Analysis

  • max time kernel
    165s
  • max time network
    150s
  • platform
    android_x64
  • resource
    android-x64-20240611.1-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
  • submitted
    18-06-2024 12:35

General

  • Target

    bbf5a3042283fb27de1067e4519548de_JaffaCakes118.apk

  • Size

    151KB

  • MD5

    bbf5a3042283fb27de1067e4519548de

  • SHA1

    53e19c611fc2f0f22acbc5539d80e812bf34d5ef

  • SHA256

    b569285906d15b1929ab18d9fd6dd903893167f9b4992f4f14cb227cccb16f5f

  • SHA512

    18fee642ce59e389fff799398f106f9d94d12766573fde502da8ee3b6a6910df8fb1f240d1b22e065139a1b1f41498e65ca084fe868dbf33c21bd06a8ac004b2

  • SSDEEP

    3072:ycn2JtlOon0KPZg9l79Dtm3jQdb/mjS84AY9n:IXn1q3pxOjS8W9n

Malware Config

Signatures

Processes

  • com.tlightsky.photomaker
    1⤵
    • Obtains sensitive information copied to the device clipboard
    • Requests cell location
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks memory information
    PID:5013

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tlightsky.photomaker/databases/http_auth.db

    Filesize

    20KB

    MD5

    62a3561989ede658cd16cc1f14199c1d

    SHA1

    6320791cdfd16b26450bf711bd6776d80a396912

    SHA256

    9ae0206411304ee027e0cfe3b4e6732ced5b423f99c33340dafb68d2b5b215f6

    SHA512

    c4ef43e702e053ee39153149d1fb11311c57c6ad5393ea905df942df8bcd3625e2224563eb4c35bfc45e140aa09135c5123f48d220fe622d9dcf2a4cdaf5dfe4

  • /data/data/com.tlightsky.photomaker/databases/http_auth.db-journal

    Filesize

    512B

    MD5

    265b366b62f88f1875849541563572cb

    SHA1

    cb6215fbef1a7e23475785550fa4e2f655117cdb

    SHA256

    7379c610085f4a9659c1806e815f12d01c59caeb70be3c7d462fac721b1bd1dd

    SHA512

    4dedfc48e7f9a77a9d5fb692d53730ee0cd363a356e56f0a4536d5f17e7ccf7cc9724c83a439b48c5252446840e5f9eb051bc922560136c7968072840d2f0920

  • /data/data/com.tlightsky.photomaker/databases/http_auth.db-journal

    Filesize

    8KB

    MD5

    db08452aefcd51efd568e22f2a572924

    SHA1

    8a336d3c3bb3fa3318d374550477967918aaa0d7

    SHA256

    4af2d017238111bb617bb8a2dd681d10db9a5a060438972ecdab1bf700ca9cd2

    SHA512

    4a726728bed52b01ee31b377001b7dc58203478e9bf890a798fd21a7402515c9d3bf4892bde0cc17188c038f8ce8ae6ddcdfac8afb6342d7ab40da26f0cd4857

  • /data/data/com.tlightsky.photomaker/databases/http_auth.db-journal

    Filesize

    8KB

    MD5

    267668045226e28c034fb57088c387e8

    SHA1

    89cf9a8ffc2b736c79a0f71cfcf9cf0372407702

    SHA256

    8ac55cd897682b3b1dc5669276557b84d32ef2b8c34c76a94c6dff5dbeec399e

    SHA512

    dc44a7311d3cd7f41d883d72b95fc8ce63ee9ebd0cdc926e6fac999c781380cfd0a4b1e44bdba169671cb6cc817fe4603ed45cc4ddefc0863fc50fc927e94755