190f1ac8b

  • /data/user/0/ru.dvfx.vilfoods/no_backup/metrica_client_data.db-journal

    Filesize

    12KB

    MD5

    f41cbf764f6878077e65468480198ec5

    SHA1

    5a179d0435ad0f216e8ea43cebf143458615b374

    SHA256

    7328e48b635e8e8fa5cfe7ad15214f5be7b6779e7819466e99a0b0ea393a03ba

    SHA512

    ed7c291837951371a91ab382b6e67d43620fedcdbfb57094cf0e1a434b8b5ccb351f9ddfaf899baf981da5eba3f55184554cac98b22acdf05cd0ea348194ead5

  • /data/user/0/ru.dvfx.vilfoods/no_backup/metrica_data.db

    Filesize

    44KB

    MD5

    91222596c868a61b3264566a0f6dca8a

    SHA1

    713be0b03d13854025d670cfefe5d3582a959baa

    SHA256

    472642636c8596069c5ceaf0f581f7991dacee9a93eaf209e90becf7c626d7cf

    SHA512

    9cef5eaac698e021073589a9d92c4eb115a9e2954cdd71a83f6c404cb522d3c3ace84de58d5b6c31332912b4a292eed71dd1ce2178fb22ef5dcb6281f4428927

  • /data/user/0/ru.dvfx.vilfoods/no_backup/metrica_data.db-journal

    Filesize

    512B

    MD5

    87f40715d48a38f7890f25a3b64dee0e

    SHA1

    3447368a93323fe4cb0dd7f23b9f7daeaefeb466

    SHA256

    d9b95e3cdaf0159ca9703b9f51a8938317efa1e8d4b0b548dddc47637dc7d49a

    SHA512

    40637f2dc52191af0ecf193724b815c628d1ba75ffcfa6d91987e36ab01bf500a01f55aa93cee8183a97398fd5510213b0127d39fe0737859305588c5c71c0fd