Analysis
-
max time kernel
106s -
max time network
131s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
22-05-2024 14:13
Static task
static1
Behavioral task
behavioral1
Sample
6789e1240e4107f60f3cf28904b94a7d_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
General
-
Target
6789e1240e4107f60f3cf28904b94a7d_JaffaCakes118.apk
-
Size
12.8MB
-
MD5
6789e1240e4107f60f3cf28904b94a7d
-
SHA1
dddcef550cda21c7b60f144104b1ed7607c11727
-
SHA256
bc4b2ee7e4922979805b936274967d1e6a89721ad0439e77173a1cf12f95b435
-
SHA512
34b05a44f7cfedc6bae376400c084ee2eb4eb4181aea4d02c0d142c2e6e9a1f5de8398a31139a6608f4db59c8f319cb5614f5669efd67d9abe07413330b44a39
-
SSDEEP
393216:/vCl5ubMYBNtr9gXTfJzilTp6XyKc5e4vKjI8QD:/vCl5EdBNl9WTdilTpmXseF7QD
Malware Config
Signatures
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
systemdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo system -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
systemdescription ioc process Framework service call android.app.IActivityManager.registerReceiver system -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
systemdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo system -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.yyaq.safety/databases/bugly_db_Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.yyaq.safety/databases/bugly_db_-journalFilesize
512B
MD5f1bd327c1f3245624f86549ac908b7c4
SHA1f25db33242961b99b996d64851c4dc056a599dc6
SHA256c7aa08ddd29bec7e6ff27f8b589f64c2e4d436cb4f904dbb436882640fd64dc6
SHA512569c590aa1ee44a3461dfd9a38c701e1b1443c6fcbc033a939acb865c220d28e8847b235ee317bd0702ba47f856ddc9c9565a3a83b581c5121fa6a63aa634596
-
/data/data/com.yyaq.safety/databases/bugly_db_-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.yyaq.safety/databases/bugly_db_-walFilesize
56KB
MD5c72e7f4a04c57803c5182bd9e38228b8
SHA1c8ec8fbf17df0643ddb71d11f5e7118b1636a210
SHA256d36abee3c028310da79d358482f77eff770844fef10f92742d268808879fd2c4
SHA512c285fa712130214b5b76560c2d5e6191859c0237a149cca98156d34dbb0c69e919c3b9e2eead5fa25f155a3ab06e3c1ab38829c79e8ab0d0464434e2fce9f13d
-
/data/data/com.yyaq.safety/databases/safety_user.db-journalFilesize
512B
MD5fea01b0a31aeb7cae6b7d6e461db174e
SHA1e2ddbf1eeafce69f98a3db68e4c9da04127c4a0e
SHA256d532a9f4f60b82d04b495b103eb01fb292625690b7c24c97d66df6444fe683a1
SHA5122accc48724b9ccac082f02ae53090b18fed46f818ce84bbd79dab630928dd3cdf51676faebd2803425d3212df0dbfc2024413bfc0a792ca024cde43657f06c30
-
/data/data/com.yyaq.safety/databases/safety_user.db-walFilesize
32KB
MD52cc606fa9e1db8f00e815a1e0516f754
SHA195d63c59b6be5dd92317e03740664da1091d31e8
SHA2565b4cd57961b1de4a180f310f2dbccf590a1a6d07c95a79fe956eccff869d8a81
SHA512bb13e1add2cb6b4c08504933740b48d36abff96cf6ce25f71c9d32718ad372254b9676b6ece4b19ba059f77734d9a0a489cf04d4e564a9538f4ba094a1ca4532
-
/data/data/com.yyaq.safety/files/.um/um_cache_1716387280190.envFilesize
677B
MD5d05d944032c845a2440bd643077e6c61
SHA11d0ed58fee962d96552327532971a7d051926d94
SHA25676276a2aab8ab91305562682de9aa3d3c010a45c0bfc1e995a949bd3725054f2
SHA5126f174095a520d30df2379aea4478573c20f6a15154e265daaac5779fe37b6118c4a8db47fc97a3b6a5a193da171442b494b9d0a61bbf8cf0472ea55e650b72e7
-
/data/data/com.yyaq.safety/files/.umeng/exchangeIdentity.jsonFilesize
162B
MD532c3efc91afeb1dbf5eb14d2b41207e2
SHA1d914e037737a47bac013d4b61302ed0c20de6af2
SHA256bb9e735bfdf4e26528a7d93366fb5e8d1b5c76a05757783e1f5bf183d86ce5d7
SHA512394a6d0a77f1aa97535e6509b341f7a9abb42353fb894a461811ce5f960fb65a0bfa53a244390cfb6eb75b58000dcb9d935dae2213298c61e082391c8af97490
-
/data/data/com.yyaq.safety/files/safety/sound/danger_01.mp3Filesize
426KB
MD554d0c7610c43062128270842ccd95a90
SHA196a76a8f8bccbf0c1e08fe890092549b8d07bf38
SHA25672aa00430f50ce00cfbc52fe7fb17d7b69a2206c363f88ddc13e655c8ce06baa
SHA512242b86e1682ac49a920e357ff75a3d0615b9ef94965a83a46a3e7d3dc4fd6200008310e2e00212a94d8f1f38308ea2d182b58a1d6ecf04a675bfc15b15430894
-
/data/data/com.yyaq.safety/files/safety/sound/danger_02.mp3Filesize
164KB
MD55138e81e63926a090615343d0a829345
SHA184356e4044a4c4ea2b4e53f3b2eb82d19ea02d68
SHA2564c2cb8d67d9afa2b6da4928505cd1384bdbfcf3d47c13c23aa6c87913dfd3344
SHA512cdfa56b59a450bfde067d6018187832704960ec1b6fd5dd231612f1213c6c2d43dd15227602f0ea861d287943e85fac09f8683168fbf354576b6891c621b7d06
-
/data/data/com.yyaq.safety/files/umeng_it.cacheFilesize
415B
MD56a8af73748844095526fed15a46cb88b
SHA13dc6fa7bc65b970cf81239d2f86861f586beb26f
SHA256bfce81eb4160bb04a292a29fa93ba5b322aa590c454188acf49243bf3b9bb724
SHA51285584d7935c37a51c6288b01eb2444d73fb6d444bb19e245cd9d0770a1b633165268086272bc817be2cf983da722cf65e447860b9daf9aab39f18b42f7eedd50
-
/storage/emulated/0/Android/data/com.yyaq.safety/tzw#aqx/log/20240522/000.htmlFilesize
82B
MD53c247f1d2786e44675a868882faaf1f8
SHA15673c89b0fead8a685768d7868c3e852818daf3d
SHA2566a482dc91343202bf996b8fba2fd0a84cc8d56f9cbfc1e6cf277c470cf3d0652
SHA5124c024b793f3c7f11d65bbb2bb49c31b93c99a40a1e7e1c68f7d16fe6b40f5a2aaf2f7cd1dbf32086560c4214f9cdd20790143e9ecab86726b8821ceae9a5bf74
-
/storage/emulated/0/Android/data/com.yyaq.safety/tzw#aqx/log/20240522/000.htmlFilesize
113B
MD55e21edb34585673ea84eb85e77fc5ebd
SHA1aa2b3d8988b97e077f9f8c2aecd5c32c17f30ca7
SHA2567d12cf0fcae79a3afe91f1591682371a705b80c7559326d520252ebe35f8ef28
SHA51252dd94e58ed379d435cfe12710ed462cf40586555b227e1f9dd3ff65190a376f7245477ddd01e8d54007e308e0aa365e41eb93531078e749a66ca8009ace90cc
-
/storage/emulated/0/Android/data/com.yyaq.safety/tzw#aqx/log/20240522/000.htmlFilesize
904B
MD59f41feb7df875f276b2b5f121f2db01f
SHA1c9c664b9ba1317aff5b33644e5d48f68cfbadd59
SHA2560f8ec7ff4733046a137717ba5ddbdaa1e90e938aa116668e57ba4975757d3e88
SHA5121343e9fb16ac284f7efc72934a62eeef58d556ef4f7b178b956a9dd84712e1eb36283a3f7fec965e52516cc0fc41d0e6fe871d9ac68ef2a6d67b4fcb47935607
-
/storage/emulated/0/Android/data/com.yyaq.safety/tzw#aqx/log/20240522/000.htmlFilesize
172B
MD5b1f2e69114283d087f2d55729cc82ecf
SHA14d55e4856db894f50be002157df774fbfdc60cc9
SHA256393f9fc73520dc1e1b6c43cd8dca399ef4ef1ac873e65d25595f71da36f24b6a
SHA51214374f1278a636e883185cbfd72823322237cb57e8df205718f48c5e3fd7694b8ed3a7a2d3bfec16140c1e7b9607495992808d1a17774c4a5225937a929c4a75
-
/storage/emulated/0/Android/data/com.yyaq.safety/tzw#aqx/log/20240522/000.htmlFilesize
85B
MD5a64dc7e78f9f2b0d35665955bc148ce0
SHA14d9ada1ffc3499b95fdbee289958846b89e9ba15
SHA256e94f4cfecb9937b7cf5cb9e5e3a32c6f942a12e4ba270644c7e6c2986e0e4105
SHA5121b291b3baad13512cc9e2ecd2f1b331330e79973095a6d9833657efdff75ee6e625f70c09f055b0fc13127feddf481aba77862f6b62b94e2ddca98d36caa23e6