Analysis

  • max time kernel
    85s
  • max time network
    132s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240611.1-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
  • submitted
    15-06-2024 02:32

General

  • Target

    ac9953357bbc2f0742e9b438e8ee2357_JaffaCakes118.apk

  • Size

    11.8MB

  • MD5

    ac9953357bbc2f0742e9b438e8ee2357

  • SHA1

    5d68203357836a68a1b9490d2b69ef5ce04e44ff

  • SHA256

    a85bb4fb0f6c9c8fc76002868b0527b4c4e7a476ca53173166d1521b514fc3fc

  • SHA512

    16d4e0d92630b3896f95f76530a89f9d4bb842c717bed80824029f633727e1e0faf3764441c3303ff296fecc4d62d7cb8a342411ec0533a1fe5703fc2881004d

  • SSDEEP

    196608:XHJsiGj4teeCI6Q9ImayQG86D7D/MDgtA05mO5od09PeQGAfusfCsylk:bRteegwIm/QG86D7DFtA05mShifsqsT

Malware Config

Signatures

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Reads information about phone network operator. 1 TTPs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • com.lc.sakuratravel
    1⤵
    • Queries information about running processes on the device
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4567

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.lc.sakuratravel/databases/hmdb

    Filesize

    12KB

    MD5

    171aedf968e17a2744d2585715606cb9

    SHA1

    bbeddeb3b89fcf809619c35b4a318a80e7d5b029

    SHA256

    d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e

    SHA512

    78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b

  • /data/user/0/com.lc.sakuratravel/databases/hmdb-journal

    Filesize

    512B

    MD5

    956a297d01e537d9993af33271120458

    SHA1

    45a53ba33a44ba13f04da058ac35247283ecc1c7

    SHA256

    ae2012144feaa136d24054db910c02c73d618ee6e2699eafc9ac28c3e241d4c1

    SHA512

    c60143b56bd7a61180d75cc9dc463ebd02da6eb9e849498ef6c8a3a2286b0711eb761df9850d959a385a985741d210561b084c2e234f9c78e015a88ce4dd065b

  • /data/user/0/com.lc.sakuratravel/databases/hmdb-journal

    Filesize

    8KB

    MD5

    89bc219b39760cd74a9f91b3e42ebe8e

    SHA1

    18b73c4979fb0d35d7e4a305e6a1036cb7a9439f

    SHA256

    8d83e23965b697d874da94f5c81c7921b49cdbebd9cc1f55e5fc44c4fb7b4be7

    SHA512

    11c06a6211166737b53dffa8c3e2660791e772d234d52d44847f6819f4e1a61096f83c72e5108d8b9e8ddcb349c115c4ccfc5470de571aacd2fcaab890e76f03

  • /data/user/0/com.lc.sakuratravel/databases/logdb.db

    Filesize

    36KB

    MD5

    a925951bbef27a9ea507f847a6ceaad7

    SHA1

    34b73ba1b11a2423198826f820fe87a1b8cc13b6

    SHA256

    1dd2d23b7c64bde28175205a16f99abac0aa5938d31812c095234defbd1f917b

    SHA512

    4ce18802068f8549fae1d3c594423476753deb776c57acf8ddbacb47360db50c922452db037b3c2d852f28147781c6532a141e9cfae51772b96958825e7ce5cf

  • /data/user/0/com.lc.sakuratravel/databases/logdb.db

    Filesize

    36KB

    MD5

    3565a47c51d36161e23e969e572aaab0

    SHA1

    623cf5ba89b15c26c5e8430aae05164a4f1153d6

    SHA256

    9289b32ad16aad8e7e8a255cd4033ea6d0e64c09ef8c0a808038ba7b1f51c0e8

    SHA512

    e13e2a6a91aca8edeeda5bc319ee210c44f0c74277894b54c0627b19284fc37b6299817d2ff126cd1443b5bf6c300773adcc659b7943b14461b9ec3de93a0447

  • /data/user/0/com.lc.sakuratravel/databases/logdb.db

    Filesize

    28KB

    MD5

    edcbb4abda622171df608081162f5a43

    SHA1

    43aca2f03dfff7502f5e26dcfae91bc6c462a0cd

    SHA256

    68a1be2f0ad90a6f1593c8cb4301cb515faba01105b05aa22d9a77db12d0fd73

    SHA512

    c94d5cfad81af15c8564a5bc8363a26584c82f98cbb207e55c59327613b66935bff6b8b097d77a6158452e4dde07184a4f71204fcabb4e1f0d2cbdaffe4b4e66

  • /data/user/0/com.lc.sakuratravel/databases/logdb.db

    Filesize

    28KB

    MD5

    0c4576fd675ddc7987154aa40625374d

    SHA1

    1ed2b19010aad9095520db2b8da7e00904ad6168

    SHA256

    3bc5350931162306ff16e4ba60c37ec28c1de6af67f2ce9357c1218707c23e3b

    SHA512

    3e837c7d77ab0b27ba11d5bb83642cb41cc01d4db4e3df8d2e9769084099ca64539893895c2d5060a43923348d8a92a0dba70cda90ea01ddff9878f05a8b0e4b

  • /data/user/0/com.lc.sakuratravel/databases/logdb.db

    Filesize

    20KB

    MD5

    6c1bcb7f1cb09d1ed6d3ab5143406793

    SHA1

    6e40d6fb87a7f49cc9b9ac28e75e97b9c8d8636f

    SHA256

    0b54b739065d3b36f18fb7cab33fa891488c01abf0b5358c519c8ff04f68f9d4

    SHA512

    31c864f28c2fe4b2102352231c90b38645bec1b6a6ec448d017bd2574980306d9a89b990e21ace6d6c8bdc4265766331e604f05ec2fb11bb678b427fa9ffd38d

  • /data/user/0/com.lc.sakuratravel/databases/logdb.db-journal

    Filesize

    12KB

    MD5

    1f5741c75925b096a675c445ae943aaf

    SHA1

    03b8c8b5bbb93e71e1c739249c28ecde476c9cad

    SHA256

    e2432051855bd377374f638412d40f31bbff6a51e252d48bb0f08c59b7f1a8a6

    SHA512

    b23dda51a2e4b2971ee95419c024aac2e61761b49b28a1f26df6a7a0af1f3cd078268212707f4f92664a4d9e89d5725badce04d78ff6f01f6d561510f79e1886

  • /data/user/0/com.lc.sakuratravel/databases/logdb.db-journal

    Filesize

    12KB

    MD5

    9408fb2c9c817b24c24271c9eb502fa0

    SHA1

    e2b9dadb989c9963bd09a261e6e9cf1a7e2266b0

    SHA256

    0bcd188552542b3ac14c93b225329817284457fe5ce7f9f2d71116380d9c6bd0

    SHA512

    55262b28794c9e1aa7ce942ae48421566a1778f89420a0f1947de7336df24497dbf2efca569968e58fd215ab270261f3d44e0183f980c2bc3a0bddc56dca501d

  • /data/user/0/com.lc.sakuratravel/databases/logdb.db-journal

    Filesize

    512B

    MD5

    05edd9e9bf2205b36bb0fe447b7feb79

    SHA1

    68d92132c367ab6ffdedcaf58ff95f3d76301b24

    SHA256

    fee2808f1994d83e130251746227b7723d0a5b4c4f42d1d5005aed2360c9b7b7

    SHA512

    cebe18a3a5c194c2fd5f564b55e3a0325a327b7f734b956aad83ecbba3b3d14d6fec16b70df90db380374ca81dc185e21f5654703ea28461f3bcd5e3acc8837a

  • /data/user/0/com.lc.sakuratravel/databases/logdb.db-journal

    Filesize

    8KB

    MD5

    4adebb00e594f565ef24ecaf074cbf51

    SHA1

    6a19a60798b925abd3fcd2b420902e50ee809db2

    SHA256

    88f94ebc267c531c0dd1a58d5799bcb58d5caeec41f2f3d45649b832b46c67ae

    SHA512

    e26b1732806268a6d8f28bd1d9cd68ad054ab3c5b1d49725793e74220af4ddea9359307f60faf6fd498d6e2d7350d972cb71ee7eed9cb7fb4da547b495df36fe

  • /data/user/0/com.lc.sakuratravel/databases/logdb.db-journal

    Filesize

    8KB

    MD5

    9d03b3f2956607d2aeac779c073dccb4

    SHA1

    59b46408f9cee17179ea068bedbe64524cabb2b7

    SHA256

    14473584cd56fb88ddb5293a2239cbb98dd23f3de01d7273cd8bf0998d2138bb

    SHA512

    7b27665d02231bc1ec6b316c748821d39a74988bcd149c5184dbb963b5f0ba8faac7d45d33369d55c5f1d01940ec684cb430d9da5183f1049ebeaca0741c8e18

  • /data/user/0/com.lc.sakuratravel/databases/logdb.db-journal

    Filesize

    12KB

    MD5

    756231de181b2da70593b162435dea11

    SHA1

    31245086d4953f35789a5b9769059e59c052f71a

    SHA256

    8645ee780bdc559930756d27d7195b73ba36595e8e8fb963909cd9c9d521b298

    SHA512

    623cca0f6bdef3d3476a118590baaee625f796791250bf6c3a009e85c8249216c6bd7379155b586107441da9ee4c7aec995e63027db8936976927785e6d9ed2c

  • /data/user/0/com.lc.sakuratravel/files/a/b/009c15a12d8d5cbe00abfbefc8e041a2.0.tmp

    Filesize

    1KB

    MD5

    6253b4e845e7529373d55691a22f9026

    SHA1

    c271dd3fd19e71cfe5c1f941344339363892f09b

    SHA256

    a7f8d51ce11b7ccb3c5b615bfeb5ab692ee61af1a10ee3f3b0456fb26effd450

    SHA512

    9747237812fb2d85494ad75fa475e2a4dc1609b4750cd22d524a0ef7b1b44cdb6139f00b820b6f3afd3360e83d601a232fc92681d599cd386d7dd01de44969ae

  • /data/user/0/com.lc.sakuratravel/files/a/b/9a6508cb46fc4b92047d89604fc83fbd.0.tmp

    Filesize

    1KB

    MD5

    a7979e7c055f5be1f6d0874ad6179906

    SHA1

    25dc991fdccc87f22bf013b81cde1376fc219e1e

    SHA256

    b328680791d9241b846d0be03d0e01906a0224755a26153b1caf4943ec50b0be

    SHA512

    a27073fb9c96ac83c3ecf48a2f3e2520964a5353f156f04c6d97fd2fc9c1f8a8e3872dbabca6c2e630fab5256cbbbcbfe44015e0894911c4fcd46d00e1f1600f

  • /data/user/0/com.lc.sakuratravel/files/a/b/journal

    Filesize

    114B

    MD5

    87ce8c74d7499a818fca4cde274d8c81

    SHA1

    c68b4de19347027906644b14f79e0221ef3102c6

    SHA256

    d6b74387b30cf2e1135af98304cdf6044f18371101772dbab0240e96ec79af71

    SHA512

    8dc916a4f4282ec1590633ca5f72ffc4e6102d1e4cd6092fcf54f934c2d1f598cdd86956933d7baefa76c50e9f79bc9b807ad9370a1426c3f559991d23c3ac68

  • /data/user/0/com.lc.sakuratravel/files/a/b/journal

    Filesize

    197B

    MD5

    6176255de80d96478b626fe4035455db

    SHA1

    d8639cc90a6274e63e62287d46f1165a39582bb2

    SHA256

    51b310f78e87761996de699d48211d19a92fa28094fee9d669695d0ca3f8166f

    SHA512

    335abb5b179aa4e25ab9137114d5dee2a86e5f46d4458c46c4a5cb0c1314d75a8788e29306000041f514b37eb1183e0cb957df98ce2d9febd46f6837bdaa8153

  • /data/user/0/com.lc.sakuratravel/files/a/b/journal.tmp

    Filesize

    31B

    MD5

    8c92de9ce46d41a22f3b20f77404cc1d

    SHA1

    8671a6dca00edb72be47363a7071be65cf270373

    SHA256

    68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

    SHA512

    30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

  • /storage/emulated/0/amap/openamaplocationsdk/als.db

    Filesize

    24KB

    MD5

    378a47102658817b2dae269b94b99392

    SHA1

    9fe1a09b4bbf91725bbb16b1ea6c014d1b24c221

    SHA256

    ece306975b33fb96eb1a6a734e53786145ec806bba83e35b3005c85f0670ad47

    SHA512

    c9ed1f624dd386eaeca4fc34fe972f74a87e5d22271e3363e911ce6d2ce4f9ae816be782ad6363b892745ef59cd892b5a33a3d7700010e5bcfcab46bf6ab3a80

  • /storage/emulated/0/amap/openamaplocationsdk/als.db

    Filesize

    24KB

    MD5

    603651a526125eb1a69875a07c238138

    SHA1

    34e33bea01a012a354d581fd7edcfa88a1725e56

    SHA256

    49d72eaf9b947d9d4b71517217ea1a4cf8b57bf279843f2b8db939552e6a6afb

    SHA512

    776e6a669dfaf881bf53a8305038756e298ab762959b3ce15c1d2e4b1038a13c08bcc76144a841c1a235619d723bde13fba3cd95aa68ab52ce5d4855b0b23620

  • /storage/emulated/0/amap/openamaplocationsdk/als.db-journal

    Filesize

    512B

    MD5

    464031b3b3d5099134e4fefcda30b280

    SHA1

    d9c5f992093498c6857ffaf100a5cdc6866cabee

    SHA256

    02d69eac7f6dbe35ec52d8b23ac06d0a04d811a370a056ef71d24e14d664bb16

    SHA512

    8fc53d8bc73da42678ae87ed2a8dcbcbd70d752a04944c06fc64a19559e26e120e238ea57efdec363c65c2c70d240813c7e59bc5449f6a060ae0cd81d8987ab1

  • /storage/emulated/0/amap/openamaplocationsdk/als.db-journal

    Filesize

    8KB

    MD5

    4f6221bb4301e1abd69c6981f98b6ba6

    SHA1

    ca7084de0c4836b99c48f3dc80bc007494a70649

    SHA256

    a3b653098f67dfdb1cd49398ace021b79f46940316069579a5c1d3fc20f23c3c

    SHA512

    16799e9feb3c67d7b6bcc3786ff8a970e7ae726eb5aba891601584e0baffcffdb0d32722c2373997a12ec471107b8f5d295b5c0fbe951d13081b6fbed4c3c3e2

  • /storage/emulated/0/amap/openamaplocationsdk/als.db-journal

    Filesize

    8KB

    MD5

    00d014198c1d62436d99aa0a06971297

    SHA1

    ccf7eac1b124ef2ccfa7ed0cf17f404f290c56af

    SHA256

    266e70bd4bab2eb7aad0ab0119b3b295cec66877b0475d806deae6ce03bdd00f

    SHA512

    a68c9246b8c9fddcbf85b303d513e023b84267e33c82171a5601bb2bc503b6358a94aea1175cdec59f293e9588d56240c44e2d3bd66f34edca514b74a56515d5

  • /storage/emulated/0/amap/openamaplocationsdk/als.db-journal

    Filesize

    12KB

    MD5

    ce33f3092c65659bfce0c827da97e17c

    SHA1

    f55ee2eaeab259dd8dc1a45178fefcffbcf1d790

    SHA256

    24c7006de396d684720cea056842d4a43e331e52b422254e7006c82d7f05249a

    SHA512

    7314cf17d5f8e98fdd1cc10778f50ae9222246a1a58fb80217fc457a5d517ab0fc96c8ceb4f84446cffda86f9e64586bc5ee9a62066766512a29f56cf3ef7f76

  • /storage/emulated/0/sakura_cache/journal.tmp

    Filesize

    36B

    MD5

    37e8e716e0e2f4a0b05cd9571d95b84d

    SHA1

    f8d068f6931707bddb8cd69f706f2224ad1fea3c

    SHA256

    7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca

    SHA512

    e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6