151d56bfb13988f6be7dbc8b5070544ed0ee3820711d784ac973eb75c8b80da5

Analysis

max time kernel
45s
max time network
156s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
24/08/2024, 14:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bed4341d229f4628bed4cacdfdc9e61d_JaffaCakes118.apk
Size

6.1MB
MD5

bed4341d229f4628bed4cacdfdc9e61d
SHA1

779336f10a127a9eae657f1a933a9cf163407462
SHA256

151d56bfb13988f6be7dbc8b5070544ed0ee3820711d784ac973eb75c8b80da5
SHA512

849fef5c96a282185d8176464b96ee34d9c4cfe5c37b8f71540f76290db5050ce37f81e0adda536e7d567d7ce59544bf83e83ca649f849867fff5a46f7848dff
SSDEEP

98304:uMdrTLhXpUcxh7EMEjzePP2MD+IdZo4LngHIkZ8XzgoL4mdJxYGyavbnjjoGMLxw:u2hozePunOAokGzgxmTgqbnjjop/f0K8

Score

8^/10

collection credential_access discovery evasion execution impact persistence stealth trojan

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 4 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/data/local/su	com.yelp.android.hack
/data/local/bin/su	com.yelp.android.hack
/data/local/xbin/su	com.yelp.android.hack
/sbin/su	com.yelp.android.hack

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
5066	com.yelp.android.hack

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.yelp.android.hack

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.yelp.android.hack

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.yelp.android.hack

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.yelp.android.hack

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.yelp.android.hack

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.yelp.android.hack

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.yelp.android.hack

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.yelp.android.hack

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.yelp.android.hack

com.yelp.android.hack
1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Checks CPU information
- Checks memory information
PID:5066

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yelp.android.hack/databases/OneSignal.db

Filesize
40KB

MD5
6ea5817dfb71687d648b0e4763152545

SHA1
b5a1a2a1fb579520ddeb9861c0eba5f7109d0d74

SHA256
be512b097518bdaba39e6106c143a267f56e98d8f980ed6295773c4082149824

SHA512
cafff4c86b710428753e528aed212096fef264a36cd6d6ff48af487ce1d5cf90065b4be0ad6460e4e7631040f7a28657f31811be1a5cb417c4b2725c51fb5186

Download Submit
/data/data/com.yelp.android.hack/databases/OneSignal.db-journal

Filesize
512B

MD5
138e0233bab6d9057b041a1909268cae

SHA1
041ff4efbcf4ab706513729713e04c510bf87d00

SHA256
73016933b9d209d2344cc68153da507dce8cbbb2fec3e157a93b86ae7135f6ce

SHA512
d4c18ea113c246afd127b2f55c1d5b1606e6e2429b2649d7cc5bb2f930a43f0ea0ce1b9e44a54b78ffba3d4e2e410fc3a7c7ff18973e82708505b4cf25f12270

Download Submit
/data/data/com.yelp.android.hack/databases/OneSignal.db-journal

Filesize
8KB

MD5
8ee0c1bbc8688cfe655e7a5393c86044

SHA1
a3c7a4e2c172760e50c73c7b0c5fc5ed8c5d9c90

SHA256
344901b980f94507040bc4f20a82bb00907118ec608efa4e7ece529da86263a8

SHA512
4328090fa4570ce6175d9210e3cc89eff700155b4a13cf8b16cf99c8c1d7cdd2b8fb8e6a60e1d2cd542ba45cb8229c26b1ba834dbaf379a48aa6a01b2b303764

Download Submit
/data/data/com.yelp.android.hack/databases/OneSignal.db-journal

Filesize
8KB

MD5
9e4788700ab41a6ba14d73f143e8bf57

SHA1
05453c10ce908670b8af2bcc9a46012ffa215157

SHA256
d6bdd692ccc8da390dd013933e702040d1f40e0d99ed0361bef9c6de21cc17e8

SHA512
dc81d61840b5907cf6f3e931d17f0cde5335120828199414cf9a6e557fb65645a20ba4d9fd805bb5802afb9c1ca39aee119f9d8fbe3150bae04222feae8b22ee

Download Submit
/data/data/com.yelp.android.hack/databases/evernote_jobs.db

Filesize
16KB

MD5
bc02ad322a08fe9ab514d6045800370b

SHA1
03c7fe6c3c5d0469f95924168804af3f0cbe127e

SHA256
0c4dd488d0397a693b0735429819da71bd4b90a09b79139e671f69c24c4deef2

SHA512
a0ae9ebbbb1af3b0e3cdd780ba55a7ad9b11867adaa75ae34564b0b4b61ffa8fc25d51a15b49295369acfc34ea38ac73e75b8d4b3554242d2b48a23b14852c96

Download Submit
/data/data/com.yelp.android.hack/databases/evernote_jobs.db-journal

Filesize
512B

MD5
e8c30fbeda09f7d4aa1e7c047abc5700

SHA1
8bbb510147d1b0bc9902e8b118f16b90eb7add97

SHA256
a139c94560f9c67b3fbac98fcf4bc6a91f9c403a28eecfc027476a811571a544

SHA512
f17b0363e7f84695abd95b2bc5cc545c190d6c2b45995963d2ba74cdf0440bb93714d2c733d8d9d00c0d7c4107d6226adbe1b3c5fab0a2b90c8481b8c929c3f3

Download Submit
/data/data/com.yelp.android.hack/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
3f745762af05a7c68e5fed112646feb7

SHA1
22b24cbcaea513dd68b3230723b5595e71c200ed

SHA256
d8713c8f002b3a4722b276372b605440aa1e479406fe91936a79bdff9b1ed238

SHA512
9e8a37f44f842b018c025a892fb453d63d7705c0fa8e58559a30062297a728efdba5d8728707320e660a62a35efe8324eb1a3c5b92c1bc2be981178c217f138d

Download Submit
/data/data/com.yelp.android.hack/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
2a0cfdc79b174e1cdf2379da8df34c93

SHA1
449eb0d29d435541488da28eaddf2dfc1dd0a8d7

SHA256
66dcd0ed9a43de48f8a3770fa1e38f97ee5d47a82e45506c71a58b118a9f28e4

SHA512
e969709359df9625f59bd1c20750caa070bb74029e0eef21725a2cc62929a4b5b0e7d73254eaf5584d6d71237e7770b61e01d374232c3df4fb1ca43e58658781

Download Submit
/data/data/com.yelp.android.hack/databases/evernote_jobs.db-journal

Filesize
8KB

MD5
272e54cfc2eb8062e6a4433b1de7fa61

SHA1
fa8191ab495925eb36299144459e53364ac03aaf

SHA256
33f1bb5e17988ce95f68d2cd4eb71eed5a6533493e8fa95d6646cbe7adca3b8f

SHA512
e06cba90f6a99dbcac89678dc1eee5f536197ee6e3c6e36c611b1299dc3093987fffe61d1c530bf624bf60176ecb0cbfa197b18f42272fd2e542ae8f2fac7ad3

Download Submit
/data/data/com.yelp.android.hack/databases/google_app_measurement_local.db

Filesize
16KB

MD5
20e7306ec5bf6366ba93850464c890de

SHA1
c357baaee382e3221783d69db11b36b341b519d9

SHA256
87ae5227b497616350886dfe75ef326ea391c7ddfb3fb12895e6f6116bde535e

SHA512
4eb7c9503517f969ec7a691ebdc3c03bca96250630d0148ec649ffe9aca3afe901cbd893f34c244049e40a7ad3408408fd46c965df523ece9d1218a2a1c53954

Download Submit
/data/data/com.yelp.android.hack/databases/google_app_measurement_local.db

Filesize
16KB

MD5
b39af551e75d289cd6b412d96c4865d5

SHA1
a806afb8f733c2e736c267ac99082d9e5f799132

SHA256
0daea17eb14b48c83e8cfde5e957b82f9ee87a5fea7aef0fbd4d5bef12be4cb8

SHA512
71d96740cb4576dac135223f945e5d82e91e78d0a70802b21d6df18ca8fda1b3ace3e2c469179ecd0228494cdc263e543d83cc80c675f1f1fdae317f17b0484f

Download Submit
/data/data/com.yelp.android.hack/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7d1d39568606e236429269d2795ae076

SHA1
01230f0eb8b91110f5c70d4856a30e57a4cb3769

SHA256
b5b14bed622dad3baf54a3eac11fda24bdd3f790d1134539f6661c27e44d7fea

SHA512
bfa042dfe6367cbe7f014ab0b9d62da988fc39b2654807eee8f5079a84fd7cb437d1b068acc80a015afa8fbe79c438911f56485d19c46fa9ce21756937c64313

Download Submit
/data/data/com.yelp.android.hack/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e239efb1421ce24ed13fa7fcbd7d71a9

SHA1
7d7ed8d56c7bc5c236e123c6550ecd805a774cfa

SHA256
0aafb969d908869efaddc4fd021d0ed5273fb6fb9805e149560ad8f5df4bf061

SHA512
5e54c98aee813a826d1ce09d573950364fe54f43a9695ff530fd10eb745edeaa8d3727a8d25679582c4e219eebeb35e5108c565558e600bd1399d94119ae75b5

Download Submit
/data/data/com.yelp.android.hack/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2f1eeee3602c828b8e9f81f6fbd20d41

SHA1
d240b568bb6929702815b9a5edd05ad635671caa

SHA256
458aa953a9e0adbf5b8765ebcf6b51bc5b5a48b7664e85d25c7a8ce9781a2d5c

SHA512
a8642cc12cb9af0cd9d3fdc4bb1fe3b246d02af6b36714d80cdd2809def699b0b93eb585187c17f0a8e19801879e2e9edef7963ee416ae9e8cc35fd9cede2859

Download Submit
/data/data/com.yelp.android.hack/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/com.yelp.android.hack/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
bb334e787fb6446649f766413ec158bf

SHA1
d84b108911053c95e48b52a064c65476d69ef139

SHA256
07486e975d654a76dcbbb3ebf768938df5f64ecfb883c5f8cb218decd5e88d11

SHA512
b2373eb011724a0caa731bc90d8ac1c6a6e8256c4a376aa6017e94f4208a40d8aa980eb4436217f32cf4ff4c86c7eb3d192113e6f39e70001fa035e58ead34b6

Download Submit
/data/data/com.yelp.android.hack/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
8fe470c5a0c583585342a09536a3c601

SHA1
8a245a1dd6427d638d17ecc44df05bbdc0f80dc6

SHA256
2b7b285e5688cb80e4d8d4d1c28a4f76901bcde62291d64bd79d057734cfe336

SHA512
ec4c10602c8f2a34d1cb19a372b81bd9b2a088add5884955ef571a746030351a9f3cbe50120332f9482c355be09b6f05fa36d2ba9f9025b11c2ebf4b31089260

Download Submit
/data/data/com.yelp.android.hack/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
671c0716341902a5e0827e7acb5969c7

SHA1
ba9b3d7c63956e9ed3e2ddb71d9ca110c21a3779

SHA256
088e2b25e05335fdf810e74e629286795881f522844733d65813d537cf791ac5

SHA512
3b100590166d6b91ea255f2168f7d5f241d9a7aa9aefc138cca82025bfe3fb412ad47bcd208e74edd23000deaaf29a3b1cdd76cf4089a4a83c69afe1f81623f3

Download Submit
/data/data/com.yelp.android.hack/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
a406e6ffd66e2078d99bea7f4ffbca54

SHA1
31abfd2048b0620f8b556e4867817f5dd00bae02

SHA256
ca282c144f8578ada03f5efba49a8175b2e85eba1c06aa3331b65eb1e5b13927

SHA512
aeebdac8aef6b006e2ef11c17e309785a119f9ef93119c9e0e76026bf2aa2c783f847eb984fe5a0f391aeea0da1ffa1ca2d630fca3d5a3dba62e52d0aa9cc056

Download Submit
/data/data/com.yelp.android.hack/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
29ec2163eab18040724df8bdd35b1dde

SHA1
60dc12fa15889a5d18e5611bf8ad98cdd123f803

SHA256
435a61977691f185a88ee346414e238981c3745d42b87aa674a374044819724f

SHA512
36dce389a67e6c93c2b16e7ece318df699861339faa7b82e3900da907301fe9e5fb2d0040a82cf986e66e014bedbd90248f20a8364a1544540d41c60f790c7e0

Download Submit
/data/data/com.yelp.android.hack/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
f7007252b07d86e6f1d344ad99671fbd

SHA1
5ca6595c7b226a52c1dffa17b5ee55b09eb33d32

SHA256
55f9b5e4ebb5fd77033f3486d142578ca470dcf2b16324d9faf1c94383386ea2

SHA512
10756381092a61134f6e42776a896c30fef397aa3f42db173e505a5e186ea83fcc87ef1daf550f4757e4c149e7f23c9226e95c39cce3c2cc6c314fe3243c6cc0

Download Submit
/data/data/com.yelp.android.hack/no_backup/com.google.InstanceId.properties

Filesize
2KB

MD5
258fccb05e5e1ccd8c2b8b540829b84a

SHA1
1bdcf7ef407e5113959de0e2c88ac7388876119d

SHA256
701c4186d33cf87003af7c167692dfe06bdcdf50b414cab5b01128ee102eb877

SHA512
b98ad3057c0dda60318a119ba8272ba439037b1664af6c72ba6c1dfbd1f9ed46f4b007cd040d60be10dcb763ccbd58d60f5319d22c84972ad94ee166f1e2ec9a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads