Analysis
-
max time kernel
174s -
max time network
186s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
18/05/2024, 18:03
Static task
static1
Behavioral task
behavioral1
Sample
561509cf6f827af8f7858757bf006cd3_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
General
-
Target
561509cf6f827af8f7858757bf006cd3_JaffaCakes118.apk
-
Size
11.3MB
-
MD5
561509cf6f827af8f7858757bf006cd3
-
SHA1
0eceffa6dfd16ab387eacbc4b726fa8346124460
-
SHA256
68dffad1a3079432c6d8f191eaaebdd2e219d8a1d91e8cd95588978e4ea564bf
-
SHA512
fc37c827c16439c64caeb82a46ffd306d7439bf76e92c1813540752ef394d8b12eddd59fb8f2d97a5f88e97818c611c958e8d027aa14f39f145d912ef9d08335
-
SSDEEP
196608:t5/b14c9CFUBLnt9j6xxrf0YuvnbVV/ouMy/UYKbNiKn1L4+WiSh/gIBG53FduMt:tZb1X9CFELnnjidx0nbIuvMtUkLRCibh
Malware Config
Signatures
-
Requests cell location 2 TTPs 2 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.travelrely.wifibox Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo com.travelrely.wifibox:remote -
Queries information about running processes on the device 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.travelrely.wifibox:remote Framework service call android.app.IActivityManager.getRunningAppProcesses com.travelrely.wifibox Framework service call android.app.IActivityManager.getRunningAppProcesses com.travelrely.wifibox:pushservice -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.travelrely.wifibox:remote Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.travelrely.wifibox -
Queries information about the current nearby Wi-Fi networks 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
description ioc Process Framework service call android.net.wifi.IWifiManager.getScanResults com.travelrely.wifibox Framework service call android.net.wifi.IWifiManager.getScanResults com.travelrely.wifibox:remote -
Reads the contacts stored on the device. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://com.android.contacts/contacts com.travelrely.wifibox -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.travelrely.wifibox:remote Framework service call android.app.IActivityManager.registerReceiver com.travelrely.wifibox:pushservice Framework service call android.app.IActivityManager.registerReceiver com.travelrely.wifibox -
Checks if the internet connection is available 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.travelrely.wifibox:pushservice Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.travelrely.wifibox:remote -
Reads information about phone network operator. 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
description ioc Process Framework API call android.hardware.SensorManager.registerListener com.travelrely.wifibox:remote -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 3 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.travelrely.wifibox:remote Framework API call javax.crypto.Cipher.doFinal com.travelrely.wifibox Framework API call javax.crypto.Cipher.doFinal com.travelrely.wifibox:pushservice
Processes
-
com.travelrely.wifibox1⤵
- Requests cell location
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Reads the contacts stored on the device.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4269
-
com.travelrely.wifibox:pushservice1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4315
-
com.travelrely.wifibox:remote1⤵
- Requests cell location
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4344
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD503454374d2dfc1686ee01151b9b2add8
SHA1e7edd7523f006243708e8de11b91b8a8285f999f
SHA256224e1ac4c1f36cdadee06a9d023a591abb62ab6f063d01b31588c457b239371c
SHA51265539ac64e34215f142d38482b792abcb993532615ee2b31d4d07d8f766e719c99b71a438af6c874a8c54a7487ed0a45a0cf066187f0ef68e21773d064e4dd29
-
Filesize
20KB
MD5af757be229945be283974841139afbae
SHA17effab66dfda5890e9c65b2538fb073a71502670
SHA2569e63d4d76760ce8968ff4cd4ea3450981d377876b31a1c651b26cf4ab7282100
SHA512e164c3f219121ec48481653693fff175db6ccdb5e9d66b63d4ddbb21d42069579837375ebf1c0525e697a7183bcb9a0b46a86707467269cbe5a55c7b7266bee2
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
189KB
MD516c23011cc29872300b9c02690321ab7
SHA11b35420bba9d3740f72a4606a7b4fbc147f0c80e
SHA256bb0f27ebc947a28e5150dfc31636e1db2777fb86a1587b97e4485759b3443010
SHA512c017448c770d8b622efe0bc889077c6a70c0d9d0bffd1e4150e7f366e1cf96f83b30bb1aeeaab84f29bf6b5e8c54afd35401b475aa93742831b65c7768b0c4e2
-
Filesize
28KB
MD50d3e99204c6401ea499fe9e6d9855497
SHA109829f00ca458eab7374d5079393a2cd69a2348a
SHA25663ad014cb50908591939d6a1536f85eece807425af4f4e8a1f9b9eeab13cc5ca
SHA5128d9a50aa9abd17e508ed3ac35a3033e8f9e550d1088baa951f53e6c4697c5ac026d22b90e36e27341d64baa3f0202bd89ca97583e99feb25f8c26b5776c59c68
-
Filesize
76B
MD589fba1f31a1da5c04b1396703155bdaf
SHA13647e0d8106330b79d16b9643538573027c15571
SHA25686bd963e3ee1c8765f8bb511801556fc6123ed4c7286af64c297e775f96970f7
SHA51295a232470b2c77305ebbf118dc2906d638dea2a84733f13a94b68081a884c19f944f2ab8c571e915f8c35981ff49658670496d2e98509ff87809482267316ab6
-
Filesize
20KB
MD50106bcfbec03d55439badfcae6525fb1
SHA1fb210c7400a9dd18b5c8b0979d544ef47fd5c5ea
SHA256d7190c32e0f1eef5a7d18f6905b74057f1e28080bc9c8c1de5c5e21b3cd3dc6f
SHA51218aa18463553a66b86f483cb31d6ef4f89852247f98700c88651cb8e1921092797f5a4651a4ed894f0e73913d5419705b9fe7208e8f5c48603a16962f88f00f6
-
Filesize
512B
MD55627c475733169c127b86418e79d16bc
SHA1de811152a977131358f600125fc95a35154a4243
SHA2563c208968cf032418db5764d611fd31342275ceb1b6cbb5f2ae186a1acc4f65a2
SHA512d6ec4932b3ed6d93b2ad93d0da213a57c90a9dfe9702a4cb016f88aa338db0e926f88b7853362fe140eeaec344a34b10f8d85eec72accec02ca5740ebac8fb3e
-
Filesize
36KB
MD519ccc44895a1db5574c5ed289b03745a
SHA18feff9784f9ee52fde301dbabf06297daf2adce7
SHA25605ee15ae2124797f248115290fea475de6108160bb74f724e002867048a5497b
SHA51299f6d69d25314ee440e633bb5518b7ac50a106072f10e456ad143f0ff5b32fc9944b9618e4d9e0b61c4f5a264c388a9f2ba15c5fba6ab2289ad79133ea09663a
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD59da9288369a3ff4bf2c265d23d71a5b6
SHA157f5288729be9e2703a5a89a51b243ab112423af
SHA2564601be4393e7e5496b7e2bf3b4d5ad841e17ef354f598367e71c074314e4630c
SHA5125eacd5034a99d73a24fbed603f6fc1c8067bb6f980edb0052b7b905282cfa52c947dec349277b1c0863dcb96c0990b81bb21adee8e040d1d863ed35a77a1f1e8
-
Filesize
48KB
MD56be035c088d53486979f3886786a7aa3
SHA1a940e9b5863f84fd5443f9c50534b4074f388f33
SHA25653ce9b6085c8ceefbd1a036013f5826a45213cf6dffa32fb9f9be4ba238577de
SHA512017d168ea98a9d11d88e5de7543efb7edc9970772ddd14f277c351a64928a671430ce637fc8c96d3a04aa86c89ee955b50b756a34c799afbf1a43cdfb4069b85
-
Filesize
512B
MD5ca25375421470be938e8324de6d8a34c
SHA12a04eedc6dfd15d6c7f8fa57c3a6883208274ed4
SHA2568f3b4da2a70ee7609f20cb5eb2a4001adc025ea6b4094baf0b3cbe65dd0b562e
SHA512ae199ac53b64434c4e19c2327226b86e86ee17701ddb37d255b3281f8c37de423971606e36f499593f63ed8947b0ab151b0585346d46035edff11a62f8458ec3
-
Filesize
156KB
MD5b2e2472bb06410ac0d3f5c336ab195f5
SHA1cad8fd76db1380ff0d11e850ac420276400f8a0c
SHA256d1f47b82b1ff9d686d27aaa36f5c6649c68dc9ee5326d3286302b425de541710
SHA512a602d33f44e42669fd3ccdfb82f200ac8858a8050ea15f403d2fa27b1c645b64b4d770a3bd77b8a0219556588ebc82d9eade28e88fe64af184028fb6e8822264
-
Filesize
32KB
MD5c0e971ccf95b2fe4032fdff77ac1a3a3
SHA13b27702cdef7ada6570d6802c900e3fbc1b62c71
SHA256e85f73eb30a27ebb6d10bd393abe08c8d89aa3a67908837fda5f1a70d1eb3802
SHA512875a981cf9ef245e7b11202819569371eae9369a123c8117f5f7cd09fa56af9c2d475d61bcfb52b20246d9f2f8f5663269a1fe64422ab1a9867e4054c8f1dac4
-
Filesize
12B
MD58d80bc8ea90e9cac010d3ddf97bda5f5
SHA1f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07
SHA256f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93
SHA5129ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7
-
Filesize
159B
MD51a656e941e7b3e39723f0b0505881237
SHA158b9915a4742729220d8bb9e8c84eb707d6cba54
SHA2568f4ad351365044a6a9374123a0956cb349c75328c39d4b22a37a97b5137cd75c
SHA51253b6e5f060e51358aadf8a04333e7eb859d81dfc4df552e67667d99fdb87e1b56d67d63a94598ffd6913040741bf0303198182dc9eec27a328ff8912fd6f31e9
-
Filesize
96B
MD53d714dfb5cd13c47cbb2ede079cb8853
SHA1028a00236865cb2d4fe3c32652482c3c518f7910
SHA2566bdd1bc7e74d32017273d6c3b7d46de12170c172948cee6f5e4a5dd618131eb6
SHA5129417c59cf2e9b8e56d32f2f684fbae0503c0a82bdff198636aae263ae136328aa3b610ff9cd8c90e36fce7c192f2a0d6dad37a5c84d9509427a6ea438595bd97
-
Filesize
96B
MD57ad4f478509303434a355269f2be3da1
SHA173babc07b6fc16b959584b6b35562ec61962036a
SHA2566736aff61471a472a0ef7593957322f0f4864ee7d33263582c7ccab489425e2d
SHA5122f023cc76afcb0f7ced638d3ddee65961b147eb428d3d7bfc95d125a48f03d5fa20504c4364bca39b7ced2882bb098efdf05c97accc3e77b83215942fc5f547c
-
Filesize
24B
MD5a936690571e9104e1922dda4a0ba5bd1
SHA165f49c57edde2f96be2a1dbdfc3f7351f1e66554
SHA256f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412
SHA5123be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394
-
Filesize
24B
MD51681ffc6e046c7af98c9e6c232a3fe0a
SHA1d3399b7262fb56cb9ed053d68db9291c410839c4
SHA2569d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0
SHA51211bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5
-
Filesize
66B
MD5e3369bd33af126310449c799bb0f9fdb
SHA18c78e338aadd5fc0ed5af0d102627564fdb26cf4
SHA2566810d840e07c90fa00fbf80dab8b57f93045bc92da8966713710506efffdca36
SHA51201d9cedca7317648498fdd896e8ef31076e450581b392c1a0baee554a3702fb4235824c44867dc2c84013ce148beeee9cf029157b5d96e81ab5f68be88ac88ce
-
Filesize
318B
MD571e1ec843910b379c770b4a51c98941a
SHA143324cefb3004856031da4bf66e0ac02a3d7d5f5
SHA256cbe62b877ec6a2f4eaa1b6f001433f67878b21371334d7a638951f1cd8c696cc
SHA5127f3fa47067b97c7cd3605bcd35637cdbbc2e0111b94098b3788f8cb7b536708895f91568dcd7a405dd0acbb2c0dda4d6b2e6b04387cf8e1add56270410f09b43
-
Filesize
154B
MD59b49eff87b82ca065c06733dc6c697da
SHA1b592a4fe27515d36a2141dffd2573de4ef9ea44b
SHA256117a1b92890120ac226a761cfc6b34d41a6ab2ad38892377ddc5e034b50c7b3a
SHA5125b3e09403f62e75c966b37fbe6c05ed5cb6646ce1a3787a740b4af5e508b8289a573f8883e4c9b1d752120a0f7e4bd7c0d5fffe4a52d52915049154bf0ba5cb1
-
Filesize
512B
MD5f91c60adaef0e74adc2e7b9c5a46694d
SHA1c2c5c9601e1b8272c87c2c7427dadd4b748edf6d
SHA256a100058316e365566f9dd39170c2c679faa6f5e3f0f338ecb57c5e016e8bd002
SHA512f973d4615ea4fa926cdf3e8d3a4c99415d789b1e3518a527397ab1a12d6ee5dc5c1c75e6b7fc8e8e9214c61d472ea3c028faf8bfaab58b724c03e6ef17dee3ee
-
Filesize
52KB
MD54d91cfd68b57807353ad7a86978ed2d2
SHA1c127313cb5fb818525661069e414024d2ddfc5e0
SHA2568455dae14367dda3c33fa9018094153cf13333ee5cf68ad103fe1f4e4c4e3186
SHA512640ff1f725e2e0edbfa5eff903c765072916247a9c8db171e75c6a47558e7909cb0e38d347b349a88f8320a82edddcc8fdf5afb788ef27d86ed185dca7f94708