1c7061e5707e39703e1f537fc861dd57adedd88e16718842094fddbb3db6cb52

Analysis

max time kernel
25s
max time network
148s
platform
android_x86
resource
android-x86-arm-20240611.1-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
submitted
14-06-2024 12:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a99e1ee0cb672a0d6790fd01f4bdae03_JaffaCakes118.apk
Size

6.0MB
MD5

a99e1ee0cb672a0d6790fd01f4bdae03
SHA1

a0f655d070e535fada554e25f55c83c835e10df6
SHA256

1c7061e5707e39703e1f537fc861dd57adedd88e16718842094fddbb3db6cb52
SHA512

27f2dd7ea84792f0a40da7fffe0f848ba35b239d09eabb972293e68e930e18e52013da8b158ed3376362b053b5c493024d2d5cce0fd2ff2fa734a24426aac671
SSDEEP

196608:/khoze5o38yPrfKQ9/7HGtPEpLYNef0KU:/R/rTmBEpQef5U

Score

8^/10

discovery evasion execution persistence stealth trojan

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 4 IoCs
evasion

T1426

Processes:

com.ubercab.hack

ioc process

/data/local/bin/su com.ubercab.hack
/data/local/xbin/su com.ubercab.hack
/sbin/su com.ubercab.hack
/data/local/su com.ubercab.hack
Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

T1628.001

Processes:

com.ubercab.hack

pid process

4265 com.ubercab.hack
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.ubercab.hack

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.ubercab.hack
Acquires the wake lock 1 IoCs

Processes:

com.ubercab.hack

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.ubercab.hack
Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.ubercab.hack

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ubercab.hack
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

com.ubercab.hack

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.ubercab.hack
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.ubercab.hack

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.ubercab.hack
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

T1603

Processes:

com.ubercab.hack

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.ubercab.hack
Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.ubercab.hack

description ioc process

File opened for read /proc/cpuinfo com.ubercab.hack
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.ubercab.hack

description ioc process

File opened for read /proc/meminfo com.ubercab.hack

ioc	process
/data/local/bin/su	com.ubercab.hack
/data/local/xbin/su	com.ubercab.hack
/sbin/su	com.ubercab.hack
/data/local/su	com.ubercab.hack

pid	process
4265	com.ubercab.hack

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ubercab.hack

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.ubercab.hack

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ubercab.hack

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.ubercab.hack

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.ubercab.hack

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.ubercab.hack

description	ioc	process
File opened for read	/proc/cpuinfo	com.ubercab.hack

description	ioc	process
File opened for read	/proc/meminfo	com.ubercab.hack

com.ubercab.hack
1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4265

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.ubercab.hack/databases/OneSignal.db-journal
Filesize
512B

MD5
96299659e20d635d863a1645caa4e052

SHA1
4419b9361b171dbf97866a159710366585fa3368

SHA256
f83ce35bac9092b3a34405ececd00b29ea32630ee62e42248d81ee9d2c6b4b92

SHA512
2f5dae5eec9d5223bfc8f9575d351e96d822eb69a05eb62c14d537632a6decc151a146b9663a8e0a0d6d8edc67bf56839ea17ed1475d72e24c2c03e0539e70f8

Download Submit
/data/data/com.ubercab.hack/databases/OneSignal.db-wal
Filesize
52KB

MD5
273099b4a451233755c50b953fb3bd07

SHA1
b08d0d095dfb73d5a6dcfdd7a06892a39057c497

SHA256
1bb113ea6534266572ab14e47ebd3d2b138a3c8f616b3f8f7a509bfb28c22a8b

SHA512
30870cbfb3e25394c0188354c66c927151c475e705f17b99b626fee3689b48e87122fa49bfa886a3ed3631ea907ca5a9df6efa04295518a99fb81d89345491b5

Download Submit
/data/data/com.ubercab.hack/databases/evernote_jobs.db
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.ubercab.hack/databases/evernote_jobs.db-journal
Filesize
512B

MD5
8b56f01cc66ea23f8bf2137ba6df2864

SHA1
b57628f9ea5434c776318d5fc6d2097859a80a8e

SHA256
f66ddc6769ef9f5a99604888264c28f5812890755568b6953fb79311e7a375b0

SHA512
3aabcf11cbddb9479db48c74f660b1e4257275e4ac5789f3234a6df5a8f36c132831ae0fbba70b0eb0b5e95af8a5940004d03818e2361eea09ad9e059dc935c1

Download Submit
/data/data/com.ubercab.hack/databases/evernote_jobs.db-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.ubercab.hack/databases/evernote_jobs.db-wal
Filesize
32KB

MD5
3c1e289521d06b2166d00857600440a4

SHA1
236edb7ab0c9073261c20856e377e6d95a001fa9

SHA256
a3c330f5d99dfee9f93ef3e68d3f9da99d34729ef39e297d54f15e0c9a878b58

SHA512
d2fdd82588da3b0ce2d2f10f62da0f34a29be78b511c9396283ca5fba50c8ce16345b3d2c591a39ad87a6c314dbbe1c27959f9447db190c04f837d61a46dc686

Download Submit
/data/data/com.ubercab.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
3c81d7d01ac6fc0cdb0faa70898293ae

SHA1
c812036a7ab2bf13636ef64c240f1d01cb36ce58

SHA256
0bf2b65bb4ae4a801f027731a16e87c7504dedc5864750a7c11e1f40b19e25da

SHA512
59d90d37188f32d404fad16f9927736c7d68df61bdeb7d9c1ac0267906e5a7d310397ddf5ff3ddb7dafc8aafad30bd009ba0099cd619355ac212ecdedd888802

Download Submit
/data/data/com.ubercab.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
f8c7681be9fa5ba7078423a51f126cc9

SHA1
8d48a3cce00fce5a532ce40d7cb4d1f87a8534a3

SHA256
3cde52690c0d0e6d74df094fdc910b6ac4b5c217a68d76c6fc372f3f869acc28

SHA512
925b090e44cb0f29c08b26cb1cf2d4d5d53e93c1030aba67be0aa29ee7e86ec22a543c9a395f2a66c689b90cdf2738229ab9d59d6ee4c8b4352600cb4dc5f64f

Download Submit
/data/data/com.ubercab.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
3585a42a64d53865c2e6b5c346da0131

SHA1
465d9229338d6b8af035cf88594aa964dcab5ece

SHA256
20e99c17a62e787830fb24ad30de6bb8c5fdc6a48ec60a5bfdba4d0b1174e936

SHA512
4d5a8f2ab3ddeefc29ac6e898e5cd54db93f03b1696973bfe836d69a04f634aea9b292e0a58a43036cc971bad8ba2b55946ae0852a23e53e763545c52e12cda9

Download Submit
/data/data/com.ubercab.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
a13bd79a718b445537098de880e97377

SHA1
b6cdf2dc95571823599f2efced3de9548aeec516

SHA256
879c4a6badb7381f6025e29878d64559570dc9e726e9e2b3388a77cdbc3777b0

SHA512
78895035be160ae9df663392fa1b1ba5d8d9826c629aec9959ac8baa25fe5645c040e9ad73d02caaa5db537f572fb6653c0dbe35cfb0082ac3a896fb0dd9f6f8

Download Submit
/data/data/com.ubercab.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
44693692da738db6eb133cf0e4cde91b

SHA1
e6bda56494c325d8d37ad89552263ae85d9b0550

SHA256
8fe0ac9db76d4a2dcd3b3d54c0efedcd223e25aabf716506493d50e243a7a2d4

SHA512
b34ddfe1ae343b1b12f7029ae476a0ba8e1b4043ccb520afb412b3f71335ef679bf29723c9a5c00af7e922e9982d5b3af54b2ed779da8cb601f378e5b9d26be5

Download Submit
/data/data/com.ubercab.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/com.ubercab.hack/databases/google_app_measurement_local.db-journal
Filesize
512B

MD5
b581da5f715a2e5254047e2a4a0e02bf

SHA1
4601fd1f2b1ee44556a7f19665bbf0fc3ac440f1

SHA256
17d7a0756d284c878b9b85c6de65497999010cb380679e864a5e053945c7c656

SHA512
8965c3fa7a6d219fb98753bd688cd288e069dbe70cec906ac2903de5fb07e829200335abd9c13fa4238ce66976e18ad1ca67132305d45ca7988e86603f8122a9

Download Submit
/data/data/com.ubercab.hack/databases/google_app_measurement_local.db-wal
Filesize
36KB

MD5
641c5afc31056033188f5cf3ffc00fef

SHA1
49ef2459433e8ca25784a56c1c0a4cd7f6c95f8a

SHA256
08f21b7c65ddb9bfbf9e0c724c381f4b1ab8824adb450bce580d399b68a6a0af

SHA512
b72d32cd31474e8cb431558d51c908f188e8cf9e47ff070008d38669a8d81b200fe5c2acc506ec3a56b6a05cac60842f327d94c39e03a6cd1d250d6d8d5c9cf4

Download Submit
/data/data/com.ubercab.hack/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
2c11d489b3d3b6370138ce7ac6ad9da0

SHA1
35c02d859636244ce811ebec5a2feacddf174e5f

SHA256
59964703727343d8c005b416b73553cd0b18103780591f3156bd67049e4ef648

SHA512
255be54d21a4eb636acecf4703a1ec7f0d72fd6db78664f5fac075a82c0439d965535eaf15d8caff795630fdcf72856efdc37c3331d64f34a1dfb2765092e31c

Download Submit
/data/data/com.ubercab.hack/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
1e58d99441de2cf3511fb692ff3fa76f

SHA1
9a4ee7ecf24cc312728c0242f12560e7d54f3d1b

SHA256
fa9103876432dd903723c4020309665fd78f58086603ab7c0632f74472182bf6

SHA512
9bbfe416f1d12b6185ec1a83ff88bef9debc818898b764e5c111e86932ba53c391266ff4ebd75a7bd99e8a2a87f30699bdd6f0acf38dcd3a38352095b68f764e

Download Submit
/data/data/com.ubercab.hack/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
ceadd9c2992d2ef41539fa3c93a6314e

SHA1
32222fc8db57ba67a1fb4166e449e12af16c496a

SHA256
989acd4e20263aecb6523f9f1c464ad246876b503c59ac60a0b0a98f76942891

SHA512
b7c3b2c6dd4f5811ac9c9768770f44ec1619fb56e466bbff777a6db80d7ee1adfc5af21c534ddd1edca7736ceb994a8d6490355d73cd20dfa5ce1b5bbf2c2d90

Download Submit
/data/data/com.ubercab.hack/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
1f5b03b73bac0336117801ed1da5d95d

SHA1
1422bbbd7fca616a4dfa900e78554440a970ee57

SHA256
52a786871ad0e5f9fad5bfcb0d5920e9c6f02af6d68a319997b8b9f0a0c53b3a

SHA512
8b761d437eb206049a027d0dc96833a3e87b9996d2289f62bc35986055ffab534b75e97087156cdaf71fe292a20c86e99eba7cb484e47909971b51c09a7d5da2

Download Submit
/data/data/com.ubercab.hack/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
65c80c766c18bcb9f7e842ebdbc9eee4

SHA1
af6c83be18ba43bbaeb0fba7d67fd5281f4402d8

SHA256
5cbbbbf1a662f595b45f896d30acaff7d5bbac98fb5a5de8be2df039847baf05

SHA512
6e7003b6f66cb85177f76f4a1137631dafb47d80f9f989272c1e4a2703f402194d05400cc511114d2b1b7dc83d945a960d94f03a94987ce5b830cdf31af5d650

Download Submit
/data/data/com.ubercab.hack/no_backup/com.google.InstanceId.properties
Filesize
2KB

MD5
10f773f0181a8b7a464faab4a387f443

SHA1
801c202a2e297cb705b420bbb5fe9509815b3466

SHA256
83673f996121baa45189f80ca9a1e16f68b2b88682ab4d8e1958dc18f323c023

SHA512
747065bd844bb3339cefff6930d6723a4d900d3488b519b087703a85b515891094ad69ef62371ffa8c8dbef175dba42672d0ac7c08bfb92bab3f8f9b81863234

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads