Analysis
-
max time kernel
178s -
max time network
132s -
platform
android_x64 -
resource
android-x64-arm64-20240611.1-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system -
submitted
16-06-2024 20:50
Static task
static1
Behavioral task
behavioral1
Sample
b5238516dafa2c9547216184a2ea50ae_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
b5238516dafa2c9547216184a2ea50ae_JaffaCakes118.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral3
Sample
b5238516dafa2c9547216184a2ea50ae_JaffaCakes118.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
b5238516dafa2c9547216184a2ea50ae_JaffaCakes118.apk
-
Size
4.3MB
-
MD5
b5238516dafa2c9547216184a2ea50ae
-
SHA1
3d2b31a870d565d498e0358be1afc0c0d1094a43
-
SHA256
ee35f832a4df294a1aedd08360f110312bd63ff013d9ed541f7ecfdc05802b65
-
SHA512
8f011cc598b38560aa92715afec2f21235a14ea1e7e381f6c9b2e14d089ed96e05e1802c5e24078fa6c17279fe2f5d1e485a948fa8d7e9e8fc0040d3a78b4ce0
-
SSDEEP
98304:Qq+g8MRjrWqr7jxZ2ocoY7SWqeosSjyUbWYJ/B0auvIUl6qeZaagTxsm:JEMBJzxjc32WHoDjyK5L7uAUMq8aaeD
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 3 IoCs
ioc Process /system/app/Superuser.apk ru.dvfx.vilfoods:Metrica /sbin/su ru.dvfx.vilfoods:Metrica /system/bin/su ru.dvfx.vilfoods:Metrica -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses ru.dvfx.vilfoods Framework service call android.app.IActivityManager.getRunningAppProcesses ru.dvfx.vilfoods:Metrica -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo ru.dvfx.vilfoods -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo ru.dvfx.vilfoods -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Schedules tasks to execute at a specified time 1 TTPs 2 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule ru.dvfx.vilfoods Framework service call android.app.job.IJobScheduler.schedule ru.dvfx.vilfoods:Metrica -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal ru.dvfx.vilfoods:Metrica Framework API call javax.crypto.Cipher.doFinal ru.dvfx.vilfoods
Processes
-
ru.dvfx.vilfoods1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4465
-
ru.dvfx.vilfoods:Metrica1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4524
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
12KB
MD58c12f6f1dba6519b251ab7afee43a4d0
SHA1a693f280aed5e3bba41b47f02fb7ca645a8ce2c6
SHA256ae4b85455a4efe75981e5fe2cb2b14cbb887df9018f134c80a8f6794e962287e
SHA512d8a4abc803815ea8dfa3684309451662b347f5b0f8c7b11e7528a3a0c0a59d1cdef039224c07a3549628d71b18e333002ddd072638fc761d67a50c853486953c
-
Filesize
36KB
MD5bfd317067e4b211532e8e399c4a73aac
SHA180fb47013d05eb5568ecc15b45e559aaed4da4e1
SHA256f703861a977834229547ed48e1e32f841537f8e625e571f56b934446074119ca
SHA5129bf738e1d03563e0f2a600cb5c3a8724a7b3d15d28175f71c7660edffe30f39d50893f08edb5f87e6e1ec139c5195c8492ad0c55ae18ab575f8e757324764958
-
Filesize
512B
MD5de12d01887eb43d377b00d43b014558a
SHA18b4e5dc2f550d7185a797ff11944842e05b24e93
SHA256ec18dcd43c7e9fafe33755fa6c231955e701beeab5100352de88f33899c1af4d
SHA512540a2681f3e8e11e4fa9d037cc8eec84a3a4be40426dec62dba290daf6af684f30d4819e8b07bc5a3b32df9456d00bdf86580bf48ed39806ded279c707d402fd
-
Filesize
424B
MD50df69117372444c072b1af0b51ea3c94
SHA11abab8d11a1926b3a3001faedd98d7f8f57ae85f
SHA25689b737c6fade95157ae3d5c619eaa0bf5fa4b18af972b5df3e9196da21c25a25
SHA512b5e1a01e8f5b3f45f366a6d453caf2ad5370bc8637c74794f23fae9483c77d3924366cbe9ca8503ddc15b75f331c3346171a05837d7ac29a24d338d175103180
-
Filesize
233B
MD5d54b77b4b1b6a4a1ab564a72c3a11e61
SHA1b4ed05fab808862702dbe76d691bb6863009503a
SHA2568b30c2064a5c9460cf8962dc7c12c3503ad9012b17d071065a59b83bd7d53ac4
SHA51217af86ece64caa3b39009f7aede866cbeb759411580769ee3274bb4e876244047df874935de59d7aa26f0151bb6d2317b4f04d84d7443df99ca77ae03c13beac
-
Filesize
12KB
MD5336c3feae57ae927c37d298936e2d655
SHA11f5e9f4a5835c6914410a64a406d09beb6ec0ff5
SHA256d1d24a52656d05209516203759fb46eb0386511b89d8dd1c09091007ea248514
SHA5121f58f8d4e0644902578cf978a6bbf8d63f5350d5da5777e53b6e5fd658a38b30c70766e4b86dbbd393c94509e56b6ed76ac36854cf2ff4c1688d56d168eb0944
-
Filesize
20KB
MD5111abc0370cbc1dd6ce3b92d2ba992ad
SHA16d87c590072dfdf7b173904dc8179d7ae845a66f
SHA256f1536a17ff59a2dfa1eec5585847eed8a8e7cc79c9e7ccb1e1e12784f1f88d39
SHA512b16873f6a798d32cd0c663032417f235ee37d6d41363d0e35dd71e26193e5fd9c749e56daac012eb38170302d24c58b74d13eb372015f66ea07284d081eec5a7
-
Filesize
20KB
MD50dd6062112728f6f6cb6cb0a938e00c0
SHA1f02238a6d4ce92cf8338bb950bc11586d537d1c3
SHA25647bda62b21e4a7f22ccee8247ca1c11d11d53313719c344e98e0714db3de35da
SHA5126e907ee833a7fbe84a116d99dce9a1cf34db47436e11bc071d18cc045e1ad54b49faab152ad287c657b154bd97611ad6bb96fc040254f0aa986e29b6aa6933e2
-
Filesize
20KB
MD5e21809f9aca2537aa4875246e7a2b84c
SHA11be6fc149ce687481e102aa63e6a8db8d021b48a
SHA256ceb9458c27a071ebc82d57d8948d6d7adb892206f161553e4eca360b1e530d9d
SHA512bf88f0b156e886b2bd463edcd9fdd5e4a8a6059fcbd93545d21e997fdb6e24b6128e6872e2c9103513ed702a8013467cdf46bbe902db8b3ca3cdb983061d3ad9
-
Filesize
12KB
MD532791558e6ee251761b71a35b443dbef
SHA1a2cb4bc247bdcddd46e1639a52739ac0242bf51a
SHA25655252583e99b387789c9d4fdce64ab98a93310918544095de763383225db0100
SHA5125092f83d57b7c1b1df16440ce7eaa565aa5a6fc899e7ba0a98fc2e9e3fcef7360be57585aeb86254291a27d1d2b85c11e5d1379dc0647b97e7ebbf8e2904a4c8
-
/data/user/0/ru.dvfx.vilfoods/no_backup/db_metrica_ru.dvfx.vilfoods_20799a27-fa80-4b36-b2db-0f8141f24180
Filesize36KB
MD53a97006c6685272a63b6966450452753
SHA125b0d8596a374c7b595d9c3c8d804aa9c88f1c2d
SHA2563bd4bd708dd70137d52368458d410289e58dcaf38adf360fe7e578f745e28485
SHA5128a693bca4b154883e5be1694f4913b63e1900f3abd1782c7017443b7b4decf53d785a3204354efd715cc21bb343377994946d3cad49f3cdf657aac5d5470d7ba
-
/data/user/0/ru.dvfx.vilfoods/no_backup/db_metrica_ru.dvfx.vilfoods_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize512B
MD585f2f7c54a35be1e70d68ae134c87369
SHA188b38e41afa32cccd395cba0f4fc1cb522cf7c3d
SHA25696b0de03f14eccdbb1aea6d1faa4acd66fcda9ac0c82902c7ffdb1019828fef3
SHA512524ff6cb7fcd8deeeb4960059e421b9734325cca47ab74bdbc501d7674b69cdf64426060b8918b7e82d7cda9e569c446a755dcaad564982c9844dfed2e720ad0
-
/data/user/0/ru.dvfx.vilfoods/no_backup/db_metrica_ru.dvfx.vilfoods_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize8KB
MD5df35cf02a78b777464fdeec3a2777c26
SHA1241f190924531b1e6d7a5ff96f863dae8e6049de
SHA25642680786968556219d8c5dfd5caf46bc4c9b01f155688a2bc5a9912dabc1d876
SHA512785a64fbaa04f5485bc61637b97259c50f9479161db199a2aec71a8f552453f27e7cf5c6ff395ef5b5e27b806e6705a25ac021dc7a19f61aed4b3bc77c9c5386
-
/data/user/0/ru.dvfx.vilfoods/no_backup/db_metrica_ru.dvfx.vilfoods_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize8KB
MD500eea60e916871af79ecbded365c6df4
SHA1466287a6b2ebe1b7d6032e0002565141d21cc7da
SHA25626523dd615c453d250c4d4f4051d06956c20038305fe4319d51a63db853919b3
SHA5129662c4147e1e923d301af8f11900a006bb415ecd82fe42f3c9cfe862c4890e1f4eaf5ab98c8b1b68738673cbc2f9d35c6662ecb1d14e8f132bac0b354eab4e0e
-
/data/user/0/ru.dvfx.vilfoods/no_backup/db_metrica_ru.dvfx.vilfoods_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize12KB
MD5f62bb2a5e93fcfb106f9071399a5c3d8
SHA1b0afd0e387918ca842a6cd444af38496d7e6dd25
SHA2566a1170ac0320e82418970bd44fb166e32d9e04e728473237f1a4ae36f64b38ca
SHA51228a52139bc369a0b5a9e47d40bc5b08759945b034f27bc0697f9177b9e09c32ec47fa57bfc8c04114e8577fb5f88bd9f826a37d6434a622fc48bb3f398fe8479
-
/data/user/0/ru.dvfx.vilfoods/no_backup/db_metrica_ru.dvfx.vilfoods_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize12KB
MD52a80a2ec2da7984af02fa8c0d51f6a0c
SHA1954f5e37a08adf14d8d85af7bbe7010b8a799ce4
SHA25667ac43b2b03655054fdfddccfb6d6e4f373be94356d082627b6bbcf1963cff6f
SHA51268f9ce39d83cac37abe2c8d8b7e3cbbe9dd43546c22fca9f1c9326bbcaa4760340d3a8e44632eb43e91193af5fb5c22a9aba812aa737f8556df99f82090485f8
-
/data/user/0/ru.dvfx.vilfoods/no_backup/db_metrica_ru.dvfx.vilfoods_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize12KB
MD5115e97f4f84dd9dd9cf0ef1d614dc333
SHA160ae5ac65d8e0252d091f26b0ad359eb42597bd2
SHA25634491c24968ff33062ed34e10a806842bd2db4a3103b993c0935b93d8b169662
SHA512a3b526398dcaefb531250ceaa8c94a6c635805f08108482f0b40979c805eb7d5abefa3608737e0dc92a20397bb39278e5196bac1ae9cadb47b192a9de340481f
-
Filesize
20KB
MD5d0c6216468a004011fddf11d7cfd8777
SHA1f59d660f0c7848925c77ca041725d00d3c43dd6d
SHA256168982d1fc28361b0a4438fdb040fda0af95c6517189034b29827a6d26088f62
SHA512c4836a64404e1eeb9544aeedce3d8a2b70b5375d2885d0ea86c86c60f89edf098962e2e4aa2e5f2627b74a1e65d3d34869408ab5def402883db130467d75e94f
-
Filesize
20KB
MD51fee06fa4e63cd173bd55781e53b2946
SHA1596efdd97793de6c8b73a54f6b4d571496b34aa5
SHA256b45772d27709e506445cbc8b46da35148886c31da1d195ff04a327bab54ddd19
SHA512bc641d9ac8ae5860168197f394bb8d41eacd3b84b0b1f6fbe1b9608a160b2fe18e8dced47053a768034e242e8f2bd41b95a9a16a7e1fa8f8cfcd6db9b7cf6e90
-
Filesize
20KB
MD56070680668288aa9d818a036746a7c46
SHA11d7e9c7ddc7042e33e13522ba41c5af396c2f3ff
SHA2569c864c223407c2162c85f7ab8804ff3c260aecf9c59d74962d9a506fea0832bb
SHA512be7ecbfabf482eebca5aab99af3f4bb828304739189ac1d610902223c26f2957e8f951d7c9623f2ee53712c94d9414f3884af1f016d7c8f0f79da03c8409a57b
-
Filesize
8KB
MD5dd475d9470237e1f03326bb9e3b34167
SHA1f1f784261994ab4650d2fac2c5048720b6b63348
SHA256a61a169a2b470e616eb8f37164d69a39d40de425509194395a090fa8b076f484
SHA512fcc48728e34011049ead9608ed48b36b5d7fbe4702f0bf6e716a496bea0fb3a5f808f60593a1f8d7f7969e09253f72c68a505425e737bc462cf5f1b01c75708c
-
Filesize
12KB
MD55c51c484814a30070cbc795731027089
SHA10f004b5e11eb2cba7a048242234d5be8e690eddc
SHA256166c2463351aabd944c4c5c66f15ca38b9097732df8e7101769efb182fb985d0
SHA512e46759bda5ff7aa8b0c539f520f0457402da508d0f3060592bd3ebc8ea635d9488685cb85fcf2f58860ff704042116391cca782d7fa181382322927a0da63fc3
-
Filesize
8KB
MD5b21c1c63275474c6378c2b215b7725a8
SHA1e0106a9cd9e445f8d58fc95eaa4785c7b93a6f42
SHA25698d0658b82597db9bf50cab055a52624203924b99963285ce7cb629cc5126888
SHA512c1ead5c82cf88c1e1bf703cc9740f780e86f2a662a00d3cdd08377f45283f7bf7b79a8f5b091b40d3b1355b8b2e05338f9657f9d433c5e5e159f45a0dd29df7e
-
Filesize
12KB
MD54ee1ae5b2f1df68c73e3714b0a0b5f07
SHA1cf1d205c9107b127b640fbde2610ac955e85c6f9
SHA256187fc702ea6dd097e27dae834edbbe43f9098f1753eec069ac8e135d0f9d4d29
SHA512de6ca1f76f2ef3b4b84ebb3bdfa9b8bd416fc603d2666ad65d02b2ef09c9a74240cae8f902156860850dd3bb4b107486135a01bd712d79948fc0af1190f1ac8b
-
Filesize
12KB
MD5f41cbf764f6878077e65468480198ec5
SHA15a179d0435ad0f216e8ea43cebf143458615b374
SHA2567328e48b635e8e8fa5cfe7ad15214f5be7b6779e7819466e99a0b0ea393a03ba
SHA512ed7c291837951371a91ab382b6e67d43620fedcdbfb57094cf0e1a434b8b5ccb351f9ddfaf899baf981da5eba3f55184554cac98b22acdf05cd0ea348194ead5
-
Filesize
44KB
MD591222596c868a61b3264566a0f6dca8a
SHA1713be0b03d13854025d670cfefe5d3582a959baa
SHA256472642636c8596069c5ceaf0f581f7991dacee9a93eaf209e90becf7c626d7cf
SHA5129cef5eaac698e021073589a9d92c4eb115a9e2954cdd71a83f6c404cb522d3c3ace84de58d5b6c31332912b4a292eed71dd1ce2178fb22ef5dcb6281f4428927
-
Filesize
512B
MD587f40715d48a38f7890f25a3b64dee0e
SHA13447368a93323fe4cb0dd7f23b9f7daeaefeb466
SHA256d9b95e3cdaf0159ca9703b9f51a8938317efa1e8d4b0b548dddc47637dc7d49a
SHA51240637f2dc52191af0ecf193724b815c628d1ba75ffcfa6d91987e36ab01bf500a01f55aa93cee8183a97398fd5510213b0127d39fe0737859305588c5c71c0fd