Overview

overview

8

Static

static

6

7937bfd804...18.apk

android-9-x86

8

7937bfd804...18.apk

android-10-x64

8

7937bfd804...18.apk

android-11-x64

8

Analysis

  • max time kernel
    112s
  • max time network
    172s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240514-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
  • submitted
    27-05-2024 12:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7937bfd80439ba6e5b8b2f6785579cad_JaffaCakes118.apk

  • Size

    6.1MB

  • MD5

    7937bfd80439ba6e5b8b2f6785579cad

  • SHA1

    e8fa0c978ca80e7ecb2b7f4d7e04d1ca7d3f5e5e

  • SHA256

    33d5edf1fca2f270ac61d0f090ac54e52b371fdc839b63b0786dcb48a45cf486

  • SHA512

    4ae0a2fda76e7d985a81472e89d105f3a551c7aa3208ac9e09ede6b02bef38868592898ded6cfb4e06004c4fed12cfa667aa66fafef408da26e8bd51cb4e5601

  • SSDEEP

    98304:AudWDH3DdrTLhNpUcxh7EMEjzenIMERfDIX0jcOCuPLkxC44wCUOQx9zf0NYAG:NkDH3dhozenpuf/jWULkxCYbf0K5

Score
8/10
collectioncredential_accessdiscoveryevasionexecutionimpactpersistencestealthtrojan

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 5 IoCs
    evasion
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Acquires the wake lock 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • com.offerup.hack
    1⤵
    • Checks if the Android device is rooted.
    • Removes its main activity from the application launcher
    • Checks CPU information
    • Checks memory information
    • Obtains sensitive information copied to the device clipboard
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Checks if the internet connection is available
    • Schedules tasks to execute at a specified time
    PID:4564

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.offerup.hack/databases/OneSignal.db
    Filesize

    40KB

    MD5

    2479ff01e32c1445266304f37e9e7b35

    SHA1

    63a2b50d03eff98a4b5e684f1f95996b78219e6c

    SHA256

    c276033016c0ae04c4e1a7128d443a01aab24d99c434696ee1b01fef2d3acf15

    SHA512

    14b24f8be6f9a88e31a2d74f3f13cf9e84817bfe445b8b8a873c1678f274714237b3f1a2fc9c5821c300fc72418e3229439107c2a2ff307007409dee6fdf16d3

    Download Submit

  • /data/user/0/com.offerup.hack/databases/OneSignal.db-journal
    Filesize

    512B

    MD5

    05ab7ebfa38887f2ab15a36675cb1113

    SHA1

    c9ac1c56d5f57d16c7ada53e258c201c6ec7358b

    SHA256

    8cac17430319541ff7f2f3783ebfa7cb1121339d921ea31bb8e848405eb8af52

    SHA512

    1dfd3e9cf446ac07a3afb01f5d3869b40f0f0eeb21b86477b06161a636adbeaa59b0b4725ff662c7e7cfc5922d80063eafc0269c5a4e7317df291c1bdc46d3db

    Download Submit

  • /data/user/0/com.offerup.hack/databases/OneSignal.db-journal
    Filesize

    8KB

    MD5

    b5293c300a2bd8d59817c895fb738c9d

    SHA1

    443132da9c5ae7cc0b5ae72dda57e1b391eed18b

    SHA256

    5755775b97362c1c4295d8b8428e325ac74d52b23d2cba12d8264994079fd0cc

    SHA512

    859adf0c7a47102aa90b5dad99c724eadfa0f6b07a958c75fe37500233df5c87338d4a4fc6176043144fb61cedb6e027e5e2cad74aa1bff71a5641930764ae3c

    Download Submit

  • /data/user/0/com.offerup.hack/databases/OneSignal.db-journal
    Filesize

    8KB

    MD5

    036df479f11ff2e1d621bee44eab1267

    SHA1

    db7f461d97e5aab18de5905629c15b6352e23f86

    SHA256

    b868438c7e85eac8d4511e169e0dbd0a08bc2084a3307471267a5babe2754935

    SHA512

    10cb45e9fcba0639525763aa7f00dce22d3fb7adc5202abbb4ddf7bdb963839f994992d10d2a9ee8c1bb2a3fbbc5cd7f57ac3db867df635fcfa75481d4797012

    Download Submit

  • /data/user/0/com.offerup.hack/databases/evernote_jobs.db
    Filesize

    16KB

    MD5

    0f64e4ccaea7a04e2755f3b8d3b9bb42

    SHA1

    a88ab234e29d13ac8287a44cc235ee9804908332

    SHA256

    b3803b6187c1443c6923db06afcb0a563d92b8044d9e63bd64c7e79238996b50

    SHA512

    dff88a8ee60da34a128cce28f4000fe77188e833083e726fa14feaaac7687bbd085d8ce0a13fd74b331ca69b2cc64f440917928f7392b554f19050229ef02600

    Download Submit

  • /data/user/0/com.offerup.hack/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    b4220434d26bbcc25c449009e49511ea

