Analysis

  • max time kernel
    176s
  • max time network
    131s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    13-06-2024 00:13

General

  • Target

    a316ce65a53be706b5e89488824b1b11_JaffaCakes118.apk

  • Size

    16.3MB

  • MD5

    a316ce65a53be706b5e89488824b1b11

  • SHA1

    4f9394eba85ebcd3e8e8687e516589164f3fa906

  • SHA256

    5c5a19ae8705afaa77b5923a59f002945e886f45c40a24cca6e39ac3b40afc31

  • SHA512

    e0d369aff5abdfdbdda252db2c6007c21d280353ef03c70572387b543742e325a7afd2433dab45b5d254faafc4142f2f5ab84e1403e16a4901c0777ffd1bb96d

  • SSDEEP

    393216:q/MusNl0ql8jvTvqmS+iuvSfOXRJDDCJeugkfft1zeG1a4m+k0:q/psAqMvDqmSiSWXRJsCkT19m+F

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

  • Acquires the wake lock 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.yunva.yaya
    1⤵
    • Queries information about running processes on the device
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Acquires the wake lock
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    PID:4271

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.yunva.yaya/databases/bugly_db_
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/com.yunva.yaya/databases/bugly_db_-journal
    Filesize

    512B

    MD5

    b109dd0cedfbcc3112e83c2cad554981

    SHA1

    6cfe84b488e6ed409bb93a777ed8d8085d03f38d

    SHA256

    de2d61b53ad70ec6bbf083b74a290395b117253f55dabe3ffe40dd6390fac06e

    SHA512

    4ba35d2ec7fbd93e04af563e250009de55b1dac4da328957120a77719aa96ec54bfeeb2ad2167baacbee747e3f6e60849377258513b8f07e56a6342b5636cb9d

  • /data/data/com.yunva.yaya/databases/bugly_db_-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.yunva.yaya/databases/bugly_db_-wal
    Filesize

    56KB

    MD5

    eb3e759118b69ef0379d55ee0c45908b

    SHA1

    897b9d303a4e0818a13889be04e961af8fc5f8a3

    SHA256

    8c42d467d6f505f9ed8135e7c8f05739d2a44745ec6af976391e3554e028087c

    SHA512

    a6f8737e2146fda37b220b81a88f626c7bc3fd63784970cef3a9e8c2eeb6deeb84229d92af53dbc0e232a5016eff57ad4e157f1fd86ad99e3ed834a6835d82f9

  • /data/data/com.yunva.yaya/databases/evernote_jobs.db-journal
    Filesize

    512B

    MD5

    7059ee8d1339bc48f3117a2281c4632a

    SHA1

    178eced83e42c599413df6307b9ec40cc2229770

    SHA256

    597b768de21ed3e8a077e509305322e4d38c9ece22feed848b1cf70e7c787062

    SHA512

    4890857eb0087f5a4bd944800e8606d1674696be3149f4c660081d4298278d5256776e4e358be2badb3ad8bf2b984ab2cf05454c4cc95258306d60301e578140

  • /data/data/com.yunva.yaya/databases/evernote_jobs.db-wal
    Filesize

    28KB

    MD5

    e17370659ca4e8dedd1d0a1e0fc25e35

    SHA1

    e2addb5f81dd504d7f18236fa9f8549f99d3af2b

    SHA256

    b81288ce50146c8adb1f198dc8bbe5708b9f08ba4f0ab3155b4880596400ac8f

    SHA512

    6eea1521eaafb6791af09e019ff904ed5e74335f38fc0a9008217210375c728bf61963baa40c2bc9e13691aad6959064b8c9248fd483ccbb01df3a149133974f

  • /data/data/com.yunva.yaya/databases/tencent_analysis.db-journal
    Filesize

    512B

    MD5

    557962e881c095a5445422b66df3b361

    SHA1

    ec546f57a36aa5b26ba2dae1acd9442b766ede3d

    SHA256

    744a098b1a65c6a9a6a2ebf3cd6a5980d7b3886e620c578a02c2b5009aff8896

    SHA512

    b1b28ef9db5419808ef8bcf287322f5467f92d8fb817a4bc541adfe065df279c081de33fe4cb0b9570dfd63447ed763c0e702109a9d8a704f43a64da05355228

  • /data/data/com.yunva.yaya/databases/tencent_analysis.db-wal
    Filesize

    60KB

    MD5

    5770dfa7f6e75e489d9cb4f2f8dce72c

    SHA1

    e04b306e455b26b70e77e8432725c9ad4f2bdb4a

    SHA256

    0951a3e907676041bc177fb3a51ac4e3a2cc897fbf4175b52d537f4afc6476ca

    SHA512

    793a593a0a5ab3ec5480f25d3e76ea58a0ab3d91fa354945074cb5d5c39f4ddb4f0803b53fd7b582631f0db59c63029a05b8b02d787e58acdf3220d256c0763f

  • /data/data/com.yunva.yaya/files/__local_ap_info_cache.json
    Filesize

    2B

    MD5

    d751713988987e9331980363e24189ce

    SHA1

    97d170e1550eee4afc0af065b78cda302a97674c

    SHA256

    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

    SHA512

    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

  • /data/data/com.yunva.yaya/files/__local_last_session.json
    Filesize

    109B

    MD5

    ead8c33869abe4ae107bd95f26a9fc57

    SHA1

    2d3ff32a1c1c92362ca153edb042c583747b6505

    SHA256

    ae7e106c37e66f4766d43ede9e381c04c5c99336614ece3811c11c912a824878

    SHA512

    928dbee27c9170b463ef1e7dafe3a3bbe7e83a975d9dcb127f31b24b3dce91e232b58a6ab5961cb19d4de6d22f5519285fb52af746c6c43e77366a8beec03444

  • /data/data/com.yunva.yaya/files/__local_stat_cache.json
    Filesize

    590B

    MD5

    cc6139825b3159a15faf892fbceb19c8

    SHA1

    6e0cab833ca249fb26cc80ac295b1708f90e3d62

    SHA256

    e8ba438c6d403e50b014849aae7da89afba7eba168de1635baa20a78b8ca0207

    SHA512

    6aad8931b2b2db04b8c9d2ca4c4bd2c223ffa1d8c0689e982ff9dc699f6b8f8e09afcb0ac0b6d1a6d3f87bc87fd0ba7e4986c00ad990213fc8dd86eb6304fc4c

  • /data/data/com.yunva.yaya/files/__send_data_1718237661674
    Filesize

    626B

    MD5

    a736eb7123ccbb7483746e5b29979b8a

    SHA1

    24ac8b47452ed5e89aad190af6b578f076119ae7

    SHA256

    0d24e3b9fd2a2c338713a571eaf2c14a772ef711efd5f599409a76be0a25a0e9

    SHA512

    d35f771fc72a1b108f845b0647dc6841dc0ca9853e30705f4154468c715be0490bf50ea0672c97a565ae2bcd3de75b1b61198f5413e8440336dc5427e099a0c9

  • /data/data/com.yunva.yaya/files/com.tencent.open.config.json.101046990
    Filesize

    1KB

    MD5

    f526172de1566b34fdcea744710d9559

    SHA1

    000cb54d9a008a807a1c5a3fd2b2e7cb41e7939d

    SHA256

    8572be02b59f4d514000939ec04a9b4e2380c55265256b724a617d8d0f4c6940

    SHA512

    dc81f0fe345b18c96b1638c67b9ef4c5e60059dfc4a02f3c30a23645d4847abeef46cf467d044c42597115c48052ce0e8ea24328382114a544c5dfd039a95e7d

  • /data/data/com.yunva.yaya/files/libcuid.so
    Filesize

    129B

    MD5

    b2f38d7f785329b1c1de7549ccf6c330

    SHA1

    783f2a39564f9dbf4e07ac0dd79f74568596be1c

    SHA256

    e3e33b4a9cad8a399cd185bc399849b7a1d9a010a0975edf5de8bbf5a3389871

    SHA512

    7d2482b278e724a4db115bf084ad4bb909c1c26a512b39e79b6e14436eac33f515eba243f1a535c61fe1ed98eae323b5f149694358e84672204fb2a98514fc1f

  • /storage/emulated/0/Android/data/com.yunva.yaya/cache/uil-images/journal.tmp
    Filesize

    31B

    MD5

    8c92de9ce46d41a22f3b20f77404cc1d

    SHA1

    8671a6dca00edb72be47363a7071be65cf270373

    SHA256

    68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

    SHA512

    30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

  • /storage/emulated/0/backups/.SystemConfig/.cuid
    Filesize

    89B

    MD5

    95bcb6465dbf94a689a73a842d941e0b

    SHA1

    8b1c74a84a19986ca749d658cf99b4db9387f857

    SHA256

    6c9d2cbb6fa9ce43f67876b5a6ad456029dd0c6be46b6d3e0e45f8c4cde2206c

    SHA512

    5ad26408704fd1410a7f17aa9a12ffb9f8efba1ebc592b351627328233fc266f84f7cd13655809b005e51ee333309be7d3bc037ce1e7590d12a7c3e86ef9a893

  • /storage/emulated/0/backups/system/.confd
    Filesize

    20KB

    MD5

    048c73f536f234f0ad0d2fa8bdbda899

    SHA1

    dba2e666721e0b0988807b8bb3ce0452dad3448c

    SHA256

    f1a64586ce75e770e2f36a7ef6f7419e26ebb9e9e786df3c5adce50a196d2d07

    SHA512

    6ae398c682724f0008ce47cfc790a7ad3dd7cc801fb3a8a692d28da5533ea7ed830ea36933bd3e3219fc8cbade90f073c2c418611921bc7d6877d94b6745c4f0

  • /storage/emulated/0/backups/system/.confd
    Filesize

    24KB

    MD5

    55923621b66b89d2bcb3226796538513

    SHA1

    c24904af6bf2db5a2269f187e02c87ab669de605

    SHA256

    2cc715954d142a0570ae0076302b838abf36d79d490a57276d4abe86ee0f1fa6

    SHA512

    ccd5c705840da97b877966fc02acdaab17cc0370e291eb7b38a9dd94a9107300bf6b74353a9512307fce1c9166b1576732b326e313cdd8fab1517e9e2f278859

  • /storage/emulated/0/backups/system/.confd
    Filesize

    28KB

    MD5

    b588e2490bcce471506ee6753ce4bf63

    SHA1

    3420e6a0337dbe618b2c16c66b86c8f0f2237dce

    SHA256

    f5cf0d292b2f3327cb1d33835fe05fd9f805090615df7e22341b1a060ce74e59

    SHA512

    f66c61ddfecad4d50cc8a16a03ef09b71033fb9ae24368ef9f2c9cef34f54324471c67205244ed9b729a651ba5d23b814b9f0c23a10d7e4317425fa4f98b1038

  • /storage/emulated/0/backups/system/.confd
    Filesize

    28KB

    MD5

    554d618e18bdc2c6058d55f9c03de905

    SHA1

    91b10f69cfdc4fa38e21e699fb9760ebb929a993

    SHA256

    0b4e5f4be837ce483a8713379190142886494df9b395ddce3affe7ae691d49d0

    SHA512

    ded5e87d33e41d25df7bedcbf0c49d3d57810da5097c3f8d68b5a3923a73cecb056fcc0b41094e468fd693569974d65f07f84b27cff2345f9790607e515f9945

  • /storage/emulated/0/backups/system/.confd
    Filesize

    32KB

    MD5

    fa8659431632b78f04c2cc6e56b740f6

    SHA1

    7e4a7d900d7c796b1b8b441a0a2c60eef347d306

    SHA256

    68743edb0d68b93105abe9eaa8cd8220389f0401e2b9bbd0575199b82826e5de

    SHA512

    80da6b9a31f03480598eeaefa1b3349a5b7df55ed8038aae1da713b3919d3aef12d78c6d6fbadaeca44e7b6cbedafe12212f44c5aeb83a66b3fd3505b724f9bf

  • /storage/emulated/0/backups/system/.confd-journal
    Filesize

    512B

    MD5

    33f6af78ee085ba3d9fa45b5e1c65eb4

    SHA1

    a2bd843ef9252f7a517cabf289c09ea1fd205e00

    SHA256

    844b4c0d69adb67497f678cdb8626910b9e9ec84d5adccc24aa7b9e3967dfef5

    SHA512

    a96445df195f9ddca765974b924c247ee0d29e4a166b91a3a9d5e2525598aa197ee573c6562cf9acd195786b63659745ba52b900fac4b305477711281e47d977

  • /storage/emulated/0/backups/system/.confd-wal
    Filesize

    36KB

    MD5

    46ef63537b78a38c90df2b996ef81c2b

    SHA1

    a9ea9964786ea9238517a0af85a46a798c0ec71c

    SHA256

    e1362b3c2d31964ddfe7cbc0fbd54c32d42796d158316ce8846f70f9dc555bef

    SHA512

    52d28d3b40b483983d2145d90abfa84305d8f7645af02e35498c2468827d1f0242d3e9b4e11c5d89cfc5d19877de7f41c24add104a17075d9444b72b4554eaaf

  • /storage/emulated/0/backups/system/.confd-wal
    Filesize

    12KB

    MD5

    e67289b3fcb62c258e52befc5148c04f

    SHA1

    907a080b1552f45d1bb8313b1d84040a00f01134

    SHA256

    e91417c9d53e77faddba8dee34fe05023eb5e5335df4bb67f845539a8d225097

    SHA512

    6c48e5bcf2957b5a55dad410ab7659f3b00fe091dfd0fe3ba7cc811f41f904edefd81da453767c04fadd02d204cd90d4668d4d53cf5638aa0e1100650361d25f

  • /storage/emulated/0/backups/system/.confd-wal
    Filesize

    12KB

    MD5

    72c1b7b1db56225605c23ee77b94d2ca

    SHA1

    079364695d465676d99d5339094b6c64f9a98506

    SHA256

    0ab163541966219ab7065bdd3c1db93850b19ea19a2b9e2d92e1d958b7e5c225

    SHA512

    7fbdca57c03fe3a8b50b05b8543f8c184fb6869760aea434dbcef9e4b5421bf9929455fd6b54e7eae53c4c092d68bbe0693b77561537d50b047ce60a9a9693ff

  • /storage/emulated/0/backups/system/.confd-wal
    Filesize

    8KB

    MD5

    37c932f7d42b63600a67915fdcb2899f

    SHA1

    10a302a3e5ce5e804e76cc98b94a20f054296870

    SHA256

    1989a05bf38b3d9cb2b16670412b4088c31a57b46b6bc0a92c0cb2ef5a4b6035

    SHA512

    87fb246c5761cbabd653fe6c24d1af141843a2dde006857bfa796dd6e9142ae140542c04065c7d2d51744dce75b8b9b9bc79dede3a7d90caf8355cc0b03b9ea6

  • /storage/emulated/0/backups/system/.confd-wal
    Filesize

    12KB

    MD5

    c73887bc0c3f920396bcd072c15f14b9

    SHA1

    9de2bc431ad8b841ed2eebabf75afab9163034d6

    SHA256

    cb3c22e7f5ff3f838a55d65faa3432086114b421442d5e40b54d1999fad25f74

    SHA512

    340655b9e4268e7e06b795250b515ed5fd39b25d66cbc3b1f07cf40ff379a036f87f622a3d2e7a9cc940405ac788d37cbfb9e12cc42eb5f9d2d6d574e9124237

  • /storage/emulated/0/backups/system/.timestamp
    Filesize

    25B

    MD5

    64b301003694a76cdf98b981599acd6a

    SHA1

    ee8adb2e589671477e843218a2a41481ad94b34d

    SHA256

    3c76c0461d1f10f62dbedfdc558b6b8bc535425898121f4a75c4c54fe869e502

    SHA512

    cb90eb4bcedcc52cdd822f844017d51a39cd6c93e39b6547c1ead588103cf119ef720ee7048573ba7d2c2630517109d46c936458425c7b28e262c3989f2084a0

  • /storage/emulated/0/backups/system/.timestamp
    Filesize

    50B

    MD5

    3bea36a1ec9f2f0899674125ec17500a

    SHA1

    032a7f7bd72ccb2c749290629772458519a682ed

    SHA256

    c71dead98b1433ae1ef9a46cd169f60a8e96478307e8e595a5c34ce6751db88e

    SHA512

    86953bb8bb69b673e3713c73d2b4313f5e4851a25e5699f0391e49845cce657e088baaa21922fe32f8c98e0911c07d816e03c8f7e1fdf1ba8d83e12d6854bbe1

  • /storage/emulated/0/iapppay/statistics/com.yunva.yaya/statistics.log
    Filesize

    116B

    MD5

    e5ab550f1c9c0adea7af3ba8acbad260

    SHA1

    51d9fc07514d5e39c7e98b0e3021b1aed26761fb

    SHA256

    f64ff8aebc64e5851c1d893d0675275fe2ed25c001a57fa823988bb59025ac32

    SHA512

    44fd650e549c7ba57771b8489c51843dbdf82dc5e9e006d64956c5ced451950867a570f452a178ea8feed2d301921f0895c3113c8abeced2296b7baee3e6418d

  • /storage/emulated/0/yaya/uuinfo/phone_uuid.tmp
    Filesize

    32B

    MD5

    4bcc8d24991f1a5bc0c02aaf04154896

    SHA1

    3caf2c7c3a59842c53c9f7bdf1828f30740143e9

    SHA256

    4e9abf29174c587de2f51cf91a92717f76a8bc0b7f11016ea842c115082573c4

    SHA512

    4d62b7ad29cd33ae2b0f7337d3a52b797c9cbe41b88864c423bce9ee3036cbff5f26aff14cd52d585b9f584e40871f9b70ae53fa8ff5519d1d76e7889a8bc150