1f97af5141574e01bef06ffd23fd374530b5aeddd63d3c69ab0e875eb659760c

Analysis

max time kernel
146s
max time network
152s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
06/09/2024, 18:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d03206189788f7f2780b7c1668d6e19e_JaffaCakes118.apk
Size

3.4MB
MD5

d03206189788f7f2780b7c1668d6e19e
SHA1

3146ccf56d12b313723b878e374926f4a4ec31bf
SHA256

1f97af5141574e01bef06ffd23fd374530b5aeddd63d3c69ab0e875eb659760c
SHA512

7b29dab7f5c3c39e0a9f320c693b83e67bcf6d4cd1363385b1aa5fb949a889b667341be5973e7d5bdbd9efe31892dfc979fcbfbf54fbe877c9543a707a151fc5
SSDEEP

98304:pdGrAdMGjbRROjBFcnBa9vRQGogBB1xFQZtw:pkoWOn6RuW1xOtw

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.ninefold.bondisushi:Metrica
/sbin/su	com.ninefold.bondisushi:Metrica

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ninefold.bondisushi
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ninefold.bondisushi:Metrica

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ninefold.bondisushi

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.ninefold.bondisushi
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.ninefold.bondisushi:Metrica

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.ninefold.bondisushi

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.ninefold.bondisushi
Framework service call	android.app.job.IJobScheduler.schedule	com.ninefold.bondisushi:Metrica

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.ninefold.bondisushi:Metrica
Framework API call	javax.crypto.Cipher.doFinal	com.ninefold.bondisushi

com.ninefold.bondisushi
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4219

com.ninefold.bondisushi:Metrica
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4261

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.ninefold.bondisushi/no_backup/credentials.dat

Filesize
234B

MD5
fbe45117cf1df2dd30d0deafcb9c3f8a

SHA1
53fae7fd9dfe972320d8a0c48a6a92df34e6f46f

SHA256
f851df256420ff0e12e6e9dbf0e7ff4c3a379379270f61e6aa02a2d859e676a0

SHA512
20532f94434761ac3bc7bc459e690e63e4d451a5c7befe60ea696cb104f2cd9c613a4bd75bb496108933489ec4f015cf88a76a2ddf358e85b4031d9f14bb6762

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi

Filesize
36KB

MD5
2fc0d13b38dfd231ff7f450e9f0140f1

SHA1
832e9f93f169d2ca0f489fa467e6931c288edf4d

SHA256
9e53c4774818b549d4a57bcea5c204c9005c833cfd8b03095ea395eaafae82fd

SHA512
4e5fb2a92ad22c8332854373ebfa4939a0f2ae21793eed993e3ce49476db36c8c2ebec2b21c5e71ee5148d6cb9e83f4bdb15a00d785d46968c6952a6b6993df5

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi-journal

Filesize
8KB

MD5
e821fbb024a2e13c62fc221f9d321d24

SHA1
df9344145eae541cc1b4bb21a4d937fd53e279f9

SHA256
8a28ede3684dbc73c90d3b53bcbbe04890004f0f7fafaa232c485320ff2b8744

SHA512
6748f5485cf1ad8b8f1681a53f73e67b737d330d78d849b08fe0b87badb6298be80d49120111f181af4945d24e09a27a5b322d6c35da3cb121ac873c43385549

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi-shm

Filesize
32KB

MD5
bcc5f3d7cc935f05ec7520c6bcf122f6

SHA1
28cc7572ea1abc64bf9d03ef034ad421d4ba99a6

SHA256
ca0cd1f726155e641dd7b368bddf39f45de4cf4c5b9ff538a5116b5b5ea71a22

SHA512
b0d9002aeada9d6d7c4ec9e2c83df4423e0debdaef35785df3f12b47f9d2251296e01fa218883bc15c845b5992426637277b0741ae4c647d8eb52bf771e87711

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi-wal

Filesize
406KB

MD5
1f36cc8d833efb4755273db2b8b647a3

SHA1
7823be365779d080c6aa8ef42ee6ea18ede5029e

SHA256
576c60db98311b8980e36d62fc3cb60c6e2d90e57ff111fba3d46e9cb97bacc5

SHA512
67eb919e6cda43b34df06bf69db79a5a7e25d368df2ecc9a2d9884b7d948b7ee82013068c1584cd4185860961e048a6c45ab4ba783140689d82c1cfbd13c663b

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi_20799a27-fa80-4b36-b2db-0f8141f24180

Filesize
4KB

MD5
49ad4851e73a1a739d110f58a66e926f

SHA1
fb014eca4ebb5aa307e3318e911ee67fe6d4e573

SHA256
6d7d5a8a1fb48d98d81dd83aa3c60153c5cf6da95061386a11493299c97c9202

SHA512
6b98e67a96bdeefdf912fdf575eb87b704efe5ab1ceee2e36c3659b3247ea9002e0b7e73dc1edf2b1248a875d5a77956cfb288f56a1d433d33600f6a2f8877b4

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
512B

MD5
d14cc93846ef5a65e604074a8264e0a3

SHA1
d2327d935e84017938fa946bd4525dbd0579183f

SHA256
4728b51509a7c737d4f1763c00702644e06af06e129b8ad156066391d9954a73

SHA512
4f60d80648d0276f2daab867f381f11847a4e03f9d49a8662cba531005abcbea77663060f316b0cf3790ac08c972fc00abe1e71e107192e9ae9c0efb7f9412ca

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi_20799a27-fa80-4b36-b2db-0f8141f24180-wal

Filesize
164KB

MD5
88bbefd0157b180b77c74b04568cb39e

SHA1
9bafbb2e25cba9f3cb8782ad8b7fc0f4f3b1e8dc

SHA256
da2e9565705a43d3457224553acd553a172d2c0d1ac863ada844edebaee31333

SHA512
1ca2c71b96b69a40a612c44bd6b61c13e54f2b60ecde190324e0f71b4a6b91ffcc446a2fd1958a2067fcff62d8d2358423f819b693383e5985f8c51e3d016bd1

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/metrica_client_data.db

Filesize
20KB

MD5
b5aa7beb36f5b434806a8b6f7baeeac5

SHA1
6fdd8090a166625e36cd3852d3c704dba7477e65

SHA256
6ded84f066e74c960e3eefd3cc1f2fe151e8ec48b824f4c5673110077e678a4d

SHA512
428c4ec59dc282ffd3732e1969b1cb1421d67785649947c0c9955e19928fa61ad91c338a3595ba1e9b36f45a5dc58d1effef79ceff7bb7f13044bdf9420db2be

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/metrica_client_data.db

Filesize
20KB

MD5
79af6f888a7cc33adb7fe51102508642

SHA1
ff19987252ceb7bf83780bdb7549d0da1f8e6f67

SHA256
09f5dae37650a57a15d9da8acef2347860743407629b88e5e9905064fdd91254

SHA512
0c837272c80d87bb2c802a57457ab9805c128ec0cb7d70e1dfcb42ab38c79acc4704957caf17a2f57865b1470ac60aa354d988025e1acb7784e2aa949ba13825

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/metrica_client_data.db

Filesize
20KB

MD5
44def4f6e42c3ec63f229d23af8c804a

SHA1
f5956d9295778b539bced03215343fd3cf7a9dd8

SHA256
882faff2a0f007164d5dbda7bd7f803306423b5eb48a88b1bb72bde65b77e50a

SHA512
a14770398044635a8a8fc0d59dc95af3a97ae78146a9ace3795d600a44098a5ff7099aa3d0ac40442f8ff8c5d3b5ceecb4b360bf47f3e8c7c902879e2e76228d

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/metrica_client_data.db

Filesize
20KB

MD5
227d44ffbd1f4cad5581a31e257d18fc

SHA1
228b5c1bead333f405d9d6b90c86432ce5df6e01

SHA256
3de84e998d4b4cbba83e42ba0b93facdc50149eb983dbaf28e4e751a86f7881e

SHA512
abbe06dea05b08df7a45648d4987b7e2f0de87a10414cbd70b61c22a6135f1fe7a4659c6b1138ed67e34365197265f43f9d86fb07d28e681ea9e8ee230d866ae

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/metrica_client_data.db-journal

Filesize
406KB

MD5
afd15fd21bd4453697208a08dd0cb723

SHA1
9f0ca5fb9992fac5b68600b0081d421e51914eb0

SHA256
18d16c89403bc441caa52b8bf4a14aa7bbb0180b5dcbd9574588528e267be3de

SHA512
43768436b0200c45ce93821b1b7a285921f72821f30016544e8c83ad33a4fc8c188265a2120d11f54433b13885ed5abae7b2074762f24c818596c7706de53fad

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/metrica_client_data.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/metrica_client_data.db-wal

Filesize
32KB

MD5
c13e5e32ca269f5a7bd013d7eac7eef2

SHA1
3e4160fccb6370e5f4db3e20af6bfac82586ab1a

SHA256
df29809085f41c0e868b6f76960903b91347ff4a21619f4a46e1d1f1fb4e5ca7

SHA512
d45cec017b7476a405c6360b7437d26ee987f5e9c1f9f91f7a9a803bb0712107cd3fd2dddaa03f25f49e3c50afcb380ef1ea9d5caf478477d2c56baf8f7a9193

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/metrica_client_data.db-wal

Filesize
8KB

MD5
537fc965ceb49f3eca951da112db77b8

SHA1
9787af8c2c32e01dbda9e403d65ac521ea79783f

SHA256
320ea169c8c9fc08cd19308daca0416e3d0e6d3f1854f6bb33e81352922f1905

SHA512
71840e4aef5742cb3dc804777f97dc8361597ecaa72f69ac4075f902149b42ea32b4258667cfa1ddd8d99cf033a2c0fce33e94d972a3429365e719520f491b25

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/metrica_client_data.db-wal

Filesize
32KB

MD5
6cbdf9ee94b938302a4a7b77ff1c5d20

SHA1
b50bfbca865a3f3fbdf12f729c520077215ce5c8

SHA256
5ad6fc24a57d574dde0fd2b2046d505da5882d1f930059891a11b09136d10819

SHA512
6c8aee2553cf938d3a00798a79c838bf00c557b0753c9905bd785cdc288c0fb0fb1f159e1448255944b0fd371a937c5f872a640536e43b0b205d749e5e4d8f08

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/metrica_data.db

Filesize
44KB

MD5
e7eb9ab0eba23ea9525b1f84069f4936

SHA1
fe3309b4ede223627c8b4ad9dd24fa915faa64d1

SHA256
fe500fd3f52047c33d7f12e04f1c4f287db4b15705cf5c95ac53a81146c1d1b4

SHA512
7d6e2b9acc307c9e89df011dd7428b1ddb9d312ded5a7b3320fb7c9ebe9b1efa971de4b2fce5a2550c66fd98eae7670cd6c7e173f2ce42c592b18a3ba0609184

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads