ce429f54e9f5753532cad2c609dc46975d0ca5ef792c496e37e3f626a014c7bd

Analysis

max time kernel
148s
max time network
139s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
06/09/2024, 19:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d041d7a3bd37103a51faa8295dbf5986_JaffaCakes118.apk
Size

5.9MB
MD5

d041d7a3bd37103a51faa8295dbf5986
SHA1

f5f4e269a29c1cd2390d0f09b41cc5b0f880dbc2
SHA256

ce429f54e9f5753532cad2c609dc46975d0ca5ef792c496e37e3f626a014c7bd
SHA512

9c0df5551a6f70399f92104e7fa1c6bcfc5bcd12f499c2ace191ed9c4579baeee4ce6e0bd34ec9808c1aea470e6f42480ebf1eb507c48b5c43615f03b6112a61
SSDEEP

98304:5fsadOybik4gpS8U90VUJyr53bgOE25JAOPArfT6+F95UHmZkgK:MLaS8U9qUJyVgORbPgT6qKx

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	com.br.pizzamaker:Metrica
/sbin/su	com.br.pizzamaker:Metrica

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.br.pizzamaker
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.br.pizzamaker:Metrica

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.br.pizzamaker

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.br.pizzamaker
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.br.pizzamaker:Metrica

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.br.pizzamaker

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.br.pizzamaker
Framework service call	android.app.job.IJobScheduler.schedule	com.br.pizzamaker:Metrica

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.br.pizzamaker:Metrica
Framework API call	javax.crypto.Cipher.doFinal	com.br.pizzamaker

com.br.pizzamaker
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4262

com.br.pizzamaker:Metrica
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4304

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.br.pizzamaker/no_backup/credentials.dat

Filesize
233B

MD5
2823ca790d80957a7b514717c63e1e9f

SHA1
7e5ce9a6a264e53ab1e86ab17fac2860ceafb2f8

SHA256
8fac549c7ffda398829b23ca47188a1b1f1f7e52e32bc58b7d4affd70540c9d8

SHA512
083a93e311087ad0383fd56e73c27be97ae874fe386d4fd678789aa7f1efa5ad7745d3e4fc318e4eaa30a308af75e5a4a986bfcdad2941bac73f6b2ee7f760f5

Download Submit
/data/data/com.br.pizzamaker/no_backup/db_metrica_com.br.pizzamaker

Filesize
36KB

MD5
31b64f5c411ed439b6bad6b4c19ef428

SHA1
cf5fb3bad3a91965d64bf6c308b112c54abe6b28

SHA256
5c8908f02c6dabcc70b93abc54d4e15f6e233b7ec54ade0c45097e445c006f34

SHA512
20b65e5ad2d723fadd9ecc02ddd3323afc43c632a7a9b4c611b18f836e95eb778208eef2ab6ced6db162063cf3fdc70d5ccc5733b66b060d2e6a77cefce05e79

Download Submit
/data/data/com.br.pizzamaker/no_backup/db_metrica_com.br.pizzamaker-journal

Filesize
8KB

MD5
bf0409d7189f753e516ed60ff2987ba1

SHA1
bd99eaf52a2248cef085828ab216a7d4453bff7f

SHA256
ed970426696dcfbea7c84f8c7e64e20f3a273b03ea4daa532f9cc33863dff715

SHA512
13a1330b3b9358d3e38924eef952ae0aa94a8c6ee7b98ca4b95b2145504cb8be16c814eb1710427559ea63d880540a6515030ea89c536448ed2e2ec28b87944e

Download Submit
/data/data/com.br.pizzamaker/no_backup/db_metrica_com.br.pizzamaker-shm

Filesize
32KB

MD5
4af81ccccf5e0b4b9b5982693af346c2

SHA1
6059f53ce3ac9c04437d9ee4fa47428807642a16

SHA256
ee5c6a5aae721741912e8d4c1bb78a5edb9593d8a37a4001df2326e175993520

SHA512
20ae78663f6db10aa1c67b68a3aca8159390432bdda0ea98aa1c65537f994accf35f883f685cc3006b2ebd9b4d27777f6c5f958ffb445397b2aabade2404926a

Download Submit
/data/data/com.br.pizzamaker/no_backup/db_metrica_com.br.pizzamaker-wal

Filesize
406KB

MD5
b17d4c85f767b234ab1414f8761e2604

SHA1
bb8602265935c872f4e38705133a0198e73c93b8

SHA256
4c506f6b2171a5fa720f4e44105a341ca781bc20c3ebe8cdbc469cec7b2954b6

SHA512
e4d9b8d77ddc2c832787ff248a390c420fd72faff03428e0dce5286d1c1d89a36a510f97118ab6a774084fa20d6920e1e360226ec98a0eb3a0dd694dd810e2e7

Download Submit
/data/data/com.br.pizzamaker/no_backup/db_metrica_com.br.pizzamaker_20799a27-fa80-4b36-b2db-0f8141f24180

Filesize
4KB

MD5
7750b3cc16cc3d2b8a85b444242fb04d

SHA1
d948857ec7282fd154039825960fcdc0810d0ffa

SHA256
ff9cdda0e7a8971571aa2b3382196d5f825edd8e6c64fa88eeb0ac7fea535a5a

SHA512
0f7938493417ebea270d5fc77316f6cde770643712edbdf643074c4388e570833c6aad1c0db610ab337286e6d21ebd613f382ed80a7800acfecd494dfe87246f

Download Submit
/data/data/com.br.pizzamaker/no_backup/db_metrica_com.br.pizzamaker_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
512B

MD5
9282cc044fa54254d9681e2cf7ed6fc4

SHA1
9b7e66ccd15ce9f918789f592ddf83cf547508e3

SHA256
759289e1a145cbf0624580bbb90769d3b58e69d569aab4339ef5ab51437b909b

SHA512
6025b328a0837ec87c5c945e52806e75d211ee81d054ad38f4467fde09f379001e4d3c9512ffd74b4fd6e8214c5a392653050f1045c12e41ca4e7a1843d2c492

Download Submit
/data/data/com.br.pizzamaker/no_backup/db_metrica_com.br.pizzamaker_20799a27-fa80-4b36-b2db-0f8141f24180-wal

Filesize
164KB

MD5
f6b62685db815e4036e0fdcaa23aebcb

SHA1
a37cab70872909ec6dbcae8fc25f684f13425544

SHA256
d0babd630174d6d9700ec94fbf78bfbca3bcc9dfdc082926ced6d52ea9ec72d5

SHA512
353463d1418f5bc9be0651e1ba766cd8d784cc7c55897cf8e5294889cb7838edec1cc8e714b297fccedeeb0c8fe1635ef61bb08d4281dd5d25c1791819f312ac

Download Submit
/data/data/com.br.pizzamaker/no_backup/metrica_client_data.db

Filesize
20KB

MD5
687c7eb76347af93bcd13f9809c7055e

SHA1
324a42a0fa739a84ed89fb8b66086982035e5aea

SHA256
524c913791c5c96b1bf8b8763c47b4c0c84d68677faf57381f09b49110f3fb6f

SHA512
a709652068a2627e8802d1495c8a5fca5932bb0e4ffb7a6069488a72056096f1e708f1402df748f55d34903077d7664149d431cf7d7df63646d1d575cc7e9cef

Download Submit
/data/data/com.br.pizzamaker/no_backup/metrica_client_data.db

Filesize
20KB

MD5
2a45def934b9ccf965998cfc082c0cae

SHA1
c34390a8aa7ba5598d54c7ad64eba7ed6966bdb6

SHA256
21268037052a149d4c88feb854d88c65728a6e7e87f03714a6e7d1a1ea85f83f

SHA512
19f78d89f169572daf7ad0cab00e1b95c2e7dd01d7ad88ac8fb7026352af1e92576d7bc2a214db3e93b58232aa98f585a84aa219d36694b4a3c86fd92c4d8f1d

Download Submit
/data/data/com.br.pizzamaker/no_backup/metrica_client_data.db

Filesize
20KB

MD5
44def4f6e42c3ec63f229d23af8c804a

SHA1
f5956d9295778b539bced03215343fd3cf7a9dd8

SHA256
882faff2a0f007164d5dbda7bd7f803306423b5eb48a88b1bb72bde65b77e50a

SHA512
a14770398044635a8a8fc0d59dc95af3a97ae78146a9ace3795d600a44098a5ff7099aa3d0ac40442f8ff8c5d3b5ceecb4b360bf47f3e8c7c902879e2e76228d

Download Submit
/data/data/com.br.pizzamaker/no_backup/metrica_client_data.db

Filesize
20KB

MD5
5d88472721743f15b05eaffa0977dcfa

SHA1
4200eb17fe8ba8881bc36daf2ccc78a03da15445

SHA256
f39034919bbf7c1fc66123a523e85db00f6cae442dddf1c611f1500a94fc9d84

SHA512
22f2b07603fac32223b22af39a3577da209967c85c9132f0453b3133ed215ed5ecba8851d8bbf6de2fdd21caa97920e6ecaf50ec12739bf4d33b2d8d48d02f59

Download Submit
/data/data/com.br.pizzamaker/no_backup/metrica_client_data.db-journal

Filesize
406KB

MD5
1f2217ac434db04e702897fb38cc6438

SHA1
0943923fc72e78200e3c5e0ded09019b530cfd98

SHA256
883bbfa32217eaf6a45c90ff46dde7683d75a3b906afcc840c8b5e72cc2512d8

SHA512
fdd22fa6cc5ab1784b92ac4396a46d89d53730f60482b67257a81b6ed07fc6b0c053cf393782f2c19d50970103d9ef919e338aa6b7fd68f52789e18e09c50fde

Download Submit
/data/data/com.br.pizzamaker/no_backup/metrica_client_data.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.br.pizzamaker/no_backup/metrica_client_data.db-wal

Filesize
32KB

MD5
3f8b62fea60a5002106a6ac9f0769936

SHA1
4b4ec3b92a2f4c83ef7db632663c542b1c7198b3

SHA256
dcff97d5fa8d36f5e83c1df3be913c0857e4fa562f5f63f731247d56be4a1df5

SHA512
9f8b3fca3464c5f7dac40fe294132595ee9180925c249182a93d3b3a315501bf65acf9ea1e9ba29353b6530c03821e72996fa7d896753165d6cabb7920a836dd

Download Submit
/data/data/com.br.pizzamaker/no_backup/metrica_client_data.db-wal

Filesize
8KB

MD5
71b471aed04e995606cd4371139aac5d

SHA1
7580c8e7ee5d8a4d504876e8ead88198ac011b2b

SHA256
029b3e324633333f031247164170b08da5358253723ca97e95dffc705c958000

SHA512
e44f0d8ada83c60f05f100747ec3d87a097e86dd026745f2d4ba7d40a8b029f8baecf634e49ee933a23fac56cde1800f9b495aa969716803a4f31611ffafd839

Download Submit
/data/data/com.br.pizzamaker/no_backup/metrica_client_data.db-wal

Filesize
32KB

MD5
459c306afdefaf4b43964f20b1bdd747

SHA1
1ac5f53a77b7efe6b829b8562808c03d468d0b8c

SHA256
ad05fbd885c620620d3f597c5988cc4f5b54f11c68db420e83e9276da1d58952

SHA512
22b1fcea9d63ca8db7001671f5b06a8e9557e97967c62ac33072d438eb826eb97d4ce81458a5cd0634607f2900688290484e678d3770b3f5488560574c34c4dc

Download Submit
/data/data/com.br.pizzamaker/no_backup/metrica_data.db

Filesize
44KB

MD5
4def0ad14f4acb152868ffd42006c8ea

SHA1
697bc15a1897a35c843905da06c98d0a020fc8c6

SHA256
36773e7e93aede4c4456dc05064e81e29c54dae98332397d1caa0bbc93a1f249

SHA512
c24b30663013d0f8cc857a2ef14602a55d01838d5dcddaab0e4c6c861d988fd5108f6fb21239cc567cb668d8760cecc606c4dbc1c6b0b09e91d77fdc3287e7ef

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads