1f97af5141574e01bef06ffd23fd374530b5aeddd63d3c69ab0e875eb659760c

Analysis

max time kernel
146s
max time network
150s
platform
android-10_x64
resource
android-x64-20240910-en
resource tags

arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
submitted
06-09-2024 18:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d03206189788f7f2780b7c1668d6e19e_JaffaCakes118.apk
Size

3.4MB
MD5

d03206189788f7f2780b7c1668d6e19e
SHA1

3146ccf56d12b313723b878e374926f4a4ec31bf
SHA256

1f97af5141574e01bef06ffd23fd374530b5aeddd63d3c69ab0e875eb659760c
SHA512

7b29dab7f5c3c39e0a9f320c693b83e67bcf6d4cd1363385b1aa5fb949a889b667341be5973e7d5bdbd9efe31892dfc979fcbfbf54fbe877c9543a707a151fc5
SSDEEP

98304:pdGrAdMGjbRROjBFcnBa9vRQGogBB1xFQZtw:pkoWOn6RuW1xOtw

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.ninefold.bondisushi:Metrica
/sbin/su	com.ninefold.bondisushi:Metrica

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ninefold.bondisushi
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ninefold.bondisushi:Metrica

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ninefold.bondisushi

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.ninefold.bondisushi
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.ninefold.bondisushi:Metrica

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.ninefold.bondisushi

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.ninefold.bondisushi:Metrica
Framework service call	android.app.job.IJobScheduler.schedule	com.ninefold.bondisushi

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.ninefold.bondisushi:Metrica
Framework API call	javax.crypto.Cipher.doFinal	com.ninefold.bondisushi

com.ninefold.bondisushi
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:5055

com.ninefold.bondisushi:Metrica
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:5102

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.ninefold.bondisushi/files/ZPkFS.log

Filesize
12KB

MD5
ad0c9b751fdf99195a5ef15165cb2755

SHA1
58ae4967028bfaa042a2295395351dac6652f2e8

SHA256
0f74ca3f35e2cffcf1e2d6cc392aec4420c423fb6b8484a2515868f9dde319c0

SHA512
cf0b47abb49cc2d1fb88639ebd7bc6522da753c262c021a680feafcca689682e2ac6de7a069c5daf0e6f0c114c8c53c276cc7193f31dbee214821ff95515a234

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/credentials.dat

Filesize
233B

MD5
8fb88bd9aa15e2f5fa64938f41e76fb1

SHA1
fa936b76a558d0b8e8711da0271295617d0cb340

SHA256
a3edfa06830934dce6310a7f50e707535ee99c57fbd013c9b30a5afd8f5f56b4

SHA512
b43d474f7c45703fccfcdef85e64e81990464d24b69465e296f218dc2fae073993ae95815cc0da7d85c9b2a24abbacd65eecee784efcac2c33b8f08ce7fe3a15

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi

Filesize
36KB

MD5
f3cb4eb1eaf9c63b999ed97cbe0b1974

SHA1
bdf1b30379e73d6a997edb89dd9793244bcecf22

SHA256
d0653c5ea0f46c6c0773f6667d573f4f10e26684d0323ce83ee366d6308822c7

SHA512
9b7c44be2738042b6e2cb39eefdba087d9439fb4a6d802600ac1b172af930e9033e61b54e92c27a487c1ed20d88053f96cd781ca9673830abd5409077b2e14bb

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi-journal

Filesize
20KB

MD5
54381cf21365e85e4a9527c7d50a8831

SHA1
34eb86b9b32e4e57d31e3d536112570ea28a3c19

SHA256
caf5b513146e5fa04b85ac28b04c224b268e3948365a705890c55b4bb6251083

SHA512
4b7f8da7cd304d71cfc5d0aad6ccce46e1581738378a2d65628171f3f08a1e572920a20b36ea2b21af92a07f0e4614878e4cbe08e26b23920dc50bcf8da84fc0

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi-journal

Filesize
8KB

MD5
9090fdf70a35572be51bc773f4440e67

SHA1
7b0ab5b681ea889a386bbbe5986bf4dae1093ccd

SHA256
7cf5b297d0ba98ab540d7ece41c4bd27137fceb3f5544863df9b5d3318dc3844

SHA512
e7cd3f74b8f1f3bb1f1d3d4c162a3de50c040152d9df3031a794da4981887ddadca7c0f121c3507f437ce70b16f377ce77fb3fd72250a0bda11ef0bc5b0fc0f4

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi-journal

Filesize
8KB

MD5
a168a10f9e7825db5f7c796ad878fffd

SHA1
b25cee14508f513668f9b01e05a132665a9bbe4e

SHA256
c04b8ed756a586fd22bf791216de42b50790a837d6c39a7f4a596f3d6c835427

SHA512
c72eec7e8a3044e70ce1a49dfc2b6585fcafb96023bebf6914cc80d42787f790bc020fe1c25c63adc3976d6eda5323070e91beb17025ba1bb396f8308865d0dc

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi-journal

Filesize
12KB

MD5
0a7574d15bfa82cf9d47834644717787

SHA1
ba53ad3e3a5aaf29791de365880a07498a70e04e

SHA256
b55f74f02f8b1dbfcc7024a8db4a52fbee352b0d8b37bb1655869eafc7f9ec32

SHA512
afc54be72671a8710ee8040f4b0e4a2d6fc83f0a37b01f96a8942f1b03cd22747973e67e00e6a4228f6fcc69cdd89c94fa8255e142c5a2cbe33d9786d00a3318

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi-journal

Filesize
12KB

MD5
8883dc70cd33a26303ef5d1f1f30eeba

SHA1
d72d4f6116c090d6cdd08c45bddcb8b356e6858b

SHA256
236c055392f6eb9abdf7a0e330d5a7619033026e8d20a44194c0bb4be921c8a0

SHA512
af2efec35155254817fdff1cda6d2120d3a3637844a88aa4afef037336884d79c63d06602d452ac31c6a46f592867571a0bb3b4030cc7ef542fbe220588d854c

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi-journal

Filesize
12KB

MD5
6c3b3ab00b597367b29db7b1302a3bae

SHA1
851504c6226919d1659546de44127881335bffeb

SHA256
3c50bfd580320fb3424f7b62df1ffe40044b095db3fac99b327bab20a4a1116e

SHA512
1231a39d5850aab0dbb3cea4f9d819d3e1846d92e7ea0207555a4c26495db050110df45a97d35a433aa22fd71cfe18c0aea013b6dc9cff7fde005199a9c7d785

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi_20799a27-fa80-4b36-b2db-0f8141f24180

Filesize
36KB

MD5
33d7ff7728818e424186e7609611ecad

SHA1
74a96a6fac4f250d0e6871995e1d7f6c9a702c83

SHA256
71241268de26633158488d7ffab38e47f77ec8a8e269f106f04eee9733d1ef34

SHA512
40c16840867be05716200ae4037237f04bee51d70527bdf8bb44a836ec24f69c05cdea5e17381fed967cc1ba25c232f75a3b8a7caac4378388833adbe1dee42d

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
512B

MD5
bd13d5ff85118fc335488a521c1c10a0

SHA1
9ca0b792643f5f50f28e8ff9311b828c4ceffcf6

SHA256
8e1091a365c8710f305afa9fef60acde7ff245c1d96c6a482ec5aaddd6e25bd9

SHA512
377f82aa110b0e8d376850a8deab47ed63f24a21ab7852a38c4320694e4974467b2172461b22c015dbd7d132c1aaeba3504d2ffb6b0e575c2c76d8acf96dec20

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
8KB

MD5
fea97b18ab055a6d0b625e76dffdf3d1

SHA1
8aeb914e074c6c555da347394eeb50300f747392

SHA256
ee4a3c24491dbfb69209ccfc932277c98c24c121386d9b6c85019e0c52e77949

SHA512
8fd138a62dc51848c3956806194828b2774db255607a8b7e29775cba03bb72d4cb15b36209423292e9ae56c76f25ca0d1d71db198f6b7fbcb0b756342d2866d8

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
8KB

MD5
f2acb55b3d04f3fca1435ea133eddf63

SHA1
b8b6dbf25da3572db2da48add8672336d8709868

SHA256
0f2d0c50842d4048879a034e3edb460f9b108a3688a8371e79bcf4a310780bd1

SHA512
f72a6d6a2c53672876cdd4a40816c233564e4e0f897203c2adcb902e46465141e632ffbb529e67db8a293b89a43db5fed13a3e9f5412dc0ee344e9ecc95bf39c

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
f277fbf0f09a1cacec6e615ae1c62363

SHA1
685cf314ba26c394891ed2acc1367892616eff31

SHA256
42b662c2d34b7c28739a5b87aaad56853c6d20dd91467b26cb8622c0cbab7ce1

SHA512
fcd9477633b7d3f021d60102801f57777ccd94912f56720296e8a18bbe72ed5f74d7809d0d71690c2620d0eb51432897ec607ac41e1f5e89fdc2aabc7cc61a54

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
79b272152e3dc02231959ed50e421c87

SHA1
405cad4b0f093e46565fdea15c0393f84a09842b

SHA256
4cd845249ca7ad999088e446e4470a90b3af2a79386f9c74f741cb12e0bfc033

SHA512
61fa6c3e6f56b1c941dcfbe3303edd80fbf6629d3a8f4d9c7bada824c67446125ec2bef87ec624265fe72afbe7c4c29a2839a1eae0e47d1ac953a2afe6a5d560

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
bde321edf36f2ae46ae425139434a1e6

SHA1
54082d4bd22c3bc59d92bad2bd7978553547f1b4

SHA256
2aa126f19edbea083f9d5b8700e4e3dde64f5b317c6ee98afa1be886e1de97cf

SHA512
eb98ab354f824a17d106022c85e1bd97ed6c8e3245bb19e7f222807bd76cbc2dd0303c49404ff9ad8fe7fc591745cacc8d7d08e8e5184e46dd032d73970ed640

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/metrica_client_data.db

Filesize
20KB

MD5
0e21e90d6cf9652096e877d0981ca8dc

SHA1
7639cc9ccf29c3e58c4b30ab7d5378caf71a68be

SHA256
4cbadd001b7141b6a3711a29bb79e759bda8e65181aa86cc5bb19e211c0f7e82

SHA512
0f7df1d95d5703b369ae0cbc58647d7a800a83c7a1201a061306c655aefa89dfcc87674c7cdf82fbbfdf2d4ad45719184390a881bd5b430aec583c4a890ac6ea

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/metrica_client_data.db

Filesize
20KB

MD5
762d2a61a5549ab6579ef57952da1ffd

SHA1
afed6a63979bb75cc14d0cf4f91e6a42d5b53edb

SHA256
009500800b59eabcef4af7db28e7b64e3b86809662e31c66379b3daa1ca4a6e4

SHA512
ad909ed50297af92435b6fc2bacee88ae98d52bb6b4752b7e22a530fa0487fc60c48b5c923a364af79927026eb4721659f75cf2f190ef3b14e8de5291da14c0f

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/metrica_client_data.db

Filesize
20KB

MD5
484df068dc370197c0e37af4f433f772

SHA1
5d071329bf5182e60b2d268adca542901d492001

SHA256
3ebaaa9fc7a9245b413f62f91d9e689d468456dd4b6ce2408bcd2003cbdbfbd0

SHA512
587e7b68f2c167d39dd50744f2892a461a67cb073e8cf9f6eb2ab752e07841440dbe212af32958248d15af5d4001e7fa12f86cad62578ef31999355a86c3b0b5

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/metrica_client_data.db-journal

Filesize
8KB

MD5
bfb295e4b653f2c66f8d6fc9a6ef305a

SHA1
48f9c191cab4e0b7fe2cc675471f2f03c3196a10

SHA256
03a26cb5244acb01a2fc7d9ba80ecb00c5d0446cb7adcca1d6d3898de4e10ea1

SHA512
fbd71a0d0742bbbfd6c1df74a14d5830afe6d1d8cb167b5af538b7e4bf8fd52d152c8a37f2a6cae70f384f264a4764ead5787c33a2dbc47379db5a178573a3eb

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/metrica_client_data.db-journal

Filesize
8KB

MD5
7dfefb87d10714bc4b4c739199154148

SHA1
e6b2f0e73ef0f9e0c5dc3dd7f81f437c70cf350c

SHA256
9e9866122084fd3da9b7bccef275a1f4c55d8c6f7c956d1df7462be77e2fdeeb

SHA512
5622bfe9d07269efd8234b3838a678f0ebb96523be5679a6c75df79ab051f502c548dddfef562b397b629a6fcb12ee4d16fe2a4cf05f6b08fc5ccb4a85aad190

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
5064f693185340d358eb1fa9eac548e5

SHA1
0628f84d9efd247558f1364e0f17327de6eeaef8

SHA256
266b2e794f68b4990db36e74ef669d0d1181130cd046f9c65fc9cd3bc8158715

SHA512
2969a3ea742300a7f95c5ddda0812684ad4d0d0162d2c6e2d350722656f52e931079ef7f75e6949116cccace3009e2eb9a9621a88bfc1e1f7c90dea305640b98

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
0b398092c1e94d253e28cdc5bbbbd3cd

SHA1
e16259c7e3be581437b6452c287aaed46032940b

SHA256
68b17ee0de0e2fd1961bd525e3cca18a73f9b20d152d160e44bc6877b1bf0fca

SHA512
bfd8551aeb0ba0b47a7afd453a1d09b9314736c0c43c256fad4fa4753ce4d0688a276709a6af5026e652fd07079433c9821f286d2824352840b433ce132a2729

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/metrica_client_data.db-journal

Filesize
20KB

MD5
f3bf8cc45913cfe0a979cd0f62dc6e54

SHA1
1a892f6eea04860ca3009b39cecd059007a3c328

SHA256
dcb1c33ffe4bc72bb6941fab7a39d82e9b591536f4093297f4002fbe49284e89

SHA512
fcd37d8c24fe684e0092b444ae4e32a2d0b4a467abf1d4e336b72b3959dac9f388dc245500d3c09fbfb57932ea3eab5d335fe7cf78f52d8df734d9bba5892069

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/metrica_data.db

Filesize
44KB

MD5
b869efc8c9155123da77e13164ea61df

SHA1
0b1120a0505367c6028a84a784c633218e09bd08

SHA256
9ecdc5ef4ff4c64e81fd0435a9ae40942675651eda041dfc8563fd46fe8292fe

SHA512
145ce244d3df02208355c2b755b0c7213a8ad0d0313f747644ed6d3fe3bd0ddf6078bd783fc9a62b64a31a358da082360af042f1d5f0839b557b6f97da56c17d

Download Submit
/data/data/com.ninefold.bondisushi/no_backup/metrica_data.db-journal

Filesize
12KB

MD5
89c1c78a8e3edbb8ed19952ef22e0d04

SHA1
2382dd3e44d39517d461f7d34b91146f5c89d803

SHA256
f1aaabfc8626817a2014e38bcb74bea810a6087001889d8c7435e8b7bf8b47bd

SHA512
eea58b7126ff245f45154bb86faf654cb3f31e3c9b43f009e3807764c8bcd54295033981e49e2bfdf4cce0972e7d9fe4cee554ee3efb539ff6bcf18839f44574

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads