Malware Analysis Report

2025-01-02 08:03

Sample ID 240509-vecanacd5w
Target 2af1c26c3462024ae256475df4e5922b_JaffaCakes118
SHA256 f76e368dd3c1eb59957a0e4ec6f4ab5c881dfb8b8065283447eba955cac4300a
Tags
privateloader discovery evasion
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f76e368dd3c1eb59957a0e4ec6f4ab5c881dfb8b8065283447eba955cac4300a

Threat Level: Known bad

The file 2af1c26c3462024ae256475df4e5922b_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

privateloader discovery evasion

Privateloader family

Checks CPU information

Requests dangerous framework permissions

Acquires the wake lock

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-09 16:53

Signatures

Privateloader family

privateloader

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-09 16:53

Reported

2024-05-09 16:56

Platform

android-x86-arm-20240506-en

Max time kernel

150s

Max time network

130s

Command Line

com.hitcents.drawastickmanepic2

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Processes

com.hitcents.drawastickmanepic2

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.78:443 tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp

Files

/data/data/com.hitcents.drawastickmanepic2/app_dex/licensing.dex

MD5 dc4da049838a1d7f49c698ac6c416d0c
SHA1 9dc4721deed87c1cd37d58ed7f532a924a52b4b7
SHA256 fbb59fe12056aa02c809d4e00fd64217d1cbeb2b82e484e54e031491003eb490
SHA512 6be8e0002c575e4d561d56779435fecd2d9d567e393af94e63045e1b20ec26e51de0fabe987f7a7275cc30847dd1a07a9b24889d5c313fd50b56e32ebd852ab4

/data/data/com.hitcents.drawastickmanepic2/app_outdex/licensing.dex

MD5 43695baa24d26c2d64d2f60ba11c4833
SHA1 e5d84826874f1ab1930eb1b9db84af6ea1f54b86
SHA256 741eb15055003c5d23d7a356ad48416c0cf8dadb35cb97200c3570e2c6beb600
SHA512 91869a802caeeb15046361ccceb2610318ea6f251fa7dfcb7c470e67e5cfed8c7f3ab5b2c9e8001e6b30f949cf18dbc0b28e0352a4d861dcb2e03209ca3844a6

/data/data/com.hitcents.drawastickmanepic2/databases/DownloadsDB

MD5 3a21c7e8c0d6ba02a1707d20e1009e5a
SHA1 e11f8f1a248cc92e0600ea508a6ca4c3f13f3f69
SHA256 40bd3cd26932770fbfe25712bf9c1438e65535c505c0330b368362e8a5386b37
SHA512 7e5ae2f6c6f6ccffe6996cc64ceee8c300fbbad271177664079922debcaad3478dd6a206dd566706a6e6a82a2e9a32962fc3e293201dfb3d6e45a9fd2b80f9c4

/data/data/com.hitcents.drawastickmanepic2/databases/DownloadsDB-journal

MD5 6b76e6ffecc488887ec4cc81674a20a0
SHA1 7028c5cc7274b8d07591bf78ea05d817bbe1c8e1
SHA256 c85aeb99a6eb8f521a7ba3c5639f60b61bfe0cbfa00a8a59f7f02c8f5d7376d8
SHA512 b3ef09571da5e7a5cc69b7ea737bd9045fbef73c80851c673005fb86dd89b0657313f2e99d380e7cbd9a7ea38526d1cde7f611eba4c6f332f1095dee5ed5e7cb

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-09 16:53

Reported

2024-05-09 16:54

Platform

android-33-x64-arm64-20240508.1-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 216.58.213.4:443 udp
GB 216.58.213.4:443 udp
BE 173.194.76.188:5228 tcp
GB 216.58.201.100:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A