Malware Analysis Report

2025-01-19 05:20

Sample ID 240824-r8rqnaxbpj
Target bed4341d229f4628bed4cacdfdc9e61d_JaffaCakes118
SHA256 151d56bfb13988f6be7dbc8b5070544ed0ee3820711d784ac973eb75c8b80da5
Tags
collection credential_access discovery evasion execution impact persistence stealth trojan
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

151d56bfb13988f6be7dbc8b5070544ed0ee3820711d784ac973eb75c8b80da5

Threat Level: Likely malicious

The file bed4341d229f4628bed4cacdfdc9e61d_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

collection credential_access discovery evasion execution impact persistence stealth trojan

Checks if the Android device is rooted.

Removes its main activity from the application launcher

Queries information about running processes on the device

Obtains sensitive information copied to the device clipboard

Queries information about active data network

Requests dangerous framework permissions

Reads information about phone network operator.

Queries the mobile country code (MCC)

Acquires the wake lock

Schedules tasks to execute at a specified time

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-24 14:52

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-08-24 14:52

Reported

2024-08-24 14:55

Platform

android-x64-arm64-20240624-en

Max time kernel

43s

Max time network

173s

Command Line

com.yelp.android.hack

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/bin/su N/A N/A
N/A /data/local/su N/A N/A
N/A /data/local/bin/su N/A N/A
N/A /data/local/xbin/su N/A N/A
N/A /sbin/su N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.yelp.android.hack

Network

Country Destination Domain Proto
GB 216.58.212.238:443 tcp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp
US 1.1.1.1:53 onesignal.com udp
US 104.16.160.145:443 onesignal.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.40:443 ssl.google-analytics.com tcp
GB 216.58.201.110:443 android.apis.google.com tcp
US 1.1.1.1:53 lp.androidapk.world udp
GB 142.250.187.228:443 tcp
GB 142.250.187.228:443 tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 onesignal.com udp
BE 142.251.5.84:443 accounts.google.com tcp
US 104.16.160.145:443 onesignal.com tcp
US 104.16.160.145:443 onesignal.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.200.35:443 tcp
GB 142.250.200.14:443 android.apis.google.com tcp
GB 142.250.178.2:443 tcp

Files

/data/user/0/com.yelp.android.hack/no_backup/com.google.InstanceId.properties

MD5 b86a2abf1399b9ff5d495cbf7d07fa72
SHA1 c1ef501df91bebf6bec99b6f9cd8246819b433a8
SHA256 de4fd56b42d445d9195a779bc5dd6667814afc1d97bd95f235a95b2a33740244
SHA512 cb2877cda4365757cd05d5c91d7ff8e54fb13ae792762d60b9ba62872806e96e75a1d23a45f975f4bdb8d77b5931594700de2f1d680238c1294b903ec71edfa6

/data/user/0/com.yelp.android.hack/databases/evernote_jobs.db-journal

MD5 a805b9a0a382c50cfbf77a6ce44ad0ea
SHA1 b1a7a14d6852b1464a0fe8e9d8c024d9f3d272af
SHA256 5ddaf6b62a6c3ba5814218077d3f9de685c91aa2a2f7cfd76b9b6cc895bc1794
SHA512 8dd5ad7c408872b314873c05bec189cc7a0975eb3e473e14d3a0734b35c8448656e7be462617d1f84587c78cb40f83b1c5ff16a25d3e71eb1051b65a8e5f670c

/data/user/0/com.yelp.android.hack/databases/evernote_jobs.db

MD5 bfb15118b598ba58f454c7784398d19d
SHA1 3775b538f88d40e369f3dd77d819027ee5e6697a
SHA256 39322e07861a225e989fa6439a785fef6eacd9631fc716232e7c346b0dee6187
SHA512 6a5eeb6981db88d4bf236541cbb90830a173cd37da75e944d9d3835da807b50e116b9b8385e942020557a7be707daa57c43c81a042094409e1fb7db932a8a0c1

/data/user/0/com.yelp.android.hack/databases/evernote_jobs.db-journal

MD5 52169a02e1f8d2232855602af4bb1895
SHA1 591ef510297e4faa6245d662f35d7edcce5b4fc8
SHA256 d1d6da9b8c88a88c09b9a63caccc298a8f625cb1dae524bd219879dec3b650bb
SHA512 4ecf8cc1b231b4f727e2589c5e6b59dc59c3b72171c4ba22728c0dc916f3f8bd46829689f75aeafcd3e8fcf707c7b7bd94ecdaf894f159061b4a747f893fc4a2

/data/user/0/com.yelp.android.hack/databases/evernote_jobs.db-journal

MD5 d75c86f19e83a93577fd9c82e8654b04
SHA1 c7e96e427f0e04b5f7a2c9c38c135b6e89764522
SHA256 63eb4c662cfaa66ad7e2e7ecaadd17816498bfbbe3f5a9ea28dd02ebdad37072
SHA512 ccb37715a6d76e697ffdd1d008b3b5171293ae67346332e706d859f23864534ec2638d2330a06b55bc9e7acec966940cd156c490ab937d6e6257300f42970cc9

/data/user/0/com.yelp.android.hack/databases/google_app_measurement_local.db-journal

MD5 f3b05554abe9f049f200757dc03e4b4b
SHA1 0fde1e2686540ef7a1f5c6b22bf82d7a949c0d6d
SHA256 c0b906d1508ada0e996c7bcc107d1de67960d3e68d466a5777cf3a5fdb499e73
SHA512 bc1eb3629c6829e0dec2d9b310542c4cc483d004e1817dfb891a9d2edbdcf6f27407f1fbe485633943746837da6aa5966dd1089ba3b8346f2e806650aa5f5e23

/data/user/0/com.yelp.android.hack/databases/google_app_measurement_local.db

MD5 d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA1 07ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA256 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

/data/user/0/com.yelp.android.hack/databases/google_app_measurement_local.db-journal

MD5 9fb604673236334cabe5aaf7d1e0352f
SHA1 455da2d0d1e4a45f0840ebcdff933c492f7cf747
SHA256 d4a8d98f40df69b72e4ca063d046bab4b5463d78e3e9b5275145faf1b14c9d30
SHA512 72390b2ed79a701fa51baf1d93329c42b98bd4f4f82e82c014c85d284e16955163e3f4ace45627ba607b3f378bebaa591b3157d82369df32ad1182d5749c030f

/data/user/0/com.yelp.android.hack/databases/google_app_measurement_local.db-journal

MD5 3db15c9415de921085de546990f749f0
SHA1 8be3b0ae5719e1b631a9b36072607aa23ca57acf
SHA256 57b12fd67f68d92338d1d2668a0cdb0e96cfce6ee937a3600d34aee876695353
SHA512 7d465ceda32d5e2a02ed76e000efd02aebc8026ff4ba8967ad38055a3b8b3be18b9e681ff2ed0b715363c931046a0c4cd0d5cba0beaccfc958e58d4433b0723b

/data/user/0/com.yelp.android.hack/databases/google_app_measurement_local.db-journal

MD5 9d694da1118805b9835842bb86691be0
SHA1 871bfb49cd62621776ec9ae31f6d521442f472db
SHA256 cd1cec0200239e4ae2f0694d843e48b9a76575545367d0606d03ff9273b1aeb8
SHA512 ff582037a3b180372cb7716a6bb9466512c558b4ab51ec6926bd601c0147ff1b0af4188c61fc7c49e4020b64978d94cadb38bf43455dc33152e39957d63372d2

/data/user/0/com.yelp.android.hack/databases/google_app_measurement_local.db-journal

MD5 191d9a47a5c8e5732af897e2ff6185fd
SHA1 0cc257f26282c286ce068e934981c06b01dda333
SHA256 f1027b3ac161c7456e245fdd442c211ef9277e98809bd2ef9986818b8c556993
SHA512 0275591c2755078b48d9c9ba0b52cbcbe0fb2457650312fe35c98dce083cb5f1d05cb9d304d265e4582ffb86f530d9969911faf37f47d349f4a112e2d1c56688

/data/user/0/com.yelp.android.hack/databases/evernote_jobs.db-journal

MD5 b87ccb74ddcbd4b578c7322e052638c9
SHA1 4dfac46cb917ea35958035cf6b3cfa3cb7224622
SHA256 7fd03a30e71249852b9d9a56a8351b657d6a73dca03620b32cfa14d06897f71f
SHA512 b3f67fa725c807acb056f019163556947d202a184261a539c4a8f9a131ce068e8ba7afa35d96f0a004cd73627b89a7d98e86b9b8569d8fb7b8f9ace4e90858b4

/data/user/0/com.yelp.android.hack/databases/google_app_measurement_local.db-journal

MD5 684b4a7ae67cdb79f0388cd9a81e7ad0
SHA1 5145f6c741e85f8e334adb599a8c3fe2865eb3ad
SHA256 f38026bb7634943d581b5f493bf53ccde59846a9794b00a3396c6777cef017a3
SHA512 f24184f719b8f8dda188248deab43cbb0c9324b2876299dadbccf167a9d16d2da9d94b851a2582c1cf1d7aaf55e1d231e19fb01c7e48cf89abc1ec3a96c3292c

/data/user/0/com.yelp.android.hack/databases/google_app_measurement_local.db

MD5 80a314c9aad33b6b19c153073cb76f65
SHA1 75935bbea84101aed68d344a066d1864ff16899e
SHA256 42fc821f13c6654f0b11fffc428dae8c00adba5ca7c37cf6b6e99f16d9216073
SHA512 758a83b7062e027527800becebdecb0df45335fa7a2135049b475bf6cb0bd07a0306c92bd7a504f80c07e2cceb5dfb0756cb838534a790c6c8736f2b2e81d97e

/data/user/0/com.yelp.android.hack/databases/google_app_measurement_local.db

MD5 0568c208db7640dfbdbbbc94fc805f2d
SHA1 ecfe871877baca0244df09e3dcc0d84ab12061df
SHA256 b87ec6b8c63014741170b5a0b581c1de456f20facaa8ff2e001cadba7552ee88
SHA512 e0c7363c21f092b08f254f80872cd84e6ae8a987dd2221d9b138d469b194efcca0cf22ea446c4b2d79a3d44da46854a0e6bc13f284b9559fad00ad4f35c73058

/data/user/0/com.yelp.android.hack/databases/OneSignal.db-journal

MD5 40e558abe6d08cd1fa095485c99b8bd2
SHA1 bd066176f0bbe73694ab44fded50e1bba29efd48
SHA256 30534bfdb7e8c8f44f7d3c92cc4937f9b00ce424e576e0d00772de2574cddc63
SHA512 f55831cc20b03add5a7412efa7279c1dede00c46f95467ee61ff2bea131c26deccdfa7a996c3937d5c4936203a18ab4bcfbec50e0618243cef84130f39da1155

/data/user/0/com.yelp.android.hack/databases/OneSignal.db

MD5 2479ff01e32c1445266304f37e9e7b35
SHA1 63a2b50d03eff98a4b5e684f1f95996b78219e6c
SHA256 c276033016c0ae04c4e1a7128d443a01aab24d99c434696ee1b01fef2d3acf15
SHA512 14b24f8be6f9a88e31a2d74f3f13cf9e84817bfe445b8b8a873c1678f274714237b3f1a2fc9c5821c300fc72418e3229439107c2a2ff307007409dee6fdf16d3

/data/user/0/com.yelp.android.hack/databases/OneSignal.db-journal

MD5 d25ae63b18d858fe4dca74414e337e45
SHA1 1fa571ba32707e4cd9a9e3e8ab52f87571d5c817
SHA256 2c02b28a1db837ca1b6101e93c0931eaa0ca4af6f1ffcf928fc4dbc27e7a04f4
SHA512 7b165073a34d985450e038268c04791a8d11f261238d27f53e6a3b4419dfc27df9e0fbdad5e945509513a4bb48c05dc7ce594c1dd4923b6b05b150abea7bc5ea

/data/user/0/com.yelp.android.hack/databases/OneSignal.db-journal

MD5 12e01bf9ff5a93865b9b7b79fcda005b
SHA1 a8204a97f7583987b9f5f7230b89e65540e37309
SHA256 81e577d22624a92cb950ca4c171e6bf4bad39032ed9d09cbb282f3bd4e57a86a
SHA512 a1fccad334548cf6fbb31957882d3374490a300f7e617cf7c4b8f23751d3d99d668f38051bb1fa68a3360b4a373e4a61fe339a812ae1fcbdb8a24af7799a7989

/data/user/0/com.yelp.android.hack/databases/google_app_measurement_local.db

MD5 6f5547479d867d5c7560a1ff2d22a9cb
SHA1 41198bf4c1caae146bd3a5ca29c6bf525ce275c1
SHA256 11ea82b8ddd99fdd75a4eb783e0cfdd872b41b54cb7c26e2f68ddf9126a9005d
SHA512 e8feeeeb591d35b686a43a665fe57af606b99ac81913e6d33f42a8371134c1e12f18fd44c197baa21349cdb5841178a514b957a56e73a3f7a764cba99c3957d7

/data/user/0/com.yelp.android.hack/databases/google_app_measurement_local.db

MD5 00939caa263d6b1cc0d810d1f0a3a503
SHA1 89f7b62747be32a487c06f0fb9ad4fd9dc0587b8
SHA256 0f957939ad1ead55da2695e268d9d590f2cbbe4b44d7b32443f879d0aa1580ee
SHA512 35a065947d5f4b3ccd7ef0a628c59dd069c10b7d1e11f7f611ea6a404e60f722b6df837809d2bd459bd9f4673204f4f4fb85ec856f9d2e6a3ad0b3c2a5adc97b

/data/user/0/com.yelp.android.hack/databases/google_app_measurement_local.db

MD5 818548be1885386cc995f564f36a8e8e
SHA1 008b0c602ed55b1122dadfb3a20db517d55c10b3
SHA256 b4765a86f69c122307448d0c6e81cebd52ffbc59b0d19da42971e2857f773e6d
SHA512 47840561a1eded73600b656576a7a9195bd1beddb79b08090b9e6bd9ab610de6cfb0a334310bfefe0b33ef157d420aaa17c6315fa2e689398da3328c4460a02f

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-24 14:52

Reported

2024-08-24 14:55

Platform

android-x86-arm-20240624-en

Max time kernel

24s

Max time network

131s

Command Line

com.yelp.android.hack

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /data/local/su N/A N/A
N/A /data/local/bin/su N/A N/A
N/A /data/local/xbin/su N/A N/A
N/A /sbin/su N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.yelp.android.hack

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.202:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 onesignal.com udp
US 104.16.160.145:443 onesignal.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 tcp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 lp.androidapk.world udp
GB 216.58.201.106:443 semanticlocation-pa.googleapis.com tcp

Files

/data/data/com.yelp.android.hack/databases/evernote_jobs.db-journal

MD5 47f580f9665f488d0408d45335bf3cf7
SHA1 aaa6a6ddbb4fca9c541c73941f97d6b2423b3d80
SHA256 41718bf3fe01d7ba9bfa05b9b002a6cbe7473c46caa017e5192ce2d9229b9c75
SHA512 e35e00a5dfc8d183730c61ea3575ee2c30bb9015c3ea1f921e0efa51189567e5f39dd4986c6603a8c6981c0a50a23dfef6027fe4b6f310bdf90e68ce89cd4018

/data/data/com.yelp.android.hack/databases/evernote_jobs.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.yelp.android.hack/databases/evernote_jobs.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.yelp.android.hack/databases/evernote_jobs.db-wal

MD5 d001f15894704865914fe679ccd88422
SHA1 93b9341dae5f55f2640b8acbaa8ec94251b0ea6b
SHA256 3f5d58e6c69e25665162a9d9e90d07118f3cbb7c780d9a25e44e50f89c81ee09
SHA512 b64f1d548fdb7e8ec4b53b2bc2de729419df2870a8943340f5895e55c48d7ae83e9865c308dff77d2822ac5664a0a2bd907750f6d67d05100bc8391e8be73cdc

/data/data/com.yelp.android.hack/no_backup/com.google.InstanceId.properties

MD5 beced55f61d46de62e9680bda32bcef5
SHA1 812dc9cb20c0fa6060ee93a454bee6dea816bf84
SHA256 733ece710d22a6dc32ee4e9b4497f31964ecba6c2432ecbfc865a98b6f96ab6a
SHA512 e622566d7d89ad27af5df855efd1c5bb2b63f0cb5552b89133435d6df95ae699b10fd15cd6f722bba0e33bbecae32c78984eb5abc476911c82b99bf623fdaf0b

/data/data/com.yelp.android.hack/databases/google_app_measurement_local.db-journal

MD5 7386ea175c5d8e50a1dcf074d73c2db3
SHA1 edb28f7af3192c86dcbffc00559d84ff3e6563e1
SHA256 1ae3370eda86dbddbef1140c78ed7b535c90593c3457618ba07c723e6fc2b18a
SHA512 090a73bf6f10a0b74aa82bb26dc159c4ccefcf546275f0a1561b9270284e7937cf1371ac251e513ad493eba1c1a27141e13fe2b831576044164b02f568574d4b

/data/data/com.yelp.android.hack/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.yelp.android.hack/databases/google_app_measurement_local.db-wal

MD5 b7777daec6737c8590a1bd0de7efafbd
SHA1 9f19160550e9eff6f57c92646b536c14646e99c1
SHA256 ac47d93aacb83bcfc2b0e51140636b5dd42890b188eb6a60b4e0c2f1fb315857
SHA512 aa3a6f6690ef6fb3698b304c52397a209588023efb8f27aee34871d5762e1d5598dd392a1819a00e866e1af342c8ecd9e86699023958f524eb5506913ec44b80

/data/data/com.yelp.android.hack/databases/google_app_measurement_local.db-wal

MD5 71386b2de0eb4918dd6ce650e86809eb
SHA1 ad2cae26d899bc1d8c214714714b8b690e4792a6
SHA256 1eff0cfbdc3490d4a2e2674a3eae56d6f78888b360e8e5f3b672e927db97b09b
SHA512 491a44bc412996535bffcb7ba4e9b37d776c4c7bd82d757f18e0a89b3760e6867e70faf8840eb67af70a582e726a36b5f416157307fa97551dc24c7e625330e5

/data/data/com.yelp.android.hack/databases/google_app_measurement_local.db

MD5 9c1c3a5a8534d69cb2172c80ca3a221a
SHA1 172134818b837b3bbec1a0a87653da762aada277
SHA256 0f0b696068889fa7da56bfff44e9f7b8b5cdd842550c0ee1e5b2c2a6857aae31
SHA512 b11327ba61b86f181f1af4a7d4bd38f8412aa14e2cdfcb92e539d821ef8801985ef7c2c9bc5d4619fc4c92ea6e37019d55004220c78adfde33400cee74e62501

/data/data/com.yelp.android.hack/databases/google_app_measurement_local.db-wal

MD5 3fb2c077ab3e10ab8bd345a6fdfe1753
SHA1 da23d1762b9825de094e8aefff1d1bab5b919de1
SHA256 cba439c97fb96c6d495b9896a1a2bdf2a150b9685543f62cd894ae4ad40c71bb
SHA512 ea1164848550b247bb0901094debb7783ce884b353ec6d5465dec4a259100cad282fedaffc10d4e9b881b09acc4ff079f88f9f8abe626e5d27641847370f3dd8

/data/data/com.yelp.android.hack/databases/google_app_measurement_local.db

MD5 7f9a225d2507b0d9863e6cf5bdd5bac2
SHA1 efb4fc5416d154d56a04b68caf3e094e6f811cd1
SHA256 4aedd1fbd495ec4ba7cb8d84e7afff451bbb7b80d89f5aa19aca006158fc4732
SHA512 dd5a95fd555f8f56fabf6a90a7e5f42b6987829f74274926d4e407c2bb0fb4bcc264d49ea17b3776cc3af1fce62b089506acc529dda56fee4a267db9d95cc1a8

/data/data/com.yelp.android.hack/databases/OneSignal.db-journal

MD5 b3433a8a8397cbce6dcc13eb30b4aaa2
SHA1 5d595d1bccb419456e1daf65a520c56589f693ab
SHA256 03e03549c374e34c105223b0eb5adfb67ec65998c6ceb77fa1ca33b388abef2a
SHA512 856c4e136f059f6b491be4d1557e5b674459c1db506d93e9cb36223a951a5f59e9a375c3d4dc566f3c0d1a5535fea453c66bdfeadd2200cb6bd899155c821fdd

/data/data/com.yelp.android.hack/databases/OneSignal.db-wal

MD5 a31f818d2b2f19c4d3e549a2680d941b
SHA1 e4429009d3672405889f656ac50568bcde9ed7f3
SHA256 ce979c594371fff74cf50b02b5fa13cdb3f87e60659fdb83d1a2c65594fbbf4d
SHA512 ba05b0c1ca426b38a41b75b49297a930ef5d21790da9733e4400aac0e29b1a9d86a882730e0b6a215edc85e865d46d1de3047c9637da4a25ceda10d10614152f

/data/data/com.yelp.android.hack/databases/google_app_measurement_local.db-wal

MD5 d3a43bf60ab7d249bcdb7483189cf49a
SHA1 d618d363c03e67ef99592515d7f1fe17f9c709f0
SHA256 29c98ffc8fa19355d5be2f574c15ee1c7d77e11667cf7e558fe4c43083d14394
SHA512 dedcb3c22d5808ebeaafe2caceb33c25253c829d4bd09bc8833283c014a5e0ec28a298d53e60accfea980fb1d1b3dbf7a164eedd6eb7561b80b6b9a8245bc5db

/data/data/com.yelp.android.hack/databases/google_app_measurement_local.db

MD5 762951cce090432a52e3c5a0305fc965
SHA1 e3fcb13018f6e88001d2ff4650b78be3e9002e1e
SHA256 fa90b67c6250db0b0302264d19d3c9aa2bc1d5ecb96879ca55110640159512eb
SHA512 936512313d89f1c4a0c550e4c83cb271693491c5851b5b6bad05ad8f0b01ec8f927e66c142763145b0356d9f722e77f6f1693ad87cf8840e8aaf51e9a5e19941

/data/data/com.yelp.android.hack/databases/google_app_measurement_local.db-wal

MD5 7219faaa1a7e7de8023bd07fd7a63528
SHA1 b6064ee65da83b490a7fbd47ce13c65c0e42f81f
SHA256 c9ee289bb8a8be0825de6b1f32718182e6c2799eeda84fd96da65ade3025dba9
SHA512 559c4ee1bed156313da749c31d6322e6b6e93fe2f610d3d1cabf4daea0738d38d9f2d604a12cd4f2e6bdec1142cc752aedffd04e05d06002b2e27e0d8441e898

/data/data/com.yelp.android.hack/databases/google_app_measurement_local.db

MD5 18d67241bf3e38d6bc45f2b410bc0dc5
SHA1 1ecae1ba412400e1e00d39fa20d118b0197f9087
SHA256 0271b7c8748c677f3fcbb5e6aacfca408a6cf90f8ecefadeab79ce1b3bd85fa2
SHA512 b76daaab92d38bdbc6e0e26e54b44c3d337ba3f7c05d50dd639a7516a6e70e2f5dbe3f8828307d83208e0c7e6a030acfca09f514681cf24e804d8a50cfaac1ed

/data/data/com.yelp.android.hack/databases/google_app_measurement_local.db-wal

MD5 4a3e9f0354b69513f1e695d53fc33b06
SHA1 fadbb930c7d86f2967e97072fd0595e3ec6d37f0
SHA256 c94aa3b20880d825d5497288816b878569852d5e0e868e978688ebb17cc3e81f
SHA512 914ed6cbd7a3ca35bff39c6c690e4c77c9e6160b19b659c7c94ec6874fd8493645f8846e0cef47af85e3e0ee05eb591e3877c783ad9ed7c815ee462502eb24fd

/data/data/com.yelp.android.hack/databases/google_app_measurement_local.db

MD5 44693692da738db6eb133cf0e4cde91b
SHA1 e6bda56494c325d8d37ad89552263ae85d9b0550
SHA256 8fe0ac9db76d4a2dcd3b3d54c0efedcd223e25aabf716506493d50e243a7a2d4
SHA512 b34ddfe1ae343b1b12f7029ae476a0ba8e1b4043ccb520afb412b3f71335ef679bf29723c9a5c00af7e922e9982d5b3af54b2ed779da8cb601f378e5b9d26be5

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-24 14:52

Reported

2024-08-24 14:55

Platform

android-x64-20240624-en

Max time kernel

45s

Max time network

156s

Command Line

com.yelp.android.hack

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /data/local/su N/A N/A
N/A /data/local/bin/su N/A N/A
N/A /data/local/xbin/su N/A N/A
N/A /sbin/su N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.yelp.android.hack

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 onesignal.com udp
US 104.16.160.145:443 onesignal.com tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
US 1.1.1.1:53 lp.androidapk.world udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
GB 173.194.76.84:443 accounts.google.com tcp
GB 172.217.16.238:443 tcp
GB 216.58.204.66:443 tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp

Files

/data/data/com.yelp.android.hack/databases/evernote_jobs.db-journal

MD5 e8c30fbeda09f7d4aa1e7c047abc5700
SHA1 8bbb510147d1b0bc9902e8b118f16b90eb7add97
SHA256 a139c94560f9c67b3fbac98fcf4bc6a91f9c403a28eecfc027476a811571a544
SHA512 f17b0363e7f84695abd95b2bc5cc545c190d6c2b45995963d2ba74cdf0440bb93714d2c733d8d9d00c0d7c4107d6226adbe1b3c5fab0a2b90c8481b8c929c3f3

/data/data/com.yelp.android.hack/databases/evernote_jobs.db

MD5 bc02ad322a08fe9ab514d6045800370b
SHA1 03c7fe6c3c5d0469f95924168804af3f0cbe127e
SHA256 0c4dd488d0397a693b0735429819da71bd4b90a09b79139e671f69c24c4deef2
SHA512 a0ae9ebbbb1af3b0e3cdd780ba55a7ad9b11867adaa75ae34564b0b4b61ffa8fc25d51a15b49295369acfc34ea38ac73e75b8d4b3554242d2b48a23b14852c96

/data/data/com.yelp.android.hack/databases/evernote_jobs.db-journal

MD5 3f745762af05a7c68e5fed112646feb7
SHA1 22b24cbcaea513dd68b3230723b5595e71c200ed
SHA256 d8713c8f002b3a4722b276372b605440aa1e479406fe91936a79bdff9b1ed238
SHA512 9e8a37f44f842b018c025a892fb453d63d7705c0fa8e58559a30062297a728efdba5d8728707320e660a62a35efe8324eb1a3c5b92c1bc2be981178c217f138d

/data/data/com.yelp.android.hack/databases/evernote_jobs.db-journal

MD5 2a0cfdc79b174e1cdf2379da8df34c93
SHA1 449eb0d29d435541488da28eaddf2dfc1dd0a8d7
SHA256 66dcd0ed9a43de48f8a3770fa1e38f97ee5d47a82e45506c71a58b118a9f28e4
SHA512 e969709359df9625f59bd1c20750caa070bb74029e0eef21725a2cc62929a4b5b0e7d73254eaf5584d6d71237e7770b61e01d374232c3df4fb1ca43e58658781

/data/data/com.yelp.android.hack/no_backup/com.google.InstanceId.properties

MD5 258fccb05e5e1ccd8c2b8b540829b84a
SHA1 1bdcf7ef407e5113959de0e2c88ac7388876119d
SHA256 701c4186d33cf87003af7c167692dfe06bdcdf50b414cab5b01128ee102eb877
SHA512 b98ad3057c0dda60318a119ba8272ba439037b1664af6c72ba6c1dfbd1f9ed46f4b007cd040d60be10dcb763ccbd58d60f5319d22c84972ad94ee166f1e2ec9a

/data/data/com.yelp.android.hack/databases/evernote_jobs.db-journal

MD5 272e54cfc2eb8062e6a4433b1de7fa61
SHA1 fa8191ab495925eb36299144459e53364ac03aaf
SHA256 33f1bb5e17988ce95f68d2cd4eb71eed5a6533493e8fa95d6646cbe7adca3b8f
SHA512 e06cba90f6a99dbcac89678dc1eee5f536197ee6e3c6e36c611b1299dc3093987fffe61d1c530bf624bf60176ecb0cbfa197b18f42272fd2e542ae8f2fac7ad3

/data/data/com.yelp.android.hack/databases/google_app_measurement_local.db-journal

MD5 bb334e787fb6446649f766413ec158bf
SHA1 d84b108911053c95e48b52a064c65476d69ef139
SHA256 07486e975d654a76dcbbb3ebf768938df5f64ecfb883c5f8cb218decd5e88d11
SHA512 b2373eb011724a0caa731bc90d8ac1c6a6e8256c4a376aa6017e94f4208a40d8aa980eb4436217f32cf4ff4c86c7eb3d192113e6f39e70001fa035e58ead34b6

/data/data/com.yelp.android.hack/databases/google_app_measurement_local.db

MD5 eb52a90bb70b76e946b62f50b6f7fb85
SHA1 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA256 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512 b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

/data/data/com.yelp.android.hack/databases/google_app_measurement_local.db-journal

MD5 8fe470c5a0c583585342a09536a3c601
SHA1 8a245a1dd6427d638d17ecc44df05bbdc0f80dc6
SHA256 2b7b285e5688cb80e4d8d4d1c28a4f76901bcde62291d64bd79d057734cfe336
SHA512 ec4c10602c8f2a34d1cb19a372b81bd9b2a088add5884955ef571a746030351a9f3cbe50120332f9482c355be09b6f05fa36d2ba9f9025b11c2ebf4b31089260

/data/data/com.yelp.android.hack/databases/google_app_measurement_local.db-journal

MD5 671c0716341902a5e0827e7acb5969c7
SHA1 ba9b3d7c63956e9ed3e2ddb71d9ca110c21a3779
SHA256 088e2b25e05335fdf810e74e629286795881f522844733d65813d537cf791ac5
SHA512 3b100590166d6b91ea255f2168f7d5f241d9a7aa9aefc138cca82025bfe3fb412ad47bcd208e74edd23000deaaf29a3b1cdd76cf4089a4a83c69afe1f81623f3

/data/data/com.yelp.android.hack/databases/google_app_measurement_local.db-journal

MD5 a406e6ffd66e2078d99bea7f4ffbca54
SHA1 31abfd2048b0620f8b556e4867817f5dd00bae02
SHA256 ca282c144f8578ada03f5efba49a8175b2e85eba1c06aa3331b65eb1e5b13927
SHA512 aeebdac8aef6b006e2ef11c17e309785a119f9ef93119c9e0e76026bf2aa2c783f847eb984fe5a0f391aeea0da1ffa1ca2d630fca3d5a3dba62e52d0aa9cc056

/data/data/com.yelp.android.hack/databases/google_app_measurement_local.db-journal

MD5 29ec2163eab18040724df8bdd35b1dde
SHA1 60dc12fa15889a5d18e5611bf8ad98cdd123f803
SHA256 435a61977691f185a88ee346414e238981c3745d42b87aa674a374044819724f
SHA512 36dce389a67e6c93c2b16e7ece318df699861339faa7b82e3900da907301fe9e5fb2d0040a82cf986e66e014bedbd90248f20a8364a1544540d41c60f790c7e0

/data/data/com.yelp.android.hack/databases/google_app_measurement_local.db-journal

MD5 f7007252b07d86e6f1d344ad99671fbd
SHA1 5ca6595c7b226a52c1dffa17b5ee55b09eb33d32
SHA256 55f9b5e4ebb5fd77033f3486d142578ca470dcf2b16324d9faf1c94383386ea2
SHA512 10756381092a61134f6e42776a896c30fef397aa3f42db173e505a5e186ea83fcc87ef1daf550f4757e4c149e7f23c9226e95c39cce3c2cc6c314fe3243c6cc0

/data/data/com.yelp.android.hack/databases/google_app_measurement_local.db

MD5 20e7306ec5bf6366ba93850464c890de
SHA1 c357baaee382e3221783d69db11b36b341b519d9
SHA256 87ae5227b497616350886dfe75ef326ea391c7ddfb3fb12895e6f6116bde535e
SHA512 4eb7c9503517f969ec7a691ebdc3c03bca96250630d0148ec649ffe9aca3afe901cbd893f34c244049e40a7ad3408408fd46c965df523ece9d1218a2a1c53954

/data/data/com.yelp.android.hack/databases/google_app_measurement_local.db

MD5 b39af551e75d289cd6b412d96c4865d5
SHA1 a806afb8f733c2e736c267ac99082d9e5f799132
SHA256 0daea17eb14b48c83e8cfde5e957b82f9ee87a5fea7aef0fbd4d5bef12be4cb8
SHA512 71d96740cb4576dac135223f945e5d82e91e78d0a70802b21d6df18ca8fda1b3ace3e2c469179ecd0228494cdc263e543d83cc80c675f1f1fdae317f17b0484f

/data/data/com.yelp.android.hack/databases/OneSignal.db-journal

MD5 138e0233bab6d9057b041a1909268cae
SHA1 041ff4efbcf4ab706513729713e04c510bf87d00
SHA256 73016933b9d209d2344cc68153da507dce8cbbb2fec3e157a93b86ae7135f6ce
SHA512 d4c18ea113c246afd127b2f55c1d5b1606e6e2429b2649d7cc5bb2f930a43f0ea0ce1b9e44a54b78ffba3d4e2e410fc3a7c7ff18973e82708505b4cf25f12270

/data/data/com.yelp.android.hack/databases/OneSignal.db

MD5 6ea5817dfb71687d648b0e4763152545
SHA1 b5a1a2a1fb579520ddeb9861c0eba5f7109d0d74
SHA256 be512b097518bdaba39e6106c143a267f56e98d8f980ed6295773c4082149824
SHA512 cafff4c86b710428753e528aed212096fef264a36cd6d6ff48af487ce1d5cf90065b4be0ad6460e4e7631040f7a28657f31811be1a5cb417c4b2725c51fb5186

/data/data/com.yelp.android.hack/databases/OneSignal.db-journal

MD5 8ee0c1bbc8688cfe655e7a5393c86044
SHA1 a3c7a4e2c172760e50c73c7b0c5fc5ed8c5d9c90
SHA256 344901b980f94507040bc4f20a82bb00907118ec608efa4e7ece529da86263a8
SHA512 4328090fa4570ce6175d9210e3cc89eff700155b4a13cf8b16cf99c8c1d7cdd2b8fb8e6a60e1d2cd542ba45cb8229c26b1ba834dbaf379a48aa6a01b2b303764

/data/data/com.yelp.android.hack/databases/OneSignal.db-journal

MD5 9e4788700ab41a6ba14d73f143e8bf57
SHA1 05453c10ce908670b8af2bcc9a46012ffa215157
SHA256 d6bdd692ccc8da390dd013933e702040d1f40e0d99ed0361bef9c6de21cc17e8
SHA512 dc81d61840b5907cf6f3e931d17f0cde5335120828199414cf9a6e557fb65645a20ba4d9fd805bb5802afb9c1ca39aee119f9d8fbe3150bae04222feae8b22ee

/data/data/com.yelp.android.hack/databases/google_app_measurement_local.db

MD5 7d1d39568606e236429269d2795ae076
SHA1 01230f0eb8b91110f5c70d4856a30e57a4cb3769
SHA256 b5b14bed622dad3baf54a3eac11fda24bdd3f790d1134539f6661c27e44d7fea
SHA512 bfa042dfe6367cbe7f014ab0b9d62da988fc39b2654807eee8f5079a84fd7cb437d1b068acc80a015afa8fbe79c438911f56485d19c46fa9ce21756937c64313

/data/data/com.yelp.android.hack/databases/google_app_measurement_local.db

MD5 e239efb1421ce24ed13fa7fcbd7d71a9
SHA1 7d7ed8d56c7bc5c236e123c6550ecd805a774cfa
SHA256 0aafb969d908869efaddc4fd021d0ed5273fb6fb9805e149560ad8f5df4bf061
SHA512 5e54c98aee813a826d1ce09d573950364fe54f43a9695ff530fd10eb745edeaa8d3727a8d25679582c4e219eebeb35e5108c565558e600bd1399d94119ae75b5

/data/data/com.yelp.android.hack/databases/google_app_measurement_local.db

MD5 2f1eeee3602c828b8e9f81f6fbd20d41
SHA1 d240b568bb6929702815b9a5edd05ad635671caa
SHA256 458aa953a9e0adbf5b8765ebcf6b51bc5b5a48b7664e85d25c7a8ce9781a2d5c
SHA512 a8642cc12cb9af0cd9d3fdc4bb1fe3b246d02af6b36714d80cdd2809def699b0b93eb585187c17f0a8e19801879e2e9edef7963ee416ae9e8cc35fd9cede2859