Analysis

  • max time kernel
    90s
  • max time network
    136s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    15-06-2024 02:32

General

  • Target

    ac9953357bbc2f0742e9b438e8ee2357_JaffaCakes118.apk

  • Size

    11.8MB

  • MD5

    ac9953357bbc2f0742e9b438e8ee2357

  • SHA1

    5d68203357836a68a1b9490d2b69ef5ce04e44ff

  • SHA256

    a85bb4fb0f6c9c8fc76002868b0527b4c4e7a476ca53173166d1521b514fc3fc

  • SHA512

    16d4e0d92630b3896f95f76530a89f9d4bb842c717bed80824029f633727e1e0faf3764441c3303ff296fecc4d62d7cb8a342411ec0533a1fe5703fc2881004d

  • SSDEEP

    196608:XHJsiGj4teeCI6Q9ImayQG86D7D/MDgtA05mO5od09PeQGAfusfCsylk:bRteegwIm/QG86D7DFtA05mShifsqsT

Malware Config

Signatures

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • com.lc.sakuratravel
    1⤵
    • Queries information about running processes on the device
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4268

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.lc.sakuratravel/databases/hmdb

    Filesize

    12KB

    MD5

    3fe30614d7e0d11db870b4624f6c50e0

    SHA1

    053ff0fc621ab40f2afeddb3e7b4a73ee41ec533

    SHA256

    67c532f0324228dd33b445cd399c1426e3a0e0cdc7b9358c66b402c5d40a838d

    SHA512

    c7c09e97a408e88aacaf8099ad4d1fa604d58113393500a384eb3c2eb7c3c105af41314934b86eca2f088045cbab5a20d768bbb295448dc1ae6cb6c3f59821ae

  • /data/data/com.lc.sakuratravel/databases/hmdb-journal

    Filesize

    512B

    MD5

    9de18014cc0d80fea80dc2ae54e93c6f

    SHA1

    53c3ee3b91f3c2420a5cd5a8aa647b67c11e8266

    SHA256

    4a0ff98538877d27af1bdce457b4c401a7e3abe2c48c23783c9b7d0249c293ca

    SHA512

    a8f4980f2184e02b24bc051dd0b8a8c378da007ffc0fdff84710f401a3b00bf413a49fe4b3445b88318632d21a11dab708c043687907540806575c255239ef50

  • /data/data/com.lc.sakuratravel/databases/hmdb-shm

    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.lc.sakuratravel/databases/hmdb-wal

    Filesize

    16KB

    MD5

    2397e37b6efcc579ef7d9ccf30d7f50d

    SHA1

    8f223b83835fbc930e66376bd04ecd88278fde6a

    SHA256

    5e6b37ff13ee3ab41691d9aa5bb0d58c3f502af3e9e1b41a58dbc0d55b43656a

    SHA512

    8997dfe09d8aa5951ef3919c0e2f695a1b273899eb655abc67d790785cc891602d6bba72aea7c4a3a3f6c290c723467333930653f56545ba8c05439707c69cb7

  • /data/data/com.lc.sakuratravel/databases/logdb.db

    Filesize

    20KB

    MD5

    5ac9eac11119db686bac0cc7474e1f7e

    SHA1

    1322e3ad7143753852a8e28d7353dbafaf354eb9

    SHA256

    ad0857c8de0a1423655476037bf759c6b8fd2595574ad5f7e567019609e187e3

    SHA512

    11a17979bbffde9e5eb33d3e4a0d10fc07f2a25d42907bf8f4698172dfc883ff6c9be428b7d7f8d5a4b535f64f20f7b48f3f1e2d4790a5f2413305122ba018a2

  • /data/data/com.lc.sakuratravel/databases/logdb.db

    Filesize

    36KB

    MD5

    60e918a66670488ae5e111bdcbcfa95d

    SHA1

    ee81e2f5ad9a7301adfce5999095370e532a43d9

    SHA256

    0126f776c2c01bb621001c4d80787b706902fa8fdd89fd1f062d063ec74d5313

    SHA512

    1abb9311fce204649d299a19efab820981c427a8f3778a9848fdfe99aac19fbb3d62bdc4f5fc93bad66c090d198e9db33c23066041207272f2942272167796d2

  • /data/data/com.lc.sakuratravel/databases/logdb.db

    Filesize

    16KB

    MD5

    30ee1514f3f4f77524737ffd1aa15d16

    SHA1

    4034adb5622ce14f79dc6ad25c21b99c8d2b0dd7

    SHA256

    9cbced42d26d0d2faadd0dd545c900fedff46c19547909d9e1f4d052a7660cad

    SHA512

    be89d618660af5b129c4c472af1c55c0168a2485f23b73898285041abb6f3824d0281ac0a6b7066000e4997309aba5633ce99e52fc0f3c291f56563fb09ca39c

  • /data/data/com.lc.sakuratravel/databases/logdb.db

    Filesize

    28KB

    MD5

    2fd22cf5aa40acc575be02c20e7736d4

    SHA1

    06f8d72ba8f61cd145b0592ab5ef43f0d1e5e3d3

    SHA256

    4cf35e588ea77dfa88bff51e3b0e2c7863e0afab35738f75ccbce173185d0c3f

    SHA512

    ac9defe0d8673ecb409ef947cae1cc24965266643e30b5588f8e5b2a6aeae59aaa05636e0b628e21b68e960645471a5b1aa212b400b01f70b5e3a6e727e6b12b

  • /data/data/com.lc.sakuratravel/databases/logdb.db

    Filesize

    36KB

    MD5

    a7b5debf648af8527d38065f285c6754

    SHA1

    ad8513c878ca1483a2472c7f8dfc8a416418517e

    SHA256

    0d8f1987d41b042ee7aa1ae97d1950a40884ff4ed620fd02371017160e50eaf5

    SHA512

    c879b912d723e9c382e547f605dea4d77830d9300c3cdb1a14c2758cf4e895000c7ba2afe37584ed2fb94a9893e8ff47bdfda4dfbf2dc47aca75efc5d28984e4

  • /data/data/com.lc.sakuratravel/databases/logdb.db

    Filesize

    28KB

    MD5

    6b834f40a4381b743235b2fbcac6641e

    SHA1

    efd55db3950873c9bb1fafca4e283206942b7f63

    SHA256

    d0260a5d57d9d0308fee19197250cb2c56585bf1cf4fe5d53fc59c997640aecd

    SHA512

    1c6b7325a8095aafce8b56078579b8f4c11acca0599024fb46a8b428cb497ca01913a4518e408bfa41b243eeed2c6f9f95af34e5e4c0ceddf42b91daa73b4f7a

  • /data/data/com.lc.sakuratravel/databases/logdb.db-journal

    Filesize

    512B

    MD5

    44fe54523e9564c5a23ba16d1f507125

    SHA1

    3bb89423cb5da474a885f2ce56d1e03123cc1300

    SHA256

    d5f6e0063879aa3267f2fe94ef23f25c3ed8ee95d86c2c43c93b278af5278cfe

    SHA512

    540c424641fb9705b2d59288f68b3764e2a22306710cc3be7df92fa7a21d4e830500d4dbe8582e92f7345c2f8fe839f4f067e2f2e139b3cd2446f9deb7f20616

  • /data/data/com.lc.sakuratravel/databases/logdb.db-wal

    Filesize

    8KB

    MD5

    42cd8ac5a2ecd9903d009dfbf76a32f4

    SHA1

    7bfcc99b199fa7ca161e7b89897d28cf3ff8e751

    SHA256

    9bf6ff60e66017d9cde216cefb207dae4dcadcad61aad64f59642edfd1cfb2e0

    SHA512

    4a23eb7397bb10b91703c7741fee41c5dc7c8ceb30ca5296374f33b05cc9f67fd6ea3829be6c505681991b6fd455f4e239cebc3b32f1228df8114f9779b57cf9

  • /data/data/com.lc.sakuratravel/databases/logdb.db-wal

    Filesize

    4KB

    MD5

    8e565441ab7f32da0b395f1bc3aaf4c6

    SHA1

    1797f647d97b88d7317e73609a6d43f3efe50615

    SHA256

    3cf3c95879a70fde2de7105959106161c50a7136c410b747fb7095af121e9d47

    SHA512

    ca4530e716ee88e747e864f7e56eedfae7fbee0ce55711e85c5555f198af346ca9d559a5c68ab3f793f2edcad13483d482b89e09675df066fc68ef1ac725a726

  • /data/data/com.lc.sakuratravel/databases/logdb.db-wal

    Filesize

    8KB

    MD5

    43b56f74022c3a9acb2cbe2bed2794ac

    SHA1

    d1ce8097dbed879b461752a6ce3a28a3ab0bf367

    SHA256

    d8c1bce194eb546fa3d13eff56858b43c5cc69d81f7833e4a4b9c81f05b9d1e5

    SHA512

    2650853ce8e9491771c5374c013334dbab04db19be8e44ec6f84f2e1ce7e3c109158f2dd173e0f755e306589741cc25971803f78e81364f99e1379c24a70273f

  • /data/data/com.lc.sakuratravel/databases/logdb.db-wal

    Filesize

    8KB

    MD5

    7257655ad1daa278ba3736560a9de3ea

    SHA1

    410cb8afb980b08bbdc5fbfbbe3623b5b4d8b064

    SHA256

    18c5a62a723e4dbc747f02d5b0ecedc5460ab67156f3c9114540ba2fcab56028

    SHA512

    fc59346aa12c8cc2fdac95e5bb944e8b61ccde01c73ce930c4c78d84a6f363132fd6e508196ef51db73d621b30c6910ddef345f15e68b266a4d806a5ad571c0d

  • /data/data/com.lc.sakuratravel/databases/logdb.db-wal

    Filesize

    48KB

    MD5

    41be65acece22470afea6844e9f190fb

    SHA1

    ac899a0416da0ae00db8dc1465b53f5c7774795f

    SHA256

    ddcd920dbe0230c93ce7f4df6cee38be10eac67b1d3089c142deedda813ab11e

    SHA512

    6d307d84822e88dbd84d6dc892c851d29a789697dc5ba2ae9b8d5926b18585913a93c33bd5d3e3e5bb8df8531eb1fbe8e3c4028c03aea907d982fab97888b013

  • /data/data/com.lc.sakuratravel/databases/logdb.db-wal

    Filesize

    8KB

    MD5

    4b058f1e1367a70e50a61322fcfd1328

    SHA1

    5beea1923e413ad7351daf7e07c1dbc494876e70

    SHA256

    c361d56e2b6a14a277d0cdcbc284879ee5766e9e21666cfdc099f6248e59c023

    SHA512

    035933ead6b5810de94ee54a878f3fd4d00c452fbcd1511215f12bd9f9d12a9fb1784624a78170e898e4f616ff9077cc09c661325b6fbe1c7600c153d94f35d7

  • /data/data/com.lc.sakuratravel/files/a/b/2c1f5024e14499941e686074110be00f.0.tmp

    Filesize

    1KB

    MD5

    3062fe6dc1989332fca08826846f1605

    SHA1

    daf49a5f5104490f9d6644855d6250bbc90e0e97

    SHA256

    498992ed383136ecff95822e2a649e9f29efe44571006e3277294701504bebb7

    SHA512

    0c128739dfac65025424b89a045eb9120e1207b8648ec1251740801bfa8c4f359db95bb4c34c17927755cd01e75787937af9b46a593580a1461da85d21d51a88

  • /data/data/com.lc.sakuratravel/files/a/b/6c1d3ee4935a26c620d94755778f14f7.0.tmp

    Filesize

    1KB

    MD5

    95803c67bef4e1158f1e2e8b43136ba7

    SHA1

    84c763dd8d9e8b2a4f8f1d7f7c8fa301218de36c

    SHA256

    c41a33f6aa595826d0bfc80ff28dcf59b3ac60301cbfaf21e03ed879f36beca8

    SHA512

    013239a21d36603ebda2e248c65c0c0a7848f52ee978c6d2a185c5e295765417b1eced632a300e8e09e573330c81d80532e7552bf1be5a0ce76202e3c6744c79

  • /data/data/com.lc.sakuratravel/files/a/b/journal

    Filesize

    114B

    MD5

    8ed07b73a02b2ec6f7a761f2e945b7b2

    SHA1

    d9f280d55b5e8478b57d55a39d90cb968170272e

    SHA256

    35f78633853c7b4cb02441b5aa57e9e3ec8433749a9224ab38b43f54fe92153b

    SHA512

    0f2d8df806a162e03b1c71b3c88670c665dccf94bbda4e350f0381a6ce28de2afc33a501cd018a4264c08aa829591f75f7c7245d0061e940bb94352cbc3ddff5

  • /data/data/com.lc.sakuratravel/files/a/b/journal

    Filesize

    197B

    MD5

    6adaccc8f52f1668a0dba7ee11f28f2f

    SHA1

    c8377c62f25fd14b0ca5a198d15cce1f4838b6fe

    SHA256

    8ee58bc1ce748430421a73a30e176141f1e0e66349cb676a7eec4133238df1d3

    SHA512

    92d51719bb481d0ebada8766ef74279fbb6d5e271138c40cb38ef101c6724e823c2f30e457c6e22cd7f01a6d46e5209845bae649709baef4630cfd56f8c49828

  • /data/data/com.lc.sakuratravel/files/a/b/journal.tmp

    Filesize

    31B

    MD5

    8c92de9ce46d41a22f3b20f77404cc1d

    SHA1

    8671a6dca00edb72be47363a7071be65cf270373

    SHA256

    68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

    SHA512

    30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

  • /storage/emulated/0/amap/openamaplocationsdk/als.db

    Filesize

    24KB

    MD5

    59c5ab8e6c1e336a7932e5cc8efb0e44

    SHA1

    e9c03df2110f8a877d97200453dcb45fcb49da86

    SHA256

    4995c04e3c78eb37f15ee66881c1f4849a97a9f3ed5458869f1160604f1ccc0d

    SHA512

    1372036f865ede81683008bcd0cdc14f755aa78f3f84f5fc784871e6ba00512bd01e726f6fe95d3daf99c89e1bb89519028e8e6c614d31efefd0d7b07f3bdba4

  • /storage/emulated/0/amap/openamaplocationsdk/als.db

    Filesize

    24KB

    MD5

    a22d9b53bda0f7778f3d24257fcf4441

    SHA1

    71a3202820a5d72b61c6a9185a225ad483faf94a

    SHA256

    888492242c42413ad12546ef19324233a05469b6c6883c49dde8415d06ef5982

    SHA512

    5e3cef7d79e1a41c55cb92b79cfd5273207df202feb742653462e98a600c0b2c6df0e63be1fc84201a08de83301c2b1a999973e37c3ab25fb0e8f32f94e15d08

  • /storage/emulated/0/amap/openamaplocationsdk/als.db-journal

    Filesize

    512B

    MD5

    b5cfbea94a79ad77d085c6ef7d446e9e

    SHA1

    eb807c36c9b314845290583fd9a6c929f9a369dd

    SHA256

    b39b9bdd7982a8d234744af0966c58885b33942dc76341b2ac8d350cc5c5d9cc

    SHA512

    ab35611b08865cc7c3ae53e7b6f884596c6ef1a2ca49cc1255f1124367f6451ced070fd6da64b71d1b5d9674c8034cec7269007cdede932f62a32c3444e011e5

  • /storage/emulated/0/amap/openamaplocationsdk/als.db-wal

    Filesize

    36KB

    MD5

    497f757e4731e23f0c134cbd38a7705d

    SHA1

    27933e855a3ad08417fec047064033277b9e338c

    SHA256

    42566b2759507999fabc01d9958e5d62c724f78eb14af7d47d42e6f13a241afa

    SHA512

    c59fc1bdca255bde48bd32f00dfed10a345cb836f440b79bc32a4bcc67470ed29bce4943b7d45c43e23cd1faa22fc83f54302e25a4cb169e2617ea22e0a3075c

  • /storage/emulated/0/amap/openamaplocationsdk/als.db-wal

    Filesize

    8KB

    MD5

    a965ecadba36fd0ef8e5a3503806c79c

    SHA1

    eacda3dabbdbcf3fba276bea51e23cde7a5077d9

    SHA256

    a932e68173064138b3b499b06f925aeacdf3a1508f982675aafc5bfc5b32e49c

    SHA512

    bb0518745f73280065ecd8cb67296033abc52132e6948c4bf36980d2820d14287410063522ce3130e0f2b22177a9c435fd94afb579732c3433ca01d6a15cb576

  • /storage/emulated/0/sakura_cache/journal.tmp

    Filesize

    36B

    MD5

    37e8e716e0e2f4a0b05cd9571d95b84d

    SHA1

    f8d068f6931707bddb8cd69f706f2224ad1fea3c

    SHA256

    7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca

    SHA512

    e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6