1fc0289858e6a49f71af36bd7e0a1cc6aea61d570145ac2c0ee53309ab020b94

Analysis

max time kernel
148s
max time network
156s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
13/09/2024, 03:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

dd9640f7af0ae9fb2249c0289a54f3bb_JaffaCakes118.apk
Size

3.3MB
MD5

dd9640f7af0ae9fb2249c0289a54f3bb
SHA1

c7d13fc3d1ca0b916c207cf1aabd2b5520cd0691
SHA256

1fc0289858e6a49f71af36bd7e0a1cc6aea61d570145ac2c0ee53309ab020b94
SHA512

0651a3b74b3daa574d0187ef7753783711f0ce0e59026e746f9a7f858e693288c8af96ae7669bd8b19f68ce5fcc2ad4e460943bfa97bafdefdf37d7b986431f3
SSDEEP

98304:xugfuWWFkFL7EBasOqFRl8Fr24J73DwpwOtywXN3XWiBj3y:xvLWOLpEcJpXL

Score

8^/10

discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	goldenburger.creapp.com:Metrica
/sbin/su	goldenburger.creapp.com:Metrica

Queries information about running processes on the device 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	goldenburger.creapp.com
Framework service call	android.app.IActivityManager.getRunningAppProcesses	goldenburger.creapp.com:Metrica

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	goldenburger.creapp.com

Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	goldenburger.creapp.com
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	goldenburger.creapp.com:Metrica

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	goldenburger.creapp.com

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	goldenburger.creapp.com
Framework service call	android.app.job.IJobScheduler.schedule	goldenburger.creapp.com:Metrica

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	goldenburger.creapp.com:Metrica
Framework API call	javax.crypto.Cipher.doFinal	goldenburger.creapp.com

goldenburger.creapp.com
1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4979

goldenburger.creapp.com:Metrica
1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:5025

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/goldenburger.creapp.com/files/ZPkFS.log

Filesize
20KB

MD5
ea9c2dc01d788f2ed7ad6a455e32335a

SHA1
3da6ee06226734e9a402c3ef2b542af3b509b6af

SHA256
ddcb0e1970efc2dcb42a4dd328ef8c10f3512b39a47277d5b075fd3b92dfc3a7

SHA512
5b834f25f6f8afea98eec78cf8e148671ceca48aee8019e09308389c1f336e47e55666fedf66e09c97e827c375ade0fad635b98686ebd2f72240108670d25e76

Download Submit
/data/data/goldenburger.creapp.com/no_backup/credentials.dat

Filesize
233B

MD5
dc60083ba5a82e480620539ae6d08471

SHA1
81afb3a3582a494ad166c516d0023f1e89d9f366

SHA256
5bf5213ec50cffc187307473c03f7a7b250e5244714026c9d89acca475cc3bb9

SHA512
d4a82e22ad4934143150d8be5bde9485d3c032414604f532c590929f36f035f4079ebdae95a45dfb1f1ba5ee9369a563dfae4326a140e6e60a544085b55fd14a

Download Submit
/data/data/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com

Filesize
36KB

MD5
7aa112342cb40202cce168c7386408f0

SHA1
ef5f7f2ae380607a920ed7068e2a93d333bc1881

SHA256
fb49c5bb9202f7eb025d12211e2b99685ff2736a4df6ec8d2ce9974c82458b74

SHA512
cd7901eef4976428f89a3f3fc950730ab737e005561e1d5215cd3508352eee165a81e0209acdaacd6c4e877e4cb93279894ccc81374038cb9521ad554254cbe3

Download Submit
/data/data/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com-journal

Filesize
512B

MD5
34680b2d3afe602ce5199a26b8174d70

SHA1
106d941b7c2c1547221f2bb30d0601d4250c78cc

SHA256
dadc3ee37110afa3f40eba7eb5df72ee78003f69073da18c46db65fc196e3143

SHA512
79283d2f9d575f542ee71f25483e36ac9733aff511b17f92b8e894d94dac62ffe18dce327fd5479b59865840baf3cd378f800f82f6594c6cfe925f6d1602198b

Download Submit
/data/data/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com-journal

