Analysis
-
max time kernel
44s -
max time network
148s -
platform
android_x64 -
resource
android-x64-20240514-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system -
submitted
27-05-2024 12:50
Static task
static1
Behavioral task
behavioral1
Sample
7937bfd80439ba6e5b8b2f6785579cad_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
7937bfd80439ba6e5b8b2f6785579cad_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
7937bfd80439ba6e5b8b2f6785579cad_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
7937bfd80439ba6e5b8b2f6785579cad_JaffaCakes118.apk
-
Size
6.1MB
-
MD5
7937bfd80439ba6e5b8b2f6785579cad
-
SHA1
e8fa0c978ca80e7ecb2b7f4d7e04d1ca7d3f5e5e
-
SHA256
33d5edf1fca2f270ac61d0f090ac54e52b371fdc839b63b0786dcb48a45cf486
-
SHA512
4ae0a2fda76e7d985a81472e89d105f3a551c7aa3208ac9e09ede6b02bef38868592898ded6cfb4e06004c4fed12cfa667aa66fafef408da26e8bd51cb4e5601
-
SSDEEP
98304:AudWDH3DdrTLhNpUcxh7EMEjzenIMERfDIX0jcOCuPLkxC44wCUOQx9zf0NYAG:NkDH3dhozenpuf/jWULkxCYbf0K5
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 4 IoCs
Processes:
com.offerup.hackioc process /data/local/su com.offerup.hack /data/local/bin/su com.offerup.hack /data/local/xbin/su com.offerup.hack /sbin/su com.offerup.hack -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
com.offerup.hackdescription ioc process File opened for read /proc/cpuinfo com.offerup.hack -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
com.offerup.hackdescription ioc process File opened for read /proc/meminfo com.offerup.hack -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
com.offerup.hackdescription ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.offerup.hack -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.offerup.hackdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.offerup.hack -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.offerup.hackdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.offerup.hack -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.offerup.hackdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.offerup.hack -
Acquires the wake lock 1 IoCs
Processes:
com.offerup.hackdescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock com.offerup.hack -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.offerup.hackdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.offerup.hack -
Reads information about phone network operator. 1 TTPs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
com.offerup.hackdescription ioc process Framework service call android.app.job.IJobScheduler.schedule com.offerup.hack
Processes
-
com.offerup.hack1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
PID:5145
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Scheduled Task/Job
1Defense Evasion
Hide Artifacts
1Suppress Application Icon
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.offerup.hack/databases/OneSignal.dbFilesize
40KB
MD56ea5817dfb71687d648b0e4763152545
SHA1b5a1a2a1fb579520ddeb9861c0eba5f7109d0d74
SHA256be512b097518bdaba39e6106c143a267f56e98d8f980ed6295773c4082149824
SHA512cafff4c86b710428753e528aed212096fef264a36cd6d6ff48af487ce1d5cf90065b4be0ad6460e4e7631040f7a28657f31811be1a5cb417c4b2725c51fb5186
-
/data/data/com.offerup.hack/databases/OneSignal.db-journalFilesize
512B
MD574d5883e6022a685f4ee720d430fd568
SHA18bbca2004a514b84408f913c89a74fe312b3801a
SHA2567917cf6e87026b31edf406c0d2c6a01ea4c179be1bd83b5258d4cd854b6938ba
SHA512a56e19112c2011dc49a8dcf4bbbffc87d527e0777ba9cd94f50449b2ab5273149971766b5d006127bf2bf677b6de5140811453e5516e1051a4de28e40184295f
-
/data/data/com.offerup.hack/databases/OneSignal.db-journalFilesize
8KB
MD5861fc2fcc5cce5cab2972fa620cf21cf
SHA16985fc60b6c755b7bbd95ea0faf1e5711caf8635
SHA256052fdbabbb3af0739ae1f07174e5390a1a4452ea4a9a7571779e7264d5dd3fa8
SHA512bbfbdbba60c9912acf136e1424b045d27d1d225cf4241104fdd4f175dbbabacbef0f1aa6b54a26ea5db3f44b0523833ab1c6688f02346b81eeb285a3bfe6a9ea
-
/data/data/com.offerup.hack/databases/OneSignal.db-journalFilesize
8KB
MD5862839723e76750694bf4dfbbcd306da
SHA1043430250bf6228391ce119e64d61247038069cc
SHA256330492be868fb33f73d9f9cfb5ebb73ab43ec77e83b7428b06b9e8dcf56503ff
SHA512045ea386e550a6aacffdf7c3a350d6403d8798ae4ab3b90d83f75860195017911741c610262ad71c0f0739eb776df8fcbc68b6da08ef218413eba32659120d4c
-
/data/data/com.offerup.hack/databases/evernote_jobs.dbFilesize
16KB
MD52ede90cafc7b99e892675fbef8a1abef
SHA1c335463832fe819af84b0d80f3aa96c01dedee93
SHA2562453591ab150007dffb4218189668e7575bdc48b878dc55db3c0c9e34d8fec49
SHA51229e77fbbf384e18c81bc6bcd3dc6d986c5a422a0d4a61e4c77ef2fff1ff7bfd214228fdfbdedce16153f4b38bf01fb2c8b17a9b6fc64b8f22418a34fa7b5eb3a
-
/data/data/com.offerup.hack/databases/evernote_jobs.db-journalFilesize
512B
MD53ce7d4887a097270d23b53e3d33b025e
SHA1a648af1fcc4fd3b55dcfe34b5484e1cdf5e7466f
SHA2562bd9d48e4f19fcbac1b6af05379711bc091c82833a5dbe356ef0906b6192c29a
SHA51265a18ae7edb28b14a44b642b1faf487cc1b318aaa8bc514f9fc69708feb02f5cc3ead0c5c5df48768959a740eb53126e9008ad99dd12f8fc6acffadc3db5f550
-
/data/data/com.offerup.hack/databases/evernote_jobs.db-journalFilesize
8KB
MD5fb9078f30671a5356ac4d78585b16af2
SHA15022baf56c3efc8edb5c4414b438be058dc50485
SHA256553bcda3675bc1263ca163953f1183bc2ecb2aa6efadd8e1e17b748b5f21f7c4
SHA5123ff4a2dcd077ca533487232823fc1d9fcdcd6a32f7a7a17041cd1ff720524e2fe14765622e3285b3301452ccb1a5ce07d19321cc46d02515f2240b7f8328dea5
-
/data/data/com.offerup.hack/databases/evernote_jobs.db-journalFilesize
8KB
MD5274d3ce0702d1a7ed1760300d9c00800
SHA18730378393019bc9410be3067ddc3dafa073b23b
SHA256f9ee6cc10243cb2081a7553020bae7407c7e38afbcd210b8bfe4c30325a7eb6d
SHA5125f62f5c3eb85088dbfabc697867f7d78a6f52b06038a53c3e209b241b11a5658cd8cb03c6af4073756ce0a033dee54cf27a9c377f81fc1424cc71c759966c8df
-
/data/data/com.offerup.hack/databases/evernote_jobs.db-journalFilesize
8KB
MD5904161b9c801cfb9d448eddd0c852ed2
SHA15666d9cda867dc9ef796cb22beb775410bb681c7
SHA256ff31461c32e50d777eaec7b70b3d19fef0547b25b84e4eb126f0e516fe4e6547
SHA512b7543d08480922bf372b7395e50e8c42f4da33e33ee61a157a6b0d32c78b7c987c232bfed1c00e663c56f3e027476039fac9291dcef8cd8d86ce4f584adc7054
-
/data/data/com.offerup.hack/databases/google_app_measurement_local.dbFilesize
16KB
MD59c2203ff21104cc0905b4ff139f06e5d
SHA1063f1a2ec4b45aa2d9e5f240ab38da31c46997bd
SHA2561078b38193bc70b3b672e075f7a08a25bb1c41e7f22dee981780202dc1ba4d11
SHA512329ec50129a49d5415b1428092a2451d91fafb7fbcb9413608fde5d528e0a2818c5e8aa3a07b353ba107a120da381705e8cd8bfba8c70a32bf328d31e01e2641
-
/data/data/com.offerup.hack/databases/google_app_measurement_local.dbFilesize
16KB
MD5a6bf60f47f29be713cd64a7a11f7a544
SHA173d8b63621fc767cc1e0dbc5f6f72778484009e3
SHA256187638a4e48d2341d70008a589b1e4d7a665afea0c2c1507477254c2334bc143
SHA512afc940b2698b2eac64b6d3c35573a2dc6d80e2b9399139e75b0c07b15f66579f1f24ceeb649bc92043657016f650b882a9e151f1dd48fec5ed6393182e24a391
-
/data/data/com.offerup.hack/databases/google_app_measurement_local.dbFilesize
16KB
MD533bed29be2cb47c6fdac79b7b3e85063
SHA14142334097fb3f4cea0dbf69e836aaa537f893e2
SHA2562b6a8bdf47a6e90f41c58a3e6cbc5013f666401f6e2d86253c00917a75660f60
SHA5126f17d3ce5b0d587e1b522ec7a4a352c981f3bdd0603fafc74b79df4be89dbc62df859350f07bf22419771993b3b846dee286f5cabd4ba7bebbeefed1de354149
-
/data/data/com.offerup.hack/databases/google_app_measurement_local.dbFilesize
16KB
MD5763c6c8c89fb6fb16bb235e44da66841
SHA12d94f38d2b5c49c84d05d6397286ca6e430010f6
SHA2566e2caae0c33f0935c26e5d7173d0a5f6c63a2ad10e05693158d5883d270d8a86
SHA5126eac4383cd015ded02e9fa1d5154bd56c1cdfc35cedf5999e039f7949432b4795e98ee2dc4d11a9f81968628e3d10bd41117ebb5d6c4013619aa86a7a7407127
-
/data/data/com.offerup.hack/databases/google_app_measurement_local.dbFilesize
16KB
MD52f1eeee3602c828b8e9f81f6fbd20d41
SHA1d240b568bb6929702815b9a5edd05ad635671caa
SHA256458aa953a9e0adbf5b8765ebcf6b51bc5b5a48b7664e85d25c7a8ce9781a2d5c
SHA512a8642cc12cb9af0cd9d3fdc4bb1fe3b246d02af6b36714d80cdd2809def699b0b93eb585187c17f0a8e19801879e2e9edef7963ee416ae9e8cc35fd9cede2859
-
/data/data/com.offerup.hack/databases/google_app_measurement_local.dbFilesize
16KB
MD5eb52a90bb70b76e946b62f50b6f7fb85
SHA142d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA25648472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c
-
/data/data/com.offerup.hack/databases/google_app_measurement_local.db-journalFilesize
512B
MD5e567b9cd5b04eb2f729dcfe8fff8502a
SHA1cae0ccead2e10b5de320feac7f98ec7ab14846dc
SHA2560cefd9234bc17f136bb3701452f0860495199d6a67643567bd5187c0dd42cb22
SHA512aee6d72074abbd4167aa9a92863c7cfcf2c08b8bb528f1d5a7c347cfb15057d4083edd5fecaa4792f4803445fb2ca6c97501321321e53f8cdf1e4a54fe3a9218
-
/data/data/com.offerup.hack/databases/google_app_measurement_local.db-journalFilesize
8KB
MD54ff6dfab3cde57a0220811c64911cdc6
SHA15a7f097f7e397d3db88671c8d8526505fb0f55ef
SHA2565fb5c6bdc8970dcefdd8c9912644ccad1b453c1ee367ee86256a256b6e9b9272
SHA512c6a6897a3de8393a4061336a206bf819b6cff711c29426898055e5bf4023f85043ac63c86766ff120cc74162e8788532ba5c4700deb2df1a67f9f58bab2c2fd6
-
/data/data/com.offerup.hack/databases/google_app_measurement_local.db-journalFilesize
4KB
MD54e593ba3a152d914b9c86fa29f05ee21
SHA1dfe15b64e167e9bbeb1c618c9da08d9c54048d92
SHA256001ff5415a4d18724edc0ecea69b0d13aa9902c6da83ba7befee68098eeb6019
SHA512040fab584b57c5a0e2abbe2a0ef3f74fa3af2135de7fdf932df82ead0e7b214bb2d24c8708fd3c78c88080af883207a8c6a6f0b1170be7bfdf178d2275791ad2
-
/data/data/com.offerup.hack/databases/google_app_measurement_local.db-journalFilesize
8KB
MD501b5a1478915b7484fc4bb03596f773d
SHA1f99e39b20d4403dd2cd02654742d4c7f3f57201e
SHA25619407d98caf41f9f8bfdb564bed578fb07421ba9314b2f0e1cd9fb4d2f5a0388
SHA5121d5b5ea923c01184d6df7ee2482f727c40e2d418668ee48dc7f9c27e7e732f9513541555ce980201c6ffcdad101deea8777b01c152768bc0b28c92954aac3751
-
/data/data/com.offerup.hack/databases/google_app_measurement_local.db-journalFilesize
8KB
MD52659432800301f986f10ed2003648ef7
SHA1add2f970b67b6ee9b5392c5a965b3c51cb867c63
SHA2562f1585cfb5a8e235a715048626297b289bf2ad92d2a5d6751787bce67fa06874
SHA5120b4ebd6c958b7071b477add86496186e2791a3b9d09b7e699c7feb1c3d657f841d0e0fbe279054df13ef4bdc76da9875d4247c72bcf27d61e51d489f88d1a47e
-
/data/data/com.offerup.hack/databases/google_app_measurement_local.db-journalFilesize
8KB
MD5b11db5dcf44ed9874148c04e37834295
SHA1e34d4a787af4d2662b7687ed276185632f7fc876
SHA2567a04e068e2abf10d6262585adf203be7d06ee80e759478b3ec5ba438ab5cb7f7
SHA5127e0431ee6c5ef3b668302035c9700b4896c6c4ae40825b9d18dae7cb502e8936ed75714cdef0a9fd927ddca5b9adec61ed20ff6b618742a420340b54b8619f80
-
/data/data/com.offerup.hack/no_backup/com.google.InstanceId.propertiesFilesize
2KB
MD5eb254dc1fb73222a50c1522ce596f412
SHA15399a0e2c00fb57551f4b584ac2646a913591817
SHA256c073c7521a77830edeef0e783c2d9e331460feb4fc096787ff409299b4c58fc5
SHA512f80b106933eef56fc0c72f3d4f8216272056178ed5d793de265f0dd761e387923f9adfddc019e146e85c2dc2de0dec18330fd11ef3b03c794009cafc39043ae8