946260ae03876d4a20df7238d22814025c842d0fa45417739af444160f91ecd3

Analysis

max time kernel
177s
max time network
157s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
21-08-2024 20:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b4f7a1f9846cad5edd364cf1f17e2d98_JaffaCakes118.apk
Size

3.3MB
MD5

b4f7a1f9846cad5edd364cf1f17e2d98
SHA1

a97ed5c2ca99de7939e11df0801b5f3122e26220
SHA256

946260ae03876d4a20df7238d22814025c842d0fa45417739af444160f91ecd3
SHA512

163247e7baaa849dd72fc1be1b24525f56a0120fc21054bed107e946de9c10afd92f26837672b2d4745ec2bb75419e0841f5c2c49b309cae180b51a62532a104
SSDEEP

98304:RohWAo3eZru6tvBsYrcnfRrxgzKnUTxWohL/BH2OtywXF3oyVAoVgIS:RogneZS6BBrcnfRrxgmnQzRM

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/sbin/su	ua.FoodSoul.DonetskSushiTaun:Metrica
/system/app/Superuser.apk	ua.FoodSoul.DonetskSushiTaun:Metrica

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	ua.FoodSoul.DonetskSushiTaun
Framework service call	android.app.IActivityManager.getRunningAppProcesses	ua.FoodSoul.DonetskSushiTaun:Metrica

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	ua.FoodSoul.DonetskSushiTaun

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	ua.FoodSoul.DonetskSushiTaun
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	ua.FoodSoul.DonetskSushiTaun:Metrica

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	ua.FoodSoul.DonetskSushiTaun

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	ua.FoodSoul.DonetskSushiTaun
Framework service call	android.app.job.IJobScheduler.schedule	ua.FoodSoul.DonetskSushiTaun:Metrica

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	ua.FoodSoul.DonetskSushiTaun:Metrica
Framework API call	javax.crypto.Cipher.doFinal	ua.FoodSoul.DonetskSushiTaun

ua.FoodSoul.DonetskSushiTaun
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4981

ua.FoodSoul.DonetskSushiTaun:Metrica
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:5026

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/ua.FoodSoul.DonetskSushiTaun/files/ZPkFS.log

Filesize
20KB

MD5
3154c132f6c0ef6d23151580444221d5

SHA1
c88a96c689ddfa9cdd9509fa2de51d8dc36176a9

SHA256
fee3ada2a4a8c0bb873a0e29dd3b701d234400935bec0af332dec79b140140af

SHA512
c1887f7a6cdee9c17752ae58c2dee57d272187d609b9b6760f352eafc9ea0f441ae0560a83f9d94cf3c230e27da1c5b68906e958b866a3b61afe2f493c7a308d

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/credentials.dat

Filesize
233B

MD5
b3aee49780476571d6808409c0647b13

SHA1
f4b9676b8a804d4d98e30798ea7a0480f8ec3154

SHA256
a3c587aadf6146e6dfa0c8e4783feea71a969d518fdf5fe56062a32cdf7af639

SHA512
f88db6d29152b9a4377589b2ebc121e8394db6b2a1722b45e557b5bc66d1d551f4d948d00a001b70b2ab9e9c4bfccac3569c5aae37c9dc7acb5fac5374a2c4bb

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun

Filesize
36KB

MD5
c60083e38e1a281a78744503f8e0d97b

SHA1
89958ba015184e0481c05e29f81a77d76fbf7cf1

SHA256
c5f8d7762dcf00f030e2407ea976c07d82feeada433807d2ab2e36623cd42e50

SHA512
447823b975565b22ff92243baf3b71f766a7cace869666145407132be117c2191e02b826e2683ffbe908b24af47ef45ad07e8e1359f9b1ba6c84ee5154dba1f9

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal

Filesize
20KB

MD5
85855fa24aebfe04ec8e65aba7911c5d

SHA1
b482a32074b1fdcbd4edc9e7c25b4451314bdc8e

SHA256
ae5a8e8f8ba1724aeefd96f281aa9e11d28feb22e216feeae854babeb9c6cab8

SHA512
679e693cce98a37ab3c24676ea0465ba61ddee773bb78d97d3b542ee9e9f09a009794bcb729f727e236d6ebe5f1536fc68c4712679e60906693a122ea7d6e644

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal

Filesize
8KB

MD5
2a451d7989c3b9844d1dafc18e2e9cc4

SHA1
06a1aa6a9855e9427b071177067ae5f15444671e

SHA256
404778d839dc57a3bcbfa76808c0efa8176b73df18fb82bb5bf7abd41492862e

SHA512
924528833ede31e61d80f2772c52798ce2ee1e9d58ad4162e26b7fcb4b8862f9513e617df757d3fd0acbede395d057f25303f539368e10e348af141f7baa82fa

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal

Filesize
8KB

MD5
57ac08bc7044dfc99d924c4e9b585ca2

SHA1
91dba93426629a99374c94f712f92bf5c4c22116

SHA256
c847b4a4e16384e15ba2b49392b50db80df3c28e0bc3a79940b2e19fcfe12233

SHA512
ac46d226125ab23835ff74dc26c8573a70ce18c326645d5a13af781b7f4a951f930d16d14c9a92a04e78c5ebf500bc58e4ca85f4be0aa4dff4d519e9ba9e5047

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal

Filesize
12KB

MD5
0b1b0b43746a050fcb8a071db673e453

SHA1
3127fe20f42f25013e696e330bcae6df5477bb24

SHA256
41ed1406dabfa92d626278e3a337245fe285377686a0e3268bd7969d9e6ce7c3

SHA512
ec4739ddd299285dde97bc656abd490cf427aa59f74afe6962ba25a50348c2f70a94d6a038830587371c6d49d59c04eee8de5db1f3b02a8085d880b25752fa16

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal

Filesize
12KB

MD5
85e4e69883932023214d879d87f7008f

SHA1
221281cd7bdbff8d28da42dd0792b4344a923630

SHA256
619a4cef780c770094445c4fa5dff110c8fce736500862ee64769933fc2c0109

SHA512
f55b797525911094829944cc0bb3185f0bec48bbf549ecd1bbf1a3b630c35a70195e7ff3f6d05b168460f59735c9858292b1bc5016f31e5dd2e6f27e2ba7e483

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal

Filesize
12KB

MD5
c6be8c201b3d3993f986dc89ab724d15

SHA1
e6cb21ffe1e5e7e72a89f04107e633be342c94ea

SHA256
28372e57c172ed1e3f057bfdc339529e4138887d4d6453e03906c336bfdc5e29

SHA512
d01372288e38b7f26ba9ad76e0a50a8c85bd04030db6916530ff36f23cc3043077c6cdd744af916b795e443d2bd6751bb73a1500b0c5339d71e9a29e5e622552

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180

Filesize
36KB

MD5
26cdb1c07d1f869c48c99ddca5b4798f

SHA1
c15553d54d2249d4ee076e7ebba29bb8f8ed886e

SHA256
3ccb612770703cc6e4686138cb617a9fa3e075aa18de36ed264acf4038af52de

SHA512
8dc8a9764c58f3aa8a4ca5b95c08f0750da4d10f6c149c23aa783a626aecacc282e5ec6dfac5d2f3adf02c9a2b50961c10f037bc7976bfff714a9dcdcf277c2d

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
512B

MD5
edea366b032b89d1b200d1fc36a24523

SHA1
920540afc09566c4f42e30a5916e36c1092c15e5

SHA256
0a051dd77cf47d4e373234b6e5af4fb809780f014445516e6bfc322250c987c7

SHA512
6d08349a2ba96fd3b92c8ca1d3a229ac9ff7ad45d91a39fa8fe91e5eec637a61a6c88dd14ae795314b5d0e6dd78e6fa567d0b95380bc0d0d976329535cf2d8b7

