946260ae03876d4a20df7238d22814025c842d0fa45417739af444160f91ecd3

Analysis

max time kernel
178s
max time network
156s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
21-08-2024 20:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b4f7a1f9846cad5edd364cf1f17e2d98_JaffaCakes118.apk
Size

3.3MB
MD5

b4f7a1f9846cad5edd364cf1f17e2d98
SHA1

a97ed5c2ca99de7939e11df0801b5f3122e26220
SHA256

946260ae03876d4a20df7238d22814025c842d0fa45417739af444160f91ecd3
SHA512

163247e7baaa849dd72fc1be1b24525f56a0120fc21054bed107e946de9c10afd92f26837672b2d4745ec2bb75419e0841f5c2c49b309cae180b51a62532a104
SSDEEP

98304:RohWAo3eZru6tvBsYrcnfRrxgzKnUTxWohL/BH2OtywXF3oyVAoVgIS:RogneZS6BBrcnfRrxgmnQzRM

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 3 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	ua.FoodSoul.DonetskSushiTaun:Metrica
/sbin/su	ua.FoodSoul.DonetskSushiTaun:Metrica
/system/bin/su	ua.FoodSoul.DonetskSushiTaun:Metrica

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	ua.FoodSoul.DonetskSushiTaun
Framework service call	android.app.IActivityManager.getRunningAppProcesses	ua.FoodSoul.DonetskSushiTaun:Metrica

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	ua.FoodSoul.DonetskSushiTaun

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	ua.FoodSoul.DonetskSushiTaun

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	ua.FoodSoul.DonetskSushiTaun
Framework service call	android.app.job.IJobScheduler.schedule	ua.FoodSoul.DonetskSushiTaun:Metrica

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	ua.FoodSoul.DonetskSushiTaun:Metrica
Framework API call	javax.crypto.Cipher.doFinal	ua.FoodSoul.DonetskSushiTaun

ua.FoodSoul.DonetskSushiTaun
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4481

ua.FoodSoul.DonetskSushiTaun:Metrica
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4530

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/ua.FoodSoul.DonetskSushiTaun/files/ZPkFS.log

Filesize
20KB

MD5
d01115ab3b3ab6cd76adfbc07994cd9a

SHA1
2e7e72949ae2c3c9fc3faef4ff50f29153ce10de

SHA256
477bd41c92d45d060b57856b501048725ba8cd344d54d65459d2f6a0d5c38e68

SHA512
bdf67bda728f6ba75d0f993d24b0feb954d5cbc369d522ea553400482ccb65ed6c9fb042608d7ecb2940bfae1df0e47a7cdb37409561581c8aa31a774334092d

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/credentials.dat

Filesize
233B

MD5
e529dd6be69e4cfd44dff7038f12c337

SHA1
b309a30b5ca52b61c4c90eb4514a0602f1270d4e

SHA256
4ac779d67486a195c9d5aa94a46de5a019ffa0664bfae646adc40bcf9a1e5c50

SHA512
82770f39f0cd59e55b047360488aa26798da78c0fc16d8ea776016c127a1195dae79ef0671af6064dd6b1ce6be9d0b21c35f06670c1a062fb5f6ec9ed90288d8

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun

Filesize
36KB

MD5
68762c57fa8ad3a6ba3ec91a03a8f934

SHA1
5fb35311505d0c8e322462883a0cc9bcfca8d7cf

SHA256
cfd62540549af24c0511ecb1e2a59ef1b252a29e99c7544490a12c6fbc2df828

SHA512
a4b91d8cb134bb33436f418958a1a7f9ea570e421caab989c88fb2526344e883217eae3c38f3cc5ce25a3a78bbc4ad5911b59bda3ddb3562062bb1c6cce5bb9b

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal

Filesize
20KB

MD5
cb3bbdd7a3e72d594e0600cf7081f2f8

SHA1
948ffafdfe7b5c25df3506a148ef3b97e69ff923

SHA256
9c417987f430bff9b3957a86eca319455e8484fa2265752cf4168262f8ae1199

SHA512
c85117e7123866ead9830920ddef68875637abd5f3c2d8cab9e180208b14417234e7322bcded16b5fe6e4b8f80fe1045a8032bd582061f11b102dc44ec0c3158

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal

Filesize
8KB

MD5
c2cce4180d47a02470b91165bd4b16f9

SHA1
5f40f992edce881365a589be473b4d285b99310c

SHA256
d8571a7264aa1bd82af5013b5faa2b8d3e23fd4fc5aa47e745fd12b14cac856a

SHA512
7610ccb6b6e0580e18ec6b42e2fffaa50794cd48b2d89fa7ae983ca981b49ca51a93b5c00800006925745c52103c5377acf98be2800dc299fcec514f019e64b2

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal

Filesize
8KB

MD5
2f12e99ae5c70a2a36249efb51c203e1

SHA1
977a038e09620b509bba2acd26c35f34130bce72

SHA256
b5a496d494db18c2002775589b150287edbdc6bde0a67acdba57232e24e6ec67

SHA512
6cde15c9c8a59d3021cfcab3fa6ea11e2762ce9ace37c5fb0a459d5480ac147b69dd13c6b940a0f495cf46636f8bb21154de01dd9b23250c0378f8d068557c0c

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal

Filesize
12KB

MD5
712df4809cc4828e8e266dd83925fbe2

SHA1
c41075a08c2f56a801a490062751a4cbc8b42ac8

SHA256
34da9d1fa2cbf0ef300ad5b1e7a19e2c0c34513445f19ce95de4bc27391e9c80

SHA512
128ae746d96a0d6318929d7082ec6bbf956ddcb2f49c630ada02ae05ce1d40389589ac0fbd751ef48b9477390572b2170756d04526b08e608e4417b362ec86c2

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal

Filesize
12KB

MD5
68355f5386442d3f3e49255df2c52377

SHA1
9398549ed3ef6931ef32f66b8bef6f92da964be6

SHA256
917d43e29c83eddfd5442abcfa3eb1ec959f574c6b752cdd26ec63130c57abe4

SHA512
cfb1ad56e766cc6c595d84809058aab3c72bed3639afe74ea62f49d4c41f0da1154ac75627b9de5e1a16bc60a7c2d7789c65071614728537b3058dde49e8a04b

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun-journal

Filesize
12KB

MD5
1d9a3493e4fdb24eb4685441755af485

SHA1
8902bb3405c6f7ec94672f9242f4fc38e8878333

SHA256
c48800b9da11f75a8809f582d4936fb41b426ae3e8d7ae6a586bc7a41130c89e

SHA512
50a073e72488f2e8b9e1bdf266a3b62ff03b858e6c51c705662058ad9b681e32661331b766cc5699c0bf4bc7aedbbac9e09865b7b0198e0aa3d73817c2c723d0

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180

Filesize
36KB

MD5
3aaf7df5442befb4597dac7415005bf4

SHA1
35c3d8e33770ba08d04f49b81a712dc82236db4c

SHA256
cf041460973c7ff1fa4ad9d0634bef40ce64d7a8a0cb338c411737e149e5137c

SHA512
f0cc2142eb8d1f0d4399b5dd5321719dffe48607f2bf72d1c60eb2683d7edda6e2d53eabb1eebee313d321e7fe02e856d318f4cbb68ba51266d1eeb91d637ca1

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
512B

MD5
701729594324455bafcded22375c38a2

SHA1
5fd6d373b3f383fafe78f8abaf753739f6bc8816

SHA256
e489dac6dec1681b3e6bbaa31cd1c690a55f2ff491d24c1702d140e4c63ee7c9

SHA512
f7ce8458ffe063f4b1de3337071b072e7fe66f1363c259048a0083cb99632700588e408c312f680b9b80b70090651fc8429818f4565a1baac1b5c6c9c7282050

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
8KB

MD5
68ef4a0eb4826104f271c108640f8160

SHA1
4d7fa47acc388237127e334025017ac396795e4a

SHA256
76ac64696bf362a6aaf3f85aa7832d181b4c59d5ddc2d169c06e4c7413f80467

SHA512
6ed175474fc8afd0907b9683f64d82dd32c209ea4f8b164d9cac1f7083f1461ec5c377330848d56712e1667ab173749412b21aa54cf0164439bfd28a5fdedffe

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
8KB

MD5
c54a9faac30ee4407ab62eface1ef441

SHA1
92a77b1c528940ca77509314f08b4147dc26fa3a

SHA256
d116ed895ec2d49bd3bd4afff5aca9df21ddb34d683afab1c23368f7aef2492b

SHA512
8cbea5a1d46c1cb92993d340240a8f3edc3526c3d72a2bed269842774ced2a52184306cf7d0a82fbc86711040bef289c45bf7247ab137ea33414240aefc930c8

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
d5d76900aa06f0d90fe2e9e363dc311b

SHA1
d022d58b751c812ea073399e9eda43e5f342087a

SHA256
c7c330f8e885dea13b5157933536c28f448de25ff43edb31b1433274319a1735

SHA512
c5e638b97a19195d007a867ddb49ffa589aeb66a94455e48468232c74bb5c574c6ce2efbbcf6830ebf474cd310dd6c1729d2eb4541fbcf9b5b6eafef6d1a54f2

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
9f38d175fa8c236d4f44cc725cb34c0b

SHA1
79b724abdb75746f88c59d85605c85da61b4a38e

SHA256
150023943fc4aad9e93ba2187952349ecb67974de6e0c7449ca5914eec10a75a

SHA512
5119389ca0923ec69e736230ae1de4d92f286267901ca47078879edda92a7bb7276fcf32717add9a16b01b0844e74f9a271088ccc800c64ccd256abbe36d06dc

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/db_metrica_ua.FoodSoul.DonetskSushiTaun_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
74381bd2e89e189b285cd63e87ff803e

SHA1
f55d876929250ade837374d503fc85e04734c5c0

SHA256
64be24a961fd006fbc4e5c0405bea52340e6b5b71ff567c54ac9ab03ea045c11

SHA512
9b80de237277854186b1b6141f3bd2af7cf83be54f10d2c3d9dafe5b82c7797f4fbd1f9fff5773d8459b0e4780d22536277822003eb8ddf24587dc41a5aa60b9

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db

Filesize
20KB

MD5
b6291c5443b27d00844117a84195aaf1

SHA1
54d85408e3b4e0cf1416816b6e6315110e69de17

SHA256
e6af28a1d797069b1cfee2b7b408f89e54900a3626cda50f19af61fc12d94144

SHA512
dc02073da3ef7cf2bd690885492dcc476065d3656f7d9a6a726e9233e430dc404492dd5aef35631b7629f5b01ee57717ed57428792823b10f35965823925f7fd

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db

Filesize
20KB

MD5
e5639b469346d3d19c79ae3bdc2f4a9a

SHA1
b4d9041b94176f65417e63e77f0f324b81e8dded

SHA256
cf283c9f2c282ef339f1ac0c4eae7d6f44f86bc1744cbf8a9b5703edc7368aaf

SHA512
273aa09cf7f4de26661bbedf2ecd180b5adb537022cd824d2185beaf7eb1784bd1ea1f1f22c01e4762729bdefeb81964f1a47f13e90b883beb27ce7c8d1f03b4

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db

Filesize
20KB

MD5
62b7bd1d070527b682308f8223d1eb67

SHA1
5436b4180efc787242e2e3c6055e4a3898e0bbd2

SHA256
0b7536b7aa53368f2e5990d2a1c81c4e6315179f78113d66a1116d6be9153798

SHA512
65c49c3bb9e74c5b1fc601bf9fd935da2dcc29325280a630ed118ecc50e843e6df82d68596cc43f3811c87507f140fc80c22504feef99adb97ccc37aa4425138

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-journal

Filesize
8KB

MD5
68e123ec4f27738d5b4e276b2388603e

SHA1
25e54eec47a179a2bbfb3480c40b927172aeb31c

SHA256
4d2b0c6e64ecb69eb29051cc1e26d14e9c42062ea85ead32ec5b16ed05610383

SHA512
2cbd65ab29bc3ac2099164a36cfa2af45a8cdb1a1ae073f76dfb9e67db55541fd996946ddea06ccc2daebaad697b29c81623c2f64e45cec1db179000441a634b

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-journal

Filesize
8KB

MD5
10a0a249fdf326c250ed51a2eebac178

SHA1
5ff5474847ab774e223b1eb56fdc482e17ad3d03

SHA256
13ae99d8f0aae5a65a55d70ef1104a96f35840de1f867923441d62d336a81fcd

SHA512
431f8c4db77ced88fe44708cde0198212cb27a77d36a89b8008756dcc88ff03184ef798e0e008a9e070e973bc9bd8b3521ef441f172fd391fa6bf1773d1b01ac

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
715781c41157994d19bc51f900146578

SHA1
8289008103a53f9fafc263ce9ddb80c5c03bb1f7

SHA256
f4082b96508f6d5132ed77f99f22d5bab6897e8fa02afadf0f1484d0d712f44a

SHA512
196345bf87ca83406afec87c50e2636009c2769d9fc59f36edfb9891fe92e96eba9df37a997440119c5a1ba85f21024b61fd21b6eb66c6eca032e3bc344e8672

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
5419179b24f14baf08e359a88aa25af0

SHA1
5bd9e9fdf0dbc4760b89e0bbeb7a1db4eadec2bc

SHA256
9813b34c31b25551b783026237a491fcb7ccdc093f7993845be038a18cb07051

SHA512
aef7345bf9a6d39b21d6335296dc7d5e72fdad64e11b2fd553c436a115885df7eacc19eb388acf68fb2713144a1313e69fe215c9d598570d8bd366eae8e13c5b

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
f4ff32bd8977b569699e6dc4e1f77e01

SHA1
02069360987d74da62234f24cee99f1e4c6f2eb5

SHA256
8e84d04a92411d3d979fca19523f3e9e1a5288a7a7b38c6230af5e75d1fd5b87

SHA512
c3713090562b78d2e3b13400b81485e5181f5e997a8eb82c5cccdb9ebd8926a77324e1f742c2a1f1ef76776be0d2b0b7e7d6ecb31ead63d7f29f178b45ff9e58

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_data.db

Filesize
44KB

MD5
c66451fb3322185d0dc31d2aab8fe30f

SHA1
e33a0005187d05b4e6025a8b251b8cb85cdbb0ce

SHA256
3905f2767e9b9534a8777bf792a5fffb662f4a8fd7f4cf049ba188face79edde

SHA512
cafca41438c6913a9368dca5fdddf2648f5bae8c7e842010602cfbabcf2537a32812d25dc82d51fd3efba9aa5051c37f37f936d3827c828842c44971455c78ab

Download Submit
/data/user/0/ua.FoodSoul.DonetskSushiTaun/no_backup/metrica_data.db-journal

Filesize
20KB

MD5
38abf365db4279740574b30961e97aa0

SHA1
9d1ef23ef6a8f2ebe1e7014a5134d326557ae7e7

SHA256
f240fc9414394ec521d271b0cad757bb4accd8d493255f728f09408761f35fd4

SHA512
1c342d1359912a56764da2fa580872e9dab80ebecba8012b525e0e6696f3a3f40057c569d72bb3e2ddbb5ac555133f73415277bbab39c95671ff31bcaa66fb6e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads