Malware Analysis Report

2025-01-02 08:03

Sample ID 240509-tstanaea76
Target 2ad08ac41f19f1af764d9cd2ff192a1f_JaffaCakes118
SHA256 8e74682d4235d9e37f3957cea08c93a650ff303642726394355e76fc33a3fcec
Tags
privateloader persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

8e74682d4235d9e37f3957cea08c93a650ff303642726394355e76fc33a3fcec

Threat Level: Known bad

The file 2ad08ac41f19f1af764d9cd2ff192a1f_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

privateloader persistence

Privateloader family

Registers a broadcast receiver at runtime (usually for listening for system events)

Requests dangerous framework permissions

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-09 16:19

Signatures

Privateloader family

privateloader

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-09 16:19

Reported

2024-05-09 16:22

Platform

android-x86-arm-20240506-en

Max time kernel

9s

Max time network

128s

Command Line

com.nathnetwork.xciptv

Signatures

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.nathnetwork.xciptv

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.213.10:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 ottrun.com udp
US 104.22.28.249:443 ottrun.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp

Files

/data/data/com.nathnetwork.xciptv/databases/xciptv.db-journal

MD5 12ceeefa398341da4a58c0326f44528f
SHA1 0fd2ab126c23ebb2bda7a00873c6ed3fa53e853c
SHA256 b3884dbead86719a8e2059e66d1c85efd45e2796981efe42f4aef490ed2457d7
SHA512 5af61bde8e5ec1b548e288907f50d1fd9afcdc3e2471d186c5898aebf37ab631920b8c91aa0eea82452bc1731683d45009690dacf36f43e14afdfb7053c0b355

/data/data/com.nathnetwork.xciptv/databases/xciptv.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.nathnetwork.xciptv/databases/xciptv.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.nathnetwork.xciptv/databases/xciptv.db-wal

MD5 df44e0d9b9fa66e6586ffadae332121f
SHA1 68aa9bd4673d79e69a7c5f47fbfbd5f13e02b832
SHA256 fa635f43e971438ca193c33571c3ab3d5156ea68c5a4222186dd67b2146e6d07
SHA512 50b71fe6840e781cd26392307c399cca45a051852d046e643476d460baa4de64ff8d2daa5107d904ed826febd27d8d30a7090887834ad06eda08905b142eb47a

/data/data/com.nathnetwork.xciptv/databases/s_xciptv.db-journal

MD5 833815f7416406dc112bd6f2971f2e23
SHA1 c958985e139e23c4bcf86dea291b419dd7f50ce6
SHA256 1a058844b8a2aed00b0018e896e0235e01c48774c9e19df61cf50609666c48a0
SHA512 d84f8836eae0156defea17f309ae5d2145b45398da537a4588ab320ea7133094f4e719b1f54105bdc95387db777db4f679e8d1d5c1aec80519dfb19e32372236

/data/data/com.nathnetwork.xciptv/databases/s_xciptv.db

MD5 370608c7510de94247f21ed7d13c61fb
SHA1 d9fe2c45071def4c3680f643bf042581aede2dc1
SHA256 92fc760f45a0997c880f3c798f0ba93027174f3a7f78cae6c145da319c69e0ea
SHA512 0dfca2581ebe0809120337dfbd646e09e3fb0e03a177da05f04dd8cde6de40921855b24f930c021bd0db438468c3071f81fca879c4e0c891ec556ef1db17a03a

/data/data/com.nathnetwork.xciptv/databases/s_xciptv.db-wal

MD5 950a4b31e723b4d5a5edc3db438dbc54
SHA1 35f6156ab13cabdf867a28745c18b460a1f3444c
SHA256 8424c50a8256d6f4ddbaaebb2250ba7bcc96e533fbfb46f7800893e1018c85fe
SHA512 94a36e35a97452447cd5c3f4213c46389fd9b8ef06cce85d7491e4b47f84d1209351eefe52881d6659d3e2fc61e7298de8708652f0b8d6a119241c915f0cad67

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-09 16:19

Reported

2024-05-09 16:22

Platform

android-x64-20240506-en

Max time kernel

9s

Max time network

147s

Command Line

com.nathnetwork.xciptv

Signatures

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.nathnetwork.xciptv

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
GB 142.250.187.234:443 tcp
US 1.1.1.1:53 ottrun.com udp
US 172.67.29.142:443 ottrun.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp
GB 216.58.204.78:443 tcp
GB 216.58.201.98:443 tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp
GB 172.217.169.78:443 tcp

Files

/data/data/com.nathnetwork.xciptv/databases/xciptv.db-journal

MD5 1782545954dc7e0751bf26940085baa2
SHA1 94fcb0e7f6e695d6282b50f0962fd1ac4e99ed80
SHA256 89cf1430f1a6556e7eb2c837e0a60da1571af91d77166f9e1ddbc0efdd3a5ba7
SHA512 f3a22c0a514ebc038f029a021434ca2785dd6fcc171ac3e3cf67d493242a2d10e6f8b5dca229cc2767e8e467bfcae1c3889c5515263074d52e47a80bb4188751

/data/data/com.nathnetwork.xciptv/databases/xciptv.db

MD5 a8b2606286dd92fea76bb82bbaa8ea38
SHA1 ee04760cb9d8a8322d41bd6e0e7967974d48605e
SHA256 a3ed7170018bd5fb75cd383108767e9b3e98465e389f46ffac90c989f2d3baca
SHA512 4b8257c9467ff02ea729e51f3229d6d127c6663b0403ecc00807a3801b3372f90e951e73584d25b18fd505cab07e13910ee86670b2ff6a77b67c21f2faa2f35a

/data/data/com.nathnetwork.xciptv/databases/xciptv.db-journal

MD5 ff0badfd92ac76bfee6fe9fe77f8ecf6
SHA1 682d24bbf6ecaa473d7721c5a061d829410d6e02
SHA256 f90c5336613c320729fee34bc45a576adbb4f63c82f7b4499583afb927b7e302
SHA512 77bfc7b144c782288bb3df5c5f6d0cf1d619f401bd3a96fae9b3cf3356c59c9c7bdc4390ba4aeb4045e5d5186d355dbf71c19343ccad6125bd98b11fd29d20a1

/data/data/com.nathnetwork.xciptv/databases/xciptv.db-journal

MD5 ea714344e64908f0f020dd0fac4ddebf
SHA1 06252e9988305de0a410aca852e795b0a6d7d6ec
SHA256 9ab78e8b1153a6025976422b80ca7bef4810109fdbcfe40d19239f06c171915d
SHA512 65d2ca4ffca05de96c42a23a05fbceb657a2b990dc0f0c0a47b18bca5195bcde1fc72827a10d654fa50af99258af5b133490c9d8f1d03fa34e4d1acced15d20b

/data/data/com.nathnetwork.xciptv/databases/xciptv.db-journal

MD5 aff3ee1b532dd42ca1144ede94a9b126
SHA1 bedd84f7eba3144c774e1a4dfecb8ad7087bdc69
SHA256 6e1d96f8d9c6fa39bfdeaa8d42d2cdeefd31b264d45c5e700bb1b4ea3ea99deb
SHA512 4d1faa83532a79d21dcd67a15d3b11d9de2f730569deb03526a6feef3cb30d27b19dc41d51437e8fb2d332963c4d738ffcc020c793a1c243887d77126377e99c

/data/data/com.nathnetwork.xciptv/databases/s_xciptv.db-journal

MD5 6675b0a213eef3e0493a9a86560d5430
SHA1 8379d7ad8ecc71a67416fbfe0145688281e4883b
SHA256 c457787401e55ea92b09364a4088447e2f1658105687abab6bf578bdbc83d68b
SHA512 748af8ac4ea1ed2d70a7611dfbfe44e48f42e250ec4add3e339966e7a7e8ac4ef4a72e6bf4496b43ed848cfaa7aa828882ece0ee0edf26db10ab343a7a0a7031

/data/data/com.nathnetwork.xciptv/databases/s_xciptv.db

MD5 7c2615b5caf133bd56ee803d85bbc308
SHA1 e1b9d963a475ec0522d3e60f9b8199176a47387b
SHA256 4160519ad612765024765308b31cfbec2b31a61513d4bf8c024efd7eb34b7833
SHA512 0abd3df7a591743dbb2527a4ec384e403db7a23691c82ee34874858ce0effee6ea3e3da1bd0367daf11145b1979d9df696e79884bc02456e8df866111ab4adfd

/data/data/com.nathnetwork.xciptv/databases/s_xciptv.db-journal

MD5 ae3f280dd32cadbd5677ad5a378e97df
SHA1 5d9d703fe9025dd2cac1f4be759ab964e175ce61
SHA256 2e7c941b5698435eec26de8d26305e86a538fa93c3996554c8bc3402eead7328
SHA512 6dd8a9655f62ca262f6d2ed18e31130a9b338fe46a4ccb1a9c5804117434fab60542dbe3696fa092791bea0ef5bf3af62e61818dfb29faf5ed915b8e2722ab9f

/data/data/com.nathnetwork.xciptv/databases/s_xciptv.db-journal

MD5 732f15443cca7a3308d9572d4ca210ff
SHA1 c9dc0f10d3575c3bb618a81794a76b849d268952
SHA256 aff4be6ad7daccfe7e01192a9f1ce98d2f5739733419ff899dc5f89c0d7044bd
SHA512 fe5661bfb3230b83e265bf40cd1e94d9073661c44ad426fbd5f159a51fe63768b3e334707ec7c2f123548e140df35ae2e84e528a1b0b9471569480048e292188

/data/data/com.nathnetwork.xciptv/databases/s_xciptv.db-journal

MD5 276b51d447b2eef60c260b0a5c9814f5
SHA1 934957175a9ad7a27e6224f56767057deb604868
SHA256 48eaf04c90b7fa81f72ed0cdabd6ef5a3142f14f4a98ba50285dc524d3faa5e7
SHA512 f498235fddbb80627086a4ded6885539296f907a48d41e1910a8468fa0ed59bc0b60d20e80da2452680c8f0436118386ce1c717425122858750e87c46f816f5c

/data/data/com.nathnetwork.xciptv/databases/s_xciptv.db-journal

MD5 418021932104b52969bb31e27d9261f7
SHA1 d8e9d59acd6de6256793ca0ed48041978d27805c
SHA256 5fad00b4cf658e7fbad0c1350514d8ca65e61120d0b8830280f0c0034cbd6952
SHA512 1d9046832b17e2a26044d28bbf2444acfa502e76916979c763859049b734251db9ea8e887c2e7984283539f599833da5611b3be830b2313911396e0a8f5bfd06

/data/data/com.nathnetwork.xciptv/databases/s_xciptv.db-journal

MD5 b0ee15a30817b99aace1630aa52a7b9f
SHA1 b703417982c2395f59d1d49454f787b3685800a4
SHA256 a564763b1a62ad040425948644ce3226d28e2edfd4e401e0b513f5b1d863a3f0
SHA512 55fe11e17d1331e924efc230ac27f4a784d7c52bd32444b6f67a52731e814afa4c59679901e51dd53a2a8001d9157a0b6ac7ab56d7ef8a51a1ac00156b29c056