Analysis Overview
SHA256
e39b6cf157bc11622b79912b57facfbd43576f26e6f04543469bdf9a4af604d4
Threat Level: Known bad
The file 2b4f4613db12ba561e667ff0752b4f3e_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Privateloader family
Checks CPU information
Registers a broadcast receiver at runtime (usually for listening for system events)
Requests dangerous framework permissions
Uses Crypto APIs (Might try to encrypt user data)
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-09 18:30
Signatures
Privateloader family
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-09 18:30
Reported
2024-05-09 18:33
Platform
android-x86-arm-20240506-en
Max time kernel
47s
Max time network
130s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.generagames.resistance
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.42:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | sdk.byfen.com | udp |
| GB | 163.171.144.40:443 | sdk.byfen.com | tcp |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | config.uca.cloud.unity3d.com | udp |
| US | 34.111.113.40:443 | config.uca.cloud.unity3d.com | tcp |
| US | 1.1.1.1:53 | cdp.cloud.unity3d.com | udp |
| US | 34.107.172.168:443 | cdp.cloud.unity3d.com | tcp |
Files
/storage/emulated/0/Android/data/com.generagames.resistance/files/mem0
| MD5 | 6bde2aa6394fde37e21748bc0578113b |
| SHA1 | 461d4595a1bda35c1a1534cb9b2bfc3b62e84b47 |
| SHA256 | 13aea96040f2133033d103008d5d96cfe98b3361f7202d77bea97b2424a7a6cd |
| SHA512 | bdd1863ef1cddbd43af1abc086ec052fb26ce787cbfa6c99c545cdc238b722dbe958e519db2baafca5c25692ee30bb83f18d4d1fa790d79d4da11e3b5f14ac1a |
/storage/emulated/0/Android/data/com.generagames.resistance/files/Unity/d160d000-af8f-47c0-89df-53f5c460f536/Analytics/config
| MD5 | 8673a8ac0b06a9d056d08d62f857ba4b |
| SHA1 | a351bea1932270bafbe468584058fef20dcfc31e |
| SHA256 | 83b3f90c4edf1f122c8faf9784ca0aee4dd017c65493ac181c1814211703db96 |
| SHA512 | edf28eb7fcef654f139285d308f817ee230d6f064a4c865109d6dfe6f73c11f8f35737c8159c8a302118237ab980899ba5773f547cc9da4028643a53b08e324f |
/storage/emulated/0/Android/data/com.generagames.resistance/files/Unity/d160d000-af8f-47c0-89df-53f5c460f536/Analytics/ArchivedEvents/171527945200000.e9ceafe7/s
| MD5 | b715605f05236452fd0a32a197b888c4 |
| SHA1 | 72a0c1733f57fb3bea97c0d5a3e831974c73685c |
| SHA256 | cc0fc19fa10fc419a6fd8c8f7d6d8cdfccbb435c4bf86ad00c879ac56a017759 |
| SHA512 | 8481a3a993615967228561ea813380c21a83155fecf62a133f23be179e208f31abc0bc2001d4df86c8e1e67d4a7223a73ec0829def43517e139084e403f09f92 |
/storage/emulated/0/Android/data/com.generagames.resistance/files/Unity/d160d000-af8f-47c0-89df-53f5c460f536/Analytics/ArchivedEvents/171527945200000.e9ceafe7/g
| MD5 | c81e728d9d4c2f636f067f89cc14862c |
| SHA1 | da4b9237bacccdf19c0760cab7aec4a8359010b0 |
| SHA256 | d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35 |
| SHA512 | 40b244112641dd78dd4f93b6c9190dd46e0099194d5a44257b7efad6ef9ff4683da1eda0244448cb343aa688f5d3efd7314dafe580ac0bcbf115aeca9e8dc114 |
/storage/emulated/0/Android/data/com.generagames.resistance/files/Unity/d160d000-af8f-47c0-89df-53f5c460f536/Analytics/values
| MD5 | 76884a7529f1cc8ebbc65ca3923cf851 |
| SHA1 | 516258876da53180cdd79661faaa3fad488b3ad9 |
| SHA256 | c3b4e3403ce8256fd18ba91c354aa2b089ad922df8881299cb52901c95c951db |
| SHA512 | 76d69dd91e95c824b18f6ee2a23e45ca2230cc78a711908b0fa9b9a3a7b437fe14bf6cf376050ea1eeb55a2e8a4d3a8199980e53016aecf84b794680094d2b69 |
/storage/emulated/0/Android/data/com.generagames.resistance/files/Unity/d160d000-af8f-47c0-89df-53f5c460f536/Analytics/ArchivedEvents/171527945200000.e9ceafe7/e
| MD5 | 4279a3a3907bcdb7420efa9728d75345 |
| SHA1 | 521a9f378adbbf91511c1a4a2311d86ede5df237 |
| SHA256 | 8c652dfa296685d39f16d3561f29a6a327f89dc9c214d61e775f004ce0da24f1 |
| SHA512 | 6f3ce7d9b89add16acfdb0071b1a9f5509812c4245d16125f2485c439f7d1a4c2e04466cbd760f0130217157aea73d953176413e89b010c0c79e74a7b1a34c41 |
/storage/emulated/0/Android/data/com.generagames.resistance/files/Unity/d160d000-af8f-47c0-89df-53f5c460f536/Analytics/ArchivedEvents/171527945200001.e9ceafe7/e
| MD5 | 1ec88cd92b503a51fe6d9fdcb97cba3a |
| SHA1 | d51f6f9fc55ea3cc490b189f19f58ff4ca820dfb |
| SHA256 | f008351e9986bf6fac1786b082f5a6f1881aa929f26ae30103f8756062187713 |
| SHA512 | a3b60132427fd5c878ea9b33f19a6fa52511d44c4cc849c473cc559b319f2ab3ad9b142dd0c58c3eb58347532cf994f6a797ac306622dc9ba8261e62618d17e6 |
/storage/emulated/0/Android/data/com.generagames.resistance/files/Unity/d160d000-af8f-47c0-89df-53f5c460f536/Analytics/ArchivedEvents/171527945200002.e9ceafe7/e
| MD5 | a9a13a0e02b756880a376ea097d6596a |
| SHA1 | d3f4a7572a9ac2835e59675744cfe09466a46c0a |
| SHA256 | af13a8d2d201da9267faa77eb26540e14340ecf48ba52de5433d8711cebfce07 |
| SHA512 | 989bbdf27eaad94c6f28ba286e43bb102a330a14bff3e390c733bcb9a810ad6f66f7e93d9c001ac075ff1d29e025e8fc2536e720c2f5de181fe84ddb2001bcca |
/storage/emulated/0/Android/data/com.generagames.resistance/files/Unity/d160d000-af8f-47c0-89df-53f5c460f536/Analytics/ArchivedEvents/171527945200002.e9ceafe7/e
| MD5 | 0d722c5c3d39c422d5ecf28fad0e09f6 |
| SHA1 | f3f11c973dfe3566607caa3a9c4d89109857e38c |
| SHA256 | 9492ceee7f1ea77153dc31cc93e6876a109ec91061e627042ca24b1ebfe1e1fa |
| SHA512 | b67c2ffd8c4d8f718f1362a31f5d2284dea482c700be30196b0180c7a28fcb1bb5185bc47eecb1fa28ddf8fb528c2fdae74167695cd33f3b8f2502a3fc490142 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-09 18:30
Reported
2024-05-09 18:30
Platform
android-33-x64-arm64-20240508.1-en
Max time network
8s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 216.58.213.4:443 | udp | |
| GB | 216.58.213.4:443 | udp | |
| BE | 173.194.76.188:5228 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.178.10:443 | udp |