Malware Analysis Report

2025-01-19 05:20

Sample ID 240822-nqndqsvcng
Target b779eef1b41acc4dd3f6b44faaf717d2_JaffaCakes118
SHA256 c06a648685eb9410a0e93ce91a45c670e1ed1f76145587d2f4d8d0d06bad0444
Tags
discovery evasion execution persistence stealth trojan collection credential_access impact
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

c06a648685eb9410a0e93ce91a45c670e1ed1f76145587d2f4d8d0d06bad0444

Threat Level: Likely malicious

The file b779eef1b41acc4dd3f6b44faaf717d2_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion execution persistence stealth trojan collection credential_access impact

Checks if the Android device is rooted.

Removes its main activity from the application launcher

Obtains sensitive information copied to the device clipboard

Requests dangerous framework permissions

Acquires the wake lock

Queries information about active data network

Queries the mobile country code (MCC)

Reads information about phone network operator.

Registers a broadcast receiver at runtime (usually for listening for system events)

Schedules tasks to execute at a specified time

Checks memory information

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-22 11:36

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-22 11:36

Reported

2024-08-22 11:39

Platform

android-x86-arm-20240624-en

Max time kernel

24s

Max time network

131s

Command Line

com.glu.baseball17.hack

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /sbin/su N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.glu.baseball17.hack

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.42:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 onesignal.com udp
US 104.16.160.145:443 onesignal.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
GB 142.250.180.14:443 android.apis.google.com tcp
US 1.1.1.1:53 lp.androidapk.world udp

Files

/data/data/com.glu.baseball17.hack/databases/evernote_jobs.db-journal

MD5 b1f3d73a0f6dfcd8ba673744cbfadaaa
SHA1 01554a10b14b271473ee88eb33d306615fe86f5b
SHA256 044d5af2552207a4db8b12f6caec1a8d40485036527cccd2d17008cb1dde1400
SHA512 38c1183766e813fd2034b5c2ce8b1cb227e37ed7428382c813446a1e38f31a5c589e70887aaf38d1fd77116ee51f6e1f285fa1913af1649054a9838c6d154bf3

/data/data/com.glu.baseball17.hack/databases/evernote_jobs.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.glu.baseball17.hack/databases/evernote_jobs.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.glu.baseball17.hack/databases/evernote_jobs.db-wal

MD5 81a26be17d1942ddfce843940b66d474
SHA1 f8a6a8f09de1b022a3a632c2e6a726182e82c642
SHA256 4b5f43b45f6cac2686065be36aeff09c66a68ca02c67080569530da69cd4c21f
SHA512 1d0fcec7f09ad48125d4eaf061b1c2ca9ce3873df61ff20d10c7cf625f8bdb03fb067af90159fd5eb76dacb1519cb4e2672058fb4ce8abb8184880346ca8f0dc

/data/data/com.glu.baseball17.hack/no_backup/com.google.InstanceId.properties

MD5 d6adb58e88d9194fc6b50080c6d79981
SHA1 8594b054b5d8a162c27e51c670a409832277b332
SHA256 08ef71963a5fb97b8fbf804ac9ca932dba894ba4efcefc9a1503e7a9f02927f5
SHA512 1bbe1e0bba0bb7771b371d5204b8f877e1b5ac7fea7a5d71630320f101afcf25f7094f63c84ad598781eb752816bf85ae270894f8cc2d3ee963502394c247bba

/data/data/com.glu.baseball17.hack/databases/google_app_measurement_local.db-journal

MD5 b60b1eb992381b8756892caf3b72af20
SHA1 c40771b8555fecf7b1dd0272525f4495fdfbb579
SHA256 0ed90713985d79d8c0911280d16752b932ff097ec6e749656447a39fdbcf2c2b
SHA512 dc1f7102944afdb57bce2326819279dc53acdc4eb09b04ceb5c11474734a568e6c6314b59bc11dac83604f6263f3f5878c11817505722a52b0d1af81e96489c1

/data/data/com.glu.baseball17.hack/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.glu.baseball17.hack/databases/google_app_measurement_local.db-wal

MD5 617801ff71d071e8fecd5b162d805407
SHA1 7b668527977b866d694755db176515cd9d7d1495
SHA256 d17f7ea89f2c920bb59c094a938d895e2b030374416647f8db991f01b2f5be2b
SHA512 466445eacdab34f78c6e905a3b87248436e521d8e8d8e3b1510ea310442679c4a49f89aa6e16b5f1a37771e9339143bd61fa554f491032933c4e2fb2bfccc429

/data/data/com.glu.baseball17.hack/databases/google_app_measurement_local.db-wal

MD5 85d3e3dfb38851fffaf35dd8eef8f9b5
SHA1 7d269bf79fbea2cc33696d17ec59b3226bd813c0
SHA256 a5a10d39b8866ea495ca650ba177cca7345233cb82ba78d1205cd475ebd72201
SHA512 83749c662b2d0fe076b75a1ae2c7a4a2ff4745658614d7478148b5e51ff54c37e152750e2c467cba089da21ac74ef1b1f80adb0655bac2d668a4ba4c29a2be0f

/data/data/com.glu.baseball17.hack/databases/google_app_measurement_local.db

MD5 83062017511226e66416606649e43c37
SHA1 9123f4ad48d662a639cab9bedbe83aa7f17195a0
SHA256 cecf6c54e600a0c8f4801d7abb5ed6ca63bb326a637a194385829133bbe8fb48
SHA512 650e65e83a55d8f7e9eebd03742a7950c39e0d89e49507ee6e353ffabf4e11196168d261c7fcd71996a7b6257e8973080a65f884225169ff991c0d943034c451

/data/data/com.glu.baseball17.hack/databases/google_app_measurement_local.db-wal

MD5 f6d0978b62c6de98ca09180647efe5b0
SHA1 2d2ac4771dabbb9bc4fba6877d78a93dac586ea4
SHA256 0d071b1c4b5f506cb25853432677140427bb8e565ea5762d0bae723346dc3276
SHA512 2bd03b26f308e48c70ccf897a65621b7af5149867310f7be170d7051661f4e1f47f6e9f4d0024b2e8799d9a4bcd3621d0cdecab42f9b86099c1ac52ef5d92cd8

/data/data/com.glu.baseball17.hack/databases/google_app_measurement_local.db

MD5 82853729d1676e25900cda5a993d7785
SHA1 a177e23bf71f444c8a07ad73b8e29a63cccb8046
SHA256 fc2307bf4c8d95321e90094211ecce67bf0f43128de22067e1f194ee3e7fd875
SHA512 42f8ab011b33ad4fb6e2e2b38958404311d53a0a8e934505db474bf0e6ee8f94f674dbcdcf9f76f843a99c91d28c4825a1172f3fbb8917943a0f9511640e1852

/data/data/com.glu.baseball17.hack/databases/OneSignal.db-journal

MD5 e8d8d472a694e5a32ed2703a691bdcde
SHA1 1fc314c31772e3cab651a80ae79334e720c8d244
SHA256 0c1a0e71cfdbcd2e33e3c02d074588b156e187f421fae99bcf4bdccd1c20596e
SHA512 021069d09ef10c2264409152413ace80ad082aa481bc33d17987fd91ef874530b90db8c1fea607c75817becd06c6a57b8e9a3188413aa752ad100f44d4aca1bf

/data/data/com.glu.baseball17.hack/databases/OneSignal.db-wal

MD5 b6999845dc5e18dd3907bb95660be437
SHA1 7f9d168cf3489c483a85f30d1138f98f7e6b0f98
SHA256 365f69ae7558c6ef0e68b2ee0af84a4f6d8cb1bd9102c3783498fc9a1d141537
SHA512 2040cba807f8ba26afb0dda763de11f95fbd3d10f6f104518f757354d747faab29fce06d5405eb701133748b4e45a5938616378169189042661fc31241b47c61

/data/data/com.glu.baseball17.hack/databases/google_app_measurement_local.db-wal

MD5 0dd55fbc6dedc046014d3d3f0ad509d2
SHA1 5c3e7fff2e10fdedabefab667517882b9f645b54
SHA256 606c86eeb4d60a9c70c37ada0c8e912457e82683fd4befd1f24d94ba1ef1e054
SHA512 088348f85bab0fce82cbcd9b9b3d9ae6747758564785dbdc47e777a9ccf9ba79fd9d58e8cee2d54e67a5831fa11daffa688dfa5810b047d5f6a345c3914ee95f

/data/data/com.glu.baseball17.hack/databases/google_app_measurement_local.db

MD5 e2f8903b4f9365e4485db953b0f2a0ba
SHA1 c07c61538869d24c5f007354e11df051a584bad9
SHA256 2dfed9e0ef1fc630b7579237920a4898646e53e26a6da478afebb1c85b8de2f0
SHA512 bf9569f31e2a2a413b45fafce58acaa6937b2d5e7ca5347f48b712fcc07f88c21b7318bc13ffe856223081ca78c0507d800288f367525fcb7ef207ba0ec8d5f7

/data/data/com.glu.baseball17.hack/databases/google_app_measurement_local.db-wal

MD5 6809ada5d3304d59013117278786ac1e
SHA1 8f05dedba4dce4379748960096e9985c9c90e85f
SHA256 4570f35fae10396b4c784aa55eb4b75256a4234b6a3852cc1576540dc94cd1b8
SHA512 c441f2714ff39c5013ad0eea16f3169dc415d91ac4c1c122ea97b740cb025d1b4745177d55bb4d169e8fbd4b9b5fa01ece505a58b7ddd72e500c5125288edc55

/data/data/com.glu.baseball17.hack/databases/google_app_measurement_local.db

MD5 d1b8167d2761e1f51f924335cc958576
SHA1 d97522321c1bc21376bb9c7e15d63b73ef21324b
SHA256 4daa53afd00b28381af80d33075d69970d8b1eeebd255f626f6a0f0dc5cebb05
SHA512 e6dc1abbda244284ee525c9473398411088a35f78b9bd4b579cd90e2384d4d8ac0758ae8665bdcab79bd1884fe1342388714114b88e328f8452b8cc0e22070eb

/data/data/com.glu.baseball17.hack/databases/google_app_measurement_local.db-wal

MD5 c2936ab72d056fcb3d5d58e19e1cfee7
SHA1 c1e97537d059f037226ceaa9cc5631e663310eca
SHA256 80b673510392d8f1e617b4ad74383ff26d23f4c3d1e862bfb35ac61a8c319763
SHA512 9d36b08236ecf1d7fe5215e4bc4666bd1eca8b118b9bed69f9208fe6998dbffaa2a9b5e1054668200e7b103271b95a13cff099b884c0c90e90a70e9d99311ae6

/data/data/com.glu.baseball17.hack/databases/google_app_measurement_local.db

MD5 44693692da738db6eb133cf0e4cde91b
SHA1 e6bda56494c325d8d37ad89552263ae85d9b0550
SHA256 8fe0ac9db76d4a2dcd3b3d54c0efedcd223e25aabf716506493d50e243a7a2d4
SHA512 b34ddfe1ae343b1b12f7029ae476a0ba8e1b4043ccb520afb412b3f71335ef679bf29723c9a5c00af7e922e9982d5b3af54b2ed779da8cb601f378e5b9d26be5

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-22 11:36

Reported

2024-08-22 11:39

Platform

android-x64-20240624-en

Max time kernel

43s

Max time network

157s

Command Line

com.glu.baseball17.hack

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /sbin/su N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.glu.baseball17.hack

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 onesignal.com udp
US 104.16.160.145:443 onesignal.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 tcp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 lp.androidapk.world udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
BE 64.233.184.84:443 accounts.google.com tcp
GB 216.58.213.14:443 tcp
GB 142.250.178.2:443 tcp
GB 142.250.187.228:443 tcp
GB 142.250.187.228:443 tcp

Files

/data/data/com.glu.baseball17.hack/databases/evernote_jobs.db-journal

MD5 287678392959a7daa199958650cf57e5
SHA1 3f9f375a075c6ba9ff5e89c29150290f0102679b
SHA256 3967234020e28d2273ccfded3ee389d84652c3585615c2c8081051ad39e92a81
SHA512 d9cd64d3e9d84c46ac9f6f8ebc1a71d9bdfec8049d06dfd752840aad65cc0f576a5b272a6fc9344ba5d0a2187e409d8bec023e7649dee0624c6af621c9c7c6ab

/data/data/com.glu.baseball17.hack/databases/evernote_jobs.db

MD5 37e3ac31ef20d681d91e76d5b878ef89
SHA1 f273ba35943afb402578ba041e5a4b3ddb56918a
SHA256 88844fd03a7fe3d0b556e67ecc5ca7f50119eb698a075f1e18f28771b662a1fd
SHA512 bced94e8cab83b5fa6ccfaac8b62d7fc42816ce254bd22ed6aabcd6f2d4cde511964903b7e1273f3c72851bbde8c7afb24b18f90442940d84eceb1c7a8678516

/data/data/com.glu.baseball17.hack/databases/evernote_jobs.db-journal

MD5 6643cbb3c2511a7b9e4aada690f264e2
SHA1 faf96fa10e6bbc068bb0845d207215daf555b207
SHA256 70786e4e470e6afa2e19f392cbaf8f637415c344583596d9a8be017c692cafea
SHA512 9f53406ceee71c8ea2078d204760f348a2c69fc8125efba882b68de5a02ffc1578d0eb6a3ba0ddd64f7bfda17583d34bf2268f99ef2e1965b684716498b5c27a

/data/data/com.glu.baseball17.hack/databases/evernote_jobs.db-journal

MD5 5525867bdcb2c4142f8607bfc893edbe
SHA1 95f3a39bdf00c14093ece389b6c7f256262e710a
SHA256 617f8fe52b82aa48b2e16a7a16968bd22cb5f215f4edc3521c2c19f11f610a0f
SHA512 e586ee72451a29b5ac7b04f60df13e358b4b7fbaa0f43c55f60603df2bfb0c777356c870848130bfb1c2e9a9ad4cbc39f2a88dec2812afad0d1cdb82db039f19

/data/data/com.glu.baseball17.hack/no_backup/com.google.InstanceId.properties

MD5 e79309e0440f62102e5ff70fcedf6aa9
SHA1 b690f21c6284a7341cb084b25925b7571a94d9f7
SHA256 21c01065378a2d6ea16e462934667b6e7575e1285354e86e458b081d0ea2207e
SHA512 f91d38161f0c78286c9e839b5d64e94b53a3b952f319b49d830aec735e29bfc5ae947de22cf9d72910b7d10e16a75f8524d3f5c650a5d772fc4c86394098de0e

/data/data/com.glu.baseball17.hack/databases/evernote_jobs.db-journal

MD5 9cbef3e789ca4405d611be0e84be53ce
SHA1 2a8722015e0dc7e815f27b403646eba1156abdb6
SHA256 c669df28beb7f0e2e448df6b65c4f29ca17f0d11a2f82f52ef8c4f30feaecef0
SHA512 450b3c3dc7b3250dd11525cab4d8215a04b9144a6242187ac0517a58c54aef2e194d7f959aa6957d70e64f70b705e8c4755c7953f94f716d8df354027e6005d3

/data/data/com.glu.baseball17.hack/databases/google_app_measurement_local.db-journal

MD5 4d99d8744f1e3c862a7f1662de2a3f1f
SHA1 b917828d98f79f9977c02c3e976cdf5e879e84eb
SHA256 7727a6aa2a2183f6d56c07cd258cc51e010d3ac6c090493b497554aefd64e96b
SHA512 a2b1ab535b604706e910f83cec81204c9c8e517e269f7768f4f0defc94671b2ae2260b6f7796d2305da53575f2206b82ba032c6c03d46550f294c57243c8c1bb

/data/data/com.glu.baseball17.hack/databases/google_app_measurement_local.db

MD5 eb52a90bb70b76e946b62f50b6f7fb85
SHA1 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA256 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512 b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

/data/data/com.glu.baseball17.hack/databases/google_app_measurement_local.db-journal

MD5 6dfba0d23a9ea142603c2d44d0bcdcf2
SHA1 11f8a33f0efb9095d9d2c7e05c2450aa7beedb80
SHA256 d8a9601b94563054780716f42c0ae59fcd7c0a4cfa522b4352a31df363c15d8c
SHA512 a9dc3843dfc06aa75544c36db40b91e33be47acd5f90b19028b13e89b2060e204fb5a1e69fef857e39cfcb1f39baf28ac27d26f5d93252d2937cc21f42f1b278

/data/data/com.glu.baseball17.hack/databases/google_app_measurement_local.db-journal

MD5 4fa8c97c10490a5157d4d3fda97403e9
SHA1 81dfecd554a0c2b3300004e923e82dca37212405
SHA256 32491282f6655bf5ce63a1fdfe642d00d5a003cc4158cbc78b6ef18a9bd9fc10
SHA512 11385af83cfec54099623d5b2932102d649a125609f029e6073c6b1247ce226c567f84b4ed8c72e700eb9ddf6a9f6e91998e50d8c7d397417666ebb88f9f93f3

/data/data/com.glu.baseball17.hack/databases/google_app_measurement_local.db-journal

MD5 b963554dc2a51c692af4f5a46d44d1f4
SHA1 610449780508bcd982628c5e68e20997329ccc83
SHA256 0f9d6e7f75e632b301b7937ba72a43f9c20ea5f6567e306436a2b16b4a17b753
SHA512 3ca1f3dc697cf31ee74d51684cffd646dd354ae74eb804674569a81780e0356c68f9da0571dc6f112f4a0433681b5549d2d8df95d027fcabbc0f88a9600c8e12

/data/data/com.glu.baseball17.hack/databases/google_app_measurement_local.db-journal

MD5 696e6083a24451130b8c6eefacb0bbb8
SHA1 765d251d1164c9a15e9887f6ae02ff3bc4787017
SHA256 c3697b1877b9f6e014a222eecf7580c991a46aed31756ff3275659b6d1eccfc2
SHA512 b9cd2f67f56ff31f9b46357a369fb52ca9bd5db1ff634eeb96444304e623b696da76b0352ce519c9548a9681e422a8b0b0f167b152725cfdc7d98f655c4c49ea

/data/data/com.glu.baseball17.hack/databases/google_app_measurement_local.db-journal

MD5 ce91c4783f9e7dfcaaf57a4424aeb002
SHA1 1200270bc446024df50b341aedd4ad6224fd16a1
SHA256 6a8db8767ec20fabd4275bafd05762a68cbacdfd3a6bdcfcfe536dd7ff66ece2
SHA512 47de1d10f745cc366636060276995b233d72a67e7bbf23a509364c453489cdbb9b647d8ab4b1f9ef40a3b643129c9052510b9280b56b00e6b788fcd854f54d5d

/data/data/com.glu.baseball17.hack/databases/google_app_measurement_local.db

MD5 3f8dfcdea8dfb12e48ed5e0c21eed6a7
SHA1 348d309d90192f5db1c0f0e2ed5fff286ca36eaf
SHA256 897978721c375056e196da76251139234c1e2a812b48640be284429673d7619e
SHA512 1bc7b2cee02daa57624f519ab9228833ce22d4bb8005a55e12058b15ca1d43d750740af3b01cbafefe5042a78f15b06c44c7aeb787a77bc18dad901dc8d506b3

/data/data/com.glu.baseball17.hack/databases/google_app_measurement_local.db

MD5 6ab9dbb51138457dcfb6a61320c08fe9
SHA1 fb04631f76abac0799d349c0d06b43add430bc85
SHA256 18960af742ac0694731c23a6f32a23643c20639aebb3cdac9ad0bd93497adc96
SHA512 4d8b571f9ced006153110fa1333746ff245bcbad8d553568cc4a85681ca22635a6658fabe637470517ee830d7d9c1184412dd6a949feece0abd4af1b4b712d9b

/data/data/com.glu.baseball17.hack/databases/OneSignal.db-journal

MD5 8461abd50c71bdfb17f9fd2764176f17
SHA1 288ae73994d5c5a1eff9fd04b1ed36641b652b49
SHA256 2e4a1b83fd0aa66178a3ae09ebd6fb728535b5cc0746dfab04b393c68bf31cd2
SHA512 2784ad0a37030f11a4d4cc8ce2b852266d2092ca9bdbe41abd4ce27e7c94bd4d2ae350de958d26f3cf9f8fa52d7bc4b5c1a0b139c4a3a3fb324ef04c687c5c96

/data/data/com.glu.baseball17.hack/databases/OneSignal.db

MD5 6ea5817dfb71687d648b0e4763152545
SHA1 b5a1a2a1fb579520ddeb9861c0eba5f7109d0d74
SHA256 be512b097518bdaba39e6106c143a267f56e98d8f980ed6295773c4082149824
SHA512 cafff4c86b710428753e528aed212096fef264a36cd6d6ff48af487ce1d5cf90065b4be0ad6460e4e7631040f7a28657f31811be1a5cb417c4b2725c51fb5186

/data/data/com.glu.baseball17.hack/databases/OneSignal.db-journal

MD5 a9252fd1a578da8dd632ab00a8a7756c
SHA1 6016e4e13c1b86d1ddceaa03b48a18934e610a16
SHA256 c0b4b9bbf471313dfbf4e89632d40a7b35554675fb22472365e64c4d1f344e67
SHA512 622d57227fdfedef636668442d7c8a5269d981328db93ec872958c64ab4d655804c9c1d23338b319ed105c5a1433294af0344f893b0e6a10cca0b72c50b5d521

/data/data/com.glu.baseball17.hack/databases/OneSignal.db-journal

MD5 584910ba9fd8ea2c26fa6170d22f2965
SHA1 2a172160e4ba7e6fbd231e07c3d773b8ced11167
SHA256 80b606da9ae702a6db1246eb81504c3ad9da8286a6e6cccde8d92ebffae6ad8b
SHA512 571bca6359e5b761a59658773b53fefa82098156cfc9d32a019aa4798b1df9e6da4d4e4e8e447cedac34a01e204c18a56173d2c86d6bc25dfdb9136913980666

/data/data/com.glu.baseball17.hack/databases/google_app_measurement_local.db

MD5 b1034ac26cdc4bfb82e0e02214e2df91
SHA1 dd6bc65e5f6c58a1f99964a8c593567224f2cfea
SHA256 4b7ca6d62d3cdc29bd2b80c8f585698ad1559213deb804090bb0859c4d2150ea
SHA512 616254de0aaac0581f22797c0c8d1ff153ff7e51c9eb28da850fa24ffad392349d989cb9afd5d9cd968d7ce63bfb8d25436bf859dc6955103f0e0c03bc45d7f2

/data/data/com.glu.baseball17.hack/databases/google_app_measurement_local.db

MD5 01bd84304f28874ebad261f37db3bb27
SHA1 2ed9348c40b60d9a62dd2207b67036e7a8a4eb1f
SHA256 ddf4e6c285f80d460ac89cc66fb8bbe848a544dc7baec30b2515578a934b5cc1
SHA512 b32e7a1c7a77a138088a548b8df4f83b69d69c8f6247559213aaffea322ae2cf6610142180d7882d33d185fb18a7c4f0d6564a7c3b6b50857c527ec17352fc63

/data/data/com.glu.baseball17.hack/databases/google_app_measurement_local.db

MD5 2f1eeee3602c828b8e9f81f6fbd20d41
SHA1 d240b568bb6929702815b9a5edd05ad635671caa
SHA256 458aa953a9e0adbf5b8765ebcf6b51bc5b5a48b7664e85d25c7a8ce9781a2d5c
SHA512 a8642cc12cb9af0cd9d3fdc4bb1fe3b246d02af6b36714d80cdd2809def699b0b93eb585187c17f0a8e19801879e2e9edef7963ee416ae9e8cc35fd9cede2859

Analysis: behavioral3

Detonation Overview

Submitted

2024-08-22 11:36

Reported

2024-08-22 11:39

Platform

android-x64-arm64-20240624-en

Max time kernel

43s

Max time network

169s

Command Line

com.glu.baseball17.hack

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /sbin/su N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.glu.baseball17.hack

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 onesignal.com udp
US 104.16.160.145:443 onesignal.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
GB 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 lp.androidapk.world udp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 onesignal.com udp
US 104.17.111.223:443 onesignal.com tcp
US 104.17.111.223:443 onesignal.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 74.125.133.84:443 accounts.google.com tcp
GB 142.250.180.14:443 tcp
GB 142.250.200.34:443 tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.187.195:443 update.googleapis.com tcp
GB 142.250.187.227:443 tcp

Files

/data/user/0/com.glu.baseball17.hack/databases/evernote_jobs.db-journal

MD5 d595e0aa15b0a1a6d5aa883da60f076c
SHA1 1912d306698ff636de7773aba9f128a6b13b4a24
SHA256 6997e7d00c8b27d9d6e4782e0a9494616e6510e6952e5fa53366ba19db75c6f0
SHA512 800d72df33418f5678744342afbff73dbefc9c91783b231ab74668881270ce27bc618e716ae40375e6a96930d4e4bb29cdbd561c0c93d3708af4e90f747cf6fb

/data/user/0/com.glu.baseball17.hack/databases/evernote_jobs.db

MD5 084c6590727c38b6f23b6e8f888a7b10
SHA1 14a2242b362f9986c0bd07e6ad33282747fcdf85
SHA256 76e9a3a2fae38ef9b9379f39aeb3aa64a534a7c80a0c405139127312ab30c6e5
SHA512 282411998c577527c775bff779c02f6c07420c96576ba2aa4da989045e2930ffd6bf501f3fc43c4301ef3f8b97c38d3dd479a41ec804be3c5c5d916808f3f1b3

/data/user/0/com.glu.baseball17.hack/databases/evernote_jobs.db-journal

MD5 ddb4156f948511ec92274fe5f8e463c1
SHA1 adc50230b5d277f8dda6b483f13f0d2f5817e124
SHA256 898b8ca011db443e3959f2303ae86f008f3ead41fc4e996e5a639c7c4a5aed9f
SHA512 aa5af63d30204c21d923d48051c9452fca09bfde2f15d19eb709f0e440ed8673e35758def6bb11aba7ecd93b0bc08e3f81143e1a149dfbb7e326bf738ceb554a

/data/user/0/com.glu.baseball17.hack/databases/evernote_jobs.db-journal

MD5 9cd5d446268b891bfbaf01a7f0ebd7cc
SHA1 60f82b04f04bb9d0c96f9df91f9028ecab00e330
SHA256 764b2cdfe58ed3b8c3e33f545893665ea03938254c3ab1eba714a069f9f4d006
SHA512 a75b1f30be17604a3adf722315dc7bcfd1413f856d89584755c9b17c3ad02b96d87adcb0c6eb0c57d8675afdf4034a2633e79de3961983c6563d9e168866a806

/data/user/0/com.glu.baseball17.hack/no_backup/com.google.InstanceId.properties

MD5 1664d5581a893f4084bf97a08d6419d7
SHA1 622cfb179fdb9d0bb98b061d8571370a92b12a6b
SHA256 02d71ef42a86dd038e7ef038f5aef11f28cfe4c12fa5d7ef8dd32247d7a34c37
SHA512 68f22017a4536209bda4d0c55c251967e025a66ca44dca200a2e49e688fdcc8f1b4db1ba16a902ac2fe2a7912cf87adba0668ba6fd2c562b6a1a0175ac4ce4d8

/data/user/0/com.glu.baseball17.hack/databases/google_app_measurement_local.db-journal

MD5 6f3c4e3c758cd941336c6de494b1c5a6
SHA1 124e75107e3edfa367fb156d1cf94aee4339ea5c
SHA256 81a048340ca7a61443e06226e0588d8713e08af64b0e675d20c67464b22a69a5
SHA512 206076a932789163923eebac16be6594b7735b641811707cce66ddfcf6ac29652a73d8d08e2738cba301a9265f12be516b3ff58a3af1039e3ac78e73bf1b19a5

/data/user/0/com.glu.baseball17.hack/databases/google_app_measurement_local.db

MD5 d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA1 07ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA256 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

/data/user/0/com.glu.baseball17.hack/databases/google_app_measurement_local.db-journal

MD5 2be62c160252386713779c7199d96095
SHA1 15ec5a92e1d6c05281663bf5791d48b59193ddad
SHA256 468073e4f7ee9224d2af21958996feed009213c100d0d0fef4eb30209d68ed2b
SHA512 a0787a79a2233ebae5ddc66cf7bdff516feb40e5f52d554227cd6619569bb3436fe0a0782e92a9ae3b5ce970750918882214cff6d5b2df1b2bb9fae7c4772fdf

/data/user/0/com.glu.baseball17.hack/databases/google_app_measurement_local.db-journal

MD5 437cf1bf5d292d609d3fb1b5e8b80363
SHA1 88c5aa5e846f96b2139a2a428f1ef95cebe511c3
SHA256 7ac755a248a2bbbbd027e00316347a76d756ec308a11f6093c10c7ac0a4de7a9
SHA512 66f6dc07bc8aa9d25135288f602abb024963a0d00459fa4bdb00ecb51c6642de4c983dc12922e196021a4d1f96ad0ca13c3eabe76c5f4b7e86107699f18ad1c8

/data/user/0/com.glu.baseball17.hack/databases/evernote_jobs.db-journal

MD5 67904351263f947210eeded373d8e96a
SHA1 75ad8eb868c373fd8fbbaafe47aa19bf14e44df4
SHA256 f1161b015e9205e88ad099408047b70692e0fa29304c326175bcb28970b50c25
SHA512 015b54e04d36e0da51b35e4e98ce629ab908460ba01b295d1fa5a4549753a5dc6389c46fefeb52b00d4f80302dfdd76394ad8fc28a2657d189c3fe42bcdc4f4c

/data/user/0/com.glu.baseball17.hack/databases/google_app_measurement_local.db-journal

MD5 daa99c843cf2bf37b506f5e6439ad8d5
SHA1 5d01cf7b0c512866e31788f554a8af2643f714ee
SHA256 08591fb0344e26041169b7ff0f0f3f4bdc20ee1cf1c084e833ae9e9de3a5332a
SHA512 5525397497435cf23b440959d37e9784d4e7de2c51ec732913239cd7facf9fff056bad637d89cb4c408cc5515998558f360d417f699fa8d68bb19453f97152b9

/data/user/0/com.glu.baseball17.hack/databases/google_app_measurement_local.db-journal

MD5 ade13ac31e16f662a31cb4f4f93edf7c
SHA1 eae3cebe6bb30c16cdec431b95e06fda879cb5ba
SHA256 1a1b0e86cbc67dc7a9f375020ee5fe8f47fd67ba1f04b24f2531b763f443f16f
SHA512 36b01d6854fe41824d35caa17842344cedf5119f7f41f82ab177231e05fcfc7021cc6fb821772731994dd39e02aa9b58fb867d88efc15d3e20b01ef4f8ac3686

/data/user/0/com.glu.baseball17.hack/databases/google_app_measurement_local.db-journal

MD5 fc70d7550494a5365aa8e7d372d1a65e
SHA1 e255744e05d2392edcebe7eb28e279d08d4605c7
SHA256 93b7da39cff523ea91c4168f1001773f622fd8146f11162747726cfbf97ca8dc
SHA512 4891a471cb6a284eb2c58288615e23a3d24df2308ca75af9045e9faabca925d8cb6a213bcdccbbf32fbb27221c4a5c63308388c2a29775e4f58c28369168c2f2

/data/user/0/com.glu.baseball17.hack/databases/google_app_measurement_local.db

MD5 0f051d4a7fd318685c44f5e01cb616b2
SHA1 9ce81d5dc92745ad197fc9e63251f90b25eb5198
SHA256 79e7007b684fc4d28a3f081b125fa96594444718828f615bf44777b376351b29
SHA512 1d0b87d0d1511ffd07ad3a9183b0a718d5395456e8a34dc12af4ed7eebcefda603d76ca43eb6acc7fd18f5ad4ee9398723d70349e8256ef77963ff71255b3ed2

/data/user/0/com.glu.baseball17.hack/databases/google_app_measurement_local.db

MD5 5722987d60ce5e8348345799dc894aa5
SHA1 307c4765b7aa6f4ea118198c624327bbd94b98f7
SHA256 d8e6a09aa4694dd79613ab4ca99bac541dfa5e598c5c59fdfc608ddcdf189e6f
SHA512 4b8158c4a5d75e7ae7c565b0d337800f51c669acffba49d7c3703fd967617f1e6eff008d8b511a0758a3eb748c325a2db718d1d0d892b7c519d1ab97e7e4d80c

/data/user/0/com.glu.baseball17.hack/databases/OneSignal.db-journal

MD5 c02e1141bded09d7de1bd20e5620d0f9
SHA1 5661aa767127ad900f0291007b5f30c85a387cfe
SHA256 4ee6459e0d56bd842c5fee0fab022a043d345ce69a2527a781ce107169b428b4
SHA512 44c97af30317877601c1cd9fd6efe69ced1cf1ec8d48c853aaee84a92a9210e27ab34b0f12d95d30cac8b6ed19020b68ce6ee839e6414b48dc77a9107335208f

/data/user/0/com.glu.baseball17.hack/databases/OneSignal.db

MD5 2479ff01e32c1445266304f37e9e7b35
SHA1 63a2b50d03eff98a4b5e684f1f95996b78219e6c
SHA256 c276033016c0ae04c4e1a7128d443a01aab24d99c434696ee1b01fef2d3acf15
SHA512 14b24f8be6f9a88e31a2d74f3f13cf9e84817bfe445b8b8a873c1678f274714237b3f1a2fc9c5821c300fc72418e3229439107c2a2ff307007409dee6fdf16d3

/data/user/0/com.glu.baseball17.hack/databases/OneSignal.db-journal

MD5 9d6ef0da84abb27a06b17e4236190012
SHA1 94cbcf407226fceb545030b1e0e07803ce3c9c07
SHA256 cc91e01549fdb4f72516b2f6f8bbf0afa098e6b1df2c4cedbe3df0c992d88026
SHA512 f8160a4636ffd05cf703d26ede2ceb058e280f6de24ead9fdcf50e32fa51b9120532f7d759f22f01247a54b5e19f43326dd1033ad5e637b8dc510821b09b3106

/data/user/0/com.glu.baseball17.hack/databases/OneSignal.db-journal

MD5 988231e5158a45ba0cf919577be4ccfc
SHA1 14e1a4840b270e7771830989339d76f0644f6038
SHA256 4f168495ef5099cd76a331bbe47c81a39afcd87bab3a4cce383f0364d70c9492
SHA512 58d1635162aa88ba04eec07d124e46765514e9fc809d6c61f8bba077140e8c3e9ca389fc23c4bee62095b333c7c1123d9fc9a69a1bdce15c74e67178e2c52413

/data/user/0/com.glu.baseball17.hack/databases/google_app_measurement_local.db

MD5 e10af910c15a44750c6f6ea2f8b796de
SHA1 a4205985c03a715f37bfce4275f345ecf8e9527a
SHA256 e1a139c0f7319667d991a4af9f6bb6db2a2e5b4370cf348affd90edfe4b04b7a
SHA512 ca49143fb3f3b99ee539d4e39d0c3ec3cfd28931d8657edca72ddc798bb3f4754ea304104be8989e519f3dcdfe7478df021e1bcf4dffd71d07a3a403b7235395

/data/user/0/com.glu.baseball17.hack/databases/google_app_measurement_local.db

MD5 64228f268911937410eb8beadf7b87b4
SHA1 6336cf75d57091d53036351e99ded591b9fc69a4
SHA256 7f8785ae753a17fdeb0f72d5b97f244365f74d3d21f926071f0e088ad99e1ee3
SHA512 5705846b910825e1bcd180f3cdb17c80b0a9927deab6f01ff6db2abb963a63aa25ab4eb467c1d25ea225130cb5e8f39a61d4356cc7b016d81e6496753dea9639

/data/user/0/com.glu.baseball17.hack/databases/google_app_measurement_local.db

MD5 818548be1885386cc995f564f36a8e8e
SHA1 008b0c602ed55b1122dadfb3a20db517d55c10b3
SHA256 b4765a86f69c122307448d0c6e81cebd52ffbc59b0d19da42971e2857f773e6d
SHA512 47840561a1eded73600b656576a7a9195bd1beddb79b08090b9e6bd9ab610de6cfb0a334310bfefe0b33ef157d420aaa17c6315fa2e689398da3328c4460a02f