8c2d4771444425280f56063ea077c99964cef55ae3bd52ff7908c7b74a442082

Analysis

max time kernel
178s
max time network
176s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
11/08/2024, 21:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8c078cf6742f85e62c6ce16f1a6d411a_JaffaCakes118.apk
Size

3.3MB
MD5

8c078cf6742f85e62c6ce16f1a6d411a
SHA1

ea7f5b548139724181aca2bdad56df031c2bafe5
SHA256

8c2d4771444425280f56063ea077c99964cef55ae3bd52ff7908c7b74a442082
SHA512

53e4d1bc6b79403e0c384d45a99f26f1b84c7b0c1a0f3c14754561bcf88ff8c0bca087f26a2b632d6b10415219f023caf87b7c2490158cdcde3fa5d73729ce00
SSDEEP

98304:fPrL/jD6ZNvBoknQqBDCirqDMaepvb3LHOtywXj3kYK1pGP:fDDSZNKkBQe5u

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.producepro.checkout.marchese:Metrica
/sbin/su	com.producepro.checkout.marchese:Metrica

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.producepro.checkout.marchese
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.producepro.checkout.marchese:Metrica

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.producepro.checkout.marchese

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.producepro.checkout.marchese
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.producepro.checkout.marchese:Metrica

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.producepro.checkout.marchese

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.producepro.checkout.marchese
Framework service call	android.app.job.IJobScheduler.schedule	com.producepro.checkout.marchese:Metrica

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.producepro.checkout.marchese:Metrica
Framework API call	javax.crypto.Cipher.doFinal	com.producepro.checkout.marchese

com.producepro.checkout.marchese
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4993

com.producepro.checkout.marchese:Metrica
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:5039

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.producepro.checkout.marchese/files/ZPkFS.log

Filesize
20KB

MD5
ea9c2dc01d788f2ed7ad6a455e32335a

SHA1
3da6ee06226734e9a402c3ef2b542af3b509b6af

SHA256
ddcb0e1970efc2dcb42a4dd328ef8c10f3512b39a47277d5b075fd3b92dfc3a7

SHA512
5b834f25f6f8afea98eec78cf8e148671ceca48aee8019e09308389c1f336e47e55666fedf66e09c97e827c375ade0fad635b98686ebd2f72240108670d25e76

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/credentials.dat

Filesize
233B

MD5
093a6446af4abc21052f9e68925a2cac

SHA1
d3511e43f6b305e69c94d1c45f9dcc7fc8d569d3

SHA256
28ef5d3cc65a49965296a68470d7e7ef3083265be9811ecbbeaedd646c272cb8

SHA512
89e59c5a7f20395cb886a5911c706598d020a29a0eb666379db95b123cd4574ccf3af16eacd509eb25fe4c1b26eeaccb391ff45028ab889d9c53ba66c59f26ea

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese

Filesize
36KB

MD5
e81323e98abdc8c73e7ba76c22848c66

SHA1
57dbd32f1af9d9f135faf56e83fb6e7106acce29

SHA256
0a15a13a9d847a676d9707018181fed2391db8281e2cbeac505071d63c6c17a9

SHA512
28c0443de37173c011219e7748e20ac6419a759ece9de568214edb8e075b8e0bd4ebb356c1bc3497933b6fb385d5ae0ef47c4eca0d30a28556e598d53ffcf776

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese-journal

Filesize
20KB

MD5
b34a2a19ba04c49f0c403d7ab42f66e4

SHA1
a9d943ee734f7fa5203a4a5153842233ac72576b

SHA256
38cf66aa001d1b5114998f1ddb2a82b32edd54878e3a13a1af7ec9e814072ef0

SHA512
19b490794ca612545ca0595b33b6ce532ba49b85fe8dd3fc5ececc3412e8246f44ade680ca8c810c5c82155a75f25ff5a92f32fb406935c0372d9c44c8463f4a

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese-journal

Filesize
8KB

MD5
42448ee844126aab5417e703de99b921

SHA1
edae3bc7ff1004d98ea433bc8f2be5ff3110261c

SHA256
2c99d9b43a8e11b145509542ede31b44c6c069148c35cc62f52c560477ebaf4b

SHA512
8b9d97c895cfdd6c1054834e9db12d3a6cd5e6a9cac09cf7231b28fe5b36845448514a9f2c3109c1919fb1113433c5195ce5e1784165a00a5c75157a7fbe4e62

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese-journal

Filesize
8KB

MD5
b81cf64c803abc983b9db2ec4c0a7047

SHA1
04d647eca650b1eb57ca861a6c1e4438198634a5

SHA256
4350f472b9f31db048194fb89ea7bedfe79329648f5553fdd2bdf5785f1d3d44

SHA512
7a17487f88d98d166122b0c62173499757d3f90cf1537965bf5ea317196fc4d3e08918bfa2b68ff72502c1a513669f9b2bdcf1bf2b956610ac1cb3df88263017