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
8KB

MD5
62132a510667f4a32afbe0bd40806f52

SHA1
fe789cc64857c4fea877e1b0e2b710cfb54983f4

SHA256
136b4766d5b23083ef9f09eef461704d38ac6ac7b80983375a9d28205071a646

SHA512
45bd391998df1a50f37a56717e4f2969ee6b6e6444579f1561e382ce092636879bccb73026efc44b75e7ccec32a4c2f83a3011a1cf5b065ab19d97b018768c0a

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
8KB

MD5
ba7238e5b47f9add5c9ec2367360adb5

SHA1
f2a56e405840bf36dfdfb4e78b11decdfad4398d

SHA256
bbe7f99e6f58449f1fb888d51732b5f5d1c06a1063a9f8c13243ae9adf453d06

SHA512
c913554fcd5879b4fd85ed530aa3357af8022a45c5ada561e4f4f37aafe993f153e0830b982354ff2d46027059e56faeed31c57162a37ddf0b2a9341d04e1a40

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
3ac382bd8687884ef40a660196fa667d

SHA1
3e68657a08a24da6b8758eb0780520cf0b7d56da

SHA256
61d9c43510f159b55de66b481e8d979cc053de3addc662e9973642587be98284

SHA512
6b436af7c5b19e2a8a1db3a0235b5d5837e76bfd86b30f36d9eb532ed8c4fc47665fd328e11b03c5af91582da899fee156d36dd8c930cc45ec57dfab04b85e31

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
5b56276cc50b403111cbeabe1d4bb2d6

SHA1
8896ef25ff367b9bcec30c929524b07b5dfaee74

SHA256
cd30da4649f61c312622c6fcb456e46e72a48b48bae136f8b9fead9bc7275c7d

SHA512
939914e327bd559bc749610ee763288a398aab7d9a43e7640a419d26d7011e5e71462df93ef2b89d5b506395c039171cb8278e3c99cd3f7d315c36cf406a54c1

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
919e9cfa0601a1aa0be5c9fa695143dd

SHA1
67c25e603a71d8662388807749fa1b1030b80f64

SHA256
c347098150e9ac3502ad0b6533ab32c28d5786d07b85521f9fb08542f4dcf641

SHA512
98b916a117380c76741f4b85961a14114226f89c3fedb3cdb7763aea3ec4c246d59a89e96a7501f6a5756ccbecb8dd224de227ee8c06bda65b37a63c5ba49529

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db

Filesize
20KB

MD5
b0225da0e3c108785c27586fbfb332cb

SHA1
1b8b3361233203563f1ba3335d0de2678376838d

SHA256
483ecdb1bd861dbc08d9ea2271be46f08464c1df37d2f1ef4c50493df0f0ca10

SHA512
521d8e76626e72add86d9334550671f33196a45bca5e3fb0d9da6f74cb62b9f2b368026cd5cfce2bb37f2c94804200aefc4f6c18bd1b35340ce7b97cf7ba7088

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db

Filesize
20KB

MD5
89037a00eb158e168cbce9b871b007d1

SHA1
a441d16044acbf98d96d6c89c179fe25ba4606e5

SHA256
31788d10182d77e1b72cac1498426b52678e82d47c700362e7f346b8361f2dd2

SHA512
8ea0d0f8af19a56a7bcc18972f87b4c0c612f1a9252a5499079efd2047ff0994b6b2baa4b4cc2fa4f244e894e605af897afae3d76b5e6d6630e98fb52112d02f

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db

Filesize
20KB

MD5
d42c53299c3c4ad9393a90a7e43f4e99

SHA1
194e6b29756f292bf1f40b6ca6db974edf68bbdf

SHA256
f55fe021e6ae7e8f37e1d5f15afabc6b8138f30322bd549009dfadf0e9b7a955

SHA512
bb0bab4096c4f9dd036fb61f1d208b0c4137396a5a3e393975f41be7d08303494c898bec6933ac70c18b790c57908f6b6f0f11a84107b53f8484a763bf59b8b7

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-journal

Filesize
8KB

MD5
315302a34fbdf0960af06173dfd0bbbc

SHA1
8a25a8af06fc8f2e3e1de1054192a5f1e7d5955c

SHA256
c0884f55be1bcab25da82cee9f236f9b40ee3142f775fdc005cf3145c83af1b1

SHA512
03ebea7345acaaea5ff0cf38cf8c1dca4206784d5f5984b2ae6a5b33490ba253f3768b25381198bcbc3f42ff074877a7660cdf8fcc3b5714087f71d43b6c4c52

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-journal

Filesize
8KB

MD5
6ce53529e33c6d194b236a825ea1b612

SHA1
721f21343ccb4e26d04226f741b09215b06b28fb

SHA256
f3404b6d5f5dfce4bb89562754edd5cd5e8b9129fe583467cc30f8a58590a7ae

SHA512
4a1afa9dd1f54ba674ef26d7b1848ee29f0a22196a72850bee999878ec49cd98f2b8fb3ee137e80cefa488d18290e9dea175e304a3a444f227b89d930883998a

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
43c9265b15f8078e1f92ab0872ad98d3

SHA1
2b76d2383dab2f5296aa3718b065b694b606ba9a

SHA256
d1ce3610afbda4394f006b3a0f9bb4cffa0b9041f536475a5295b69c3650829c

SHA512
8a8caa8513812f30c8d7f276b355ebd0cfcaa2d8dee21dee117fb81d91595de5150abb31dcfbdbef86da423cd719bbcaf22e58011ad2bc57703081cad6e18f3a

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
2601422f9a039ce60d95e9df952a7193

SHA1
e4e1e4d06a5efba80a05b078df90f78c3282c566

SHA256
a1d272c9c7c12eadf1196e921b0a4644558036d3e00be1b6d68d7c8c6ba7d059

SHA512
4362e1bf0eaa8cf0da7486e0ca8d364da30a89ed5f47e340260efb8b28ceedaec291224dacb16a8336dee779d45e42378668332ccd25211a3f9d396354c4c9ea

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
c9c561060ec1ba3c1302afb42edbfcb5

SHA1
115f31465e6022690556e4402aab1895a968da1d

SHA256
fd3202fa3f9b14496ce3afdcd76b6d3cbdb33909e78a50c2011cc5f817374a8c

SHA512
3b8c327f3d57ea4727e57b08b950471379669b904c78c17939971d8f68faf52eed59bfe5a4a4a8fb72f819cfb386975d9fa32ea9b1c05053e92e250c816b78cd

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_data.db

Filesize
44KB

MD5
8118ef98f8ab64d92ad66da317973ccc

SHA1
f1c31c7ca685f072db55173de3adfc9fc5e90a78

SHA256
f609b21d2942beb7bd63c252775344a4a388686569b9f5445034b0cba10b2783

SHA512
b9398c94f9fe4fefc36d1930bf43aebe3d099876a09308706d279de82c6407732d3a1bccf9fbe8b86ce0eb5cd6c3035165d6bb0531fbc4615573f76a85a3793c

Download Submit
/data/data/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_data.db-journal

Filesize
12KB

MD5
e758ac6d87e048a080e112ad34816a8e

SHA1
51640bc3b27854770b158e7bbabf1d71840e450b

SHA256
f2a2c4169d57c5b045d8ef5e4c7c205d37c3e57b7e48bb6f4fa996a9bd11f0b9

SHA512
ef8dca5ab488212490503bd5d9aecd57410b4790edc2742ace36fd687260e94d6b060e3a50870f8886086adbcc9cf7b5188bd6453b41ee3aaacc577918b7d1f9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads