1c7061e5707e39703e1f537fc861dd57adedd88e16718842094fddbb3db6cb52

Analysis

max time kernel
44s
max time network
151s
platform
android_x64
resource
android-x64-20240611.1-en
resource tags

androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
submitted
14-06-2024 12:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a99e1ee0cb672a0d6790fd01f4bdae03_JaffaCakes118.apk
Size

6.0MB
MD5

a99e1ee0cb672a0d6790fd01f4bdae03
SHA1

a0f655d070e535fada554e25f55c83c835e10df6
SHA256

1c7061e5707e39703e1f537fc861dd57adedd88e16718842094fddbb3db6cb52
SHA512

27f2dd7ea84792f0a40da7fffe0f848ba35b239d09eabb972293e68e930e18e52013da8b158ed3376362b053b5c493024d2d5cce0fd2ff2fa734a24426aac671
SSDEEP

196608:/khoze5o38yPrfKQ9/7HGtPEpLYNef0KU:/R/rTmBEpQef5U

Score

8^/10

collection credential_access discovery evasion execution impact persistence stealth trojan

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 4 IoCs
evasion

T1426

Processes:

com.ubercab.hack

ioc process

/data/local/su com.ubercab.hack
/data/local/bin/su com.ubercab.hack
/data/local/xbin/su com.ubercab.hack
/sbin/su com.ubercab.hack
Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

T1628.001

Processes:

com.ubercab.hack

pid process

5189 com.ubercab.hack
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

T1414

T1641.001

Processes:

com.ubercab.hack

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.ubercab.hack
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.ubercab.hack

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.ubercab.hack
Acquires the wake lock 1 IoCs

Processes:

com.ubercab.hack

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.ubercab.hack
Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.ubercab.hack

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ubercab.hack
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

com.ubercab.hack

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.ubercab.hack
Reads information about phone network operator. 1 TTPs
discovery

T1422
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.ubercab.hack

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.ubercab.hack
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

T1603

Processes:

com.ubercab.hack

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.ubercab.hack
Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.ubercab.hack

description ioc process

File opened for read /proc/cpuinfo com.ubercab.hack
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.ubercab.hack

description ioc process

File opened for read /proc/meminfo com.ubercab.hack

ioc	process
/data/local/su	com.ubercab.hack
/data/local/bin/su	com.ubercab.hack
/data/local/xbin/su	com.ubercab.hack
/sbin/su	com.ubercab.hack

pid	process
5189	com.ubercab.hack

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.ubercab.hack

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ubercab.hack

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.ubercab.hack

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ubercab.hack

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.ubercab.hack

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.ubercab.hack

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.ubercab.hack

description	ioc	process
File opened for read	/proc/cpuinfo	com.ubercab.hack

description	ioc	process
File opened for read	/proc/meminfo	com.ubercab.hack

com.ubercab.hack
1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:5189

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.ubercab.hack/databases/OneSignal.db
Filesize
40KB

MD5
6ea5817dfb71687d648b0e4763152545

SHA1
b5a1a2a1fb579520ddeb9861c0eba5f7109d0d74

SHA256
be512b097518bdaba39e6106c143a267f56e98d8f980ed6295773c4082149824

SHA512
cafff4c86b710428753e528aed212096fef264a36cd6d6ff48af487ce1d5cf90065b4be0ad6460e4e7631040f7a28657f31811be1a5cb417c4b2725c51fb5186

Download Submit
/data/data/com.ubercab.hack/databases/OneSignal.db-journal
Filesize
512B

MD5
bd03ebf97efc0bdf3b4d45fbf5d6f687

SHA1
3cd1a0bc90691902fe3dcb54aa7018cb4c9a832f

SHA256
d98639b060f1f355adbe7da9516ef0ba54d8bf7cb50075e021eb38249e4767af

SHA512
e2d9f8dc3529770e09b0931809ea60d53247d30e1433683a9afe0ddb609ed1e149744fda53b54ecc1aa6cf56742d12e15696493283283a5cfc18b346d35e8705

Download Submit
/data/data/com.ubercab.hack/databases/OneSignal.db-journal
Filesize
8KB

MD5
3ebdd310977f41b8b61a2a8d01138bb5

SHA1
63f58e1bdd7fa1fcb0c8b11e0dd8d37173dfcd95

SHA256
c9b1f208d916ca3f8d04aa420a0fed6886db65ce9679b1ff40b0ad2b6b4d28df

SHA512
e17e94d66c1f97a7d8a847def611a892a463b8bce16608afdfcec57f1e3d4473af74c81839b7b2944dcd11c144dd7d49599bbd4489c5919d4a0a4302b6c0e3c5

Download Submit
/data/data/com.ubercab.hack/databases/OneSignal.db-journal
Filesize
8KB

MD5
13841d6ac55e54af99b4094c1997e9f4

SHA1
93648f05879a4584b53d4f2a4ddda72a50588ab1

SHA256
e7819aa4d33e9bdd630b3c2c6cc55ab46101f58dd005fdcc74acd9390c60ad02

SHA512
31bd7859e20042c8ff17099607c616285429dda08718bf6e0b0b8d1c58b66eefa7dab452c018008cb57d15ffcabcb9878391ef5191f4bdccbb25c11e8d4dd2de

Download Submit
/data/data/com.ubercab.hack/databases/evernote_jobs.db
Filesize
16KB

MD5
e8d2d0630b07464d3271ba0bfd5f5464

SHA1
3de561293eb9578dd43242b85a6a53e9f9fdfb6d

SHA256
b5fe335671610f106b327a473c52ed72d06ca92f031c2acc680b75939dee1127

SHA512
e37611db006ad5124ca5bcba25ac90976059162992fd674d7f59666c0f8c0edf1ef43604d5c24f3029112bd77947f0e59c82adfe53bad7ae5b43a632d8d53ecd

Download Submit
/data/data/com.ubercab.hack/databases/evernote_jobs.db-journal
Filesize
512B

MD5
3bd14b3db6e85d570cf60a04820265e9

SHA1
df162fc51369850b8852fa3db1ad6d0dedb6db9a

SHA256
701924d95c538d295c75d5ab3e10636ded4e9c2818b3b67a46864d9f019cc1a2

SHA512
510729e0eb2ac2eb44e932f640d77b6f240b38852346e39674a344bce722460191ad056e1ae74d260b84754712b0a05205fdf1cb3e975a581f5a0d0e0e895e0a

Download Submit
/data/data/com.ubercab.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
713c1ff72256da2dbdf1fc37c74b1447

SHA1
4a327e5e2ce75f2964cda9422ec6e5eb036ae51b

SHA256
f4cca79dafc031be0d692103bda638e91667b5308d0f8ed6b15e7fc84c4c4be8

SHA512
97f0c61627ae1a177c68a42c98289e4fa91c968e1b7293c2fcd589cd105d01f4fcbfadd0bc0f6909b6499b25f5fccbea08b7127c553e71c6d097040477e6788c

Download Submit
/data/data/com.ubercab.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
2e630f74c91b4800b41ea572dd80bef8

SHA1
6b715d8178e395a7676d3f5d4136ab5bea4128eb

SHA256
2b0c26cef4e15e01666b7325bbc9ddc22ba812fb98092658f4408d403ca7d3ba

SHA512
dc8602c80ec626f1799fa8800231350c12ce82e5229c8374bc5e7f80b0cc313b0927bac89925308031b4fa08d6f729d0fb71c81afa936831f3c85c44ed629886

Download Submit
/data/data/com.ubercab.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
13d63e8c7d6a45c34d89937b8755c093

SHA1
accd4ca0c957390778fd9b32c768a298b8864891

SHA256
1e0c315182f7de47b371f1d860839eab4c594705fb7c747f2ed8b1957870071f

SHA512
61a0e73ef2c690a40c8bb39ef77f9cd14b7e62ccda59191f0b7178fe2d14308c4ee57c7a40aa7b4c0b5af685c1331910111f5baa7e3ba0a9812c1f141ee2c434

Download Submit
/data/data/com.ubercab.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
4a0cba47f5df0991a98082c4b33c3fa3

SHA1
7849f8d00022c4dd08129412152782e5ccaa7440

SHA256
995f5d4d9ead46438d2bd4845c1c06b0f9822fa813b0a11dbcac6dfd50038c10

SHA512
f5349988e6cde033578a70642dd49b337a45ef8d1fb0527f3c64cdc48a6dc55953800ff49410fd884f4d88d9ea9dfd26e81ad6d640c1c7ff2d023bce116e4b2c

Download Submit
/data/data/com.ubercab.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
3fd2e7abaa13c6079493fbaf55262b23

SHA1
674a12dcab060bda9f4cf2e8620a8c2287995bff

SHA256
d7db4503b31a8c9ffc5494a3e17d5c1b0257f9950dd649074af46dbf7bc0f07e

SHA512
1aaadb33fd2113939ba80e8e930ea30ad2b85aac975e83741eeb2fdb2bed43c34a75408a29ebab6bdf2c9d66bb31916276895d2d2b229e27ce08b15b399f47fa

Download Submit
/data/data/com.ubercab.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
65fe47a5052633b6e98324eaad06592e

SHA1
cc15960eb3cf0784b83993425076f42d22b1f6c9

SHA256
e12c01a11d48ea02e0ea6e6a9bc0d3de9a61ac60fae8d5cda9ae4cdc12c3b866

SHA512
2ea75914823827328f2e300f9a37ddc536c1f94d2680962190b638f75f7ea1792d7b88f25b9fc8a27f60840fa1da0152f4a365b843f80a3df5cbca9c1b7a2fae

Download Submit
/data/data/com.ubercab.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
968d624bbd02fb2af832ffe26120ba9e

SHA1
dbbc4f849e9b2c570e16d08c7e48a761b6ea5ea8

SHA256
6e0568f0dcb008c2e69da586eddba73baeda671bf54f9eb0c58c6bb27ed9f5e9

SHA512
1ec579f4bbde0067670992e7911238fe9b9baec9aa676465a11894095815e9af67668671b51ce1ff52305101020ec8fbbbbefdbdd153082d98239c329c51aa8f

Download Submit
/data/data/com.ubercab.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
2f1eeee3602c828b8e9f81f6fbd20d41

SHA1
d240b568bb6929702815b9a5edd05ad635671caa

SHA256
458aa953a9e0adbf5b8765ebcf6b51bc5b5a48b7664e85d25c7a8ce9781a2d5c

SHA512
a8642cc12cb9af0cd9d3fdc4bb1fe3b246d02af6b36714d80cdd2809def699b0b93eb585187c17f0a8e19801879e2e9edef7963ee416ae9e8cc35fd9cede2859

Download Submit
/data/data/com.ubercab.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/com.ubercab.hack/databases/google_app_measurement_local.db-journal
Filesize
512B

MD5
c35400c2973099fd524333c5989ef917

SHA1
5930f1da28cb838318fe7d404a1f68411b97cc39

SHA256
11be3b52dc9145ee3053126184871bd6cd8e25cd7281fb65bc1a9d8898fdd0de

SHA512
17c31a0bef4739e3fd3dce3b3f1448dd6efcf1f120551695ae0e5a9c1692e1d063d2aae5bc75fff6885bd90d5c46ab25af53879e7336a44991de4bd51e05c85f

Download Submit
/data/data/com.ubercab.hack/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
aa3271c018a3cf06bb564b3303116d62

SHA1
41a7e6dae67fcd5734df85830564c3898be1502b

SHA256
459908186f57a6df029bf2838ba95d41722e8c4ef66b147f4e44c715a8a13f3f

SHA512
6269a099ee5b1b56a571b4381b7c813bf8906d1908716bda3e59da8c7cfd23c24b7bb1adfb812c1acb1bbc273adb959f3a7a545032cd73ca384d765c9e24be3c

Download Submit
/data/data/com.ubercab.hack/databases/google_app_measurement_local.db-journal
Filesize
4KB

MD5
f27451c075bdea247105919700b26d0d

SHA1
a4bfee2ae46a1ed21f81f5d9fbb3b5fe4208753c

SHA256
a688c885f088cd9e91ed6543f7bb1b684511e8f97b676eba9cb1b664992a3de7

SHA512
e627d0b77819f67019327f3ed6e6d22f8214b8dd064d11a7d8d3459fd41150c74496e0f4d8a46a11f15f86a1f7b99e749e1ea8f29da3c631db76edb58f1e8654

Download Submit
/data/data/com.ubercab.hack/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
fbd63babc7c4c4ab41c59f1e8b7708bb

SHA1
2530f358b6f261d3a8ce368ce6cde0a76717401b

SHA256
c2f290e3d191e0439b8a7e71c3598fe933f74760b4afc64d85b6d400c032d0a1

SHA512
9f2ae6ef2f1bc18a6e4c92b6709bd0f8505c04fbeac7186e0e33afae2f1ae1e83380474ac55729f71d832298a3d7c7e4f6d04a9f33526c2755adb41635abcb05

Download Submit
/data/data/com.ubercab.hack/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
3f2bc0fc150e3ef8c5621ba83e744150

SHA1
c6bbe20d645df0743aab9a1038c4df0f0a92d7e0

SHA256
ca623c2d875fb680be0cd903c1ad7ebef0f3932978bb6d8a4c0f9906367b143f

SHA512
6ee506e35255fcf517edc36aaf9d276319e82d0731a077e1ab316ae4c3ccbac73cb9c3c030b756260c4f99805aad62beb24f32f5622085f721e07896e114d9d9

Download Submit
/data/data/com.ubercab.hack/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
382401a8a40c2f9d6388d524b07b6adf

SHA1
dc54561b05add04118b4bd7685a23204a2f78c74

SHA256
07be02724e4ab265c00e5258ee1201be082adacd1e8db4203c905ab4b4785d40

SHA512
9d550b5c6a460fe1f4b9ab3b6164b21d5252b6562c73e5a006d2394cc0ca75ce665068fdb5ab91c492924cf20f77f8a265b0aaa1c429133ebaaa689c66015d70

Download Submit
/data/data/com.ubercab.hack/no_backup/com.google.InstanceId.properties
Filesize
2KB

MD5
470d21a19b24bd6fea2b25bb4edde3ac

SHA1
bb2d216c7ca8d70ef0b905d6568621682134d6ea

SHA256
f4c62079ca50039139c8d24b65fedcc916214ae34720b9747e3216539e0bbc4c

SHA512
bd9c058c94bdefcdc28e5f22b5287b769736a3e65b031f7ceb773a23da35c7e0e42af40382d53d17eaed161ebd1fbd3a456e92a956b93a28d11f55ff59c3137d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads