Analysis

  • max time kernel
    174s
  • max time network
    186s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    18/05/2024, 18:03

General

  • Target

    561509cf6f827af8f7858757bf006cd3_JaffaCakes118.apk

  • Size

    11.3MB

  • MD5

    561509cf6f827af8f7858757bf006cd3

  • SHA1

    0eceffa6dfd16ab387eacbc4b726fa8346124460

  • SHA256

    68dffad1a3079432c6d8f191eaaebdd2e219d8a1d91e8cd95588978e4ea564bf

  • SHA512

    fc37c827c16439c64caeb82a46ffd306d7439bf76e92c1813540752ef394d8b12eddd59fb8f2d97a5f88e97818c611c958e8d027aa14f39f145d912ef9d08335

  • SSDEEP

    196608:t5/b14c9CFUBLnt9j6xxrf0YuvnbVV/ouMy/UYKbNiKn1L4+WiSh/gIBG53FduMt:tZb1X9CFELnnjidx0nbIuvMtUkLRCibh

Malware Config

Signatures

  • Requests cell location 2 TTPs 2 IoCs

    Uses Android APIs to to get current cell location.

  • Queries information about running processes on the device 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries information about the current nearby Wi-Fi networks 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs
  • Checks if the internet connection is available 1 TTPs 2 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 3 IoCs

Processes

  • com.travelrely.wifibox
    1⤵
    • Requests cell location
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Queries information about the current nearby Wi-Fi networks
    • Reads the contacts stored on the device.
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4269
  • com.travelrely.wifibox:pushservice
    1⤵
    • Queries information about running processes on the device
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4315
  • com.travelrely.wifibox:remote
    1⤵
    • Requests cell location
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Queries information about the current nearby Wi-Fi networks
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4344

Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.travelrely.wifibox/databases/ble_app.db

          Filesize

          4KB

          MD5

          03454374d2dfc1686ee01151b9b2add8

          SHA1

          e7edd7523f006243708e8de11b91b8a8285f999f

          SHA256

          224e1ac4c1f36cdadee06a9d023a591abb62ab6f063d01b31588c457b239371c

          SHA512

          65539ac64e34215f142d38482b792abcb993532615ee2b31d4d07d8f766e719c99b71a438af6c874a8c54a7487ed0a45a0cf066187f0ef68e21773d064e4dd29

        • /data/data/com.travelrely.wifibox/databases/ble_app.db-journal

          Filesize

          20KB

          MD5

          af757be229945be283974841139afbae

          SHA1

          7effab66dfda5890e9c65b2538fb073a71502670

          SHA256

          9e63d4d76760ce8968ff4cd4ea3450981d377876b31a1c651b26cf4ab7282100

          SHA512

          e164c3f219121ec48481653693fff175db6ccdb5e9d66b63d4ddbb21d42069579837375ebf1c0525e697a7183bcb9a0b46a86707467269cbe5a55c7b7266bee2

        • /data/data/com.travelrely.wifibox/databases/ble_app.db-shm

          Filesize

          32KB

          MD5

          bb7df04e1b0a2570657527a7e108ae23

          SHA1

          5188431849b4613152fd7bdba6a3ff0a4fd6424b

          SHA256

          c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

          SHA512

          768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

        • /data/data/com.travelrely.wifibox/databases/ble_app.db-wal

          Filesize

          189KB

          MD5

          16c23011cc29872300b9c02690321ab7

          SHA1

          1b35420bba9d3740f72a4606a7b4fbc147f0c80e

          SHA256

          bb0f27ebc947a28e5150dfc31636e1db2777fb86a1587b97e4485759b3443010

          SHA512

          c017448c770d8b622efe0bc889077c6a70c0d9d0bffd1e4150e7f366e1cf96f83b30bb1aeeaab84f29bf6b5e8c54afd35401b475aa93742831b65c7768b0c4e2

        • /data/data/com.travelrely.wifibox/files/libcuid.so

          Filesize

          28KB

          MD5

          0d3e99204c6401ea499fe9e6d9855497

          SHA1

          09829f00ca458eab7374d5079393a2cd69a2348a

          SHA256

          63ad014cb50908591939d6a1536f85eece807425af4f4e8a1f9b9eeab13cc5ca

          SHA512

          8d9a50aa9abd17e508ed3ac35a3033e8f9e550d1088baa951f53e6c4697c5ac026d22b90e36e27341d64baa3f0202bd89ca97583e99feb25f8c26b5776c59c68

        • /data/data/com.travelrely.wifibox/files/lldt/firll.dat

          Filesize

          76B

          MD5

          89fba1f31a1da5c04b1396703155bdaf

          SHA1

          3647e0d8106330b79d16b9643538573027c15571

          SHA256

          86bd963e3ee1c8765f8bb511801556fc6123ed4c7286af64c297e775f96970f7

          SHA512

          95a232470b2c77305ebbf118dc2906d638dea2a84733f13a94b68081a884c19f944f2ab8c571e915f8c35981ff49658670496d2e98509ff87809482267316ab6

        • /data/data/com.travelrely.wifibox/files/lldt/gal.db

          Filesize

          20KB

          MD5

          0106bcfbec03d55439badfcae6525fb1

          SHA1

          fb210c7400a9dd18b5c8b0979d544ef47fd5c5ea

          SHA256

          d7190c32e0f1eef5a7d18f6905b74057f1e28080bc9c8c1de5c5e21b3cd3dc6f

          SHA512

          18aa18463553a66b86f483cb31d6ef4f89852247f98700c88651cb8e1921092797f5a4651a4ed894f0e73913d5419705b9fe7208e8f5c48603a16962f88f00f6

        • /data/data/com.travelrely.wifibox/files/lldt/gal.db-journal

          Filesize

          512B

          MD5

          5627c475733169c127b86418e79d16bc

          SHA1

          de811152a977131358f600125fc95a35154a4243

          SHA256

          3c208968cf032418db5764d611fd31342275ceb1b6cbb5f2ae186a1acc4f65a2

          SHA512

          d6ec4932b3ed6d93b2ad93d0da213a57c90a9dfe9702a4cb016f88aa338db0e926f88b7853362fe140eeaec344a34b10f8d85eec72accec02ca5740ebac8fb3e

        • /data/data/com.travelrely.wifibox/files/lldt/gal.db-wal

          Filesize

          36KB

          MD5

          19ccc44895a1db5574c5ed289b03745a

          SHA1

          8feff9784f9ee52fde301dbabf06297daf2adce7

          SHA256

          05ee15ae2124797f248115290fea475de6108160bb74f724e002867048a5497b

          SHA512

          99f6d69d25314ee440e633bb5518b7ac50a106072f10e456ad143f0ff5b32fc9944b9618e4d9e0b61c4f5a264c388a9f2ba15c5fba6ab2289ad79133ea09663a

        • /data/data/com.travelrely.wifibox/files/ofld/ofl_location.db

          Filesize

          4KB

          MD5

          f2b4b0190b9f384ca885f0c8c9b14700

          SHA1

          934ff2646757b5b6e7f20f6a0aa76c7f995d9361

          SHA256

          0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

          SHA512

          ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

        • /data/data/com.travelrely.wifibox/files/ofld/ofl_location.db-journal

          Filesize

          512B

          MD5

          9da9288369a3ff4bf2c265d23d71a5b6

          SHA1

          57f5288729be9e2703a5a89a51b243ab112423af

          SHA256

          4601be4393e7e5496b7e2bf3b4d5ad841e17ef354f598367e71c074314e4630c

          SHA512

          5eacd5034a99d73a24fbed603f6fc1c8067bb6f980edb0052b7b905282cfa52c947dec349277b1c0863dcb96c0990b81bb21adee8e040d1d863ed35a77a1f1e8

        • /data/data/com.travelrely.wifibox/files/ofld/ofl_location.db-wal

          Filesize

          48KB

          MD5

          6be035c088d53486979f3886786a7aa3

          SHA1

          a940e9b5863f84fd5443f9c50534b4074f388f33

          SHA256

          53ce9b6085c8ceefbd1a036013f5826a45213cf6dffa32fb9f9be4ba238577de

          SHA512

          017d168ea98a9d11d88e5de7543efb7edc9970772ddd14f277c351a64928a671430ce637fc8c96d3a04aa86c89ee955b50b756a34c799afbf1a43cdfb4069b85

        • /data/data/com.travelrely.wifibox/files/ofld/ofl_statistics.db-journal

          Filesize

          512B

          MD5

          ca25375421470be938e8324de6d8a34c

          SHA1

          2a04eedc6dfd15d6c7f8fa57c3a6883208274ed4

          SHA256

          8f3b4da2a70ee7609f20cb5eb2a4001adc025ea6b4094baf0b3cbe65dd0b562e

          SHA512

          ae199ac53b64434c4e19c2327226b86e86ee17701ddb37d255b3281f8c37de423971606e36f499593f63ed8947b0ab151b0585346d46035edff11a62f8458ec3

        • /data/data/com.travelrely.wifibox/files/ofld/ofl_statistics.db-wal

          Filesize

          156KB

          MD5

          b2e2472bb06410ac0d3f5c336ab195f5

          SHA1

          cad8fd76db1380ff0d11e850ac420276400f8a0c

          SHA256

          d1f47b82b1ff9d686d27aaa36f5c6649c68dc9ee5326d3286302b425de541710

          SHA512

          a602d33f44e42669fd3ccdfb82f200ac8858a8050ea15f403d2fa27b1c645b64b4d770a3bd77b8a0219556588ebc82d9eade28e88fe64af184028fb6e8822264

        • /storage/emulated/0/backups/.SystemConfig/.cuid2

          Filesize

          32KB

          MD5

          c0e971ccf95b2fe4032fdff77ac1a3a3

          SHA1

          3b27702cdef7ada6570d6802c900e3fbc1b62c71

          SHA256

          e85f73eb30a27ebb6d10bd393abe08c8d89aa3a67908837fda5f1a70d1eb3802

          SHA512

          875a981cf9ef245e7b11202819569371eae9369a123c8117f5f7cd09fa56af9c2d475d61bcfb52b20246d9f2f8f5663269a1fe64422ab1a9867e4054c8f1dac4

        • /storage/emulated/0/baidu/tempdata/conlts.dat

          Filesize

          12B

          MD5

          8d80bc8ea90e9cac010d3ddf97bda5f5

          SHA1

          f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07

          SHA256

          f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93

          SHA512

          9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

        • /storage/emulated/0/baidu/tempdata/conlts.dat

          Filesize

          159B

          MD5

          1a656e941e7b3e39723f0b0505881237

          SHA1

          58b9915a4742729220d8bb9e8c84eb707d6cba54

          SHA256

          8f4ad351365044a6a9374123a0956cb349c75328c39d4b22a37a97b5137cd75c

          SHA512

          53b6e5f060e51358aadf8a04333e7eb859d81dfc4df552e67667d99fdb87e1b56d67d63a94598ffd6913040741bf0303198182dc9eec27a328ff8912fd6f31e9

        • /storage/emulated/0/baidu/tempdata/lcvif.dat

          Filesize

          96B

          MD5

          3d714dfb5cd13c47cbb2ede079cb8853

          SHA1

          028a00236865cb2d4fe3c32652482c3c518f7910

          SHA256

          6bdd1bc7e74d32017273d6c3b7d46de12170c172948cee6f5e4a5dd618131eb6

          SHA512

          9417c59cf2e9b8e56d32f2f684fbae0503c0a82bdff198636aae263ae136328aa3b610ff9cd8c90e36fce7c192f2a0d6dad37a5c84d9509427a6ea438595bd97

        • /storage/emulated/0/baidu/tempdata/lcvif.dat

          Filesize

          96B

          MD5

          7ad4f478509303434a355269f2be3da1

          SHA1

          73babc07b6fc16b959584b6b35562ec61962036a

          SHA256

          6736aff61471a472a0ef7593957322f0f4864ee7d33263582c7ccab489425e2d

          SHA512

          2f023cc76afcb0f7ced638d3ddee65961b147eb428d3d7bfc95d125a48f03d5fa20504c4364bca39b7ced2882bb098efdf05c97accc3e77b83215942fc5f547c

        • /storage/emulated/0/baidu/tempdata/yoh.dat

          Filesize

          24B

          MD5

          a936690571e9104e1922dda4a0ba5bd1

          SHA1

          65f49c57edde2f96be2a1dbdfc3f7351f1e66554

          SHA256

          f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412

          SHA512

          3be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394

        • /storage/emulated/0/baidu/tempdata/yoh.dat

          Filesize

          24B

          MD5

          1681ffc6e046c7af98c9e6c232a3fe0a

          SHA1

          d3399b7262fb56cb9ed053d68db9291c410839c4

          SHA256

          9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0

          SHA512

          11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5

        • /storage/emulated/0/com_travelrely_wifibox/log/log_2024-05-18.txt

          Filesize

          66B

          MD5

          e3369bd33af126310449c799bb0f9fdb

          SHA1

          8c78e338aadd5fc0ed5af0d102627564fdb26cf4

          SHA256

          6810d840e07c90fa00fbf80dab8b57f93045bc92da8966713710506efffdca36

          SHA512

          01d9cedca7317648498fdd896e8ef31076e450581b392c1a0baee554a3702fb4235824c44867dc2c84013ce148beeee9cf029157b5d96e81ab5f68be88ac88ce

        • /storage/emulated/0/com_travelrely_wifibox/log/log_2024-05-18.txt

          Filesize

          318B

          MD5

          71e1ec843910b379c770b4a51c98941a

          SHA1

          43324cefb3004856031da4bf66e0ac02a3d7d5f5

          SHA256

          cbe62b877ec6a2f4eaa1b6f001433f67878b21371334d7a638951f1cd8c696cc

          SHA512

          7f3fa47067b97c7cd3605bcd35637cdbbc2e0111b94098b3788f8cb7b536708895f91568dcd7a405dd0acbb2c0dda4d6b2e6b04387cf8e1add56270410f09b43

        • /storage/emulated/0/com_travelrely_wifibox/log/log_2024-05-18.txt

          Filesize

          154B

          MD5

          9b49eff87b82ca065c06733dc6c697da

          SHA1

          b592a4fe27515d36a2141dffd2573de4ef9ea44b

          SHA256

          117a1b92890120ac226a761cfc6b34d41a6ab2ad38892377ddc5e034b50c7b3a

          SHA512

          5b3e09403f62e75c966b37fbe6c05ed5cb6646ce1a3787a740b4af5e508b8289a573f8883e4c9b1d752120a0f7e4bd7c0d5fffe4a52d52915049154bf0ba5cb1

        • /storage/emulated/0/com_travelrely_wifibox/log/log_2024-05-18.txt

          Filesize

          512B

          MD5

          f91c60adaef0e74adc2e7b9c5a46694d

          SHA1

          c2c5c9601e1b8272c87c2c7427dadd4b748edf6d

          SHA256

          a100058316e365566f9dd39170c2c679faa6f5e3f0f338ecb57c5e016e8bd002

          SHA512

          f973d4615ea4fa926cdf3e8d3a4c99415d789b1e3518a527397ab1a12d6ee5dc5c1c75e6b7fc8e8e9214c61d472ea3c028faf8bfaab58b724c03e6ef17dee3ee

        • /storage/emulated/0/com_travelrely_wifibox/log/log_2024-05-18.txt

          Filesize

          52KB

          MD5

          4d91cfd68b57807353ad7a86978ed2d2

          SHA1

          c127313cb5fb818525661069e414024d2ddfc5e0

          SHA256

          8455dae14367dda3c33fa9018094153cf13333ee5cf68ad103fe1f4e4c4e3186

          SHA512

          640ff1f725e2e0edbfa5eff903c765072916247a9c8db171e75c6a47558e7909cb0e38d347b349a88f8320a82edddcc8fdf5afb788ef27d86ed185dca7f94708