Analysis
-
max time kernel
112s -
max time network
172s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
-
submitted
27-05-2024 12:50
General
-
Target
7937bfd80439ba6e5b8b2f6785579cad_JaffaCakes118.apk
-
Size
6.1MB
-
MD5
7937bfd80439ba6e5b8b2f6785579cad
-
SHA1
e8fa0c978ca80e7ecb2b7f4d7e04d1ca7d3f5e5e
-
SHA256
33d5edf1fca2f270ac61d0f090ac54e52b371fdc839b63b0786dcb48a45cf486
-
SHA512
4ae0a2fda76e7d985a81472e89d105f3a551c7aa3208ac9e09ede6b02bef38868592898ded6cfb4e06004c4fed12cfa667aa66fafef408da26e8bd51cb4e5601
-
SSDEEP
98304:AudWDH3DdrTLhNpUcxh7EMEjzenIMERfDIX0jcOCuPLkxC44wCUOQx9zf0NYAG:NkDH3dhozenpuf/jWULkxCYbf0K5
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 5 IoCs
-
Removes its main activity from the application launcher 1 TTPs 1 IoCs
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Acquires the wake lock 1 IoCs
-
Checks if the internet connection is available 1 TTPs 1 IoCs
-
Reads information about phone network operator. 1 TTPs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes
-
com.offerup.hack1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Acquires the wake lock
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.offerup.hack/databases/OneSignal.dbFilesize
40KB
MD52479ff01e32c1445266304f37e9e7b35
SHA163a2b50d03eff98a4b5e684f1f95996b78219e6c
SHA256c276033016c0ae04c4e1a7128d443a01aab24d99c434696ee1b01fef2d3acf15
SHA51214b24f8be6f9a88e31a2d74f3f13cf9e84817bfe445b8b8a873c1678f274714237b3f1a2fc9c5821c300fc72418e3229439107c2a2ff307007409dee6fdf16d3
-
/data/user/0/com.offerup.hack/databases/OneSignal.db-journalFilesize
512B
MD505ab7ebfa38887f2ab15a36675cb1113
SHA1c9ac1c56d5f57d16c7ada53e258c201c6ec7358b
SHA2568cac17430319541ff7f2f3783ebfa7cb1121339d921ea31bb8e848405eb8af52
SHA5121dfd3e9cf446ac07a3afb01f5d3869b40f0f0eeb21b86477b06161a636adbeaa59b0b4725ff662c7e7cfc5922d80063eafc0269c5a4e7317df291c1bdc46d3db
-
/data/user/0/com.offerup.hack/databases/OneSignal.db-journalFilesize
8KB
MD5b5293c300a2bd8d59817c895fb738c9d
SHA1443132da9c5ae7cc0b5ae72dda57e1b391eed18b
SHA2565755775b97362c1c4295d8b8428e325ac74d52b23d2cba12d8264994079fd0cc
SHA512859adf0c7a47102aa90b5dad99c724eadfa0f6b07a958c75fe37500233df5c87338d4a4fc6176043144fb61cedb6e027e5e2cad74aa1bff71a5641930764ae3c
-
/data/user/0/com.offerup.hack/databases/OneSignal.db-journalFilesize
8KB
MD5036df479f11ff2e1d621bee44eab1267
SHA1db7f461d97e5aab18de5905629c15b6352e23f86
SHA256b868438c7e85eac8d4511e169e0dbd0a08bc2084a3307471267a5babe2754935
SHA51210cb45e9fcba0639525763aa7f00dce22d3fb7adc5202abbb4ddf7bdb963839f994992d10d2a9ee8c1bb2a3fbbc5cd7f57ac3db867df635fcfa75481d4797012
-
/data/user/0/com.offerup.hack/databases/evernote_jobs.dbFilesize
16KB
MD50f64e4ccaea7a04e2755f3b8d3b9bb42
SHA1a88ab234e29d13ac8287a44cc235ee9804908332
SHA256b3803b6187c1443c6923db06afcb0a563d92b8044d9e63bd64c7e79238996b50
SHA512dff88a8ee60da34a128cce28f4000fe77188e833083e726fa14feaaac7687bbd085d8ce0a13fd74b331ca69b2cc64f440917928f7392b554f19050229ef02600
-
/data/user/0/com.offerup.hack/databases/evernote_jobs.db-journalFilesize
8KB
MD5b4220434d26bbcc25c449009e49511ea
SHA1c5424010b0c178edd8a006ce7bb9134f75bbc394
SHA256baf5b9a692f7bcd7e209a3044facd367892df576db5c5375c745e893ba309bb3
SHA5126ab5b16ae9e3dc1f51b00ee2a8e2d3256911db58510d33ecaae33525241f8b7faf91f4fff70194aa31d44ff96d3f776fc4030a180945211b57ed9e3f759031d0
-
/data/user/0/com.offerup.hack/databases/evernote_jobs.db-journalFilesize
512B
MD597286e7e847cd146e0a8f9bf30a7c280
SHA10d1dd3ae5b13593182e66edff6cdf049e91edc5d
SHA256502b64a351bd69a31d6ab472713379c2a6ea3fa24c48ee1969ef12eb1dcc05d1
SHA512bc839add40adfcbf59605383207255eeb77ceac88b8973f3bff780935344f62728f3ce635ce0a3ec4b5c84d054b08d8650eee726fcdd9125c552c30ce5ab0153
-
/data/user/0/com.offerup.hack/databases/evernote_jobs.db-journalFilesize
8KB
MD5a1580cbe15e750cfc7dece1daef0b1c6
SHA1bf884af05c3a06f6c069c8b8d7fcf546f9ef9ede
SHA256f6c7739217f3a4a1e8a8c3e6d7154edaf718e1d3dc447d378224125f710d1f3d
SHA51203de58fd19b358998fadc28c0191c4b66a324576c85003d9e4f723b9d3b86a5da44a90ee82a638934f218feef35a620bee607dc6845b2ca8124b006243b3eb2e
-
/data/user/0/com.offerup.hack/databases/evernote_jobs.db-journalFilesize
8KB
MD5ead989187440498f9096079551ba4d29
SHA1b09d6ab4da191b347c3c8df81f575f2aa1903524
SHA256568df6f8513a4a221a34cbed79609a40606bd52cbba81fc6d3cf4360fe636740
SHA51231b92c17820e14ff219b41c7dc6d40edb25efbf5bf4b8de2a01b1b45d6d1ee5b94efbced661dfc344af4aaacbd54349b7fb5aab327ad3791966eefb7ca6f16e5
-
/data/user/0/com.offerup.hack/databases/google_app_measurement_local.dbFilesize
16KB
MD57b5fdc956947f70bf09abf8f22a62e17
SHA102441045d73e1d8832d7e4d1e9b91be88ecc9c75
SHA2566ba7b0d451efc531b3ae1a4abc448e0edc3fc50bc4a08cb1175d780654a953b0
SHA5128336f4ab1986991ee84d432fdb9213c8953a963a1e3d8ba47020cfa8ac92e3cd9f1db10e3a34dae4e3b9a7e9fb153ea0c79457b711e1af6884d14217186b287f
-
/data/user/0/com.offerup.hack/databases/google_app_measurement_local.dbFilesize
16KB
MD57b188f3fb1fef81354906ae8ecb751ed
SHA17115a64486de4ec419eac645a08d74cd085e2a42
SHA2565c4b76c515c7937f17258660bda12db562a09a4e7287bea6ad5fd1bf1b42726c
SHA5121fe8dc5e78fab992f032dc020114a6a0833d51f312fb3cbb311f47a39943d44a1e4f31d7833d7eb0f701539960f16843da227f0356055707da4943c7591dce9a
-
/data/user/0/com.offerup.hack/databases/google_app_measurement_local.dbFilesize
16KB
MD5d4f4dca445df2bc2e23aa9a264fa6525
SHA1929b8d8d9930ec82b1310e1726804181a989180a
SHA256750a8176fb0193b89ef1c1b74b4e301fcfc85e770d6801703cd37efd54ea9d9c
SHA51262a3383d0d1e2c1b3be110a145a0aa22db7f34daa8d632a9958e1c9fd6c8fcd7a358805e873fcd7aa6ea0f7ab34cddfa069b81a082a19072443ddd8c1c5238c9
-
/data/user/0/com.offerup.hack/databases/google_app_measurement_local.dbFilesize
16KB
MD51d51a87194b6b8aeffeadaf71718fa87
SHA112b45343ff144a79c47f05826217ca6ca08f3af7
SHA25637a669def48d37ce0140944a124211d9f554e1ad4217f8eba9ef1e44568ed9fa
SHA51282eac190d9fb7c3645bb2990a1dd4a2452498ccc1bb8a6c4caf6cf7a24be12b055782f0656885657cddf4f3ef88985032e6353944e760c6c818589c366390a5a
-
/data/user/0/com.offerup.hack/databases/google_app_measurement_local.dbFilesize
16KB
MD5818548be1885386cc995f564f36a8e8e
SHA1008b0c602ed55b1122dadfb3a20db517d55c10b3
SHA256b4765a86f69c122307448d0c6e81cebd52ffbc59b0d19da42971e2857f773e6d
SHA51247840561a1eded73600b656576a7a9195bd1beddb79b08090b9e6bd9ab610de6cfb0a334310bfefe0b33ef157d420aaa17c6315fa2e689398da3328c4460a02f
-
/data/user/0/com.offerup.hack/databases/google_app_measurement_local.dbFilesize
16KB
MD5d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA107ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA2562d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb
-
/data/user/0/com.offerup.hack/databases/google_app_measurement_local.db-journalFilesize
8KB
MD5b5413b8f57f7373f076e12680a51cad9
SHA1fb5a77385a19d32ee3b26c80375d825b3b42c19e
SHA2565296a15278bc725bbde0571a4226af83eb5270ad4971dc231d3ca46c73c512f3
SHA512dc1e1296a9460e97ea815787a532642afc3eabb5644c9ce7ad8f7235292b6d087ffd06482354de79597c77b629e75ee05f5a4206c3d6406ee62202a67958cc96
-
/data/user/0/com.offerup.hack/databases/google_app_measurement_local.db-journalFilesize
4KB
MD5852d6f09402e002fcb636268c4404e38
SHA1363be4280b7e136ce470ff12f8399a5695a060c2
SHA256d135e9f912ca8e5377e6a65c105f9f1761615d1279c09cfec0356aed7b10aa61
SHA5122acfb2d51fc6dcf8c2587ffdabc4653fe9230b9c46810f62e6deb0d12675acb0b9504ae262c5704dc3009281a76f5120c5a9caeadd550f63c1e2d08328809c8e
-
/data/user/0/com.offerup.hack/databases/google_app_measurement_local.db-journalFilesize
8KB
MD5cdf4311f5c1e26a350e673fc9678ff04
SHA1a07f51c9c3c0fb468082133f31351dc0efd32e93
SHA2565646f4722df77dcc13b6958490fed9f81146f6fc6a5448191de33ba1157b3d9a
SHA512f75ecb36e1758e3e669fb95cb25fe0afab806cb44a7e46b3e25d5648d250d9c3056615a906d206546dee1dfe0b1fe32bac0a5183cfafccf2bc3ac85eb8706620
-
/data/user/0/com.offerup.hack/databases/google_app_measurement_local.db-journalFilesize
8KB
MD58951ea20cadce2600a2ebeb6401b181d
SHA13583ccd9d556357ecff6f45d8cb1fa39c5ca3956
SHA25609262bfeae28d9fefaea6c25d69f4a0b63f84bc218e0ed15f52d0f622765cb06
SHA5121bc3ad07892c712e87f18b6069f8786eaae9f02b055fdfe187ca42c210f0a31531fa0566add8838f1033142623503b5816bd6226a946f393520d3fcafbc9ba36
-
/data/user/0/com.offerup.hack/databases/google_app_measurement_local.db-journalFilesize
8KB
MD5aacd7cb6a440ef86be598379c8eaf60d
SHA19511681b4415ef4a7412ed557676640e7d659f0d
SHA25606374c45e66919900d0be81b0ce38455724ab49629563fbb0c91e0bb2c65cfb9
SHA5127db1d890e9e6fb12d144dabd8e05ba96ff2a4d650fceeb223c92ba7a0b9955dc8ec57d46f24c94078d3d7f9483d5731620001bd904acb229a98577b879573260
-
/data/user/0/com.offerup.hack/databases/google_app_measurement_local.db-journalFilesize
512B
MD53e11506b28aff09531ef33edcf101b3e
SHA1ec15f8f30fe019bdea3d86d0b529822fb7920d19
SHA25685500a2d9450d6238f29da362dbfd50dbaf8c5131222b02385f320e733192428
SHA512a053825ac8dc847b828f3dd46b51f72153e0c29d3533192cbc4b640a984f7ab0e244b7145e3513a83ceea5cd96e49dfa34cfe3a859d669dc3166c7f32fc49326
-
/data/user/0/com.offerup.hack/no_backup/com.google.InstanceId.propertiesFilesize
2KB
MD54fab753bde9230d00a3912e231ce9fdf
SHA1248f17f7f47a2878d3b7b7dcf3e8638ae495f0dc
SHA25640e7fb7bd7b6a5d0cc9b9347f79ec657304eb2a506d60e7dd73c93d4a348a29e
SHA5124115e9ffebc94ce614869358c24bc8c6d5bd7f591d3efcaea68e83e0066f62cdad45d6cfe6412dd9415458d11d76bc3e48ce3fb999c797dbb714d8dc5372f390