Analysis
-
max time kernel
176s -
max time network
131s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
13-06-2024 00:13
Static task
static1
Behavioral task
behavioral1
Sample
a316ce65a53be706b5e89488824b1b11_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
dynamic_pay_sdk_1.0.99-201602251816.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral3
Sample
dynamic_pay_sdk_1.0.99-201602251816.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral4
Sample
dynamic_pay_sdk_1.0.99-201602251816.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
a316ce65a53be706b5e89488824b1b11_JaffaCakes118.apk
-
Size
16.3MB
-
MD5
a316ce65a53be706b5e89488824b1b11
-
SHA1
4f9394eba85ebcd3e8e8687e516589164f3fa906
-
SHA256
5c5a19ae8705afaa77b5923a59f002945e886f45c40a24cca6e39ac3b40afc31
-
SHA512
e0d369aff5abdfdbdda252db2c6007c21d280353ef03c70572387b543742e325a7afd2433dab45b5d254faafc4142f2f5ab84e1403e16a4901c0777ffd1bb96d
-
SSDEEP
393216:q/MusNl0ql8jvTvqmS+iuvSfOXRJDDCJeugkfft1zeG1a4m+k0:q/psAqMvDqmSiSWXRJsCkT19m+F
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.yunva.yayadescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.yunva.yaya -
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
Processes:
com.yunva.yayadescription ioc process Framework service call android.net.wifi.IWifiManager.getScanResults com.yunva.yaya -
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Acquires the wake lock 1 IoCs
Processes:
com.yunva.yayadescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock com.yunva.yaya -
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.yunva.yayadescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.yunva.yaya -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.yunva.yayadescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.yunva.yaya -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.yunva.yayadescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.yunva.yaya -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.yunva.yayadescription ioc process Framework API call javax.crypto.Cipher.doFinal com.yunva.yaya -
Checks CPU information 2 TTPs 1 IoCs
Processes
-
com.yunva.yaya1⤵
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.yunva.yaya/databases/bugly_db_Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.yunva.yaya/databases/bugly_db_-journalFilesize
512B
MD5b109dd0cedfbcc3112e83c2cad554981
SHA16cfe84b488e6ed409bb93a777ed8d8085d03f38d
SHA256de2d61b53ad70ec6bbf083b74a290395b117253f55dabe3ffe40dd6390fac06e
SHA5124ba35d2ec7fbd93e04af563e250009de55b1dac4da328957120a77719aa96ec54bfeeb2ad2167baacbee747e3f6e60849377258513b8f07e56a6342b5636cb9d
-
/data/data/com.yunva.yaya/databases/bugly_db_-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.yunva.yaya/databases/bugly_db_-walFilesize
56KB
MD5eb3e759118b69ef0379d55ee0c45908b
SHA1897b9d303a4e0818a13889be04e961af8fc5f8a3
SHA2568c42d467d6f505f9ed8135e7c8f05739d2a44745ec6af976391e3554e028087c
SHA512a6f8737e2146fda37b220b81a88f626c7bc3fd63784970cef3a9e8c2eeb6deeb84229d92af53dbc0e232a5016eff57ad4e157f1fd86ad99e3ed834a6835d82f9
-
/data/data/com.yunva.yaya/databases/evernote_jobs.db-journalFilesize
512B
MD57059ee8d1339bc48f3117a2281c4632a
SHA1178eced83e42c599413df6307b9ec40cc2229770
SHA256597b768de21ed3e8a077e509305322e4d38c9ece22feed848b1cf70e7c787062
SHA5124890857eb0087f5a4bd944800e8606d1674696be3149f4c660081d4298278d5256776e4e358be2badb3ad8bf2b984ab2cf05454c4cc95258306d60301e578140
-
/data/data/com.yunva.yaya/databases/evernote_jobs.db-walFilesize
28KB
MD5e17370659ca4e8dedd1d0a1e0fc25e35
SHA1e2addb5f81dd504d7f18236fa9f8549f99d3af2b
SHA256b81288ce50146c8adb1f198dc8bbe5708b9f08ba4f0ab3155b4880596400ac8f
SHA5126eea1521eaafb6791af09e019ff904ed5e74335f38fc0a9008217210375c728bf61963baa40c2bc9e13691aad6959064b8c9248fd483ccbb01df3a149133974f
-
/data/data/com.yunva.yaya/databases/tencent_analysis.db-journalFilesize
512B
MD5557962e881c095a5445422b66df3b361
SHA1ec546f57a36aa5b26ba2dae1acd9442b766ede3d
SHA256744a098b1a65c6a9a6a2ebf3cd6a5980d7b3886e620c578a02c2b5009aff8896
SHA512b1b28ef9db5419808ef8bcf287322f5467f92d8fb817a4bc541adfe065df279c081de33fe4cb0b9570dfd63447ed763c0e702109a9d8a704f43a64da05355228
-
/data/data/com.yunva.yaya/databases/tencent_analysis.db-walFilesize
60KB
MD55770dfa7f6e75e489d9cb4f2f8dce72c
SHA1e04b306e455b26b70e77e8432725c9ad4f2bdb4a
SHA2560951a3e907676041bc177fb3a51ac4e3a2cc897fbf4175b52d537f4afc6476ca
SHA512793a593a0a5ab3ec5480f25d3e76ea58a0ab3d91fa354945074cb5d5c39f4ddb4f0803b53fd7b582631f0db59c63029a05b8b02d787e58acdf3220d256c0763f
-
/data/data/com.yunva.yaya/files/__local_ap_info_cache.jsonFilesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
/data/data/com.yunva.yaya/files/__local_last_session.jsonFilesize
109B
MD5ead8c33869abe4ae107bd95f26a9fc57
SHA12d3ff32a1c1c92362ca153edb042c583747b6505
SHA256ae7e106c37e66f4766d43ede9e381c04c5c99336614ece3811c11c912a824878
SHA512928dbee27c9170b463ef1e7dafe3a3bbe7e83a975d9dcb127f31b24b3dce91e232b58a6ab5961cb19d4de6d22f5519285fb52af746c6c43e77366a8beec03444
-
/data/data/com.yunva.yaya/files/__local_stat_cache.jsonFilesize
590B
MD5cc6139825b3159a15faf892fbceb19c8
SHA16e0cab833ca249fb26cc80ac295b1708f90e3d62
SHA256e8ba438c6d403e50b014849aae7da89afba7eba168de1635baa20a78b8ca0207
SHA5126aad8931b2b2db04b8c9d2ca4c4bd2c223ffa1d8c0689e982ff9dc699f6b8f8e09afcb0ac0b6d1a6d3f87bc87fd0ba7e4986c00ad990213fc8dd86eb6304fc4c
-
/data/data/com.yunva.yaya/files/__send_data_1718237661674Filesize
626B
MD5a736eb7123ccbb7483746e5b29979b8a
SHA124ac8b47452ed5e89aad190af6b578f076119ae7
SHA2560d24e3b9fd2a2c338713a571eaf2c14a772ef711efd5f599409a76be0a25a0e9
SHA512d35f771fc72a1b108f845b0647dc6841dc0ca9853e30705f4154468c715be0490bf50ea0672c97a565ae2bcd3de75b1b61198f5413e8440336dc5427e099a0c9
-
/data/data/com.yunva.yaya/files/com.tencent.open.config.json.101046990Filesize
1KB
MD5f526172de1566b34fdcea744710d9559
SHA1000cb54d9a008a807a1c5a3fd2b2e7cb41e7939d
SHA2568572be02b59f4d514000939ec04a9b4e2380c55265256b724a617d8d0f4c6940
SHA512dc81f0fe345b18c96b1638c67b9ef4c5e60059dfc4a02f3c30a23645d4847abeef46cf467d044c42597115c48052ce0e8ea24328382114a544c5dfd039a95e7d
-
/data/data/com.yunva.yaya/files/libcuid.soFilesize
129B
MD5b2f38d7f785329b1c1de7549ccf6c330
SHA1783f2a39564f9dbf4e07ac0dd79f74568596be1c
SHA256e3e33b4a9cad8a399cd185bc399849b7a1d9a010a0975edf5de8bbf5a3389871
SHA5127d2482b278e724a4db115bf084ad4bb909c1c26a512b39e79b6e14436eac33f515eba243f1a535c61fe1ed98eae323b5f149694358e84672204fb2a98514fc1f
-
/storage/emulated/0/Android/data/com.yunva.yaya/cache/uil-images/journal.tmpFilesize
31B
MD58c92de9ce46d41a22f3b20f77404cc1d
SHA18671a6dca00edb72be47363a7071be65cf270373
SHA25668bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA51230f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56
-
/storage/emulated/0/backups/.SystemConfig/.cuidFilesize
89B
MD595bcb6465dbf94a689a73a842d941e0b
SHA18b1c74a84a19986ca749d658cf99b4db9387f857
SHA2566c9d2cbb6fa9ce43f67876b5a6ad456029dd0c6be46b6d3e0e45f8c4cde2206c
SHA5125ad26408704fd1410a7f17aa9a12ffb9f8efba1ebc592b351627328233fc266f84f7cd13655809b005e51ee333309be7d3bc037ce1e7590d12a7c3e86ef9a893
-
/storage/emulated/0/backups/system/.confdFilesize
20KB
MD5048c73f536f234f0ad0d2fa8bdbda899
SHA1dba2e666721e0b0988807b8bb3ce0452dad3448c
SHA256f1a64586ce75e770e2f36a7ef6f7419e26ebb9e9e786df3c5adce50a196d2d07
SHA5126ae398c682724f0008ce47cfc790a7ad3dd7cc801fb3a8a692d28da5533ea7ed830ea36933bd3e3219fc8cbade90f073c2c418611921bc7d6877d94b6745c4f0
-
/storage/emulated/0/backups/system/.confdFilesize
24KB
MD555923621b66b89d2bcb3226796538513
SHA1c24904af6bf2db5a2269f187e02c87ab669de605
SHA2562cc715954d142a0570ae0076302b838abf36d79d490a57276d4abe86ee0f1fa6
SHA512ccd5c705840da97b877966fc02acdaab17cc0370e291eb7b38a9dd94a9107300bf6b74353a9512307fce1c9166b1576732b326e313cdd8fab1517e9e2f278859
-
/storage/emulated/0/backups/system/.confdFilesize
28KB
MD5b588e2490bcce471506ee6753ce4bf63
SHA13420e6a0337dbe618b2c16c66b86c8f0f2237dce
SHA256f5cf0d292b2f3327cb1d33835fe05fd9f805090615df7e22341b1a060ce74e59
SHA512f66c61ddfecad4d50cc8a16a03ef09b71033fb9ae24368ef9f2c9cef34f54324471c67205244ed9b729a651ba5d23b814b9f0c23a10d7e4317425fa4f98b1038
-
/storage/emulated/0/backups/system/.confdFilesize
28KB
MD5554d618e18bdc2c6058d55f9c03de905
SHA191b10f69cfdc4fa38e21e699fb9760ebb929a993
SHA2560b4e5f4be837ce483a8713379190142886494df9b395ddce3affe7ae691d49d0
SHA512ded5e87d33e41d25df7bedcbf0c49d3d57810da5097c3f8d68b5a3923a73cecb056fcc0b41094e468fd693569974d65f07f84b27cff2345f9790607e515f9945
-
/storage/emulated/0/backups/system/.confdFilesize
32KB
MD5fa8659431632b78f04c2cc6e56b740f6
SHA17e4a7d900d7c796b1b8b441a0a2c60eef347d306
SHA25668743edb0d68b93105abe9eaa8cd8220389f0401e2b9bbd0575199b82826e5de
SHA51280da6b9a31f03480598eeaefa1b3349a5b7df55ed8038aae1da713b3919d3aef12d78c6d6fbadaeca44e7b6cbedafe12212f44c5aeb83a66b3fd3505b724f9bf
-
/storage/emulated/0/backups/system/.confd-journalFilesize
512B
MD533f6af78ee085ba3d9fa45b5e1c65eb4
SHA1a2bd843ef9252f7a517cabf289c09ea1fd205e00
SHA256844b4c0d69adb67497f678cdb8626910b9e9ec84d5adccc24aa7b9e3967dfef5
SHA512a96445df195f9ddca765974b924c247ee0d29e4a166b91a3a9d5e2525598aa197ee573c6562cf9acd195786b63659745ba52b900fac4b305477711281e47d977
-
/storage/emulated/0/backups/system/.confd-walFilesize
36KB
MD546ef63537b78a38c90df2b996ef81c2b
SHA1a9ea9964786ea9238517a0af85a46a798c0ec71c
SHA256e1362b3c2d31964ddfe7cbc0fbd54c32d42796d158316ce8846f70f9dc555bef
SHA51252d28d3b40b483983d2145d90abfa84305d8f7645af02e35498c2468827d1f0242d3e9b4e11c5d89cfc5d19877de7f41c24add104a17075d9444b72b4554eaaf
-
/storage/emulated/0/backups/system/.confd-walFilesize
12KB
MD5e67289b3fcb62c258e52befc5148c04f
SHA1907a080b1552f45d1bb8313b1d84040a00f01134
SHA256e91417c9d53e77faddba8dee34fe05023eb5e5335df4bb67f845539a8d225097
SHA5126c48e5bcf2957b5a55dad410ab7659f3b00fe091dfd0fe3ba7cc811f41f904edefd81da453767c04fadd02d204cd90d4668d4d53cf5638aa0e1100650361d25f
-
/storage/emulated/0/backups/system/.confd-walFilesize
12KB
MD572c1b7b1db56225605c23ee77b94d2ca
SHA1079364695d465676d99d5339094b6c64f9a98506
SHA2560ab163541966219ab7065bdd3c1db93850b19ea19a2b9e2d92e1d958b7e5c225
SHA5127fbdca57c03fe3a8b50b05b8543f8c184fb6869760aea434dbcef9e4b5421bf9929455fd6b54e7eae53c4c092d68bbe0693b77561537d50b047ce60a9a9693ff
-
/storage/emulated/0/backups/system/.confd-walFilesize
8KB
MD537c932f7d42b63600a67915fdcb2899f
SHA110a302a3e5ce5e804e76cc98b94a20f054296870
SHA2561989a05bf38b3d9cb2b16670412b4088c31a57b46b6bc0a92c0cb2ef5a4b6035
SHA51287fb246c5761cbabd653fe6c24d1af141843a2dde006857bfa796dd6e9142ae140542c04065c7d2d51744dce75b8b9b9bc79dede3a7d90caf8355cc0b03b9ea6
-
/storage/emulated/0/backups/system/.confd-walFilesize
12KB
MD5c73887bc0c3f920396bcd072c15f14b9
SHA19de2bc431ad8b841ed2eebabf75afab9163034d6
SHA256cb3c22e7f5ff3f838a55d65faa3432086114b421442d5e40b54d1999fad25f74
SHA512340655b9e4268e7e06b795250b515ed5fd39b25d66cbc3b1f07cf40ff379a036f87f622a3d2e7a9cc940405ac788d37cbfb9e12cc42eb5f9d2d6d574e9124237
-
/storage/emulated/0/backups/system/.timestampFilesize
25B
MD564b301003694a76cdf98b981599acd6a
SHA1ee8adb2e589671477e843218a2a41481ad94b34d
SHA2563c76c0461d1f10f62dbedfdc558b6b8bc535425898121f4a75c4c54fe869e502
SHA512cb90eb4bcedcc52cdd822f844017d51a39cd6c93e39b6547c1ead588103cf119ef720ee7048573ba7d2c2630517109d46c936458425c7b28e262c3989f2084a0
-
/storage/emulated/0/backups/system/.timestampFilesize
50B
MD53bea36a1ec9f2f0899674125ec17500a
SHA1032a7f7bd72ccb2c749290629772458519a682ed
SHA256c71dead98b1433ae1ef9a46cd169f60a8e96478307e8e595a5c34ce6751db88e
SHA51286953bb8bb69b673e3713c73d2b4313f5e4851a25e5699f0391e49845cce657e088baaa21922fe32f8c98e0911c07d816e03c8f7e1fdf1ba8d83e12d6854bbe1
-
/storage/emulated/0/iapppay/statistics/com.yunva.yaya/statistics.logFilesize
116B
MD5e5ab550f1c9c0adea7af3ba8acbad260
SHA151d9fc07514d5e39c7e98b0e3021b1aed26761fb
SHA256f64ff8aebc64e5851c1d893d0675275fe2ed25c001a57fa823988bb59025ac32
SHA51244fd650e549c7ba57771b8489c51843dbdf82dc5e9e006d64956c5ced451950867a570f452a178ea8feed2d301921f0895c3113c8abeced2296b7baee3e6418d
-
/storage/emulated/0/yaya/uuinfo/phone_uuid.tmpFilesize
32B
MD54bcc8d24991f1a5bc0c02aaf04154896
SHA13caf2c7c3a59842c53c9f7bdf1828f30740143e9
SHA2564e9abf29174c587de2f51cf91a92717f76a8bc0b7f11016ea842c115082573c4
SHA5124d62b7ad29cd33ae2b0f7337d3a52b797c9cbe41b88864c423bce9ee3036cbff5f26aff14cd52d585b9f584e40871f9b70ae53fa8ff5519d1d76e7889a8bc150