Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
152s -
platform
android-9_x86 -
resource
android-x86-arm-20240910-en -
resource tags
arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system -
submitted
06/09/2024, 18:29
Static task
static1
Behavioral task
behavioral1
Sample
d03206189788f7f2780b7c1668d6e19e_JaffaCakes118.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
d03206189788f7f2780b7c1668d6e19e_JaffaCakes118.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral3
Sample
d03206189788f7f2780b7c1668d6e19e_JaffaCakes118.apk
Resource
android-x64-arm64-20240910-en
General
-
Target
d03206189788f7f2780b7c1668d6e19e_JaffaCakes118.apk
-
Size
3.4MB
-
MD5
d03206189788f7f2780b7c1668d6e19e
-
SHA1
3146ccf56d12b313723b878e374926f4a4ec31bf
-
SHA256
1f97af5141574e01bef06ffd23fd374530b5aeddd63d3c69ab0e875eb659760c
-
SHA512
7b29dab7f5c3c39e0a9f320c693b83e67bcf6d4cd1363385b1aa5fb949a889b667341be5973e7d5bdbd9efe31892dfc979fcbfbf54fbe877c9543a707a151fc5
-
SSDEEP
98304:pdGrAdMGjbRROjBFcnBa9vRQGogBB1xFQZtw:pkoWOn6RuW1xOtw
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
ioc Process /system/app/Superuser.apk com.ninefold.bondisushi:Metrica /sbin/su com.ninefold.bondisushi:Metrica -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.ninefold.bondisushi Framework service call android.app.IActivityManager.getRunningAppProcesses com.ninefold.bondisushi:Metrica -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ninefold.bondisushi -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.ninefold.bondisushi Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.ninefold.bondisushi:Metrica -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.ninefold.bondisushi -
Schedules tasks to execute at a specified time 1 TTPs 2 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule com.ninefold.bondisushi Framework service call android.app.job.IJobScheduler.schedule com.ninefold.bondisushi:Metrica -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.ninefold.bondisushi:Metrica Framework API call javax.crypto.Cipher.doFinal com.ninefold.bondisushi
Processes
-
com.ninefold.bondisushi1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4219
-
com.ninefold.bondisushi:Metrica1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4261
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
234B
MD5fbe45117cf1df2dd30d0deafcb9c3f8a
SHA153fae7fd9dfe972320d8a0c48a6a92df34e6f46f
SHA256f851df256420ff0e12e6e9dbf0e7ff4c3a379379270f61e6aa02a2d859e676a0
SHA51220532f94434761ac3bc7bc459e690e63e4d451a5c7befe60ea696cb104f2cd9c613a4bd75bb496108933489ec4f015cf88a76a2ddf358e85b4031d9f14bb6762
-
Filesize
36KB
MD52fc0d13b38dfd231ff7f450e9f0140f1
SHA1832e9f93f169d2ca0f489fa467e6931c288edf4d
SHA2569e53c4774818b549d4a57bcea5c204c9005c833cfd8b03095ea395eaafae82fd
SHA5124e5fb2a92ad22c8332854373ebfa4939a0f2ae21793eed993e3ce49476db36c8c2ebec2b21c5e71ee5148d6cb9e83f4bdb15a00d785d46968c6952a6b6993df5
-
Filesize
8KB
MD5e821fbb024a2e13c62fc221f9d321d24
SHA1df9344145eae541cc1b4bb21a4d937fd53e279f9
SHA2568a28ede3684dbc73c90d3b53bcbbe04890004f0f7fafaa232c485320ff2b8744
SHA5126748f5485cf1ad8b8f1681a53f73e67b737d330d78d849b08fe0b87badb6298be80d49120111f181af4945d24e09a27a5b322d6c35da3cb121ac873c43385549
-
Filesize
32KB
MD5bcc5f3d7cc935f05ec7520c6bcf122f6
SHA128cc7572ea1abc64bf9d03ef034ad421d4ba99a6
SHA256ca0cd1f726155e641dd7b368bddf39f45de4cf4c5b9ff538a5116b5b5ea71a22
SHA512b0d9002aeada9d6d7c4ec9e2c83df4423e0debdaef35785df3f12b47f9d2251296e01fa218883bc15c845b5992426637277b0741ae4c647d8eb52bf771e87711
-
Filesize
406KB
MD51f36cc8d833efb4755273db2b8b647a3
SHA17823be365779d080c6aa8ef42ee6ea18ede5029e
SHA256576c60db98311b8980e36d62fc3cb60c6e2d90e57ff111fba3d46e9cb97bacc5
SHA51267eb919e6cda43b34df06bf69db79a5a7e25d368df2ecc9a2d9884b7d948b7ee82013068c1584cd4185860961e048a6c45ab4ba783140689d82c1cfbd13c663b
-
/data/data/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi_20799a27-fa80-4b36-b2db-0f8141f24180
Filesize4KB
MD549ad4851e73a1a739d110f58a66e926f
SHA1fb014eca4ebb5aa307e3318e911ee67fe6d4e573
SHA2566d7d5a8a1fb48d98d81dd83aa3c60153c5cf6da95061386a11493299c97c9202
SHA5126b98e67a96bdeefdf912fdf575eb87b704efe5ab1ceee2e36c3659b3247ea9002e0b7e73dc1edf2b1248a875d5a77956cfb288f56a1d433d33600f6a2f8877b4
-
/data/data/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize512B
MD5d14cc93846ef5a65e604074a8264e0a3
SHA1d2327d935e84017938fa946bd4525dbd0579183f
SHA2564728b51509a7c737d4f1763c00702644e06af06e129b8ad156066391d9954a73
SHA5124f60d80648d0276f2daab867f381f11847a4e03f9d49a8662cba531005abcbea77663060f316b0cf3790ac08c972fc00abe1e71e107192e9ae9c0efb7f9412ca
-
/data/data/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi_20799a27-fa80-4b36-b2db-0f8141f24180-wal
Filesize164KB
MD588bbefd0157b180b77c74b04568cb39e
SHA19bafbb2e25cba9f3cb8782ad8b7fc0f4f3b1e8dc
SHA256da2e9565705a43d3457224553acd553a172d2c0d1ac863ada844edebaee31333
SHA5121ca2c71b96b69a40a612c44bd6b61c13e54f2b60ecde190324e0f71b4a6b91ffcc446a2fd1958a2067fcff62d8d2358423f819b693383e5985f8c51e3d016bd1
-
Filesize
20KB
MD5b5aa7beb36f5b434806a8b6f7baeeac5
SHA16fdd8090a166625e36cd3852d3c704dba7477e65
SHA2566ded84f066e74c960e3eefd3cc1f2fe151e8ec48b824f4c5673110077e678a4d
SHA512428c4ec59dc282ffd3732e1969b1cb1421d67785649947c0c9955e19928fa61ad91c338a3595ba1e9b36f45a5dc58d1effef79ceff7bb7f13044bdf9420db2be
-
Filesize
20KB
MD579af6f888a7cc33adb7fe51102508642
SHA1ff19987252ceb7bf83780bdb7549d0da1f8e6f67
SHA25609f5dae37650a57a15d9da8acef2347860743407629b88e5e9905064fdd91254
SHA5120c837272c80d87bb2c802a57457ab9805c128ec0cb7d70e1dfcb42ab38c79acc4704957caf17a2f57865b1470ac60aa354d988025e1acb7784e2aa949ba13825
-
Filesize
20KB
MD544def4f6e42c3ec63f229d23af8c804a
SHA1f5956d9295778b539bced03215343fd3cf7a9dd8
SHA256882faff2a0f007164d5dbda7bd7f803306423b5eb48a88b1bb72bde65b77e50a
SHA512a14770398044635a8a8fc0d59dc95af3a97ae78146a9ace3795d600a44098a5ff7099aa3d0ac40442f8ff8c5d3b5ceecb4b360bf47f3e8c7c902879e2e76228d
-
Filesize
20KB
MD5227d44ffbd1f4cad5581a31e257d18fc
SHA1228b5c1bead333f405d9d6b90c86432ce5df6e01
SHA2563de84e998d4b4cbba83e42ba0b93facdc50149eb983dbaf28e4e751a86f7881e
SHA512abbe06dea05b08df7a45648d4987b7e2f0de87a10414cbd70b61c22a6135f1fe7a4659c6b1138ed67e34365197265f43f9d86fb07d28e681ea9e8ee230d866ae
-
Filesize
406KB
MD5afd15fd21bd4453697208a08dd0cb723
SHA19f0ca5fb9992fac5b68600b0081d421e51914eb0
SHA25618d16c89403bc441caa52b8bf4a14aa7bbb0180b5dcbd9574588528e267be3de
SHA51243768436b0200c45ce93821b1b7a285921f72821f30016544e8c83ad33a4fc8c188265a2120d11f54433b13885ed5abae7b2074762f24c818596c7706de53fad
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
32KB
MD5c13e5e32ca269f5a7bd013d7eac7eef2
SHA13e4160fccb6370e5f4db3e20af6bfac82586ab1a
SHA256df29809085f41c0e868b6f76960903b91347ff4a21619f4a46e1d1f1fb4e5ca7
SHA512d45cec017b7476a405c6360b7437d26ee987f5e9c1f9f91f7a9a803bb0712107cd3fd2dddaa03f25f49e3c50afcb380ef1ea9d5caf478477d2c56baf8f7a9193
-
Filesize
8KB
MD5537fc965ceb49f3eca951da112db77b8
SHA19787af8c2c32e01dbda9e403d65ac521ea79783f
SHA256320ea169c8c9fc08cd19308daca0416e3d0e6d3f1854f6bb33e81352922f1905
SHA51271840e4aef5742cb3dc804777f97dc8361597ecaa72f69ac4075f902149b42ea32b4258667cfa1ddd8d99cf033a2c0fce33e94d972a3429365e719520f491b25
-
Filesize
32KB
MD56cbdf9ee94b938302a4a7b77ff1c5d20
SHA1b50bfbca865a3f3fbdf12f729c520077215ce5c8
SHA2565ad6fc24a57d574dde0fd2b2046d505da5882d1f930059891a11b09136d10819
SHA5126c8aee2553cf938d3a00798a79c838bf00c557b0753c9905bd785cdc288c0fb0fb1f159e1448255944b0fd371a937c5f872a640536e43b0b205d749e5e4d8f08
-
Filesize
44KB
MD5e7eb9ab0eba23ea9525b1f84069f4936
SHA1fe3309b4ede223627c8b4ad9dd24fa915faa64d1
SHA256fe500fd3f52047c33d7f12e04f1c4f287db4b15705cf5c95ac53a81146c1d1b4
SHA5127d6e2b9acc307c9e89df011dd7428b1ddb9d312ded5a7b3320fb7c9ebe9b1efa971de4b2fce5a2550c66fd98eae7670cd6c7e173f2ce42c592b18a3ba0609184