5c95001612ce83a25a7efd51db4f3aab4d17cacbc6392b088535787412a83370

Analysis

max time kernel
133s
max time network
168s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
29/07/2024, 22:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

642b3b062d5a71332e5a08c468a2457a_JaffaCakes118.apk
Size

3.8MB
MD5

642b3b062d5a71332e5a08c468a2457a
SHA1

d4c20d9c5a89a730bdc2ef02df1c272425499aff
SHA256

5c95001612ce83a25a7efd51db4f3aab4d17cacbc6392b088535787412a83370
SHA512

63e2ced60f389cfc91f81636842fc41486584ec414a660e44161acb704f3770ce188e2530af2fc5af5d0e3706c0e4bca2f062d14ed873d1874affe60faaa216b
SSDEEP

98304:LLOgD7AvOQENMDWWlIBwX9vbNGKy+GN5I4CtmMC:HFpaHbN3y+o55G2

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 3 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/sbin/su	com.jalkipalki.vika
/system/app/Superuser.apk	com.jalkipalki.vika:Metrica
/sbin/su	com.jalkipalki.vika:Metrica

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.jalkipalki.vika
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.jalkipalki.vika:Metrica

Acquires the wake lock 2 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.jalkipalki.vika:Metrica
Framework service call	android.os.IPowerManager.acquireWakeLock	com.jalkipalki.vika

Queries information about active data network 1 TTPs 2 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.jalkipalki.vika:Metrica
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.jalkipalki.vika

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.jalkipalki.vika:Metrica

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.jalkipalki.vika:Metrica
Framework service call	android.app.IActivityManager.registerReceiver	com.jalkipalki.vika

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.jalkipalki.vika
Framework service call	android.app.job.IJobScheduler.schedule	com.jalkipalki.vika:Metrica

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.jalkipalki.vika
Framework API call	javax.crypto.Cipher.doFinal	com.jalkipalki.vika:Metrica

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.jalkipalki.vika

com.jalkipalki.vika
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4248

com.jalkipalki.vika:Metrica
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4287

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.jalkipalki.vika/databases/OneSignal.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.jalkipalki.vika/databases/OneSignal.db-journal

Filesize
512B

MD5
9968459da81751c86acc578287f186dd

SHA1
6180c749ccd438793e4cf7c623c9e578d4efb6ec

SHA256
415ee359b0947640dbad33aff645879b1f2ad02822c626fcd8c622b02061e168

SHA512
10ff865006b6a61356a28b5c7dde527765140c9dfd6263f66dae8a6e41ccd1dc8b3b1cb3f6dfc84f19fa203a8af1caa5d86e0d1ebcab22f7b9452fdae14773db

Download Submit
/data/data/com.jalkipalki.vika/databases/OneSignal.db-shm

Filesize
32KB

MD5
7d88c811f8ab0e73a4c394881f0d2a7b

SHA1
0bacdeb77e64ba114b793b2d02b8f59ff408550d

SHA256
af4192a42d9cf2e9fb6c655469540a1e8f9eec3a3dedfb7bc4e7e6b6cf93e892

SHA512
8f02705b31266c404559a58b7f20ad9cb468dbf2f6b6fb7fe51960463b1ead4c5d3057f394ece232421b2e7c3ec2d69394e754c2802c3763c5e11d3b6b3bad83

Download Submit
/data/data/com.jalkipalki.vika/databases/OneSignal.db-wal

Filesize
64KB

MD5
a362e918be442fbde945e247e4d5d9bc

SHA1
793cd23098173ba46e3d11c24de4bfdd0846dbdb

SHA256
2f933a89d3b5ddd44acbac336d6251896efdb3389fd2c39902a265020e7fb2e6

SHA512
6106441699e66309f184e855331288b774bb6dcce668e78fce1734f6a0794da84c5d18ddff7fc68863f49e45f59014ae22dcc8e56638a92bfd4f818121e91a5c

Download Submit
/data/data/com.jalkipalki.vika/files/Mint-lastsavedfile

Filesize
226B

MD5
f90dfa5a4a80f0ba66e8f7c35ef3781f

SHA1
1eb1ece549913cc227ee94f8afe9df906ab1d62a

SHA256
9c1391e9a1cae20c713b0363051939c8c2f5ae732389925257329affd89c0b66

SHA512
d14b7829cc0f7a7fb4b0a48546caae412d4167c6148c3d460c82f93a425ffcfbbafe204f6b2c832d628d1ce41998549478a225f7de5e67e42934b275e51591a6

Download Submit
/data/data/com.jalkipalki.vika/files/Mint-lastsavedfile

Filesize
20KB

MD5
9e08deb599afe2f4037f21b1ef97b368

SHA1
9a161a523447097fe19e8f443589edc7c470b2b9

SHA256
1a7881d375790dba34460082ddb0c6a39be9fb9a0fd76b62bda367dd27c53041

SHA512
e9b1799813d0ff29a7c79a096e3a1a0782789ba01e8a2c3e71a7a596b327c2e0d30421071c9d2c4ec9c261c488ec93be3a1eaddb04150909ad2766f3dd9bcaa5

Download Submit
/data/data/com.jalkipalki.vika/files/MintSavedData-1-1722293989081.json

Filesize
8KB

MD5
dfdf6f58dd8e0d597a3e102712e155ad

SHA1
001306e0f16245559aa445f272f3255cf46b0b90

SHA256
f74c70869279c11eee8f28ebeef9e7030437a5d9b44cf6ada2208805ac9b9707

SHA512
2106ae4d7bcc5e20a5fc5bef5fa843492950b9b20f1dac40962490f6a067060b4f0b5cbb7f88dd9a5b71581100e7b313e023505a5b9752e918c636316a4d6ac4

Download Submit
/data/data/com.jalkipalki.vika/files/crashCounter

Filesize
512B

MD5
de97764298b10fbc5b7011e94afa04cd

SHA1
26e09f9fd4d5e24f162932c58404e51561f5b8c3

SHA256
3507e47df567f4b6a72b5e54342e41960fbb179437335d84236aa05dbd968c1a

SHA512
10d7a6aff41fe94d18967e147fabc31325517511873054b712131f6feccba0a17b3b97a83600f296fa6cbf57fe82c2bb7e34840e76c97366db6e949e89b8dc66

Download Submit
/data/data/com.jalkipalki.vika/no_backup/androidx.work.workdb

Filesize
4KB

MD5
a41780b5da50c0f10f82a86c53e57212

SHA1
01711b242e918df3e08cffe9b632af14f1d44bdd

SHA256
a1fcb6800f504dcbb51a1fa40385e1e8a9a3f3a94155a97906b57e2ef8f81a8c

SHA512
e00a986a30dc16b437efdb128c0c6e05b45936e2e276760e67307505670a145c1534defd82eb322faa7f6d036c28e069310e30040d8047e5ab0241f6f7b18f90

Download Submit
/data/data/com.jalkipalki.vika/no_backup/androidx.work.workdb-journal

Filesize
342KB

MD5
a0c9778a181ce94a494067a5d025f253

SHA1
887f4448c11e1c77d4828510c043510f60b97358

SHA256
50a6f10f500d8aef0a78d9286c064eb7e887e2d2f75d0704b1514e945a4679b9

SHA512
1ca4d6337b97058ae0f824c20652060f67ce37bdef6146aafa306e1cb082bc733a5532abf397c1610d8541708417acab5d6400235e6896138447d5836f7eb099

Download Submit
/data/data/com.jalkipalki.vika/no_backup/androidx.work.workdb-wal

Filesize
32KB

MD5
882c17cc84b4695786dc83d4ff8b6251

SHA1
70fb83f92100915e76b8fb613136ca94a5298317

SHA256
2ab4befb0174dfbf6da6d611681b91ae7d0497fe878d704099fec6cbe9239db9

SHA512
08bb358d796d3217102c752e53b49ddca3fc3572702a6b6e1cda37f23db4ea3199441b29d5a46a6c20a48c0217abbe8e0b3b2fadcbb2dd8f7687aa6c2fb71507

Download Submit
/data/data/com.jalkipalki.vika/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
422b88fe0ccf2472d6c7f2bfc3161a58

SHA1
bc7e7294216c14a4386c69f4c9adbc4aa9c27ed9

SHA256
102b057c3309af5f552d39b806110fdba981671ad9caf6de19bb7e9c39e9bffb

SHA512
c672a3d4d42eb857449f80122cf9206f10e02935a4dbe049240c426f60635667678535f97f2b5f1d1882e36213bfaf292d9fa9eff5784914f2b42d66529b503d

Download Submit
/data/data/com.jalkipalki.vika/no_backup/androidx.work.workdb-wal

Filesize
116KB

MD5
c121ac405dcb896e49e40b714050fa2e

SHA1
16cea7cd154ccf21198093a2525d107087d8d8b0

SHA256
a4714aa2860c718bea4ddcd1f58d6a299f76a2a3a6601f060e82f4dd1dbb7590

SHA512
90c529407298a6126c03c6c7d7f359706cd2efa58fca12cbee8b7f17a2b3112a70500cc0b80208fbe0ab95bf287863c6f7622b1204a1abdd78c18db7b5ce54ab

Download Submit
/data/data/com.jalkipalki.vika/no_backup/androidx.work.workdb-wal

Filesize
237KB

MD5
c96d02eb9f926cf577a19a679b29d935

SHA1
8377c6224743bd0f55565aa3cfb304b8e4c855e0

SHA256
90b1a58a1b011e49b3f182790b8b75fdc6c0971bd0dea84da0e9ac8decdd884d

SHA512
58c776ca788042351070f075d66857b2104d295e324280b8aadc53c8fbfd4e258d374e9ff9f74f993eb04f10f6e8b298651e585859fa64027aec78fac9e8f660

Download Submit
/data/data/com.jalkipalki.vika/no_backup/androidx.work.workdb-wal

Filesize
281KB

MD5
195a6259ad01db15ad125d2b684b6fc1

SHA1
d06ad489f36d89a7673b619d005be00d6a54a52d

SHA256
2fdfed9c763763a92afa8b845534f8e91b84cc44a7919afd9032b31baec44fa8

SHA512
19e72ce707c30d6f193bbbfe8fa17e77f20bd58942ca048306478951c20c0cb769cb0b2073e38e0451f6d06d155980cd72c6d50207e6033183ed63c89a9c59e0

Download Submit
/data/data/com.jalkipalki.vika/no_backup/com.google.InstanceId.properties

Filesize
2KB

MD5
2ba974bd012aaf94700d2e91c3301c4d

SHA1
27fe5749863d3074e7f4cba2c6ce831013719958

SHA256
261e99bc4308849f86955c4e0989770f25e99426765c4ace72cb4a7223d835d6

SHA512
8db30f0e906d65bad31397f0b4ddbf0068dc9183253b76de41e45991c093738145a4d22b5aeb2a16f5292f2abcb83ed7f400f7e8c3a378b199747d9024deb486

Download Submit
/data/data/com.jalkipalki.vika/no_backup/db_metrica_com.jalkipalki.vika

Filesize
68KB

MD5
16178973d67aa1dbe0b32e10dd7f504e

SHA1
be39e2d2f3b85b3999dfbe250efb246f5bbe0ac9

SHA256
5aaf01f3fad9c1a06221f5b647d0047b2222d570f44db270ad63dc6674bb9ecf

SHA512
f1383f8339d0cb783a0dee2f55f046a6c36699d8c76ef96060d3120e056885477abe72728bb374230c1e59372e74986061b8a9abbaf3a49bd9cd38fb88c6efb7

Download Submit
/data/data/com.jalkipalki.vika/no_backup/db_metrica_com.jalkipalki.vika-wal

Filesize
406KB

MD5
05a711aa7dc529c1739da82cacfae90c

SHA1
d676a7b3dc1b4c5a7433fbfdff509fec0dacd1b1

SHA256
368b854449ff013baf187ae6d6b67eb7392ee9b52463ea6ee401514d88dfaea9

SHA512
484e272f02eb45086614a41702c669e9ccb58c16e3cbfdb9cad97650ca7e332b73468ad3a81add4af89414c41d0b5fa3547b4823b5cb7c9f46cd861e3fa15367

Download Submit
/data/data/com.jalkipalki.vika/no_backup/metrica_client_data.db

Filesize
20KB

MD5
5ae1dae9eb36649faeb07a94ca96e7f8

SHA1
9056cb35b999726d6576ef6ced55ca9228cb97c3

SHA256
62eafa0fe191047857cbfdbd6909930487f2216d260b4be27fd52e3cff6086d3

SHA512
e33d2cec8122673da3c8ffc788bf2984eac878f7dada265485d960a886ebfb00e17b12a30b546c959bc04c62a31d5646fda748df693e0bdafbb974abbbe77c1a

Download Submit
/data/data/com.jalkipalki.vika/no_backup/metrica_client_data.db

Filesize
20KB

MD5
adb7b33eac8f43c27d36c8d9a939a3b6

SHA1
73ff5abeffbb10c20260081292432bfdfe608dbf

SHA256
62137d440010fde40907dba3bd095a5ae4a731369963e4acb5891ad826da3ee8

SHA512
e878b502cadf41df3a5c106a79a94d4d1d1a8d044abf3ac425a5142ca3eb5ad7f306ae25c32fc87443c0723a7e114d2930e3d3ae62f89c5972dd9d7984b20149

Download Submit
/data/data/com.jalkipalki.vika/no_backup/metrica_client_data.db

Filesize
20KB

MD5
ac26a375d5d673c2a7b39bbe42efacaa

SHA1
a7384db83f153cce2cdd67a97a20df068f6ecd67

SHA256
001ea8b38280af72e70a8168524cfb2b07a711040948397d36fcace03b593716

SHA512
45e1842b55ebab067e53fb3c6ab880c0a652a951f26c1cae5363f429207db5f1aa56c821e89973612b73f9c0d186561221b6129db22e447ccd421b40342dd6bf

Download Submit
/data/data/com.jalkipalki.vika/no_backup/metrica_client_data.db

Filesize
20KB

MD5
0c6b579d0f4e3685bb6591b7eaddc7b6

SHA1
a3cf538ef0ecb3201aed09f59bd00a80d0582b9a

SHA256
70527af5bdbfdabf1e350f93c6101a9ccdf92b63e035c922ffb0e9e82e4f3f30

SHA512
7d167d8890f1c50c1cca61adb0e364cd5c4635e16f4c350b0202beda312026cc7a990be4d844263ddb067dc3d72ba1b82418f44b2443825f937cda04dc6fae3f

Download Submit
/data/data/com.jalkipalki.vika/no_backup/metrica_client_data.db-journal

Filesize
512B

MD5
222b24b9f731a7e6a5cd90fd4a1032a9

SHA1
d667b38e409692ef9a9ff44490df036fb7db6659

SHA256
054a052d6b496a774a4547655e150103eb2e966f911ae58051cca6814ac4da37

SHA512
7366bff0408d5673802d37a5286229a777067f5674d2d9d4333e5fc5bb4b6e194954a06ccfd321a609f5c3648961c79ceddb44a713aa2f1c540f02ae8f8d0aae

Download Submit
/data/data/com.jalkipalki.vika/no_backup/metrica_client_data.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.jalkipalki.vika/no_backup/metrica_client_data.db-wal

Filesize
8KB

MD5
8bf018e51d036ab23e6237a4800729c6

SHA1
d3e1dbcf95d1b4cd5a916ad7363c105e89b71c01

SHA256
94fc98386a7ce1fc296d64653f079979f3f190a4ba8f2a1cc3ea36fd0d87a8dd

SHA512
9acf3b4ed2a39b0396c10c3b700564f99d4ecc6ab41d967694cd287f756f67f4226f0c05555d4057900bc181c21c4927e3d6e7b2e5a5a583b1a9eb928840c8e6

Download Submit
/data/data/com.jalkipalki.vika/no_backup/metrica_client_data.db-wal

Filesize
8KB

MD5
011cb3b6def3cdb090e2cc5769b5ef14

SHA1
33d2169246209ce3a237c2582bf8bbfa01721124

SHA256
fab2ca6b142b9d6399df2bffd15ae0e0fdb1e6ed70fd2eb81654cc6d8a187f4d

SHA512
672ddb7659fd76a39653fd29f704f8b3013bfaedcd60015b26831e012c14e0c891b80b850bb248b6c1c6b62af4eed235dc4e5418acc1fdff289223355b04a12e

Download Submit
/data/data/com.jalkipalki.vika/no_backup/metrica_client_data.db-wal

Filesize
8KB

MD5
773d1d46fb3d6969c8cc385f4a5313c8

SHA1
0b4ca906899179d5373a158f5d9e579a2dc444eb

SHA256
ebb28c59e33d8ceb9d61e9163e79f50ee8775cb220321c7ef1fa57ad10757991

SHA512
3437de21c9345d6d6d301868ce71217dba0648750e04ca4eea2c960ac608844fe076d87de60dbd04c31f6344d1cc560c6c713ba420489299e3b0fbde21c8e925

Download Submit
/data/data/com.jalkipalki.vika/no_backup/metrica_client_data.db-wal

Filesize
32KB

MD5
55834fdf9a684157d04ed5d117649575

SHA1
c5143ea2a84c575b7f015bd64d4e2eab4cdddec6

SHA256
3705dd0b03abfd9d60d836a72180cd2c49889573d53f18f0d0b4728d1f468ea1

SHA512
65e5c66e963398c62e09d933225cb8bc511e88c8f878df91e22d3ff3b236c459d4695a0a8c1ac6e877b58bbb15d163dd77a80ef492e46b363d4754b82f629a22

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads