1c7061e5707e39703e1f537fc861dd57adedd88e16718842094fddbb3db6cb52

Analysis

max time kernel
43s
max time network
171s
platform
android_x64
resource
android-x64-arm64-20240611.1-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
submitted
14-06-2024 12:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a99e1ee0cb672a0d6790fd01f4bdae03_JaffaCakes118.apk
Size

6.0MB
MD5

a99e1ee0cb672a0d6790fd01f4bdae03
SHA1

a0f655d070e535fada554e25f55c83c835e10df6
SHA256

1c7061e5707e39703e1f537fc861dd57adedd88e16718842094fddbb3db6cb52
SHA512

27f2dd7ea84792f0a40da7fffe0f848ba35b239d09eabb972293e68e930e18e52013da8b158ed3376362b053b5c493024d2d5cce0fd2ff2fa734a24426aac671
SSDEEP

196608:/khoze5o38yPrfKQ9/7HGtPEpLYNef0KU:/R/rTmBEpQef5U

Score

8^/10

collection credential_access discovery evasion execution impact persistence stealth trojan

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 5 IoCs

evasion

T1426

Processes:

com.ubercab.hack

ioc	process
/sbin/su	com.ubercab.hack
/system/bin/su	com.ubercab.hack
/data/local/su	com.ubercab.hack
/data/local/bin/su	com.ubercab.hack
/data/local/xbin/su	com.ubercab.hack

Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

T1628.001

Processes:

com.ubercab.hack

pid process

4455 com.ubercab.hack
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

T1414

T1641.001

Processes:

com.ubercab.hack

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.ubercab.hack
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.ubercab.hack

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.ubercab.hack
Acquires the wake lock 1 IoCs

Processes:

com.ubercab.hack

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.ubercab.hack
Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.ubercab.hack

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ubercab.hack
Reads information about phone network operator. 1 TTPs
discovery

T1422
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

T1603

Processes:

com.ubercab.hack

description ioc process

Framework service call android.app.job.IJobScheduler.schedule com.ubercab.hack
Checks CPU information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.ubercab.hack

description ioc process

File opened for read /proc/cpuinfo com.ubercab.hack
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

com.ubercab.hack

description ioc process

File opened for read /proc/meminfo com.ubercab.hack

pid	process
4455	com.ubercab.hack

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.ubercab.hack

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.ubercab.hack

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.ubercab.hack

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ubercab.hack

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	com.ubercab.hack

description	ioc	process
File opened for read	/proc/cpuinfo	com.ubercab.hack

description	ioc	process
File opened for read	/proc/meminfo	com.ubercab.hack

com.ubercab.hack
1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:4455

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.ubercab.hack/databases/OneSignal.db
Filesize
40KB

MD5
2479ff01e32c1445266304f37e9e7b35

SHA1
63a2b50d03eff98a4b5e684f1f95996b78219e6c

SHA256
c276033016c0ae04c4e1a7128d443a01aab24d99c434696ee1b01fef2d3acf15

SHA512
14b24f8be6f9a88e31a2d74f3f13cf9e84817bfe445b8b8a873c1678f274714237b3f1a2fc9c5821c300fc72418e3229439107c2a2ff307007409dee6fdf16d3

Download Submit
/data/user/0/com.ubercab.hack/databases/OneSignal.db-journal
Filesize
512B

MD5
9fe368834c00d06a018f5052319ee74b

SHA1
684be88753a297c0143e5da0807e2ffef3c6d577

SHA256
1399d2c1ebdc3714347f55f9c6b2bf2169e43b9d3c6b73bcb85cdc06a632f85b

SHA512
d9759663bcd1dfee5c1c93de36bff5bc092803a5eb9ab0b236e919ab44f2458f0f9d3c64301415e45b95d3715a9d8ba55e252dc20b68134f7e159280824c0331

Download Submit
/data/user/0/com.ubercab.hack/databases/OneSignal.db-journal
Filesize
8KB

MD5
1ffb20695e0c109d10fab87ca60bc181

SHA1
cec527e3f0b09ccfc65d1cc3e10f1621c51a1f82

SHA256
f9a2c5c3591b922161eae86463de8f67911b6ed3799ec0401c7306144238d599

SHA512
7d6abeda2e4cd82111837b261caf51a8d5ceda2077cb34e87d02c035a996f2322b3c5f96543215b2875e2f26e27e5abf7b61686e40d16fae315f4b9102601f9a

Download Submit
/data/user/0/com.ubercab.hack/databases/OneSignal.db-journal
Filesize
8KB

MD5
42096520a6249678f762e28b94b53a1a

SHA1
b6ef0c006e13c610313474f3fe9497c3928d634d

SHA256
6705f0c4437ad7bdd9fb6fd25732634159bfd2d1311de74dbc88c230a6a444f6

SHA512
fd3c71f2316809d49e0165ffbabe9f682199e3f5864983c79342727a3101e92c57c139ce69c4c67572fc61d1d58ea6631c26854caf4112a92a3b07acc5318f6a

Download Submit
/data/user/0/com.ubercab.hack/databases/evernote_jobs.db
Filesize
16KB

MD5
63235615e9b744ded4b51730c0858a8e

SHA1
382bef577c70b787a1dbfd49b6315c5d5841b902

SHA256
a1eea4c34a96b58f4da7efc0b4b44ac4a46878b341d3fe6871fcb391070f6dc5

SHA512
cea5329e903acf876d860b8db4a2715b3db68d50f7702294d6d87343906b8c9c2e5ff3b4eb082695e7c26afdbe60c10280e88e5b40d21e4f1e3de15574721c1c

Download Submit
/data/user/0/com.ubercab.hack/databases/evernote_jobs.db-journal
Filesize
512B

MD5
2f311af29f5bc515111a9f0c20aff882

SHA1
b38f2b9a231bdc824de8467991c7b5e9eb9917ce

SHA256
e55d77c680a051d6d1523462d1d51bd93ccefffc2c829aa946f2fd64d781aa9a

SHA512
5bc52795370aaa60919e7f633b56b2b4f66441ea4fca1bd9c9f8b8a9b58b6adce9520abd56d447f45c49cd16922d8d3e36332591e46e7a7061e06221e41be5fc

Download Submit
/data/user/0/com.ubercab.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
be367aedc469e80dc95b29642e2829a9

SHA1
25d4a830948c128a776d2c10baa1a7fa81be155d

SHA256
f59bebcb1f499c0beb85ba6ac49c4139b4ea1dee780b89084d9bf5f163340b6b

SHA512
8cc7f01f4f2dc5d615396ca1e047a70389f66eea23038122ecfe8035e8a8ac3a49b6a1f05e5de8e274119eba9678e022c9867e50ccdc52871b3f7a1e7f2521a6

Download Submit
/data/user/0/com.ubercab.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
3b1c90742ec50c5230d9bfc8eab5217a

SHA1
363e9a8d259bc5b461bcbb1f95c86d85a714749b

SHA256
5003629330095c9f53c9637effac61259ff5ad383beb018c16f0de28809f7b31

SHA512
4c8e5dd2ac557f5741bb761784467fbe3461408deda73a0fd9cb410ac134af7d47037de99fcff3c08d8c00fa2fba3afd901ea2f5ab2e38be40c0777c014bbb28

Download Submit
/data/user/0/com.ubercab.hack/databases/evernote_jobs.db-journal
Filesize
8KB

MD5
f720297b9795c560a881a7ba4eac9075

SHA1
08dad4d1c14701e61e06978de125a089161adf64

SHA256
7251ce5b5ba2e18f817342951106333377dd172090ae2857e0bb457bd0ca32fe

SHA512
197bac5687c352b8f2a7703e52731e3ae5bbe4341c37c3d1687cfc057e2aeb9d44998e25a0871198a5df7e39bf9ef76a7842640f507540a7eb35ef7f6fafe098

Download Submit
/data/user/0/com.ubercab.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
09bede1feb6dc6888ad29648f24e059c

SHA1
9ce3051cf8d3a071855373aff6d21a78e81caba8

SHA256
bf557a3ab872fcda77400abe6bdbe08d8cfb3a77cf5df3f434c3d6bd4dc799cd

SHA512
57507577d85f778d70c2ed7d659fdd19e873a6540104fb7b8434ccdb96632ef758fe369a93b3e62589793e9d278f4fb03b57ec63cf6428756a8a5a0f3ab7fe16

Download Submit
/data/user/0/com.ubercab.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
bc716a55df4341525c58c47366fd7b33

SHA1
96d36daa11d73e23f0c4a3302c3711ba6ceaa790

SHA256
180c8a41c707879436d491c422d7e9d6bfeec90f2163b7bd72fde05d32c909d9

SHA512
97fbbf6d520e8b58a468da2a8c97e88acc4c7b1230ca7edf5fdac29f84475ee8be93c7bd6594d2f3673186fb2df793ae87b2b22db878575f312c3f063b4017a9

Download Submit
/data/user/0/com.ubercab.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
232c18bd364b41b6e5ab04fb0ab77780

SHA1
15a053542bf32a03f76d3380efee81efff741808

SHA256
2751c3725924ed78db42a33343ef8028bb7cf5f226a30198c52fc6945c62d0e0

SHA512
40c40aa5443212bc46239fd833981f29527e360f5d9a1d441388ac996e68d1450cf064f1497bd2d20acb8bd699663420b8161f916f308745d46f7e09bd7caab7

Download Submit
/data/user/0/com.ubercab.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
c132b11f85410678590c07a5c7a9ac3d

SHA1
3fa0ea22fbd2a759074763e3e914485dbcae9ae2

SHA256
7d8d55fd76d9c85ab2787747fb6d448f259af8a7656ec7efd2daa3ec74c33851

SHA512
af326c895b29ce9a6ed0ae473eee69a193d2ea864db082af996b3cd1c479025785756b442f1d88f630a925400c823aa831176b960c12e4f3bcc894e1e0c5d5bc

Download Submit
/data/user/0/com.ubercab.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
818548be1885386cc995f564f36a8e8e

SHA1
008b0c602ed55b1122dadfb3a20db517d55c10b3

SHA256
b4765a86f69c122307448d0c6e81cebd52ffbc59b0d19da42971e2857f773e6d

SHA512
47840561a1eded73600b656576a7a9195bd1beddb79b08090b9e6bd9ab610de6cfb0a334310bfefe0b33ef157d420aaa17c6315fa2e689398da3328c4460a02f

Download Submit
/data/user/0/com.ubercab.hack/databases/google_app_measurement_local.db
Filesize
16KB

MD5
d9cf75fdd1c2292d986f6c3d5d60f2c8

SHA1
07ecb1d3a26d952ae5fecf54f36699ab498510b1

SHA256
2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a

SHA512
442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

Download Submit
/data/user/0/com.ubercab.hack/databases/google_app_measurement_local.db-journal
Filesize
512B

MD5
996fa3fa84da9a8e0adefb0388aabcda

SHA1
c721f133940dda43d232965e6bbad92b0f12294e

SHA256
f782c0efaa76b825e46b1b82f005ba96815a6f3dec56667f1beae169da6996a5

SHA512
9021e79257deb4e19d73c35f364c3bc57e37cb29caab584a4b035a0a4d807cc434314b1d759b3bbe767d35e10f2f00111a8fdc55162074167dd9948d100e81e2

Download Submit
/data/user/0/com.ubercab.hack/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
26b644f58f5406c8eac1b4af995d8026

SHA1
3f4eeb315d516a68c15fc5625aff457bc9f79d5a

SHA256
f353aae4134093ab401ddd66420a66f37148054862cb2eeca5e0c8513f3b5a3b

SHA512
960b2c63e14f51465041c33a2ff98efc7b0c8a62ce8492cf246001022be87bbaae2bd1677adffdbea9fde68a346e7076a66e1406ed397374127a4850acb93dda

Download Submit
/data/user/0/com.ubercab.hack/databases/google_app_measurement_local.db-journal
Filesize
4KB

MD5
766701a79d5a78996e851c4fbf816eda

SHA1
7305151418b7b18b1d545ac8210a488cde9d8fcd

SHA256
83ad0e24c77c3ba064478862cdf50eabebe1e1da90d78c6def5fb73c24a61cfc

SHA512
75dffbdf5986ffd968d8fc3ebaf2ed4fa4719647670f9be8624e5b492b6e1a0d982a15d1ebcac56d7543505a4361cf72f70d764ef538b3860a3b77b522a9e722

Download Submit
/data/user/0/com.ubercab.hack/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
fc9df9e0cff38063740c0c8b7140da07

SHA1
c6dd3a28bb0f168f578223dd471dff5b4c4b6696

SHA256
8c85c70ac1f19c3e93b1604196c5082c0c0f3b89262abdccf612d7eed9ac3e85

SHA512
0f0bfd2217fd1ee3fc64e27bee811b01c6923462c701397a327da755996619c4eda81b4f4fb48377ece093cb0e87fac02e225e9cd8cfa240d46e57a5d96a45b4

Download Submit
/data/user/0/com.ubercab.hack/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
8231b238c97803e943b75e950e6d38c5

SHA1
ff7c3295bcd7d501615aa235bfd2adec12215251

SHA256
f9c86ffd7e7071b3e965d0d3d8efff74dae98f282a71e61b3f692847a6c09799

SHA512
0578d3622d76e6afe0178cfb346bcef402ecb945f85808be25aae8d1edcd41d8e52d04fd0a06416b929882e8d1ece6f5f306fa3bb095017be1370e5d62b8410c

Download Submit
/data/user/0/com.ubercab.hack/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
76b2fedadbb88d87eb511d7d310565dd

SHA1
b8b01de95dc78d891659c8d77a930044f19ede47

SHA256
0adf12ff31212c62ec8a87d2860e29765caf4f69476aabdb216253c03b574365

SHA512
c964f49b467c19d35ffdfe8d7193829940208a89f0d232b291cd05f5a8537d47868760850c11c71b29023bae1d06dc6be33dfa3c22469c3dc51172b4bbdecd4d

Download Submit
/data/user/0/com.ubercab.hack/no_backup/com.google.InstanceId.properties
Filesize
2KB

MD5
cb7a2068fe7c1d3e6504200ac134ac35

SHA1
d2e9c2723bfd944ebf10064d7eb121b30e10d1b0

SHA256
de38b88aa703254d8a88a923577280d914c46171401aeac8b625b38f77f88ca1

SHA512
7073a07158256b59921f1e7bde02a3316fd064e6d2f3d37f2417164509d877b0689f8fadaf61f43e23a1de931db2fd4c9c67336cbcb7fb00c799792d936b9e60

Download Submit