Analysis Overview
SHA256
8e74682d4235d9e37f3957cea08c93a650ff303642726394355e76fc33a3fcec
Threat Level: Known bad
The file 2ad08ac41f19f1af764d9cd2ff192a1f_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Privateloader family
Registers a broadcast receiver at runtime (usually for listening for system events)
Requests dangerous framework permissions
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-09 16:19
Signatures
Privateloader family
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-09 16:19
Reported
2024-05-09 16:22
Platform
android-x86-arm-20240506-en
Max time kernel
9s
Max time network
128s
Command Line
Signatures
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Processes
com.nathnetwork.xciptv
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.213.10:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | ottrun.com | udp |
| US | 104.22.28.249:443 | ottrun.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
Files
/data/data/com.nathnetwork.xciptv/databases/xciptv.db-journal
| MD5 | 12ceeefa398341da4a58c0326f44528f |
| SHA1 | 0fd2ab126c23ebb2bda7a00873c6ed3fa53e853c |
| SHA256 | b3884dbead86719a8e2059e66d1c85efd45e2796981efe42f4aef490ed2457d7 |
| SHA512 | 5af61bde8e5ec1b548e288907f50d1fd9afcdc3e2471d186c5898aebf37ab631920b8c91aa0eea82452bc1731683d45009690dacf36f43e14afdfb7053c0b355 |
/data/data/com.nathnetwork.xciptv/databases/xciptv.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.nathnetwork.xciptv/databases/xciptv.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.nathnetwork.xciptv/databases/xciptv.db-wal
| MD5 | df44e0d9b9fa66e6586ffadae332121f |
| SHA1 | 68aa9bd4673d79e69a7c5f47fbfbd5f13e02b832 |
| SHA256 | fa635f43e971438ca193c33571c3ab3d5156ea68c5a4222186dd67b2146e6d07 |
| SHA512 | 50b71fe6840e781cd26392307c399cca45a051852d046e643476d460baa4de64ff8d2daa5107d904ed826febd27d8d30a7090887834ad06eda08905b142eb47a |
/data/data/com.nathnetwork.xciptv/databases/s_xciptv.db-journal
| MD5 | 833815f7416406dc112bd6f2971f2e23 |
| SHA1 | c958985e139e23c4bcf86dea291b419dd7f50ce6 |
| SHA256 | 1a058844b8a2aed00b0018e896e0235e01c48774c9e19df61cf50609666c48a0 |
| SHA512 | d84f8836eae0156defea17f309ae5d2145b45398da537a4588ab320ea7133094f4e719b1f54105bdc95387db777db4f679e8d1d5c1aec80519dfb19e32372236 |
/data/data/com.nathnetwork.xciptv/databases/s_xciptv.db
| MD5 | 370608c7510de94247f21ed7d13c61fb |
| SHA1 | d9fe2c45071def4c3680f643bf042581aede2dc1 |
| SHA256 | 92fc760f45a0997c880f3c798f0ba93027174f3a7f78cae6c145da319c69e0ea |
| SHA512 | 0dfca2581ebe0809120337dfbd646e09e3fb0e03a177da05f04dd8cde6de40921855b24f930c021bd0db438468c3071f81fca879c4e0c891ec556ef1db17a03a |
/data/data/com.nathnetwork.xciptv/databases/s_xciptv.db-wal
| MD5 | 950a4b31e723b4d5a5edc3db438dbc54 |
| SHA1 | 35f6156ab13cabdf867a28745c18b460a1f3444c |
| SHA256 | 8424c50a8256d6f4ddbaaebb2250ba7bcc96e533fbfb46f7800893e1018c85fe |
| SHA512 | 94a36e35a97452447cd5c3f4213c46389fd9b8ef06cce85d7491e4b47f84d1209351eefe52881d6659d3e2fc61e7298de8708652f0b8d6a119241c915f0cad67 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-09 16:19
Reported
2024-05-09 16:22
Platform
android-x64-20240506-en
Max time kernel
9s
Max time network
147s
Command Line
Signatures
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Processes
com.nathnetwork.xciptv
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.179.232:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.187.234:443 | tcp | |
| US | 1.1.1.1:53 | ottrun.com | udp |
| US | 172.67.29.142:443 | ottrun.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.201.110:443 | android.apis.google.com | tcp |
| GB | 216.58.204.78:443 | tcp | |
| GB | 216.58.201.98:443 | tcp | |
| GB | 142.250.187.196:443 | tcp | |
| GB | 142.250.187.196:443 | tcp | |
| GB | 172.217.169.78:443 | tcp |
Files
/data/data/com.nathnetwork.xciptv/databases/xciptv.db-journal
| MD5 | 1782545954dc7e0751bf26940085baa2 |
| SHA1 | 94fcb0e7f6e695d6282b50f0962fd1ac4e99ed80 |
| SHA256 | 89cf1430f1a6556e7eb2c837e0a60da1571af91d77166f9e1ddbc0efdd3a5ba7 |
| SHA512 | f3a22c0a514ebc038f029a021434ca2785dd6fcc171ac3e3cf67d493242a2d10e6f8b5dca229cc2767e8e467bfcae1c3889c5515263074d52e47a80bb4188751 |
/data/data/com.nathnetwork.xciptv/databases/xciptv.db
| MD5 | a8b2606286dd92fea76bb82bbaa8ea38 |
| SHA1 | ee04760cb9d8a8322d41bd6e0e7967974d48605e |
| SHA256 | a3ed7170018bd5fb75cd383108767e9b3e98465e389f46ffac90c989f2d3baca |
| SHA512 | 4b8257c9467ff02ea729e51f3229d6d127c6663b0403ecc00807a3801b3372f90e951e73584d25b18fd505cab07e13910ee86670b2ff6a77b67c21f2faa2f35a |
/data/data/com.nathnetwork.xciptv/databases/xciptv.db-journal
| MD5 | ff0badfd92ac76bfee6fe9fe77f8ecf6 |
| SHA1 | 682d24bbf6ecaa473d7721c5a061d829410d6e02 |
| SHA256 | f90c5336613c320729fee34bc45a576adbb4f63c82f7b4499583afb927b7e302 |
| SHA512 | 77bfc7b144c782288bb3df5c5f6d0cf1d619f401bd3a96fae9b3cf3356c59c9c7bdc4390ba4aeb4045e5d5186d355dbf71c19343ccad6125bd98b11fd29d20a1 |
/data/data/com.nathnetwork.xciptv/databases/xciptv.db-journal
| MD5 | ea714344e64908f0f020dd0fac4ddebf |
| SHA1 | 06252e9988305de0a410aca852e795b0a6d7d6ec |
| SHA256 | 9ab78e8b1153a6025976422b80ca7bef4810109fdbcfe40d19239f06c171915d |
| SHA512 | 65d2ca4ffca05de96c42a23a05fbceb657a2b990dc0f0c0a47b18bca5195bcde1fc72827a10d654fa50af99258af5b133490c9d8f1d03fa34e4d1acced15d20b |
/data/data/com.nathnetwork.xciptv/databases/xciptv.db-journal
| MD5 | aff3ee1b532dd42ca1144ede94a9b126 |
| SHA1 | bedd84f7eba3144c774e1a4dfecb8ad7087bdc69 |
| SHA256 | 6e1d96f8d9c6fa39bfdeaa8d42d2cdeefd31b264d45c5e700bb1b4ea3ea99deb |
| SHA512 | 4d1faa83532a79d21dcd67a15d3b11d9de2f730569deb03526a6feef3cb30d27b19dc41d51437e8fb2d332963c4d738ffcc020c793a1c243887d77126377e99c |
/data/data/com.nathnetwork.xciptv/databases/s_xciptv.db-journal
| MD5 | 6675b0a213eef3e0493a9a86560d5430 |
| SHA1 | 8379d7ad8ecc71a67416fbfe0145688281e4883b |
| SHA256 | c457787401e55ea92b09364a4088447e2f1658105687abab6bf578bdbc83d68b |
| SHA512 | 748af8ac4ea1ed2d70a7611dfbfe44e48f42e250ec4add3e339966e7a7e8ac4ef4a72e6bf4496b43ed848cfaa7aa828882ece0ee0edf26db10ab343a7a0a7031 |
/data/data/com.nathnetwork.xciptv/databases/s_xciptv.db
| MD5 | 7c2615b5caf133bd56ee803d85bbc308 |
| SHA1 | e1b9d963a475ec0522d3e60f9b8199176a47387b |
| SHA256 | 4160519ad612765024765308b31cfbec2b31a61513d4bf8c024efd7eb34b7833 |
| SHA512 | 0abd3df7a591743dbb2527a4ec384e403db7a23691c82ee34874858ce0effee6ea3e3da1bd0367daf11145b1979d9df696e79884bc02456e8df866111ab4adfd |
/data/data/com.nathnetwork.xciptv/databases/s_xciptv.db-journal
| MD5 | ae3f280dd32cadbd5677ad5a378e97df |
| SHA1 | 5d9d703fe9025dd2cac1f4be759ab964e175ce61 |
| SHA256 | 2e7c941b5698435eec26de8d26305e86a538fa93c3996554c8bc3402eead7328 |
| SHA512 | 6dd8a9655f62ca262f6d2ed18e31130a9b338fe46a4ccb1a9c5804117434fab60542dbe3696fa092791bea0ef5bf3af62e61818dfb29faf5ed915b8e2722ab9f |
/data/data/com.nathnetwork.xciptv/databases/s_xciptv.db-journal
| MD5 | 732f15443cca7a3308d9572d4ca210ff |
| SHA1 | c9dc0f10d3575c3bb618a81794a76b849d268952 |
| SHA256 | aff4be6ad7daccfe7e01192a9f1ce98d2f5739733419ff899dc5f89c0d7044bd |
| SHA512 | fe5661bfb3230b83e265bf40cd1e94d9073661c44ad426fbd5f159a51fe63768b3e334707ec7c2f123548e140df35ae2e84e528a1b0b9471569480048e292188 |
/data/data/com.nathnetwork.xciptv/databases/s_xciptv.db-journal
| MD5 | 276b51d447b2eef60c260b0a5c9814f5 |
| SHA1 | 934957175a9ad7a27e6224f56767057deb604868 |
| SHA256 | 48eaf04c90b7fa81f72ed0cdabd6ef5a3142f14f4a98ba50285dc524d3faa5e7 |
| SHA512 | f498235fddbb80627086a4ded6885539296f907a48d41e1910a8468fa0ed59bc0b60d20e80da2452680c8f0436118386ce1c717425122858750e87c46f816f5c |
/data/data/com.nathnetwork.xciptv/databases/s_xciptv.db-journal
| MD5 | 418021932104b52969bb31e27d9261f7 |
| SHA1 | d8e9d59acd6de6256793ca0ed48041978d27805c |
| SHA256 | 5fad00b4cf658e7fbad0c1350514d8ca65e61120d0b8830280f0c0034cbd6952 |
| SHA512 | 1d9046832b17e2a26044d28bbf2444acfa502e76916979c763859049b734251db9ea8e887c2e7984283539f599833da5611b3be830b2313911396e0a8f5bfd06 |
/data/data/com.nathnetwork.xciptv/databases/s_xciptv.db-journal
| MD5 | b0ee15a30817b99aace1630aa52a7b9f |
| SHA1 | b703417982c2395f59d1d49454f787b3685800a4 |
| SHA256 | a564763b1a62ad040425948644ce3226d28e2edfd4e401e0b513f5b1d863a3f0 |
| SHA512 | 55fe11e17d1331e924efc230ac27f4a784d7c52bd32444b6f67a52731e814afa4c59679901e51dd53a2a8001d9157a0b6ac7ab56d7ef8a51a1ac00156b29c056 |