8c2d4771444425280f56063ea077c99964cef55ae3bd52ff7908c7b74a442082

Analysis

max time kernel
178s
max time network
147s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
11-08-2024 21:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8c078cf6742f85e62c6ce16f1a6d411a_JaffaCakes118.apk
Size

3.3MB
MD5

8c078cf6742f85e62c6ce16f1a6d411a
SHA1

ea7f5b548139724181aca2bdad56df031c2bafe5
SHA256

8c2d4771444425280f56063ea077c99964cef55ae3bd52ff7908c7b74a442082
SHA512

53e4d1bc6b79403e0c384d45a99f26f1b84c7b0c1a0f3c14754561bcf88ff8c0bca087f26a2b632d6b10415219f023caf87b7c2490158cdcde3fa5d73729ce00
SSDEEP

98304:fPrL/jD6ZNvBoknQqBDCirqDMaepvb3LHOtywXj3kYK1pGP:fDDSZNKkBQe5u

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 3 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/sbin/su	com.producepro.checkout.marchese:Metrica
/system/bin/su	com.producepro.checkout.marchese:Metrica
/system/app/Superuser.apk	com.producepro.checkout.marchese:Metrica

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.producepro.checkout.marchese:Metrica
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.producepro.checkout.marchese

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.producepro.checkout.marchese

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.producepro.checkout.marchese

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.producepro.checkout.marchese
Framework service call	android.app.job.IJobScheduler.schedule	com.producepro.checkout.marchese:Metrica

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.producepro.checkout.marchese:Metrica
Framework API call	javax.crypto.Cipher.doFinal	com.producepro.checkout.marchese

com.producepro.checkout.marchese
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4511

com.producepro.checkout.marchese:Metrica
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4560

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.producepro.checkout.marchese/files/ZPkFS.log

Filesize
20KB

MD5
d01115ab3b3ab6cd76adfbc07994cd9a

SHA1
2e7e72949ae2c3c9fc3faef4ff50f29153ce10de

SHA256
477bd41c92d45d060b57856b501048725ba8cd344d54d65459d2f6a0d5c38e68

SHA512
bdf67bda728f6ba75d0f993d24b0feb954d5cbc369d522ea553400482ccb65ed6c9fb042608d7ecb2940bfae1df0e47a7cdb37409561581c8aa31a774334092d

Download Submit
/data/user/0/com.producepro.checkout.marchese/no_backup/credentials.dat

Filesize
233B

MD5
1e1427f19e90f8038a8c0628ff8e045f

SHA1
abc78fd1de677d96f8e901f619d5505d58c73943

SHA256
6cb91076302e8536c767bd3168f2d8173cd5c3b98d4c56c3552b8e14e3d196e1

SHA512
b7085beefeed24dab4d4b797453ce66bb8867dc6272705dd9933a2cde33eff1a37b1f11a901a1c8bd4aa774bb0006af148ce04dd5552745cbba014080593750b

Download Submit
/data/user/0/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese

Filesize
36KB

MD5
53961870acf56ba91e5609dccf567068

SHA1
918499217cc0b96a5f6472df141247d199a651e9

SHA256
02cd32d4819360b863345300ca197ea9b345844bff2c4d28100c455c7a93f103

SHA512
3e6cb2cf7ca06fac21bc102e8cd401497067a1ea3a2fa318b42e62aa3e4bde93a82f54806e448e21be6461bd4edf6e152285dba53104ec475d73e39b02d59c5b

Download Submit
/data/user/0/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese-journal

Filesize
20KB

MD5
191660889034407c8495091bdea600d9

SHA1
01d078f03a85f48caf79d8e1e2e2f5a71f095e69

SHA256
08f6ddaa777ceead2ff960389f862dc658f3d7c6114df0014af77cd181b21b67

SHA512
2248c4db22c06579d255a77824e36d3601e095866f6cc9adb6a941a97af653243c0366263f140cc65fa87c7df585847db7c07e979d6b582f552f86c093362eec

Download Submit
/data/user/0/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese-journal

Filesize
8KB

MD5
560051358104d6aa80e5390540c9d071

SHA1
cd8d86286d4c5a248c6fa03a6025b9d188b10f3f

SHA256
a4b967ecb13eae1cf6e137ce789fd3fa634eeb091b92c792960e637263bd7aa1

SHA512
6ac1eee0b5ea4266625d43fa30769c51ba0be9a10efc6e22a00b6e8c5820237ae0899bc08411e030e00fe53ae62778ac062744990ccb893824e551915d21123a

Download Submit
/data/user/0/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese-journal

Filesize
8KB

MD5
a4f5b3c489ae13071e9a6720b9684d5f

SHA1
3a3be8a1e3124e118f7d6169390731181eccfd97

SHA256
6c0fe7fcae2997b04a006e1a8cdf12bef2869a09fb2a60198c78237915bef2e2

SHA512
50e3af09625d291e0c113008601833b7185df773c45d920b15b966e47b3515ea04707175338fbb545d3012ddbf0d66fa9da2eef9b14637ca585955d2ff330848

Download Submit
/data/user/0/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese-journal

Filesize
12KB

MD5
9eaddaabda9ae4cb5cc341444e52cf26

SHA1
9f61736c96c7e8ec2d5709fc3ca8f684d8a0134c

SHA256
5d0be15714aca0e969af9c8487ee3934b53844eeb45e90cfed24fe6223d8c1a1

SHA512
fca0d68d742476bd13fa73a62318f7543a7ffdb9432c5a5c26ac45322324354de2002902edb90f7349288da8c9a7673520184884933d9a81eb8f73fd181fca10

Download Submit
/data/user/0/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese-journal

Filesize
12KB

MD5
c6fe2990f1f2c35730598c32ec5f685e

SHA1
0dc0c297152c65531919a9d77f971576241dd675

SHA256
c090cb0b827df6ada7c1d0835bf1e5bb51b36b16bfd539c451cb810b50607955

SHA512
72af78d43e623d7aef011688cc681272f680aa7c0a2864d89c7ad4e2727b75672b7a1224a5fc9e44f8c3364808ce8ac800a6c3296b360ee4a6183aa81c26ec11

Download Submit
/data/user/0/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese-journal

Filesize
12KB

MD5
6f4c80520f453aea571a249400dbf908

SHA1
043ae46e224ae7f707fbd7da008e6a6f00bf977d

SHA256
686bf2a40d89d277c8db3d0be5312726e013cc6e8027e25cfd4f699ec4111bcb

SHA512
aa8005473474abeb71b3fc3be687d850466e878fecb6813facc5b921b92e71be9f8f1ac8eefe45141eb2a7fc49e4d9da69cb7e798f0ba87f1f633beec2ead72e

Download Submit
/data/user/0/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180

Filesize
36KB

MD5
14030beecc22bd97be75588f8dca81cb

SHA1
12a069605a87585a4c2d70648f7fb9ac418f775a

SHA256
59e65a4fe7d0021a70106cb4ef76cd96f3bb7803dc25eec93959f823bf23d8a8

SHA512
cd3d2b329da82129109d3e93ad2efec568d90d54c712bb1073ce4cb9fc6ab998227d4e8909d1431ef1dcc4b690d8db045b9887bd480bdbf1a87f0a0f062f4c65

Download Submit
/data/user/0/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
512B

MD5
90282f6106bfe0f587fd9f7b00b19422

SHA1
2daf5a0430fcdcc237fac086284ddcb812283da3

SHA256
f508deb0419bbdc8ab210cdf0bd19c3c4204ed839410ba62c3dd8c22d9ea9ee3

SHA512
45038c4fbf62581f2d259a67ff96a3b14bd6e614c1f433d864ddcdf7d005caac69bb0282cf6c8b9a3d4e99313a428a0bb6b94bf7426103ebed1b35405b9e6253

Download Submit
/data/user/0/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
8KB

MD5
2b6bd88803c9d607c8ad3056f8270d92

SHA1
267e31964febba7c1d45d260e8270b886a3215a9

SHA256
169da8644a236200c9fa8021f121d08960a56b715dc734ab026ec40e7c7483bc

SHA512
db4437a53dc9b988d30f07bac8497afd31fec393fb1c826341445cdbfc554e2a508b556195125d91a29a35e88f5b846075373c603d5e1622fdf4e426341c7be4

Download Submit
/data/user/0/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
8KB

MD5
28857d189946d92436e39a641fdb1485

SHA1
357c6ebfda166cf57bc8bf130852abbbda13f7e6

SHA256
771167c41647b1e432cac11602c242896a9d34b6b1236ee1db018cb66825db6d

SHA512
341ea5a74f268c82caa3b09e6d5e45c7a116044f203367d10b1b82457bfb571286dc8d502591997af2a33bd58b2649379581f36d77b2b27c73a3828cdf4c989f

Download Submit
/data/user/0/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
7f815766725d0c72508376c4c1b59491

SHA1
450d4ce3fd2a4fb2cc0c67576081708d3b8d44be

SHA256
69537ece1ad675c4f174d4e346d3a35a654f626387b789bd7a64c924377d9d72

SHA512
d20be29bb9275b50bb10e32ae8e3a0e5da60264afd0e08a0aa335bdeaab83d983740fa14739dda1655a5ae40cd1b9b245a4ac4a96e2b5ee5ad243fd740e0ec25

Download Submit
/data/user/0/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
f9ab0941535e96c07b93fb897f8fdfae

SHA1
21c8ad44df1c73e2dc721c856b132c306051d3b8

SHA256
140d952ddc3d8290eafc3895c0d1f4f43083aebc0be4d406d0c65102cddd56eb

SHA512
f501469aba73e4da7bce42982eed7f79913e84143aef57d1fd20042d74007ac18cb10652cb795bab44f01fda9951c100866accbbb050d49e27daeccae47b6210

Download Submit
/data/user/0/com.producepro.checkout.marchese/no_backup/db_metrica_com.producepro.checkout.marchese_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
02160935aba6925e36399897db439e7c

SHA1
55dd1f0955dbda2b4252af814357d80c779b267b

SHA256
f93eff50eeda21a45d73a3fda2b4a96200a76e944a32fb3e60087194ccf6e6ed

SHA512
ed910843d08e8e28b08788b857dbffa35685003fc3fe445afd0d94f03a085c5e4bc120396175003ce41c672417bfc1822b657b4d0db756b7c148ae914daad3d5

Download Submit
/data/user/0/com.producepro.checkout.marchese/no_backup/metrica_client_data.db

Filesize
20KB

MD5
3285f6de190141af2b72b68defae74bd

SHA1
8731226b9e1dc13089f45ef1949caab3a547c414

SHA256
e4b81337ea08a17ad08101ea5347b90d34a3ebd78bf76c1577dedfc04a8cc5d7

SHA512
1d10f8d832a7dd90ae54458e51c84834bee720b4d0722a115733fe8802fc3f07f43dae06e4615a4531bccd54abbd3b9897750032c0f4720458d886f3d8c5cf97

Download Submit
/data/user/0/com.producepro.checkout.marchese/no_backup/metrica_client_data.db

Filesize
20KB

MD5
e5639b469346d3d19c79ae3bdc2f4a9a

SHA1
b4d9041b94176f65417e63e77f0f324b81e8dded

SHA256
cf283c9f2c282ef339f1ac0c4eae7d6f44f86bc1744cbf8a9b5703edc7368aaf

SHA512
273aa09cf7f4de26661bbedf2ecd180b5adb537022cd824d2185beaf7eb1784bd1ea1f1f22c01e4762729bdefeb81964f1a47f13e90b883beb27ce7c8d1f03b4

Download Submit
/data/user/0/com.producepro.checkout.marchese/no_backup/metrica_client_data.db

Filesize
20KB

MD5
056f1c24c1fb89e58308a49157943276

SHA1
fbbdeefdf643af3ad656bec6bdb630d3a8052d8d

SHA256
d36dda9eac741c26a36a59271a5b51051a8bfce873e1d16f0dd03531fd7b6ef4

SHA512
fe2a087b3ac693af9f5839adf9662896c9239110890d09d018501692966ce4800d4fea67636569270f2abf53328c93afd90be92364966331b4b662b12195d044

Download Submit
/data/user/0/com.producepro.checkout.marchese/no_backup/metrica_client_data.db-journal

Filesize
8KB

MD5
4f10197cba37b9e9cd969365cdc09f01

SHA1
bea412dcc41f552fffa8f7a5569ee48829dbce64

SHA256
592adb0f49434f44b46df2f701234d22293f4d6946066e4e309f74f0aeca6eb6

SHA512
8cb50a4d272cb33240ea704023e3102a8ef058ba0315d72a63e7184a97d9e3de718c59ebc3ee44c0d5ef29c0c9baaef5f66f977458b976ba82cee80423c6dc2f

Download Submit
/data/user/0/com.producepro.checkout.marchese/no_backup/metrica_client_data.db-journal

Filesize
8KB

MD5
608f4cefc663673cd019a059954344a2

SHA1
6416a3c84eefabb1bf04cba7ecba960d0436fb56

SHA256
3ad8142b84d39c8e2ba6bc57ddbbebb58112274b065f8c02b19e0673ef98024e

SHA512
b60ed5568a8b8123a376456cde074628f0035de8546bfe7642a25d772275cf4a5a885c032cfb9867a9f7903fa739b4de1b01be1ae6ef2d487e2ee73171e1f312

Download Submit
/data/user/0/com.producepro.checkout.marchese/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
a8b544c190feb364c4eb28b0161a011c

SHA1
9fed4f1856a5ab8386cd0d001c995c38063588c4

SHA256
acefa9305db915e4ad1e88d465fd840d6371eb4ad68eb794830bed6abb66abc3

SHA512
7d5f3ab2587e8e7ea7a609b99c452715624bcdfd13b103bd565ae32ecba30601cbcb441d2454ab394471bdd326dac107ae2b6292ce27a4b789c3c8c1ad5979c7

Download Submit
/data/user/0/com.producepro.checkout.marchese/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
6090be12eb858314534be923f4b6a1cc

SHA1
f80234aac7d4b2c8b33409af3b5af99ac147d678

SHA256
22ff0a0a9828ce8b5471052932d01ef7f59c382a086d1f7ba531c0b025aabab0

SHA512
b776a406ea3d3dbafcf14cd02dc31ed70fb4199a849f03f6ea9d6ca484c87e7a79529d52d143298b63fbe6c62cc453195a1f403a9d097eff3f59ccfc8d3e856b

Download Submit
/data/user/0/com.producepro.checkout.marchese/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
b526763519f4817e13d9e3b7d489769a

SHA1
1815071ff4446265a772c5c191358305e95f36db

SHA256
fbd67403a4dace024dec066c4d508351f8d47231383ace07726e6c95b96df854

SHA512
43578d047b10b88ca6ce0d4a40275f30f057ab44fac3d67f517cf0f0ebf1bdebaa07421cacbe05a2ddb3f7c6c25d7ac8b0bbd980cabca107cb39e64e44650e48

Download Submit
/data/user/0/com.producepro.checkout.marchese/no_backup/metrica_data.db

Filesize
44KB

MD5
2ee28f8c9411f876aedb80aa09565b47

SHA1
56925e83f5ef5b7b25993dea8ace626cd0e9b9ae

SHA256
a4416c3a05729f579795bf305f019ab6ce3b3e9c027e9c6165501178fe9f219c

SHA512
6de6c23c7eca1665b4b8ae8df62addc887c7235166c4ca4ec0299efb84a2f1224c1eade12d48f8b362a9b2446cdcbddde63a06512fdbad05b34c8845fed158c1

Download Submit
/data/user/0/com.producepro.checkout.marchese/no_backup/metrica_data.db-journal

Filesize
12KB

MD5
c2dcb01005e8e71036ee972de62c3509

SHA1
841d15ddead0be32428cce0ef500b48f400f38d4

SHA256
931b71ce778a51561dac0f7606b61b3b7db9cc3569b7ea15d118bc74f0410c1c

SHA512
3b4a837ed38a395e4de844bdb5b6a2b447b1b44267b3a847941aa9980e943f485d51098bc1487aa3b6c08b37537f18e095faf31e0af6cc5d6d47b24f47f0e507

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads