Analysis
-
max time kernel
107s -
max time network
159s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
14-06-2024 07:01
Static task
static1
Behavioral task
behavioral1
Sample
a86f0c1a99695be623b5f8f3fc56520e_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
General
-
Target
a86f0c1a99695be623b5f8f3fc56520e_JaffaCakes118.apk
-
Size
22.5MB
-
MD5
a86f0c1a99695be623b5f8f3fc56520e
-
SHA1
170a4b028173a0cb2ea76b186f0bb8875573546d
-
SHA256
650dbee998f8e62aa9c78778785f79159e938091096e11aec38317046271d352
-
SHA512
f9a44b4f2f7309ec751b878b9d0113b4460c2d91dae4322aa9999de2e00ebd56709062a973bcc9453213d661b572c8b77e05bd7be935f85ee6698f0e44c01928
-
SSDEEP
393216:9EkekI7RU+g+fZc2ubZJWTYo/7f5Waf4Ey34csMlwCdGewkbcq2aDA0yqWN:e5kaG+gqnubZJ0/D554EyoFMKCdGPY5e
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 3 IoCs
Processes:
com.lydiabox.androidioc process /system/app/Superuser.apk com.lydiabox.android /system/xbin/su com.lydiabox.android /system/bin/su com.lydiabox.android -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about active data network 1 TTPs 1 IoCs
Processes:
com.lydiabox.androiddescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.lydiabox.android -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.lydiabox.androiddescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.lydiabox.android -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.lydiabox.androiddescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.lydiabox.android -
Checks the presence of a debugger
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
Processes:
com.lydiabox.androiddescription ioc process Framework API call android.hardware.SensorManager.registerListener com.lydiabox.android -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.lydiabox.androiddescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.lydiabox.android -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.lydiabox.androiddescription ioc process Framework API call javax.crypto.Cipher.doFinal com.lydiabox.android -
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.lydiabox.android1⤵
- Checks if the Android device is rooted.
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
-
getprop ro.product.cpu.abi2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.lydiabox.android/cache/CommandCache/d53b9b0842e73f5fcd845b3c7510ce18Filesize
799B
MD5b67651a4fa9c3dca45f3938db3729e14
SHA1ab439ca5e70bb6e0dec22716193cd9d84304b39d
SHA256cff8824cfa32afbaa7f8d6ad7b1e1302a48257b78012c105fe43143a93a12af9
SHA5129404f0dce13533d0bd6b803af3b260ef375def983e89c581d9155726512648535c43ba937e84bcd8c6227704ac9ef5dae3bbd3ef8cddde8cb621037f9eb49290
-
/data/data/com.lydiabox.android/databases/mine_appFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.lydiabox.android/databases/mine_app-journalFilesize
512B
MD5ed208c049d337f001557f62792c1f5da
SHA1dba4369840932b678ea06d4373ba6ebede4bcded
SHA256e078188ae5c135a5143a9de38f16b435b64391cdf35d923619602bbb13c60c50
SHA512b31e48f5dd37a7b30c9d55cc2398f0a6d4c6301b0f4f0abb80cfd46127e62a55957b3149e2da0edd1560a575a149b35d9335350f7c90d524c430e4a31bc6b7db
-
/data/data/com.lydiabox.android/databases/mine_app-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.lydiabox.android/databases/mine_app-walFilesize
56KB
MD5d6348994e74e0239f11a78910bb60028
SHA15eba9099508c160d435986b1880d58474ed02c9f
SHA256939efff57273d997d149cd6bf890512f7f5e3a14b37e3bbafdeacc635fe8e375
SHA5127625e425f5a98bbba252443107c645af2533768e091a5db72043898e1603eb5701496b2dabd418cfe5c187b3e2f801a9cd811e7fd8327949a7b3669c4d8b8709
-
/data/data/com.lydiabox.android/databases/sharesdk.db-journalFilesize
512B
MD553470d2fbb9f46690336f77cc27d103e
SHA1fbe8dee985e1fce5a8f2c67e0e7b0b97b498da63
SHA256211b3cab999c96e3d49a4b92a96d21ae148206da80c19fab9edac356d6204054
SHA51293c6b131186e70468d1792b08d956c15e3b4c91421dd33e4292fdda3ac63c2c79e2853f98227397ce3e829ead4417c237c50f31fb3fb9616c8a092e340a1c005
-
/data/data/com.lydiabox.android/databases/sharesdk.db-walFilesize
32KB
MD536c4bca784973b3175c9c7c78846c956
SHA13dc17940cf99c13a4c201ef2542c3283c5477107
SHA256338096f8f52b87de7fa6140708d87434a1e9d56318e355e60c1c83b0a312140e
SHA512d90ac8f9bbbac449a44d0647c57b6d16704746949ec74c5a375c441721df2d92fecf8fbbe388fb5cbe86bd088c81ba6ccc86069ecd5e5db36ede27a653445456
-
/data/data/com.lydiabox.android/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666BEAC900E3-0001-10D4-FB3AA4D9F8D3BeginSession.cls_tempFilesize
77B
MD548169f2645afd09ec794e373cf40c6b9
SHA192de34428f99484ccf07a488cdcf82424f815e03
SHA25674be8cbbe671294c32778f8c69044868c8f0ecff7b48c96a1d7b3fb50ed50bed
SHA512699df860735fc80976e1690a36944929a30bded16f26f5cd8b1b8b534396735dd86e4774728366d603e3470a1e609e8b009f9c2e0f28f64a7d3b5b584238a71a
-
/data/data/com.lydiabox.android/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666BEAC900E3-0001-10D4-FB3AA4D9F8D3SessionApp.cls_tempFilesize
115B
MD5bebc41720d2249143be655409518b05a
SHA19d2440ae47d2fc4bd35fa77af05c9f1e275769b9
SHA256dac52dc8a14b695363c2ed20cec4049261b5742d976d950d8b34b95b79119324
SHA512010dc31f5da4ae75c063e6f6cb39c34935941beb73227bb8cab339b42ead995b946bba6016bc964c5a454c74bb87426c39d3b6d97c4c6f29414764a741217841
-
/data/data/com.lydiabox.android/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666BEAC900E3-0001-10D4-FB3AA4D9F8D3SessionDevice.cls_tempFilesize
101B
MD583c39c4bbb0bec1726ac1214c9c0bcae
SHA17db17c52463333c6b31d0925392bc05ba05db4ac
SHA2564d7583181bfffca87a47c58850d63085bb99e328b1f9008bf8470b307260c0c0
SHA5120d587f8bc4be3d8ddd40d2504b14088ec9a418267acc6597aa4c137d0c3ff68160961edf551888d7864d3ae3f4cffa540228e5c61a9b61e39ad55dd26601833a
-
/data/data/com.lydiabox.android/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666BEAC900E3-0001-10D4-FB3AA4D9F8D3SessionOS.cls_tempFilesize
14B
MD59b3d4522944ce6396563812bfdb92fa9
SHA16d2a6133c8f01938a48ccc77ef86ad8ca335c020
SHA256d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9
SHA512091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727
-
/data/data/com.lydiabox.android/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tapFilesize
480B
MD5b43b114920b150d658872164e9e9723b
SHA13f7c81b19d805ed1aa0b7397adb0725de6b7760b
SHA25675cfa47a6c40e222118b91bea82c5afd1f61343b171c0da72e018487660008bb
SHA51263da4647967e331c4389c3fdc9e449600954e3889f3f540d188b23bb1320d351414cc1dd0c0aac3a5f2f6b5f1b2339b075beed6b52face49c34841aa97571734
-
/data/data/com.lydiabox.android/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tapFilesize
3KB
MD55cc230fb03ebe43433d508dbc88e67fd
SHA10452ccdaba89834e13fe309208428c5747df82b7
SHA25651776ace5cb7042718ee4f354770592ee247303e49a7183f2ddb41da02115f5c
SHA5129fc01cd4e19656e29ecbdabd1a7d38a383d10fd8b940eeaf982deb89774eec9bc12ef022ca945986761c02057905e5a7a4d4c0951c19fd71705e9f4a78fd136d
-
/data/data/com.lydiabox.android/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmpFilesize
16B
MD5c33583fae4e0b61cde1c5b9227963237
SHA1fe2ebe4d27469af1460f7e852031a04208ef629b
SHA25635c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e
-
/data/data/com.lydiabox.android/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_ff8cfcdd-2855-48aa-a7ef-1f50923a76d6_1718348490287.tapFilesize
374B
MD544d8d68cfc21445cd451e4d2b6949891
SHA12d94343736b774482f2bd1e759a55f0fc30a03a5
SHA25642022eb0a6b58392277190d8b1b615a7f55b5832d169776653d7bcc1852159c2
SHA5128e21db3ee240b85d850a289695e721d77f79295f8e7f832dbb4eebe7e26b399794fd50f739241be878018ba02640813b2a3fef09ff0e48e5a83f86599205525f
-
/storage/emulated/0/DCIM/clogFilesize
142B
MD52898d52238d521fd94d4e9261512bcbb
SHA196f2776b4293072448c43872177e95518d994b2b
SHA2561d266171686493e4220879163ea68034f7a05313d2e03980371d14b58631f80c
SHA5128d40e88d9755e27e9198aeb5a9b04b57a67f275f8ebb0e056117d13f33a6cfa44ff4a3bf81a748baca065b080c92e7be5fbc4d5a0953854b5c7cb669231be3ee
-
/storage/emulated/0/ShareSDK/.baFilesize
369B
MD59af6a304b00906aece9e3b9126a6c68a
SHA13cf951a1721c7c869a08a47efc82a8d47b950f5d
SHA25691afb5f61141567268ac420d1741175e455900b396403511e0c5ed20c81792e2
SHA5121b0c648297df4da18d7c60215d5c4eed0e1d6b9bb2bcce6f544b0a685067f9388d1978a9f48701620d780b6a43184831a755a03b966df6d0d9a330f4545f40da
-
/storage/emulated/0/ShareSDK/.baFilesize
468B
MD5386fb9ecdade2a851de9f32b3e077b77
SHA162739c98d755e6dbc1266dfbc929611865127a0b
SHA25607e2405e00d60226053f8259de544edc75b0b814b3d92544c8b5395e15b5fa99
SHA51297e67a06cbd39bbe015f7a7845e2de1e03bad5a4c4711e797fe5feb7ddbe2729eab2fe7d6a413a221122a21ad0e37388e389a44217bad69581628302fb0578d1
-
/storage/emulated/0/ShareSDK/.dkFilesize
107B
MD5c9383021bd97affc44be4db7018c4d7b
SHA17e680409d1c86e35149bebc22f2cf8c484f0d23e
SHA256b7b7e032170e3190a84359e5c37adede1d58b6bf4c455ef0c01f73335709bb65
SHA5127303f068da97319891e2d25c1c737035f1cfdc365d75d954102b612000e54d7e2b5dfafe10bdf909563e2b46ec3ff9e546423bff6f0aa9496880eab1c1c36a81
-
/storage/emulated/0/joyCache/analyse/423647758/h/1718348492307Filesize
62B
MD5f0e93ecf9c40ddd13034a73d773d8651
SHA1cf0d99effc1f47bf457a52a19e2b7b9e12029e8b
SHA256067073cf8ee94700ceefa38e9ad8e2f64910cced17fd301b443dd1f7bda2b812
SHA5121bbb670006c5c55b26f238e907e2bab8ae8667dba0cba39a27139e6bfad7b8e4ffcb2b9884cf77454c81f48f9fc18abb452db9a05556bcfa7855f1468421ae9a