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese-journal

Filesize
12KB

MD5
1c3af7a112f22ac209c9e54370d98d1d

SHA1
b1481adc237886b110c1658ad8d9f2c83d87ead1

SHA256
c49fbefa529d87eb7a77a1f51db4f20a50ec33af3871f55ebf23ad9dde78a83a

SHA512
3df92b6f4bb0679e5d4c7af4b9ac46548e663331d91e201f5dff2ffbd7adc2e43d2cc7506ed7965eb5960b67191b3945ba5985b5c641d9d87d80ffbc44c107ee

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese-journal

Filesize
12KB

MD5
4d7cba96b79d425ac1bf083a3abc3f76

SHA1
9c1b90dff2fa3aa4c9a4369132dcf51577aa08c6

SHA256
e352b450cfd13b5043a6e1d39b55d8c799e66a397ac82a8200b9ce9fe29234e8

SHA512
6c73550413e794984d2026d0f8fa01a9599c99363f05500ea066bb5eae41e03f08071dcc136df88ae473dacf9452e26d9dde1ec08da544d3741fb109853660f9

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese-journal

Filesize
12KB

MD5
972e7b3c19eee18dd62068936d0a4b0b

SHA1
98138accd4b30752095a5501d89b913c8330762c

SHA256
b374e3a7735df56dd1f418f185271cddc322b87e06bcfe33c1c4c00488b18d2f

SHA512
ce384d40bae1fccf990c6926c242d03bbbbfc089a574469db6188a0997a396bdd20e8d9e7210ef65b4e49c20254178b385b2865d42c253f73e4a1ce15a25427d

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180

Filesize
36KB

MD5
6aee4f5d4108870a8c6da80ae4f653d9

SHA1
6ec18317bbbe3facad2945fbc36e8562f592e9c1

SHA256
ecf1588c4d4e7072dea2475d365fd6c98341e970e96c13cdb9530dbd18e52707

SHA512
62339a9985b0b0cd88fb5f0308edd8c88222c6ba70e1ab8b0554f1589c3053bcbf8fb00974af21e47c7701d05c11e818cadaaaa57fd8885adb1843f86c6cbe1c

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
512B

MD5
c6fe28c1b66567569e8723733382625f

SHA1
88e3c68e2392e61789ec4b366151f0f6c6dfbdc1

SHA256
e2af27b8cc251fd4c17d58a665141523cf6f5dd318b3eea979216340770c4953

SHA512
9de24457a942f218359bfefa5ac300a7dec526aab53dcdc624827ae1d9974678da4b91c33351bbd15db4db1ffebc7ac90840caa1277a4e868ebd8f8c8e4785a1

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
8KB

MD5
5211f1011213fc2a99e9b9716b196400

SHA1
0e48c71fc6071db8c7a4c8a7115aac31cc2d02ca

SHA256
f6b7721ca46ec05ac249b59d90e532b25eb71e46c32b9ed9f85883caf976a26d

SHA512
70e7d37c10dbaaca94df7c8aac8e5cd2c8ae503902f5b59871ebbdf2b46c366cc7889cccbac13fa0d88a04f91c1a741d233b3488d73b685776671e000463ae37

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
8KB

MD5
6d2c71ad3b4c05e864f37c1fdc9d0563

SHA1
7e5c814beab9054e4a981af53b9778ca721357a2

SHA256
fec78509f83597b91cadecadd4b79f15d05bb1933952d47f894e2ba29d574f38

SHA512
924b0f17d57a5ea589b3ac461c00dfb75625eea2ae4e3f353b074a599f55be2b7d81e691167c6b72a76b93f4866b7e11502df9b6b3b5265607405e30691cbcae

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
0c54c597dc11982bdce7094c90037bfa

SHA1
3a858ba1dca05327fce3f77dda8ccbeff2a2a947

SHA256
d5bf30712cd04338d2bc9cedcad3fb0f39b00fbd8f9421db1507402bda3379d6

SHA512
102be6b72dd2ea4c4e3b35032c36dac1f8b5198ace345fbb742d927f8faaa2ee81a4c5d5f4814561c070f7d35752b97cf478eb5860ef93a6efd4b7327d2bd078

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
4b8c4ec5156907961f959940abc7665e

SHA1
d28361b580bb787b9e45c7a409856c7bcd23c9e6

SHA256
dfd9d05ce26945047a49269640d95a50ccedc871eea7ba385cc45302f44fbb5d

SHA512
5afb21f731600b3c42e450badc382c7a5afcb994a66ef7fc3f68f37975c28da743cc1c8fc66ca935278c70b3e0b366ed607e2917b88f88f0c0d448e2ce0ea0c4

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
ba981ce34a827739e4bc5a0bfff30d8d

SHA1
cb0ab914961cc874cf1e30a9fa162edc7eb664ae

SHA256
9220f388bdf875629a1efa502cd9071c06429780312f114727fe8ba12bf5a438

SHA512
25e79504164825a842c7e40c9cab8558b09de56e1610444fe0a87ea3c02f46ef513ef3458a551b0f8b4ecf369302c5b0c5571f1db24e6ce1067962ff5ad70a21

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/metrica_client_data.db

Filesize
20KB

MD5
3be0723ce23cb25fc26f5d28068560b6

SHA1
035192eb584d2a914d09174ab6e73d658198d57b

SHA256
d4a31c1ebc1a177a51cc03e80298301cf1de79c4477f527579646f9e25ee00b5

SHA512
33c52edac1babef47ffba951332bcb9ae5f4d11857cb162c330015d64e21a55157d0da449ff78b9d990930a083b9a0219392e11b13243f2c4f8f69779925bbad

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/metrica_client_data.db

Filesize
20KB

MD5
484df068dc370197c0e37af4f433f772

SHA1
5d071329bf5182e60b2d268adca542901d492001

SHA256
3ebaaa9fc7a9245b413f62f91d9e689d468456dd4b6ce2408bcd2003cbdbfbd0

SHA512
587e7b68f2c167d39dd50744f2892a461a67cb073e8cf9f6eb2ab752e07841440dbe212af32958248d15af5d4001e7fa12f86cad62578ef31999355a86c3b0b5

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/metrica_client_data.db

Filesize
20KB

MD5
8942a4bfe8d73fe55219ab43a7535421

SHA1
e38215700ba6143b37e7cbccd5dcfc3992d995c2

SHA256
acf79b8d5bab429d05c9bedd683696c1fc3d05f8004b1b736392dca399f0acf4

SHA512
eabed31aefc23d8f9b1631739a5115875b05bdcabac4593dbd85cd92a42a15906bf1ad1060c10e66b631dfd29afeeae98c6a5142e481f051957ae9a958806659

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/metrica_client_data.db-journal

Filesize
8KB

MD5
dde7398d12e0abe0d7c98af4056b3518

SHA1
99b9a4a3acf7ef43e9bf0a9c7cd1ddc6c4a8497b

SHA256
58b2d04235548fc4283ed0ddfcf48365d9e152127ba8cbe0aaea6b5a8f9bf68b

SHA512
fa510df72c0b7120e389f0e395f88e4d8094d30d3a36181ce5a9162f07cfa1d6beb357613622934b2f1c97797f8fc99cb9d828fe905af374371fef2375f48802

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/metrica_client_data.db-journal

Filesize
8KB

MD5
61f63c87a3e16b4127d41e79c788c5a7

SHA1
66366ca5084ac542d986041919a5d431a68a06da

SHA256
15b8824c4b654fc5bbb02c5db1ecb6d6f068559e5351ce3e2f52e47607af4c16

SHA512
81b0b2124da6c5cd48541df2b20915be7f1182eac98b70778521ffc1f5feb7d911a43ba9dfde6bf8f5e29af5c69131c1ca2b181424c9cb97aa573c74e6378913

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
ac1386dd176f55f5720a2181e47255c3

SHA1
29a634b11f7999fe867e81078bada16e147f22e1

SHA256
a87fa61c983c8ca07077116c70b58188845b6b278cd1821afc29d6b2727e77b7

SHA512
41fa93266106161c480184a09d35c1bb20197b31f34ac4cc642280f30e9521858d5f63af571635bcf56690350364d8732173f9fda593c58057c2444366fd8738

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
ca7337aa77b55c1a9ce268f52948979b

SHA1
7e4852344d60fd6b3dd7e1a4cd7d24c05010b63c

SHA256
eb1f6880198814318f360f1bc5bb10a99b9f7493afae2ae540b4afa8cf535c1c

SHA512
a6f039eda42217337b5bc8152851b9aa0179f027cde0cb32d67583450f95bedd810c5b8fde38a3e8a849a7ac0f3d72f9136dcc20a5a613e31685422534dcc1cc

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
e08f8c3f30a71e72634af5aa72d06543

SHA1
a7490fadfbed78ef69878910ad1e4c991142c2b3

SHA256
d2b731d84b375609e4d3fb10caff676c6534ec0240aea1da0299d7c3f5c2f96a

SHA512
01e843310a023206fa1ab4d4959e3d3a0c28ba9e54bcaa1d2bcc5ce202a2e86528b46d6b13f171b316347da820b5d0da8481aa34ea488c0f38f8eafb421617f6

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/metrica_data.db

Filesize
44KB

MD5
706449845d2c5843ca784d585df90d79

SHA1
0eb577f47f0954568c8969a5aac5fce1852c4e27

SHA256
04f0f54187418251e73037f2308cc4405beeba5d3624b4cd8befe83ab1b5a7e7

SHA512
f7dfd8580444622f2429970e530dbc4da3d58b22dc7fe5a7d419583c88f7a52c0b2a628dabf3a6d65f14e383bbaae10d0bdae78f6f373dfc0d1fb0a4df15d55c

Download Submit
/data/data/com.producepro.checkout.marchese/no_backup/metrica_data.db-journal

Filesize
12KB

MD5
9d83a5f284e74c1503abe5fb12d76392

SHA1
bf85b08dfd07978aaea22b5c6a05bd96b538e543

SHA256
4cc349a061cae54a876ec7f41790fbfcfd2f444251e65f65dd65098a3dd6bb9e

SHA512
7752e947c380b3fdca3ea1e46bb7437cd91e8f3da5bfb5a5e657d1809d4e6ed790aa4be86e8b81ff400569aa57cba582c83efe5cdf548b22f1c7f2e7df9191ad

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads