1f97af5141574e01bef06ffd23fd374530b5aeddd63d3c69ab0e875eb659760c

Analysis

max time kernel
146s
max time network
152s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
06/09/2024, 18:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d03206189788f7f2780b7c1668d6e19e_JaffaCakes118.apk
Size

3.4MB
MD5

d03206189788f7f2780b7c1668d6e19e
SHA1

3146ccf56d12b313723b878e374926f4a4ec31bf
SHA256

1f97af5141574e01bef06ffd23fd374530b5aeddd63d3c69ab0e875eb659760c
SHA512

7b29dab7f5c3c39e0a9f320c693b83e67bcf6d4cd1363385b1aa5fb949a889b667341be5973e7d5bdbd9efe31892dfc979fcbfbf54fbe877c9543a707a151fc5
SSDEEP

98304:pdGrAdMGjbRROjBFcnBa9vRQGogBB1xFQZtw:pkoWOn6RuW1xOtw

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 3 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.ninefold.bondisushi:Metrica
/sbin/su	com.ninefold.bondisushi:Metrica
/system/bin/su	com.ninefold.bondisushi:Metrica

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ninefold.bondisushi
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ninefold.bondisushi:Metrica

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ninefold.bondisushi

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.ninefold.bondisushi

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.ninefold.bondisushi
Framework service call	android.app.job.IJobScheduler.schedule	com.ninefold.bondisushi:Metrica

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.ninefold.bondisushi:Metrica
Framework API call	javax.crypto.Cipher.doFinal	com.ninefold.bondisushi

com.ninefold.bondisushi
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4784

com.ninefold.bondisushi:Metrica
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4838

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.ninefold.bondisushi/files/ZPkFS.log

Filesize
90B

MD5
58c81acdb6fece00b36c4dc8512b6e47

SHA1
62ba8e89bd96f34f1c88c81368fb27549b7cd790

SHA256
9d1255f5df695ab48a31622bd8da1ecaa502f9ff672b345f801dc7fbcdc309cb

SHA512
3719a0843f236494ad55abb0f36bc7123dd97253a539d547e8da67e575bd3aa5924f9abbb54bd286e50764cd673f48ba44dcc61f971e7ac96c8f7576af6268dc

Download Submit
/data/user/0/com.ninefold.bondisushi/no_backup/credentials.dat

Filesize
234B

MD5
27fc7db61027f9a5cb4a5c916d53dda5

SHA1
1f7847decbc7df3abca42ba9aad7038000d3fa80

SHA256
319d58c66def1b9c99ecd55d672b0b4e5bfdf79190adcf7957c91c3455d0d367

SHA512
e9d28277192df26629c01d30927d305b1a0a5c6f838df23f84ef119ad50e9adbc8b9e1b1cc81c2ca3009710ff15f3f22fb53d92cd50b8429418d8f71b9964db3

Download Submit
/data/user/0/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi

Filesize
36KB

MD5
ca52a8b491c9fc4b49e504625045ce6c

SHA1
fb68c117f349968751bab9fd59918af6c34b62aa

SHA256
13229af5185e7cbb4e989d1161a5ef430ae51e06a108a3be9454763d228820c0

SHA512
f747277e2a6f44fa159bd7f0fca4c81904088622fe3a517c8bbfb7199eaf293ebe10d8fc44132129ba6b3bea1a81d66100ab59a30cc559b14cab6df2a88ea3ef

Download Submit
/data/user/0/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi-journal

Filesize
20KB

MD5
cd3910aea859f3e883ce44494b8f8bdf

SHA1
b7321ae9fc9bf5e509bc557379a7c4149ff05b50

SHA256
ddd1ce5c2ab9bdd139289395819e8652ca9fe47387975237730bebf1031c7b39

SHA512
3bdda056da2fe68211d5a70f512621b7cd1c4b65017f057e9dc944f17dea80cf11b59b35a1e841fbc8c178a280ddfe72481a684a7a8237a2cdb0d5d5fac6de70

Download Submit
/data/user/0/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi-journal

Filesize
8KB

MD5
79755793d4239135d9150307b82b878f

SHA1
786a3eea14c4c06db40c8288da285d9bcc69459c

SHA256
ef1ebe3297670e4de70b95f23fb3f967a2c90836aee31fd261fb4d12ce9b7c2d

SHA512
19ff94f0653ef1ec090fd5d42f2f17c901945f921c0a763e5e5812cdf8dea40532dac8a878fe698a24db38a9ecd42de5e07d7e860c03cf264eee04c74ff00879

Download Submit
/data/user/0/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi-journal

Filesize
8KB

MD5
6654b68cdb1175cbb540e9559930dba7

SHA1
aee3499cd9469d0abb16bfe75b15505d8fb9dfc7

SHA256
76c538d6ee602e19c6fa8a8b2f11f735682e364e913b15efd71d9bf83a6ca251

SHA512
91345f578f4a7e079e8b9d9735d72e331bf16de79ff57c00b855a79dd7fcdbee71c3a8bf6da5079bb939e69643653c9c873dbef60c69b65af9a67ad16b70a0f7

Download Submit
/data/user/0/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi-journal

Filesize
12KB

MD5
d099ec65ac973661db8591c7f174ce5c

SHA1
6c1fab82536c08823ee17e01c427b36feb1c9557

SHA256
131b05f451c1db7a2de262ff0ded6b4f5c98d0d8da879a8a7194932524d186d7

SHA512
bb7f0503c3446a0c2b49bbe4b32064c94a048b07e6c432800552eb5871a796cf19068e2eb78e9c7530926c3e04ee9231c0de3f0c0db6b2d494f83a3ce750de83

Download Submit
/data/user/0/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi-journal

Filesize
12KB

MD5
167054de0d2923bb812d6196fa149849

SHA1
312d9c134e738265a20132590d6c31436dd06eea

SHA256
b0315f7109b679e11250a0330dff2735e8265c531bcca9b5efdb36ceab383ed2

SHA512
ca78bf3b1d8e1a4e52a61bf683d44db18ec2550dbb66b263606848c3041ad31db2af3bf6c16e3d34daec613cecaeb9cfc054ba9f30ceffaf72162dc95de5a86a

Download Submit
/data/user/0/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi-journal

Filesize
12KB

MD5
42301ee47c9cfb32a40536914e9b2b34

SHA1
f77361f6d3f199650a93d7553e5371b3cd8a5f53

SHA256
d9946c91078497d40250770207bfeb6b1c77eb4b43397893a6d3c28cf3ece1f5

SHA512
928af0468a4965a87bd2ce0d1e6cffabff9f7b5b89a4dfe518c8f2ba2f9bba6854895694d9019abf5745a912ad1d4ebc178f45a6651edeb2117a29eeb66ba10b

Download Submit
/data/user/0/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi_20799a27-fa80-4b36-b2db-0f8141f24180

Filesize
36KB

MD5
90f07299bdb749dc2292ac0a07d50927

SHA1
5c8e2548b6da12def9bc9a299f59516a4d2084a2

SHA256
e500153f695543398415c70249bfb06c06223393a72b987f012363ad9f07244f

SHA512
52ef6ed9fd774c7aa79d6926c4796d623305fc59ee104e485d395f36f7484d25b4c4ba736059e494a0f2fb523db74d86c12c40d0b4c5f2ae2458dc424ad728c3

Download Submit
/data/user/0/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
512B

MD5
f7e133d042a58802580d73393e9a7b23

SHA1
0352b2ed8993bb99eb1697ecda26f2aa23049c4c

SHA256
0fe524d32d04d75271c46bb42c54d72e8b79c92a346d7f52fc624346f22aaf98

SHA512
f481a50a903d3a2fc0de123f282d44b85abbcab943ecc47067d314ee4d4818693a8f736f0a8706012f2646ca28ddc15adcc0cb2f1f3351bf3cfa0d961c8d1b1a

Download Submit
/data/user/0/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
8KB

MD5
eb8e139357c37cae2b3c2143e3790211

SHA1
333bc78a4a0f2a342fd7d197c6c2c6a46ca6bb6c

SHA256
54e11be8a80c8376be5fd64b125c23dd1d422d5851ac1f01e150320579237b63

SHA512
ce0403a0364dc13429507b9067003f02545af6a03767a5e6d7918c201b799438760d2525108b346b50724b932c65e835d2376bf57b22e35a8fbfe0c555c5d958

Download Submit
/data/user/0/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
8KB

MD5
9a6a22828b75b06ce6d917fcdd4c4331

SHA1
2c99a4529bd8e9d3f090b392eaf6dae406d66f47

SHA256
2d0bd6becae0abae5153894e85d05412a63917307ab1490dc3a90c47208d9bb0

SHA512
1ecb84d954ab44f29eed6be2ac4faf343519a42e3543b0b812e292ee13cf9eac4b05bf00cc648bf35f3b4de43fcd94c2d4f3f45c8c3d98dae31d2e25a2a75702

Download Submit
/data/user/0/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
8da553582f7c1513c2653218af6f3e94

SHA1
6dea9b647f4ea11a97a344d22542dec5d5392652

SHA256
195e8f21e924fba374c5320a69a483b9c85127ef177b99ee35eecfda27dcec71

SHA512
a6fbc851fac7a751fca6fd231ce394975037eae3afc066076e80ef4e9ca8020590d09c90c05c1eef68c04fb47714b00da2d9647b8cfe45ea0d414709f012eb7a

Download Submit
/data/user/0/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
9390a8df2c326672c5b29e7c10b1f320

SHA1
9a9a2c5ea19a509bab84f25b14b6bf303d437b44

SHA256
9acd4442356c1cbbe785e95a02922bd50626331424769326b35d2e34c70b89f0

SHA512
7d8c277e554fa599515086666e3fc3dcafddf3bc70dd8710bc8db2e00a58a016bebf9f20461a8adb0db72685338d44fd3176c09fdbc6bb907b594d3b29310024

Download Submit
/data/user/0/com.ninefold.bondisushi/no_backup/db_metrica_com.ninefold.bondisushi_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
1a915dca9f3da1c2beaf40a216b8e9f9

SHA1
6dab9664531a788f0828d906b3a3e9cad5e13705

SHA256
93da85548b8c129cefbd929c37544054f9ae5bf8b7deb1eb227419460cfea157

SHA512
880620003890aa9063d1919b3b43707309284a9201932e04cec84346f51f118138296bac47939d8cd146a68ebbe9420c0d8050d28675e839aa2636a4054cd57d

Download Submit
/data/user/0/com.ninefold.bondisushi/no_backup/metrica_client_data.db

Filesize
20KB

MD5
4c3e2de974e46b10405ed949287b48a4

SHA1
f587100807f635ebcac90b18418a620c1c9414a3

SHA256
7badbe7b8dc71e54fddb35822ac730b2b8a3897f059f276e09f2087db44dd9c1

SHA512
8c4f7e589204a28adeed7ef122942ea499e27668651838be814c599e82c769c8b9129e29501e2e4bcb4ba936d2cb8644e780b576ef4fa847ec674287fed40853

Download Submit
/data/user/0/com.ninefold.bondisushi/no_backup/metrica_client_data.db

Filesize
20KB

MD5
08a4a06893f6a2798f964184f4dd4fad

SHA1
8659afd29b9f19f7d5342f6753a963f81ee95468

SHA256
d8844124c009682347e15b7300a49708982bb248a187bf059d01210b8a49f75f

SHA512
147234fecc4a1152d6cf96492dd0c14d18d0239e7d517ef6aa947d3cca00a9f79add57db9b21450b9dffa20cee0e606561d9e5cfd36d8e3b166c9f7f55efed20

Download Submit
/data/user/0/com.ninefold.bondisushi/no_backup/metrica_client_data.db

Filesize
20KB

MD5
f047a97c151d5d2d52a5a8f274433984

SHA1
1d8f50e5d2bd463a4947bb13fdf9e5dd6fd5e337

SHA256
572de7b1abf4b893533c46337cc7aef63621df8085c2925aeacf9a1626461461

SHA512
db5c062edd52edfa1d2e81df17ecb6508ff30db8bb5220d6a8b5a00236795b1bbf938928fe314e6f3f074afe4d5a7b220beed004d70f15dbc909702c520c01b7

Download Submit
/data/user/0/com.ninefold.bondisushi/no_backup/metrica_client_data.db-journal

Filesize
8KB

MD5
71d15b5e4cf6b7ffd58e1fc0731b9e84

SHA1
c8d1a1a93e99c479920f7c64d13b550b1fb959f2

SHA256
839b84e70623874222ec96a90d3a10b0c21202797f07fc43e9ea8cbb4fb31a8e

SHA512
4ee4c5ce57b60a8820d8b1aaecae2be32e5fa8cf8fbf9033e239d08d9731246c370066532fee27249ebc01ebc2b8b7507fc2526003b09e6334b40f990a103dcd

Download Submit
/data/user/0/com.ninefold.bondisushi/no_backup/metrica_client_data.db-journal

Filesize
8KB

MD5
0fb849d5e3d022f002dcda2a9a43a5fd

SHA1
4d8d607a28306d72e265daeb88a4ff5f49338868

SHA256
95ab6da8b8849de678d670596e0061b69bcfaed4ab275658263111ccaaa8bfd7

SHA512
58286e1a4f1cec8afb1a967adaff5ae81baad001b6a472bfcff431f0bc6639783f20c9169b9070d54b6d8f3b2adbe0952501c732502e12da523d3a6575fdaf03

Download Submit
/data/user/0/com.ninefold.bondisushi/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
f34028f095f9c0043d6b908c05ca9e65

SHA1
4e90d23cf5d1a40825b3ce97597b81e945594e08

SHA256
c2fe492a59dd4f5b042abc6fe6e8b58ed522deaadcb429a35ff5a4dcf352fc9e

SHA512
1dec568f6d6c99792cfbd98a2e66b2f3f44a34ea88a0b9084177b8fa8d1879a6430861c35239bb42fedfd160aa7fd9117f30d607ee6def4d4039f4bf7bf805c7

Download Submit
/data/user/0/com.ninefold.bondisushi/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
060af74a6efd4974820f1f0439efef63

SHA1
b874c0a7678245e99c19d6c672b6dc80be22e54d

SHA256
fa5716200c9879e90caa79264bde477822f6fd62ea5d407870ed8656e91d1b02

SHA512
db6171d00202540473fd91a83335b97616ada07b1068f8c8111d9833db18da0edf2175c47602b026ecf81532902741bee02be07a0810dd66ace7c700fb5a6067

Download Submit
/data/user/0/com.ninefold.bondisushi/no_backup/metrica_client_data.db-journal

Filesize
20KB

MD5
b261d472738f262ccba76f5700ba8127

SHA1
f7da39a3a235256f669c80835525902615dac8b0

SHA256
2ad08b3ff01a60876cf46fdb483c8c4cd6ccef021921f7680906269e5ccd0456

SHA512
768e5e5d71e9deeadb40cb36b61bf4b7f3e661cf563219443327fc18a03efdb8739c9b4a2d82460984a26ced7f5deb92cf397d4d28e77d4acda1fa77639bbc72

Download Submit
/data/user/0/com.ninefold.bondisushi/no_backup/metrica_data.db

Filesize
44KB

MD5
f82f4266415f8db7bc483a26fd91c404

SHA1
83f2bdd273810431d35e9dbdebea2c1c997ff8cf

SHA256
5639bfc36a057fc0331bc88374c9cc531e10ba00314c46c137547d9373d6a26e

SHA512
e799295acf3619572463d16b0ae51448714503f6b7f7a365249ee55963c9b669bd6fc4087c4362aa5ab5378a28154a6a3ec1b6dc4bbd3ec890cc045e81b9623b

Download Submit
/data/user/0/com.ninefold.bondisushi/no_backup/metrica_data.db-journal

Filesize
12KB

MD5
815704eefc705c841c016db7bacf6084

SHA1
b76ab06cf17c6c319cb0ca9a842d53b4aba91f82

SHA256
44ee637318488301f2f2aacba2e0aae031e43c8e9f469a6e2b0840b74cfea315

SHA512
cc01ac81f5b366354e69b837e3e87e0886f0786f4e631760f35de94c8aa39d938ac2dbb5e1ba75526761096ce1fa6ab7fdc4ac7dcac5f91d6f3ee5e41f24543f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads