Analysis

  • max time kernel
    44s
  • max time network
    157s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    25-08-2024 19:35

General

  • Target

    c16db227fb29787cd2158fbd7a812248_JaffaCakes118.apk

  • Size

    6.1MB

  • MD5

    c16db227fb29787cd2158fbd7a812248

  • SHA1

    5bff97136838756b6090a2af44fd43a3eff523b1

  • SHA256

    b34c00722df5d523e7197690aeb8fb36b38af563793aa22acd14567553f04241

  • SHA512

    a988e527e5d8cf18cad465176b7164144441c287b6addabe31ec17d5f498c008eb387344c68a1e474faf9a8f1c326cb4f8ced9b441118b41e96cbd127e88e9c7

  • SSDEEP

    196608:fxhozeKrsCDmZSMwAvRYvPvXb11+Igf0Kl:fMjshAMTRkvXSIgf5l

Malware Config

Signatures

Processes

  • com.Saapart.SW.hack
    1⤵
    • Checks if the Android device is rooted.
    • Removes its main activity from the application launcher
    • Obtains sensitive information copied to the device clipboard
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Checks CPU information
    • Checks memory information
    PID:4928

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.Saapart.SW.hack/databases/OneSignal.db

    Filesize

    40KB

    MD5

    6ea5817dfb71687d648b0e4763152545

    SHA1

    b5a1a2a1fb579520ddeb9861c0eba5f7109d0d74

    SHA256

    be512b097518bdaba39e6106c143a267f56e98d8f980ed6295773c4082149824

    SHA512

    cafff4c86b710428753e528aed212096fef264a36cd6d6ff48af487ce1d5cf90065b4be0ad6460e4e7631040f7a28657f31811be1a5cb417c4b2725c51fb5186

  • /data/data/com.Saapart.SW.hack/databases/OneSignal.db-journal

    Filesize

    512B

    MD5

    540c6d8f1a1592be4aa2b502bb6d0e1c

    SHA1

    2b744af35a351956c7cbce99a2da7924859f6f5e

    SHA256

    5177fbe730589e8fae60948af48c6fb05a7d2e05b8005b08e2d2a3311a117771

    SHA512

    37ba89fa5e056a2182fa3cd6a697bc57f034df69287b15e66edd9ef90364046fb988fb169ba48ea296ed84d888d315fb970bc563fdb013865a80692f252c9d1b

  • /data/data/com.Saapart.SW.hack/databases/OneSignal.db-journal

    Filesize

    8KB

    MD5

    c29adb5288a0833baf13765f86328912

    SHA1

    b4aee8a638a41210c6769a9145751c5af5a061c6

    SHA256

    e1e3c4eb17ce1594cdbe9a1d08cbbce0d8982d9b5760477ffb6792e4a5cfe934

    SHA512

    c7758862a5393ee6520d3c09b6137ac4038f129ba3cbc9bae4a1c1cfe72d9c75398938fd53476ddeb58ec8beb925138aa740f9a2ae8c0498fac28f3436133952

  • /data/data/com.Saapart.SW.hack/databases/OneSignal.db-journal

    Filesize

    8KB

    MD5

    ddfa60fa172dead3586b062ee2df3411

    SHA1

    df8bcf6ff6e97d5c3314a7f9af88f28d6b2033e4

    SHA256

    2bc3b191cae96ef09183420af3119b6e911af5110f7ccaa92a61034286f73c30

    SHA512

    6d2eaf10e544f6e2f5b0b0c3365ce1dba80b3c597ee437a9a5954cd861f503754dc4ffb8fbaefa212d2527377f218af6a3567af9ec6848f21f216c09467960a6

  • /data/data/com.Saapart.SW.hack/databases/evernote_jobs.db

    Filesize

    16KB

    MD5

    e378dbcd1cbf89a3ebb6df6bcf9b95bd

    SHA1

    c853e067ade4a2e943fd1e8e2004a0fa437fa0d0

    SHA256

    f60225183e99fd382b8cfbd63d8ca4ca3b1b8e9508c2a8e9f36d1905296e8f19

    SHA512

    b927ed65391baff49163b1a05c5c1a3e7b9b6caf88ce0e67eef862771eebbc49d73340698ec649abc88d8abd0b0155258e12266a8752cb2a4477cea4db934322

  • /data/data/com.Saapart.SW.hack/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    44ab72b718ff91d11b3529bc3f7fa4d3

    SHA1

    ee14edc1919e8f4d29648fe9b9657390b6ab2fa6

    SHA256

    e9197dcb634278be78ca0a8166eb65a925d30dea8157617ffaaf02f8dd00a63b

    SHA512

    6ae1d406ab988618c4de37e78cc9f49ce7c4a6a6bb661ca00335587d31b409668f29ff028cc7f46006e10c15191777bbaae8c0e0e69789f6c7b55773ca158f33

  • /data/data/com.Saapart.SW.hack/databases/evernote_jobs.db-journal

    Filesize

    512B

    MD5

    54938136a339a381d46932a88461cdb6

    SHA1

    ee3e7efdb4ce2841501eeb42f33092eb36b50bd5

    SHA256

    3957dfd74a6ff663052f8fcd83b36fe846d0820f0f3e065319323d1f58dc2ed1

    SHA512

    dd121907b49659205d8fe1eeb6539c17ba3a40fe3e14bb694ca0d48f904c2496e6ab74d2d7a2dce9f969fdd52d41f088cab0e67e542375811289cf489e7e9e36

  • /data/data/com.Saapart.SW.hack/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    d9ef6602d3b46540c7b38e34339e984d

    SHA1

    cf1d6b6b4e5e6a42dcfe61355cf44120c2e91e35

    SHA256

    8d9727c10e31aa53c6052ba7689f92ed42dd1447ebcd7d1671f289a918930554

    SHA512

    c7d240df1584ddd61eab955d62d51c701d2e8eb6d368f9b3ce14075fa6e442faddf62f81d1a7aeb7f9a9270f283a0f70b6179a910c5f761c7e7902f619a89891

  • /data/data/com.Saapart.SW.hack/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    7b0c1945fa4584076ef3ea33e461f469

    SHA1

    090a3afb3c8c335c82d53c0212a2e3b7df5f388c

    SHA256

    e65cb7486a3ec6b150d6b2f394d1ee1eb78494a06659b2cdc35a1642c92fa18d

    SHA512

    ffe9b2ed4f89799630b62dad3b377e6cf2d4030007afd7ae10435434fc42a3449ad7ec804737a0cf7e73d0a944591b0343ae5f322d5f83a326f4f859e1931d18

  • /data/data/com.Saapart.SW.hack/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    f32208d2b4a1e826d841ef1420c657bd

    SHA1

    d5738fe26c762cb40c6b004e1c3488b1529068a0

    SHA256

    cbf56c2ec53b03fbe36d1cf15fe303048630be335649e632a825d49af420e283

    SHA512

    81781c894fc6bd71d4514cca73fb74070e311dbef24b8ac0af382d9ed21b627a5129663c458ac76133d318c71fa7dbf2ea81bd100ff92c23f0b86cee4b3e279d

  • /data/data/com.Saapart.SW.hack/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    8598c3d7ae7266259c756f7ca14770ce

    SHA1

    14ab89b7059c51e4b21962f1cd2776bebe173be4

    SHA256

    7ab159116cfd1e8706c7d03334a4fd5e7887229e4fd33ebdc94414e09e67111b

    SHA512

    8ae1a170eae03ffb00704123ffb6d6ae9fdf6ba987f02cd6b5fc2c0f233a2c44260445f0535faef4fa9f72a62847664660c427e59a07a598a7d5e64e0165730f

  • /data/data/com.Saapart.SW.hack/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    c7fd99c8e92953aa1885419ef4cf4fdd

    SHA1

    31ff310e651fba8521a322e91e2c150efe5c93b2

    SHA256

    3cb32ad5e0671534a70cfd02a517360010994605cad0a2e167b94ff5b0ca0602

    SHA512

    bbffa59be7b992923508214bc19be7e12e0354042127620f82118c9c90314574e4fcf1ae30aafbb3582778af206ddbf10f784dadd120901202cfdc7f85b10585

  • /data/data/com.Saapart.SW.hack/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    832f57af6e9751bb6c1fc10267534d24

    SHA1

    b008520f557db592d1559fb4232a12b44675b50f

    SHA256

    96d6d00a608162601a3d265720ce92e43791e2bcf4eba04104488d2238bc0582

    SHA512

    0ff39f3eafaf8ee9b2a1376c56bb47221b28ec9a9d2da0d7f7c8df2ef81de036233bb69524041e0ea79bdf0f73ae54eaef604d5fa60cdde0d2108c2bf73e5b0d

  • /data/data/com.Saapart.SW.hack/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    2f1eeee3602c828b8e9f81f6fbd20d41

    SHA1

    d240b568bb6929702815b9a5edd05ad635671caa

    SHA256

    458aa953a9e0adbf5b8765ebcf6b51bc5b5a48b7664e85d25c7a8ce9781a2d5c

    SHA512

    a8642cc12cb9af0cd9d3fdc4bb1fe3b246d02af6b36714d80cdd2809def699b0b93eb585187c17f0a8e19801879e2e9edef7963ee416ae9e8cc35fd9cede2859

  • /data/data/com.Saapart.SW.hack/databases/google_app_measurement_local.db

    Filesize

    16KB

    MD5

    eb52a90bb70b76e946b62f50b6f7fb85

    SHA1

    42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

    SHA256

    48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

    SHA512

    b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

  • /data/data/com.Saapart.SW.hack/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    e9fb6f24226be0c91ace3ffe280ff20f

    SHA1

    c08d3c90593479fb7f4b8e9505cf97d0b4c4ff8f

    SHA256

    144fe4b4b70bb5be401bb1c8f6c6ef2d138771a9235fecaac7c5bc17bef3c263

    SHA512

    0717e454c118fc4313f959c153a173214b06ce4ab2d0242a5e72013a35d499e91b49d182c63812ae9b770ebf3e8fb7da8ceab83885f7b1194b09771544ac302f

  • /data/data/com.Saapart.SW.hack/databases/google_app_measurement_local.db-journal

    Filesize

    4KB

    MD5

    6b3e3e51777afc70c922e783c920a6ef

    SHA1

    347a5a499bccc4478dac46d6eb36df75052d536b

    SHA256

    27b5e1e41046348cf3463d7eeb38624ff8256985a9db6d1d3f0b522371b0e9e0

    SHA512

    572f6bbb8cd5af1a9ae87618932de0fe78b3f082166b780758e189b7373335f16d660b3b232ce9c04ce27a5447ccd6b4058347bed7333a57f4e369f80cf51303

  • /data/data/com.Saapart.SW.hack/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    f2e112448d419e5855e792ce58dc7163

    SHA1

    b08cbc7162619aa10337e125112a69371c4da1f6

    SHA256

    b9070cd9745753e1a98c6ca3d366e7b3a33f93d10316a1f78e76ef50781b916c

    SHA512

    0f046d6676c3b2929a6bd58494715b74c79e86e83385bdfec72b4679c5fda3eb31f9515832e49340d2e022ead7edf5889827aeb47468c08982c71784f95040ae

  • /data/data/com.Saapart.SW.hack/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    7e06d78e0688e8cd1a603be76284757f

    SHA1

    dac000a06254fff8ef8df6a7cca1643d819cf915

    SHA256

    481b4d777081de3a76c79412516e1edb20a4ee71b29a288651255599f1136689

    SHA512

    3c6bec28e9eb9b1ffd888a1041d5063abb7083345efa34744cc488881ef944bcdf83d576fa58103b8922e6838a4e7d08f71bafa6f86dfcc958925078bafcab74

  • /data/data/com.Saapart.SW.hack/databases/google_app_measurement_local.db-journal

    Filesize

    8KB

    MD5

    948be512a3d697857a6427fc81121984

    SHA1

    bdead4558805995bfcde9196f3bfaed914393454

    SHA256

    1f20c42a40035ae4098c836da381513df6e6e89d5f73dbcd69fbed7ac7b65b53

    SHA512

    cefe0e27188ba71d6c5e3941cf51bbc4487d35f03df73ce5c09e5c1bec20f0ee37b00ce0cba813cb22191d2c0a888bf27abc91aa833334f4ffc0c553fc6f326b

  • /data/data/com.Saapart.SW.hack/databases/google_app_measurement_local.db-journal

    Filesize

    512B

    MD5

    aa794122e0e141fde6c51afe2c4a0954

    SHA1

    80cc474b6dced3ea06d97ef9e22b8ad3907dd72d

    SHA256

    0e7f29f925c79b45b03bf6882fef76991d007f3161009c730eb1503485a70046

    SHA512

    3c1a307bcb1b80d5bb2d7f3c1f54b34f316386d23123f191a69b8b0b9865104b52adf839c9b30dc91948379de90a9a08b26c4ca3ee4e44f428785e966d39464d

  • /data/data/com.Saapart.SW.hack/no_backup/com.google.InstanceId.properties

    Filesize

    2KB

    MD5

    dab60f688135463be4d3d9f7dd235a19

    SHA1

    65cfc01b405dfca03d23625ff7975d29aa0c1a86

    SHA256

    741f911b2f92f81d3b8edd87d8e565cd36ff98214717d487f1c8cedcc51a7981

    SHA512

    496b0521b2e5de049aa841f84f8fc4a6fac312bd019726ede0bb3f6f5e2383db66ca8892d5163cc885ec24611879f4385546cc20f28213419707ae8194d87868