    SHA1

    c5424010b0c178edd8a006ce7bb9134f75bbc394

    SHA256

    baf5b9a692f7bcd7e209a3044facd367892df576db5c5375c745e893ba309bb3

    SHA512

    6ab5b16ae9e3dc1f51b00ee2a8e2d3256911db58510d33ecaae33525241f8b7faf91f4fff70194aa31d44ff96d3f776fc4030a180945211b57ed9e3f759031d0

    Download Submit

  • /data/user/0/com.offerup.hack/databases/evernote_jobs.db-journal
    Filesize

    512B

    MD5

    97286e7e847cd146e0a8f9bf30a7c280

    SHA1

    0d1dd3ae5b13593182e66edff6cdf049e91edc5d

    SHA256

    502b64a351bd69a31d6ab472713379c2a6ea3fa24c48ee1969ef12eb1dcc05d1

    SHA512

    bc839add40adfcbf59605383207255eeb77ceac88b8973f3bff780935344f62728f3ce635ce0a3ec4b5c84d054b08d8650eee726fcdd9125c552c30ce5ab0153

    Download Submit

  • /data/user/0/com.offerup.hack/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    a1580cbe15e750cfc7dece1daef0b1c6

    SHA1

    bf884af05c3a06f6c069c8b8d7fcf546f9ef9ede

    SHA256

    f6c7739217f3a4a1e8a8c3e6d7154edaf718e1d3dc447d378224125f710d1f3d

    SHA512

    03de58fd19b358998fadc28c0191c4b66a324576c85003d9e4f723b9d3b86a5da44a90ee82a638934f218feef35a620bee607dc6845b2ca8124b006243b3eb2e

    Download Submit

  • /data/user/0/com.offerup.hack/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    ead989187440498f9096079551ba4d29

    SHA1

    b09d6ab4da191b347c3c8df81f575f2aa1903524

    SHA256

    568df6f8513a4a221a34cbed79609a40606bd52cbba81fc6d3cf4360fe636740

    SHA512

    31b92c17820e14ff219b41c7dc6d40edb25efbf5bf4b8de2a01b1b45d6d1ee5b94efbced661dfc344af4aaacbd54349b7fb5aab327ad3791966eefb7ca6f16e5

    Download Submit

  • /data/user/0/com.offerup.hack/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    7b5fdc956947f70bf09abf8f22a62e17

    SHA1

    02441045d73e1d8832d7e4d1e9b91be88ecc9c75

    SHA256

    6ba7b0d451efc531b3ae1a4abc448e0edc3fc50bc4a08cb1175d780654a953b0

    SHA512

    8336f4ab1986991ee84d432fdb9213c8953a963a1e3d8ba47020cfa8ac92e3cd9f1db10e3a34dae4e3b9a7e9fb153ea0c79457b711e1af6884d14217186b287f

    Download Submit

  • /data/user/0/com.offerup.hack/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    7b188f3fb1fef81354906ae8ecb751ed

    SHA1

    7115a64486de4ec419eac645a08d74cd085e2a42

    SHA256

    5c4b76c515c7937f17258660bda12db562a09a4e7287bea6ad5fd1bf1b42726c

    SHA512

    1fe8dc5e78fab992f032dc020114a6a0833d51f312fb3cbb311f47a39943d44a1e4f31d7833d7eb0f701539960f16843da227f0356055707da4943c7591dce9a

    Download Submit

  • /data/user/0/com.offerup.hack/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    d4f4dca445df2bc2e23aa9a264fa6525

    SHA1

    929b8d8d9930ec82b1310e1726804181a989180a

    SHA256

    750a8176fb0193b89ef1c1b74b4e301fcfc85e770d6801703cd37efd54ea9d9c

    SHA512

    62a3383d0d1e2c1b3be110a145a0aa22db7f34daa8d632a9958e1c9fd6c8fcd7a358805e873fcd7aa6ea0f7ab34cddfa069b81a082a19072443ddd8c1c5238c9

    Download Submit

  • /data/user/0/com.offerup.hack/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    1d51a87194b6b8aeffeadaf71718fa87

    SHA1

    12b45343ff144a79c47f05826217ca6ca08f3af7

    SHA256

    37a669def48d37ce0140944a124211d9f554e1ad4217f8eba9ef1e44568ed9fa

    SHA512

    82eac190d9fb7c3645bb2990a1dd4a2452498ccc1bb8a6c4caf6cf7a24be12b055782f0656885657cddf4f3ef88985032e6353944e760c6c818589c366390a5a

    Download Submit

  • /data/user/0/com.offerup.hack/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    818548be1885386cc995f564f36a8e8e

    SHA1

    008b0c602ed55b1122dadfb3a20db517d55c10b3

    SHA256

    b4765a86f69c122307448d0c6e81cebd52ffbc59b0d19da42971e2857f773e6d

    SHA512

    47840561a1eded73600b656576a7a9195bd1beddb79b08090b9e6bd9ab610de6cfb0a334310bfefe0b33ef157d420aaa17c6315fa2e689398da3328c4460a02f

    Download Submit

  • /data/user/0/com.offerup.hack/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    d9cf75fdd1c2292d986f6c3d5d60f2c8

    SHA1

    07ecb1d3a26d952ae5fecf54f36699ab498510b1

    SHA256

    2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

    SHA512

    442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

    Download Submit

  • /data/user/0/com.offerup.hack/databases/google_app_measurement_local.db-journal
    Filesize

    8KB

    MD5

    b5413b8f57f7373f076e12680a51cad9

    SHA1

    fb5a77385a19d32ee3b26c80375d825b3b42c19e

    SHA256

    5296a15278bc725bbde0571a4226af83eb5270ad4971dc231d3ca46c73c512f3

    SHA512

    dc1e1296a9460e97ea815787a532642afc3eabb5644c9ce7ad8f7235292b6d087ffd06482354de79597c77b629e75ee05f5a4206c3d6406ee62202a67958cc96

    Download Submit

  • /data/user/0/com.offerup.hack/databases/google_app_measurement_local.db-journal
    Filesize

    4KB

    MD5

    852d6f09402e002fcb636268c4404e38

    SHA1

    363be4280b7e136ce470ff12f8399a5695a060c2

    SHA256

    d135e9f912ca8e5377e6a65c105f9f1761615d1279c09cfec0356aed7b10aa61

    SHA512

    2acfb2d51fc6dcf8c2587ffdabc4653fe9230b9c46810f62e6deb0d12675acb0b9504ae262c5704dc3009281a76f5120c5a9caeadd550f63c1e2d08328809c8e

    Download Submit

  • /data/user/0/com.offerup.hack/databases/google_app_measurement_local.db-journal
    Filesize

    8KB

    MD5

    cdf4311f5c1e26a350e673fc9678ff04

    SHA1

    a07f51c9c3c0fb468082133f31351dc0efd32e93

    SHA256

    5646f4722df77dcc13b6958490fed9f81146f6fc6a5448191de33ba1157b3d9a

    SHA512

    f75ecb36e1758e3e669fb95cb25fe0afab806cb44a7e46b3e25d5648d250d9c3056615a906d206546dee1dfe0b1fe32bac0a5183cfafccf2bc3ac85eb8706620

    Download Submit

  • /data/user/0/com.offerup.hack/databases/google_app_measurement_local.db-journal
    Filesize

    8KB

    MD5

    8951ea20cadce2600a2ebeb6401b181d

    SHA1

    3583ccd9d556357ecff6f45d8cb1fa39c5ca3956

    SHA256

    09262bfeae28d9fefaea6c25d69f4a0b63f84bc218e0ed15f52d0f622765cb06

    SHA512

    1bc3ad07892c712e87f18b6069f8786eaae9f02b055fdfe187ca42c210f0a31531fa0566add8838f1033142623503b5816bd6226a946f393520d3fcafbc9ba36

    Download Submit

  • /data/user/0/com.offerup.hack/databases/google_app_measurement_local.db-journal
    Filesize

    8KB

    MD5

    aacd7cb6a440ef86be598379c8eaf60d

    SHA1

    9511681b4415ef4a7412ed557676640e7d659f0d

    SHA256

    06374c45e66919900d0be81b0ce38455724ab49629563fbb0c91e0bb2c65cfb9

    SHA512

    7db1d890e9e6fb12d144dabd8e05ba96ff2a4d650fceeb223c92ba7a0b9955dc8ec57d46f24c94078d3d7f9483d5731620001bd904acb229a98577b879573260

    Download Submit

  • /data/user/0/com.offerup.hack/databases/google_app_measurement_local.db-journal
    Filesize

    512B

    MD5

    3e11506b28aff09531ef33edcf101b3e

    SHA1

    ec15f8f30fe019bdea3d86d0b529822fb7920d19

    SHA256

    85500a2d9450d6238f29da362dbfd50dbaf8c5131222b02385f320e733192428

    SHA512

    a053825ac8dc847b828f3dd46b51f72153e0c29d3533192cbc4b640a984f7ab0e244b7145e3513a83ceea5cd96e49dfa34cfe3a859d669dc3166c7f32fc49326

    Download Submit

  • /data/user/0/com.offerup.hack/no_backup/com.google.InstanceId.properties
    Filesize

    2KB

    MD5

    4fab753bde9230d00a3912e231ce9fdf

    SHA1

    248f17f7f47a2878d3b7b7dcf3e8638ae495f0dc

    SHA256

    40e7fb7bd7b6a5d0cc9b9347f79ec657304eb2a506d60e7dd73c93d4a348a29e

    SHA512

    4115e9ffebc94ce614869358c24bc8c6d5bd7f591d3efcaea68e83e0066f62cdad45d6cfe6412dd9415458d11d76bc3e48ce3fb999c797dbb714d8dc5372f390

    Download Submit