Filesize
8KB

MD5
a1ef7adfae7918e581a986015137d006

SHA1
3218830ee0083bf5b7103b73065a122e6714ac2c

SHA256
fb0a32a06d4fb23efdff0a18078c9f084ec57a9d642849fb6ce56af23490453d

SHA512
71e0ae1541b50d62e5f7fba299d6b1755415fdb984c911a614c980defed8763acc33ba18fb7fd9279cba2d5e82d179ffecec1179d827d4891eb09dc442ccec1a

Download Submit
/data/data/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com-journal

Filesize
8KB

MD5
da188004021015c05afe35a8d360a8e8

SHA1
77d3322c97893760e0a9c5ee1eae5c273d6c233a

SHA256
4899546feb04b9dface298087270efcb5377b4a47ccc0f7de177eb93b7b93b18

SHA512
bfeb58fbde222594c02a5ef3340be775dda340ad80d83aac8516fdf21e76586fe0f57221c20b1fa7dd19fa5d50e78d5e41231a8f7fb10f25ad879bb459cf5bc1

Download Submit
/data/data/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com-journal

Filesize
12KB

MD5
90f89c7af3dbf06bd1330344d3d55c7f

SHA1
7bc2d4e4dda1e26b76a50709e42af63580985676

SHA256
2fcab627504efb2a40e1476605ba1aa5573b6a52c1bd519369f81e3ed8b08c51

SHA512
8fd27a14c44e34c805e437b51b479b6da4f504dbe3e3bf29b814add8a990df77606ec5be8185edf71629a7f5c295769e394fef07bcabb6a13cd6255531848781

Download Submit
/data/data/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com-journal

Filesize
8KB

MD5
9bb210fd4977d7be6436d282d1a90818

SHA1
03fb9bd1bf1b7613518dadd270be4a5b45cf5e8c

SHA256
6e8004ebaa0cbe369807f0fdc9990db04e33bffeda27d53cae5e3744a7b4a4ae

SHA512
f2b7a4e976e21e29ecadaae5210614a20c19a496af297d2ab299d21cd5a8e7e9b6769ccaee9b2395a72953516c90846eaaaffc4c7d3bae8b82db58849383b75e

Download Submit
/data/data/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com-journal

Filesize
12KB

MD5
c6d93eefc18db5c8560314f61c14c67b

SHA1
984a54cbf64354f785098878482c7933d8ca09c7

SHA256
904cec7fd010518660bc6c243bed9d31635fa4a2b0262bb410e97c15319dd177

SHA512
6cc193d0f4686b9b489a2ab3fb4362ee608531f7676bf325db9153618852fb1e6b265def60c106434f1bde2c231d7a6ea21321b296ba057bd73e1791dcea8aa9

Download Submit
/data/data/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com_20799a27-fa80-4b36-b2db-0f8141f24180

Filesize
36KB

MD5
04a37f70a8e3ad4da69be114be3719f4

SHA1
75889fb0d67143acc4e0d81590104363274ec23d

SHA256
565d51e9c65d9e591f16ce65781ef0c70c3be694afdb7ed47b8acc2b429a02ee

SHA512
f2973f1c5bd3554853b61f725f780b5ff02dd12f730b0d8e920ec4be3542c6fe3199eb031ca5b1a0368dd253d790ec8c396b76f9b3f3b468e79495013a163835

Download Submit
/data/data/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
20KB

MD5
dbde0d814680b2c36f5df610ca184e69

SHA1
f65999168db0468fde6139b84f93f2a4d5b7e753

SHA256
7ab0c5f690efe5fc9b76adf550b7d93aef5827f3d51fe5a3902cfb88fe57ad7a

SHA512
de2a7c5ee2debd87fe6d2275094173feddb3cc73ac1f6bc23d20e0a2006e3db377d05186fc044ee4be12c039885efda5eeea3983d4c8f21302733e82781c4374

Download Submit
/data/data/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
20KB

MD5
46f36da6aba794b46af8ebcf3d2cea17

SHA1
2dcf89f9f603325aea2d9ae0c0a5e7820d08401b

SHA256
9f323078ed0957939acb12354c833de61ba15a24cfad1341f4142b9e90e067fe

SHA512
b797aad6c669ba8b0ef7184a5c6cbc6c2feef188786f0fb50275aa2aa87cd3116231423edd6a6268351ab594b70a107641edc7c15cac8f836df30e0176d3d4bd

Download Submit
/data/data/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
8KB

MD5
db726b291097ab1cf7dd0595eb2b867d

SHA1
902c4d92b8d50640698f9021f06a9f99a36e3e58

SHA256
d255718bd9001045c72702d52df09acc4b537db35756195c0e582ab660b8964a

SHA512
4391e10ca6dafe016b12f55b4b2f5aec2ce674f7e53e53e2199e61631e253ad068238f8aca72de08ce578663b33524a2885af752812c9b4c06ba0cbe9b9388c4

Download Submit
/data/data/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
e3e342e610758b7d3b0963ef3801a74a

SHA1
f924fd5227d3c9118bf453e5150c43b114fa0672

SHA256
d8837b591a05e2f95770478ab8a4ad9079f1c6b86447bf7d23dfcb8a8010a177

SHA512
d67bbf7b1e1adc111091f76b8c69c159b01f1cc2c14d2bb22dbb8ae883ba1eb9e70f631f46308d384cf89513b233dec5e6c0f685d4959c1d7d0d0f136a98d09a

Download Submit
/data/data/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
424cf97133a08fa070e5df160f6865f2

SHA1
dbb9be29300bba9350855166b5d368911a26dc48

SHA256
9efc620bd69c09264fc1d615ab86dfe93451a35dd20ebad9531975a89c4a4330

SHA512
01b8da127d594315f751f2f8155ce02666a80cc29696d01b94a5e7d5a6dd8d99a07573b17880a334620c46536136d664e95bc3f50472bbfd7cf591806172684a

Download Submit
/data/data/goldenburger.creapp.com/no_backup/db_metrica_goldenburger.creapp.com_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
12KB

MD5
6ad7bfba3979b16b4df7917ce07120cb

SHA1
4f751d9292ec6e49520c5dc744b80b95bc822fb3

SHA256
ab9e5b441d17986b648ef09f2b560ada2c4ca3ed361a13ba3171daefc27c7d27

SHA512
2b80c875de371a86fb40bff173def35ce113f0b62f9539cf8d9217a910e5d55d84236638b5b788ec13dfe6fd221547c92551d8837c426e1405b52062b9a6bc66

Download Submit
/data/data/goldenburger.creapp.com/no_backup/metrica_client_data.db

Filesize
20KB

MD5
ea1c730c155bbfb43cc877f2c574c8f6

SHA1
a60a0b604c6047d2b071c102c673bd9cf1b763e7

SHA256
639ca122211d954e13e09cd678e7c7feacbb0185c867fa1f46c4cf28d4562299

SHA512
a6deaee0b948ca5bef8edc2bbef998f4ac263f93dedd77988419c8a6747fb1a814181d2d0bfa1ab79a949618f805f0a12fc0de2e856fee8dd933a39645af0ff6

Download Submit
/data/data/goldenburger.creapp.com/no_backup/metrica_client_data.db

Filesize
20KB

MD5
4117cb25dc9d83157a85aff489f0997e

SHA1
0f5e19fd6559baf6f3cb956dce8432686f803fb0

SHA256
4b9e7a88302e7e659c1987ac126f2a5b02eeacde9ec9a3ddf45bc4184ce8f0a0

SHA512
6071a55bc6993ee2f5f9dc9df52694ad9d96981d39962129a2e0dcdac71cb3c6cd90b2133b53676a1f91bb8a528fafe3b805e69c4f1d04fe3d6bc9aeef5ea21b

Download Submit
/data/data/goldenburger.creapp.com/no_backup/metrica_client_data.db

Filesize
20KB

MD5
484df068dc370197c0e37af4f433f772

SHA1
5d071329bf5182e60b2d268adca542901d492001

SHA256
3ebaaa9fc7a9245b413f62f91d9e689d468456dd4b6ce2408bcd2003cbdbfbd0

SHA512
587e7b68f2c167d39dd50744f2892a461a67cb073e8cf9f6eb2ab752e07841440dbe212af32958248d15af5d4001e7fa12f86cad62578ef31999355a86c3b0b5

Download Submit
/data/data/goldenburger.creapp.com/no_backup/metrica_client_data.db-journal

Filesize
8KB

MD5
15f16f5305b935e446cc7bfe041cc4a9

SHA1
0604d7e80bddf17281eb79a39a90b67ff792bb4b

SHA256
5e6d1b464cbfd02639e5f46b0baaebb21d9f20d6a5ac79d12c4451a2144384fc

SHA512
64f9b58c7560900a389b4d00235b934913f8f1c5f02028f883837dc38d3d10527725b96a23920dbb4503d4a09ad2e70bc94f2c36580b79e2a8a0bf54d52e9923

Download Submit
/data/data/goldenburger.creapp.com/no_backup/metrica_client_data.db-journal

Filesize
8KB

MD5
305874fb9b0886c583644bfb8a4cc6dd

SHA1
e8f64ebf3c943765dfb5aea36b67f65ec516690d

SHA256
85571f219e8a514080842e96376f15459accb3416f92303b651717447f42f009

SHA512
efe99b948fc13693d5ef7fedd64ef951344ec146ac0fdd4f5fcd146ffc9a4dd417448c3ae0d7c5225ad840480511b4a1bb61ff925d2717b038061d30ea64cc22

Download Submit
/data/data/goldenburger.creapp.com/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
65fcc349d06277d6ef8029bfe277e37b

SHA1
b584d7f4ef9b28206d27f70c35b2d6ae130a365d

SHA256
ed8a7d7394fe113c58c785e5716bcf7a42eafa917038c02833e4a89348884eb7

SHA512
ba9936eca3115204a7ea5bd593a195855fd0c3c41af75997a0ef128d7ef2bd0b9b8b6523697f087473facaa2daf1a3a7f260ff43cfeff9da8a898939b7d4e319

Download Submit
/data/data/goldenburger.creapp.com/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
99a6578c84a1c161fa9e45df05fbb15b

SHA1
66b25026dbc672b5c30ca436471fb3668e147969

SHA256
a3f74ffe1b3ad4aa1fbda134a80b955f4efd59cb86843be17c357dcef049f85d

SHA512
edef8fdb90dab5c9170108ddf10feb4228e126c094a5858b2b99a092ecb52929d657b06c610ea07513441307283e0d79cac2e88d1e60d178f8cc45eca571e796

Download Submit
/data/data/goldenburger.creapp.com/no_backup/metrica_client_data.db-journal

Filesize
12KB

MD5
bda4e4bd28e6c185afe3d3868fb8f84b

SHA1
a15e405a3c2c2c1d07d7c2ae7d1e2dee3543e137

SHA256
89d9cdfd0669282440a3dc03c9d866e8e310c1ac62560730bfab92838aad8f20

SHA512
71cfafe12a2d8bed7147464c12ef0743ba522c37c814cceb27aa02b60553259004fb51cf0f31426a4daa180cc8d44d2f6ba0050a6059df347e6b6b2ff21c468e

Download Submit
/data/data/goldenburger.creapp.com/no_backup/metrica_data.db

Filesize
44KB

MD5
959e9b67206a8f8a10d1c747cae0b48d

SHA1
0a76a8a66547fba2d2386ff28915d5ed5ac2a086

SHA256
c3b4b94a724a3b13415fb9a5996da1a4872bd33f071e955dc7b95e7ad539627d

SHA512
b160e54b804c1915fcd4793e749f2dade934e9d03f4d7c1709254b0ee60c98509c467e3b0b34e02990fd21e7aab48e55cf205d33448c6078e6e00766af5448a1

Download Submit
/data/data/goldenburger.creapp.com/no_backup/metrica_data.db-journal

Filesize
12KB

MD5
2cbe1bf5d9b80607bfb0c072d3453684

SHA1
29efd4f9c0e418c099e84c410113babec6c83a27

SHA256
9f2658404cff6300c49debcab99f497d96fa6eaafb0f2c0035e039cdedd56014

SHA512
2c8b562791c6684329c59ef75a9be7f71a7b04da9254535e02850156549a15ec51c19096662ae9a69d2e399a91b9cd12c13ae28828d4ce3805cf2a8d1cbdba99

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads