Malware Analysis Report

2025-01-02 07:52

Sample ID 240509-w5h2kabe55
Target 2b4f4613db12ba561e667ff0752b4f3e_JaffaCakes118
SHA256 e39b6cf157bc11622b79912b57facfbd43576f26e6f04543469bdf9a4af604d4
Tags
privateloader discovery evasion impact persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e39b6cf157bc11622b79912b57facfbd43576f26e6f04543469bdf9a4af604d4

Threat Level: Known bad

The file 2b4f4613db12ba561e667ff0752b4f3e_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

privateloader discovery evasion impact persistence

Privateloader family

Checks CPU information

Registers a broadcast receiver at runtime (usually for listening for system events)

Requests dangerous framework permissions

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-09 18:30

Signatures

Privateloader family

privateloader

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-09 18:30

Reported

2024-05-09 18:33

Platform

android-x86-arm-20240506-en

Max time kernel

47s

Max time network

130s

Command Line

com.generagames.resistance

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.generagames.resistance

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.42:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 sdk.byfen.com udp
GB 163.171.144.40:443 sdk.byfen.com tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
US 1.1.1.1:53 config.uca.cloud.unity3d.com udp
US 34.111.113.40:443 config.uca.cloud.unity3d.com tcp
US 1.1.1.1:53 cdp.cloud.unity3d.com udp
US 34.107.172.168:443 cdp.cloud.unity3d.com tcp

Files

/storage/emulated/0/Android/data/com.generagames.resistance/files/mem0

MD5 6bde2aa6394fde37e21748bc0578113b
SHA1 461d4595a1bda35c1a1534cb9b2bfc3b62e84b47
SHA256 13aea96040f2133033d103008d5d96cfe98b3361f7202d77bea97b2424a7a6cd
SHA512 bdd1863ef1cddbd43af1abc086ec052fb26ce787cbfa6c99c545cdc238b722dbe958e519db2baafca5c25692ee30bb83f18d4d1fa790d79d4da11e3b5f14ac1a

/storage/emulated/0/Android/data/com.generagames.resistance/files/Unity/d160d000-af8f-47c0-89df-53f5c460f536/Analytics/config

MD5 8673a8ac0b06a9d056d08d62f857ba4b
SHA1 a351bea1932270bafbe468584058fef20dcfc31e
SHA256 83b3f90c4edf1f122c8faf9784ca0aee4dd017c65493ac181c1814211703db96
SHA512 edf28eb7fcef654f139285d308f817ee230d6f064a4c865109d6dfe6f73c11f8f35737c8159c8a302118237ab980899ba5773f547cc9da4028643a53b08e324f

/storage/emulated/0/Android/data/com.generagames.resistance/files/Unity/d160d000-af8f-47c0-89df-53f5c460f536/Analytics/ArchivedEvents/171527945200000.e9ceafe7/s

MD5 b715605f05236452fd0a32a197b888c4
SHA1 72a0c1733f57fb3bea97c0d5a3e831974c73685c
SHA256 cc0fc19fa10fc419a6fd8c8f7d6d8cdfccbb435c4bf86ad00c879ac56a017759
SHA512 8481a3a993615967228561ea813380c21a83155fecf62a133f23be179e208f31abc0bc2001d4df86c8e1e67d4a7223a73ec0829def43517e139084e403f09f92

/storage/emulated/0/Android/data/com.generagames.resistance/files/Unity/d160d000-af8f-47c0-89df-53f5c460f536/Analytics/ArchivedEvents/171527945200000.e9ceafe7/g

MD5 c81e728d9d4c2f636f067f89cc14862c
SHA1 da4b9237bacccdf19c0760cab7aec4a8359010b0
SHA256 d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35
SHA512 40b244112641dd78dd4f93b6c9190dd46e0099194d5a44257b7efad6ef9ff4683da1eda0244448cb343aa688f5d3efd7314dafe580ac0bcbf115aeca9e8dc114

/storage/emulated/0/Android/data/com.generagames.resistance/files/Unity/d160d000-af8f-47c0-89df-53f5c460f536/Analytics/values

MD5 76884a7529f1cc8ebbc65ca3923cf851
SHA1 516258876da53180cdd79661faaa3fad488b3ad9
SHA256 c3b4e3403ce8256fd18ba91c354aa2b089ad922df8881299cb52901c95c951db
SHA512 76d69dd91e95c824b18f6ee2a23e45ca2230cc78a711908b0fa9b9a3a7b437fe14bf6cf376050ea1eeb55a2e8a4d3a8199980e53016aecf84b794680094d2b69

/storage/emulated/0/Android/data/com.generagames.resistance/files/Unity/d160d000-af8f-47c0-89df-53f5c460f536/Analytics/ArchivedEvents/171527945200000.e9ceafe7/e

MD5 4279a3a3907bcdb7420efa9728d75345
SHA1 521a9f378adbbf91511c1a4a2311d86ede5df237
SHA256 8c652dfa296685d39f16d3561f29a6a327f89dc9c214d61e775f004ce0da24f1
SHA512 6f3ce7d9b89add16acfdb0071b1a9f5509812c4245d16125f2485c439f7d1a4c2e04466cbd760f0130217157aea73d953176413e89b010c0c79e74a7b1a34c41

/storage/emulated/0/Android/data/com.generagames.resistance/files/Unity/d160d000-af8f-47c0-89df-53f5c460f536/Analytics/ArchivedEvents/171527945200001.e9ceafe7/e

MD5 1ec88cd92b503a51fe6d9fdcb97cba3a
SHA1 d51f6f9fc55ea3cc490b189f19f58ff4ca820dfb
SHA256 f008351e9986bf6fac1786b082f5a6f1881aa929f26ae30103f8756062187713
SHA512 a3b60132427fd5c878ea9b33f19a6fa52511d44c4cc849c473cc559b319f2ab3ad9b142dd0c58c3eb58347532cf994f6a797ac306622dc9ba8261e62618d17e6

/storage/emulated/0/Android/data/com.generagames.resistance/files/Unity/d160d000-af8f-47c0-89df-53f5c460f536/Analytics/ArchivedEvents/171527945200002.e9ceafe7/e

MD5 a9a13a0e02b756880a376ea097d6596a
SHA1 d3f4a7572a9ac2835e59675744cfe09466a46c0a
SHA256 af13a8d2d201da9267faa77eb26540e14340ecf48ba52de5433d8711cebfce07
SHA512 989bbdf27eaad94c6f28ba286e43bb102a330a14bff3e390c733bcb9a810ad6f66f7e93d9c001ac075ff1d29e025e8fc2536e720c2f5de181fe84ddb2001bcca

/storage/emulated/0/Android/data/com.generagames.resistance/files/Unity/d160d000-af8f-47c0-89df-53f5c460f536/Analytics/ArchivedEvents/171527945200002.e9ceafe7/e

MD5 0d722c5c3d39c422d5ecf28fad0e09f6
SHA1 f3f11c973dfe3566607caa3a9c4d89109857e38c
SHA256 9492ceee7f1ea77153dc31cc93e6876a109ec91061e627042ca24b1ebfe1e1fa
SHA512 b67c2ffd8c4d8f718f1362a31f5d2284dea482c700be30196b0180c7a28fcb1bb5185bc47eecb1fa28ddf8fb528c2fdae74167695cd33f3b8f2502a3fc490142

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-09 18:30

Reported

2024-05-09 18:30

Platform

android-33-x64-arm64-20240508.1-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 216.58.213.4:443 udp
GB 216.58.213.4:443 udp
BE 173.194.76.188:5228 tcp
GB 216.58.201.100:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.178.10:443 udp

Files

N/A