Analysis
-
max time kernel
179s -
max time network
187s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
13-06-2024 04:23
Static task
static1
Behavioral task
behavioral1
Sample
a3cfc28acea8b9aee3ab13bce9cc9a03_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
General
-
Target
a3cfc28acea8b9aee3ab13bce9cc9a03_JaffaCakes118.apk
-
Size
20.5MB
-
MD5
a3cfc28acea8b9aee3ab13bce9cc9a03
-
SHA1
01c9f001e2126cab54a425fdfe1c2fe20a451230
-
SHA256
4afe28d43264247862477229225bc7083b8d0032952879601ad62f9950077847
-
SHA512
3bf0bee8a7977970ec59acbb85e7bf45fe8a021f8f2740a7a4267720c975d9f6d3540c1765817abb2fb888be23cea9d20f67dba1a3fb839bac9e05e92ee294b2
-
SSDEEP
393216:UspDRlFQPXbsyOUS5lCOQlMEAY7wQGciyMIVb429GKp4no5DY:Us9RlFQP4pUS5kzGE17wzbyMIV829b4x
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 3 IoCs
Processes:
com.woman.beautylivecom.woman.beautylive:remote/system/bin/sh -c type suioc process /system/app/Superuser.apk com.woman.beautylive /system/app/Superuser.apk com.woman.beautylive:remote /sbin/su /system/bin/sh -c type su -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.woman.beautylive:remotecom.woman.beautylivedescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.woman.beautylive:remote Framework service call android.app.IActivityManager.getRunningAppProcesses com.woman.beautylive -
Queries information about active data network 1 TTPs 2 IoCs
Processes:
com.woman.beautylivecom.woman.beautylive:remotedescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.woman.beautylive Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.woman.beautylive:remote -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.woman.beautylivecom.woman.beautylive:remotedescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.woman.beautylive Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.woman.beautylive:remote -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
Processes:
com.woman.beautylivecom.woman.beautylive:remotedescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.woman.beautylive Framework service call android.app.IActivityManager.registerReceiver com.woman.beautylive:remote -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
Processes:
com.woman.beautylivecom.woman.beautylive:remotedescription ioc process Framework API call javax.crypto.Cipher.doFinal com.woman.beautylive Framework API call javax.crypto.Cipher.doFinal com.woman.beautylive:remote -
Checks memory information 2 TTPs 2 IoCs
Processes
-
com.woman.beautylive1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
-
cat /sys/class/net/wlan0/address2⤵
-
cat /sys/class/net/wlan0/address2⤵
-
cat /sys/class/net/wlan0/address2⤵
-
com.woman.beautylive:remote1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
-
/system/bin/sh -c getprop ro.board.platform2⤵
-
getprop ro.board.platform2⤵
-
/system/bin/sh -c type su2⤵
- Checks if the Android device is rooted.
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.woman.beautylive/databases/ThrowalbeLog.db-walFilesize
104KB
MD5d31ee26b25ed1071a4bf70de383312b9
SHA1b56bcb6fc28b256fe9ad91ac9bdd8cda86e3029c
SHA256c42e3e0fcf2a226f13b7d1dbd9d5e288ea3535c54f96034c42542aa31640dfc9
SHA512efec63e95cd4b1dc6ad4d9fe9f84c3f37b5ff868850f5a28f116f3bce6080bbced9bcdca3fc75c205a0343cf3e2ec817f27dcb5b32dfce99df3dfa58afe4fc8e
-
/data/data/com.woman.beautylive/databases/_nohttp_cookies_db.dbFilesize
24KB
MD5692957a8f6be4a25986a068c449b83ab
SHA104223c8cbcf0032443488e3f5f9bee9f91eb5f7d
SHA2564895bff14c71a617ca75f6ce7933b28332ee06a1b2aa431ee3e108db693cdf0a
SHA5120617a88df6a60252050fc5403f6d01936bbcba961d707474d62bf97cf1e2034999befd13fac5e58d430ce43dd45dce8e2e6c8b6b125ea53dada382aebcfa3742
-
/data/data/com.woman.beautylive/databases/_nohttp_cookies_db.db-journalFilesize
512B
MD574247d7d567f039b6376ed80725da0b2
SHA1aa90e9f32567e98b224729868e6c9a4a58e588f1
SHA25637e425a89b874e79cb49220f815bcd2772d8403e0f224f0dc479dd9d995d9f7e
SHA51210442be647b5ae1973862a1cb2ba598dd07684a482f468a88cfec1b551979a2b6dfa31ad0ae1b95783db35f95eeb695904cbf814d9d7c7caa9c9c87918b5fa66
-
/data/data/com.woman.beautylive/databases/_nohttp_cookies_db.db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.woman.beautylive/databases/_nohttp_cookies_db.db-walFilesize
36KB
MD5aadd2ab939596fa7d964d9cb8736d000
SHA1ae33cb0c0df0465eee5a2763bb082fa67149995b
SHA2562b1555dcaf80f1d30885d28f96f2902a88080179633c87245a440e75cc68071f
SHA512d5d320905330cc44d9811cd3919d6966f6274c06191b5df95b5f3dde1d05541e1a2b094bece35024ceea60b664bbe1d50839e0cfe7d89a870401a07c6c30d390
-
/data/data/com.woman.beautylive/databases/bugly_db_Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.woman.beautylive/databases/bugly_db_-journalFilesize
512B
MD50da53c6116485c5b0f10566ef4fac36c
SHA1080df5cda687b9a8083b63cd6a2895ad4d90f318
SHA256d983614558e01dd7a412717b362934ad95166397efd7e7e23c35c0ba290e3d3f
SHA512b8803a2bc87eb1b88dffa7c9e2d3b6aaa403ef24e1d6402b8884798c8a6a9520a613e09a106b36afa54ec37fe8874df8eaa81b31df1b51401110dfb5ec0a0bf2
-
/data/data/com.woman.beautylive/databases/bugly_db_-walFilesize
60KB
MD500224f314025dc9ff037456dffa739a1
SHA1e3528d4420413f103e723e5392a81c52b123c030
SHA2563cba52ca391cdb3365477de657e3bb718f13a8e7737ea45e1f21b3ee588a4538
SHA512370de90b307a3b79d0759503ed829570f02f0f8f5162c59eb6fb268300cb3fad4a6597907dd4b7892ec398eeb83c2f2550e6bf16c6c5edc587d87a66f326b75c
-
/data/data/com.woman.beautylive/databases/defaultjpushim.dbFilesize
32KB
MD51c4274aa7a9a5cac8c6d1df71e4588c6
SHA1abaecd685e01cc68801292e3dc7085654a22feba
SHA2563f6cd5f480ae69859b7841450f3d032c528ba385ebf9f371b9c8fdc6eb4231be
SHA5121adb95935798607bd36cedcd183924d3068f50097d017b278da7caee7771532b61ec3606f6189b6dec8426eb038fe40be75079ce35894b1a8e0d1d815261150c
-
/data/data/com.woman.beautylive/databases/defaultjpushim.db-journalFilesize
512B
MD5205452a4a8e2cc1ef0c16e87a6b3d3c4
SHA15000a0f3e47cd487e356f39499659b7bc81208fa
SHA25643f1409f042eb04c8da2da707787d857d15b3d1d8f7a8a82bd1682dfbc188b68
SHA512dd3f877760e9ab4e87d71d1a531c6dab1bafff76670eb04f5d4131ea5cbf892b046cd04fe01eea04435c8be3a831a737f1277fd98e112f3745085e14a70eaee5
-
/data/data/com.woman.beautylive/databases/defaultjpushim.db-shmFilesize
56KB
MD5545a310e4201eef9bf7143b0b50112d2
SHA1ecd07975218a86104cee62c876410319490f5954
SHA25643433c3c308b93fa20d63c618e2a9016cfda96315c7fc511565e1db29bf9d888
SHA512eef704178af018741ff7462ee56d42b4d698c991b934a83c340d82abbfee67520856b1f64871216358cb3f32547e98fe325a7c4c6c9131250f866c39eb03842f
-
/data/data/com.woman.beautylive/databases/defaultjpushim.db-walFilesize
60KB
MD5c9174722ae5ae7870aaf3910ffe8dbac
SHA138275762caa2e90f5bcacc8924f6bf1ecd6d3c21
SHA25669638270a4be5de45c2fb6b60fb92d76fc5f85912ae4fee1ec6cac6234ba2a38
SHA512b1575ca4bd4677cf57945cff9ce72ba8507996198adeeead96d466cbed1661134d28ab1013f21b2bdef15ef0599ddf33cc8b0f18dcdfd720d0d00a27bca179e7
-
/data/data/com.woman.beautylive/files/pili_qos_index.jsonFilesize
90B
MD531b4e1cf7a6052df33e811e90f09a00f
SHA1da1092464e6545e9e220cdad1f2047a132ef25e7
SHA256839f0e087f5ba82c0b1a65b478482f5d046678b6fe3a24769b5ed411d492b276
SHA512e811db71c2f453f6633555bf2302ab3d384bba6af3c66f672a73541ee602f7c7677b78507633e49a7a41e740d9310d07cb2ca15cc34276d2a0c919bc7e82c0da
-
/data/data/com.woman.beautylive/files/pili_qos_index.jsonFilesize
130B
MD57edaf778ba7de05cfbe96ef44cb82c2e
SHA1ba0fba8ac6c425b79a84dc560d0249cccc86ae18
SHA2565a42ff48fc89611c00fbfad6f417a204e0f427a37503474d488f01ed1bde1422
SHA512e40d495be19cbc8948097d6ce90ea2d2f0639f793ed6970164fe81203dc562c407ce7c8a4c8dc146f5f2e82481272b73bcec2840a9786dad4437d72aee28bd20
-
/data/data/com.woman.beautylive/files/pili_qos_index.jsonFilesize
91B
MD5f5eb896f25b5c59462242faaade2a759
SHA108c56ab87feeca79ded020346e928175742711d9
SHA25655fe67dd94c71c22603a2c25c4249da3eddf4e2b272ef55a4560a016f178c5fa
SHA5127e1ce4d68a22daa4195f5c942b8bfc370974fd13175866997bba36b1bee534743a708cc99d0d7df464bde2b84907a13ebbf349b3c971561dc8ae023abe81e432
-
/data/data/com.woman.beautylive/files/pili_qos_index.jsonFilesize
91B
MD541e65c5982ce7e16bdea05bc55ea35ab
SHA1ff04b8ac57adf140373a54a396e89829b21c2cfb
SHA256b38711e77ffb876007af6d328126f3d34eb5c0f90966f434d074b5cc6e476ce1
SHA512356badfc1f5c2db203eef75eb35e32307970831516d0576c690e8ba08a22889737ebe6476cd3678d4e227e40a0ceb97edf4fd1fd03acc18a97e56c6f0ed91cda
-
/data/data/com.woman.beautylive/files/pili_qos_index.jsonFilesize
91B
MD55a51ad2bbde91e578d4ead27879e8242
SHA1ed9b2a888351fbeba2a54a1860256f47abeebb21
SHA2564ebe15bec66f8e269f529f6f5bfa36fb22c30b213c7a507e4e30e06cbd2bf87d
SHA5121817b144fd6aa45ae985f0cc1cd3a8c311fd6723a943e501346dbf033a8372ee76ae3029ee21e530e33004f220a463d3e395922464df426f47662b9acaa25400
-
/data/data/com.woman.beautylive/files/pili_qos_index.jsonFilesize
32KB
MD5493f6f30172b690d41b85a413d9a4ded
SHA1563a2aef4aa47a0efbdb47cbd2b5ca7a691d5e94
SHA25633bc46b3ec2bb3f7206977ed78b200ad1d458292bd5ef02ab3df127a5d81623d
SHA512d57bbed75a122c645908426dc516a07b9088e5430e9654283ee5300c0042efe498e3d8dfcf572ff6aec60d2458d9886fc7121880784d8b97c0cc0d68b51edb51
-
/data/data/com.woman.beautylive/files/pili_qos_index.jsonFilesize
93B
MD59f0778cda6ef27e18bf41504ad7be6be
SHA1564d342d530480e32f72a2373b71f722efceb9ae
SHA25637fd6e3dae699c79c3115bd121be2551e5688d3f62f8eafab4d60da49408160b
SHA5126e564699687c41bcbad24c5e4113276dd109dd175f32d0f2129d27ebebe9e68c64b77010c3df01bab62a7af3405b82370131182a7e16230f47467c067747213d
-
/data/data/com.woman.beautylive/files/pili_qos_index.jsonFilesize
93B
MD5de287572155584d13f4586dc17749912
SHA1db8d7308b4dfae9ffe11111bd9291df15974afd8
SHA256f7026d999333d2b78e0b61b396ee39a7bcec0371ab308ba8363e2fae99727f2f
SHA5121820ba3aaa6a81d2ca180787dbc39747a27fcb6b67c4a51663fb0544098671864094af94ef2ae81a928e0bfbb567820b430b5f4e888b50f56f6c042ecc519d69
-
/data/data/com.woman.beautylive/files/pili_qos_log.0Filesize
70B
MD5fbadbd68b2b9058cc930590f6a8448da
SHA10a6a171e8d50087b43df83720beb8bec17a0dc83
SHA25685d1796c41b1ba875c7b4502c487f89cac7dbabcc8ff1d5cebfd75d0d69e35dc
SHA512ed5b7716f9a324c39d96d47f5e1bc5ca126796e82dcca585dd9dedc71c92a1439421eeb7b11630777a6bcff1cd6de06c35e270959e1ed15371723e73cab81658
-
/data/data/com.woman.beautylive/files/pili_qos_log.0Filesize
130B
MD52fcbf3c330021638f00197c3d3ab88a3
SHA1401db3d2f621eb954d1bea9162d2ccaa12a48419
SHA256f1b8a4627508cc2a64189ba309547a7cfb1e0ee6bcae8d4f12a248257d6eced4
SHA5124db4052d4bf6e871377fdb3ec7aef85ae58cf5d12d818915f0d338b3904d182baf9e1e08dee9ee98a6df142ad0b50d05dc34301d4e059708a3e360333295d89f
-
/data/data/com.woman.beautylive/files/pili_qos_log.0Filesize
91B
MD55b958139a59a11ada20ded7b6cb756da
SHA1b6fbc9bf5e571e46990a5f05ae802013060e6921
SHA25633aed56760ebfebe12582280ba281967e5ab9c2839885ad584be6daef80eb91a
SHA51287e9a75f87cbcb82411c91cc06c906f2ea856ee26b66fda4af2fcec0b54ebeed3072ca9ccba93741e04f1a217cd25b37774b4910f1280760642ab06e142b1d02
-
/data/data/com.woman.beautylive/files/pili_qos_log.0Filesize
512B
MD5c961ac9f5d12cd4a88b5727b81b69c27
SHA1b320217d5eb72700245e34ed7fd76f705949651a
SHA2568f6ecb47c417b6782e161c1f566f802052a31e55ba76e9dc38e44eac0f90289c
SHA512c8c67e82a9c7972347290ef27ba873770a2ca2a064bd73682a08409c3497267929b2ff3e11e9b014fc77744c390bee3117ec8df7fb661f6a2119d9c5b8c971fa
-
/storage/emulated/0/Mob/.db_accacheFilesize
341B
MD5350651ff2970ead7a50a397cc91c09dd
SHA126951ddfb9a84c670c863cd3518ad7030698472c
SHA25655ad583c97ed56e4b1becb11c871a72856bbd05be7b78d988caeb7b362a87c2b
SHA51270ffc2713ae79c5746d4ba7cd242817f7be0348d57005ead8233d54702842d173ec76a2165b45626f4dfa4b83d84f97f90160bbbfab84bdd00970b9b4cb34813
-
/storage/emulated/0/Mob/.db_accacheFilesize
341B
MD5fd59352cf32e1d52e95ff4ddb82f3e6f
SHA14c9f08c48230a4768c47d25272a0e7b8923a1b54
SHA2566330286a2572b89736a3041e0efbc32a2e87f6e66b227d41f2b4eb5ecba1a1ad
SHA5121ed9e72bbdfb0e5f7c332e4bde46ae17baef561c0dc9402346c745de20a3e6959cf6c5516dd21e95d692fa921c86ce45d9639083b0100740fadcb15ea9677661
-
/storage/emulated/0/Mob/.dkFilesize
107B
MD5057939adf8d718ff2b250fe7587a631c
SHA1f278a274b534cd21bfd610a479380b75a0cc8f73
SHA256871e0366f5ef12c1a8fc61fe08a98b53d3c5be19560b82a43ca5a6f54365d86d
SHA512db9c7a748c9ffd567b18dd46a459a764aab97328edc0ba1ce8769ff1dbdf23f96c5859b4b5174ed0e04b1ea070c7513672376eff88b0950a21905a1ae8b72f60