Analysis Overview
SHA256
f76e368dd3c1eb59957a0e4ec6f4ab5c881dfb8b8065283447eba955cac4300a
Threat Level: Known bad
The file 2af1c26c3462024ae256475df4e5922b_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Privateloader family
Checks CPU information
Requests dangerous framework permissions
Acquires the wake lock
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-09 16:53
Signatures
Privateloader family
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-09 16:53
Reported
2024-05-09 16:56
Platform
android-x86-arm-20240506-en
Max time kernel
150s
Max time network
130s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Processes
com.hitcents.drawastickmanepic2
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.204.78:443 | tcp | |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.180.14:443 | android.apis.google.com | tcp |
Files
/data/data/com.hitcents.drawastickmanepic2/app_dex/licensing.dex
| MD5 | dc4da049838a1d7f49c698ac6c416d0c |
| SHA1 | 9dc4721deed87c1cd37d58ed7f532a924a52b4b7 |
| SHA256 | fbb59fe12056aa02c809d4e00fd64217d1cbeb2b82e484e54e031491003eb490 |
| SHA512 | 6be8e0002c575e4d561d56779435fecd2d9d567e393af94e63045e1b20ec26e51de0fabe987f7a7275cc30847dd1a07a9b24889d5c313fd50b56e32ebd852ab4 |
/data/data/com.hitcents.drawastickmanepic2/app_outdex/licensing.dex
| MD5 | 43695baa24d26c2d64d2f60ba11c4833 |
| SHA1 | e5d84826874f1ab1930eb1b9db84af6ea1f54b86 |
| SHA256 | 741eb15055003c5d23d7a356ad48416c0cf8dadb35cb97200c3570e2c6beb600 |
| SHA512 | 91869a802caeeb15046361ccceb2610318ea6f251fa7dfcb7c470e67e5cfed8c7f3ab5b2c9e8001e6b30f949cf18dbc0b28e0352a4d861dcb2e03209ca3844a6 |
/data/data/com.hitcents.drawastickmanepic2/databases/DownloadsDB
| MD5 | 3a21c7e8c0d6ba02a1707d20e1009e5a |
| SHA1 | e11f8f1a248cc92e0600ea508a6ca4c3f13f3f69 |
| SHA256 | 40bd3cd26932770fbfe25712bf9c1438e65535c505c0330b368362e8a5386b37 |
| SHA512 | 7e5ae2f6c6f6ccffe6996cc64ceee8c300fbbad271177664079922debcaad3478dd6a206dd566706a6e6a82a2e9a32962fc3e293201dfb3d6e45a9fd2b80f9c4 |
/data/data/com.hitcents.drawastickmanepic2/databases/DownloadsDB-journal
| MD5 | 6b76e6ffecc488887ec4cc81674a20a0 |
| SHA1 | 7028c5cc7274b8d07591bf78ea05d817bbe1c8e1 |
| SHA256 | c85aeb99a6eb8f521a7ba3c5639f60b61bfe0cbfa00a8a59f7f02c8f5d7376d8 |
| SHA512 | b3ef09571da5e7a5cc69b7ea737bd9045fbef73c80851c673005fb86dd89b0657313f2e99d380e7cbd9a7ea38526d1cde7f611eba4c6f332f1095dee5ed5e7cb |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-09 16:53
Reported
2024-05-09 16:54
Platform
android-33-x64-arm64-20240508.1-en
Max time network
7s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 216.58.213.4:443 | udp | |
| GB | 216.58.213.4:443 | udp | |
| BE | 173.194.76.188:5228 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp |