Malware Analysis Report

2025-01-02 07:59

Sample ID 240509-y4j9cafg27
Target 2b88a087c08012cb81a1e5e4059d6ef7_JaffaCakes118
SHA256 2460d37c3da7b17d042cae66777d4f6ad63c27caca25222d28edb00604abb8e9
Tags
discovery evasion impact persistence privateloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2460d37c3da7b17d042cae66777d4f6ad63c27caca25222d28edb00604abb8e9

Threat Level: Known bad

The file 2b88a087c08012cb81a1e5e4059d6ef7_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

discovery evasion impact persistence privateloader

Privateloader family

Checks CPU information

Registers a broadcast receiver at runtime (usually for listening for system events)

Acquires the wake lock

Checks if the internet connection is available

Requests dangerous framework permissions

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-09 20:20

Signatures

Privateloader family

privateloader

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-09 20:20

Reported

2024-05-09 20:23

Platform

android-x86-arm-20240506-en

Max time kernel

17s

Max time network

131s

Command Line

com.vitotechnology.SolarWalk2

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.vitotechnology.SolarWalk2

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 graph.facebook.com udp
GB 157.240.214.1:443 graph.facebook.com tcp
GB 216.58.204.78:443 tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 157.240.214.1:443 graph.facebook.com tcp
US 1.1.1.1:53 config.uca.cloud.unity3d.com udp
US 34.111.113.40:443 config.uca.cloud.unity3d.com tcp
US 1.1.1.1:53 couchdb.swalk.co udp
DE 18.245.86.128:80 couchdb.swalk.co tcp

Files

/data/data/com.vitotechnology.SolarWalk2/databases/google_app_measurement_local.db-journal

MD5 1a310015b84af07c401d59a3d284eef8
SHA1 8872e02266ef5dd7439cf8fe4fac85d939363a04
SHA256 bd033d12fb49adfca5dfba0cc0df7b46cf6fe7cd645ffd6209d8ff973cd59958
SHA512 203589280af2c30e48ab691c671a23b65bce20c6e4d641294af9ff5b569d4b9697aa095bb597d4c5d8458218406196334ed10112048d3d32298e9888f6ff860c

/data/data/com.vitotechnology.SolarWalk2/databases/google_app_measurement_local.db

MD5 d84480280a6e624d832cb647c4801824
SHA1 cd1db171015acd431ef29dd413ba29b5a0ab3447
SHA256 10e7a6ecff13b9b3087cc4c680bfd7968bc89f2d84c54092c0244621b3219755
SHA512 1b62dc4ba0bedf6c8908d81b91e1744d0a63ccc11b0a11863bec432b164cf570285e35883aa88b2aeb1ca41ac449954965dcc3944d4feae545ce800d2fc1f471

/data/data/com.vitotechnology.SolarWalk2/databases/google_app_measurement_local.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.vitotechnology.SolarWalk2/databases/google_app_measurement_local.db-wal

MD5 92e55be4000c9c310c48fecfdcba8aed
SHA1 ccc5044856f7c51ea8d1b14253feb107dc0f17e4
SHA256 93f96bd66033852a0d233ef0ee70581448fcdaf09a134118a8994178bf355517
SHA512 23eacf6befb6e6fedb6f775cc3549904a9d1f849a89c7baf1a570fe080a14ec965120a0dada802b13d1b9eb1799d8ab385e4c045945eb448e7e41b08dff81c1c

/data/data/com.vitotechnology.SolarWalk2/databases/google_app_measurement_local.db-wal

MD5 a9f25a027e8bed90109bef1339dd6b21
SHA1 50378d39a21221384ba919c37bff1f24edc367ab
SHA256 1d06b03f02585fee23e0d2e2373759da79e4bea62cda74f34c74b5bcb2ede26e
SHA512 1d41cdf80c1e2316bb27f0265d7f706a21a6cdae529eb9543602668a13995e34d13455ee867acf727bc28b3df22ebca282e3ca279d07f9eb2c43205080a121b1

/data/data/com.vitotechnology.SolarWalk2/databases/google_app_measurement_local.db

MD5 d2e67def4df5a22613f40deee0df37cc
SHA1 ae20c48873f842e92f90b198b67a76bdf210e5a4
SHA256 d6c67275473dce1bb9fae882bdcdb3915fd3f60acffc23b25805059d9362dadc
SHA512 7cb5cbfa594d457c32f7a7697e66c4c57284e8beda744f1f5313c586da278dcb421ff3fded054c992f557841a950c7851024b66b75f44585691f5200a8c8de87

/storage/emulated/0/Android/data/com.vitotechnology.SolarWalk2/files/Unity/local.103411be10bba4184a3da412c0d0b3f1/Analytics/config

MD5 8673a8ac0b06a9d056d08d62f857ba4b
SHA1 a351bea1932270bafbe468584058fef20dcfc31e
SHA256 83b3f90c4edf1f122c8faf9784ca0aee4dd017c65493ac181c1814211703db96
SHA512 edf28eb7fcef654f139285d308f817ee230d6f064a4c865109d6dfe6f73c11f8f35737c8159c8a302118237ab980899ba5773f547cc9da4028643a53b08e324f

/data/data/com.vitotechnology.SolarWalk2/databases/google_app_measurement_local.db-wal

MD5 43afdd7ad8d5e39c7eec2ede59ffd0e6
SHA1 1b63bfdbaa08b0dddc3b6acd356be7fcfe2eebe5
SHA256 594d9f92db54192b5dd93f3c2f04aa448327cd20bbd246bea6f70e6d7ec7d969
SHA512 4b1bbb12051e3e9b36c04463b6b9a75ade6461b67913a2a0d2bc05b1bbddfa8208819bdf06309030a0ca8194bee4cc706f9f5f0d1fa60b558e238bb8d726a094

/data/data/com.vitotechnology.SolarWalk2/databases/google_app_measurement_local.db

MD5 4898050df33a9ae445fea97008fd787f
SHA1 09f928ab032c2083bbe3c97ad8df506e45cd2195
SHA256 49dc0552be46c36a5c993e032359e7bbe57e6dfe87145b0e52e71b290ebd7074
SHA512 7396d56fcb20f29a997bd46e7dc950bf3d56b96a6358ba8f819d46030a1fbe363223450f01377b7a3c0c037584f4f27675573b3cfe681d1cb8f714e20661682d

/storage/emulated/0/Android/data/com.vitotechnology.SolarWalk2/files/remote_config.json

MD5 2e220e26906b613c5334a9ddeb155cd3
SHA1 0f0adaee46482e74886b8b1023a25e164bb13d69
SHA256 bd07ed57372e90633b9942c184d51d4c4826ef958f028a14a33b4c5b4fda71a4
SHA512 b911d1eaecc110452862d101553c86678f3916e9c1b00b0b14a95afb2fbf171bc1eae8a79abfa8098d2d89c7d82c5dbd6178412323b5021d76893f6437550d9d

/storage/emulated/0/Android/data/com.vitotechnology.SolarWalk2/files/remote_config.json.etag

MD5 8356dea43545b8310f0a36336cfc4596
SHA1 d0f712a5759b92e6964cf12a3d1d8d070f68bbe3
SHA256 97d29c8a0693cb1815c52ea163e6ff408cabfc2cdbb8e66a49e87c5541a90183
SHA512 cf734a75e1c9540e761561fedc6a9960d424668f1787b2d5e5a9098cfce91efe28b28551cf6cebaeb483508db36bc130a70ea3d538864841928d92f8223ccae5

/data/data/com.vitotechnology.SolarWalk2/databases/google_app_measurement_local.db-wal

MD5 29b03bd29afc609569b6a06bb35ac6d4
SHA1 072bdc8bc8e1132c5ec2cf6e88595dca33535095
SHA256 4f71f2dd49ba859f9992bab5a2497cc3b4d921d7a35cdd879d6b7b08a8171849
SHA512 b930689c24ab59abaad4251ff6738217e9827f19165e285288e59c0e4bb787f7c5b33b85c9c67627002f9d08cad63ccbd1f04d8ad11f6b80fa83981982b10398

/data/data/com.vitotechnology.SolarWalk2/databases/google_app_measurement_local.db

MD5 7065f597085f5eb2f99533e11c52bf81
SHA1 b2a8a1df8f948e5560346b6744914973c2aafd95
SHA256 26d92476a3fe0069d1c0f132f3b57347b1b717404d8fe275633744a2ee09594d
SHA512 3632e2500e119d9220c0e6c832583b1b606744d58ca6a203ec93b038dc374b65e9cc48cb5a21063879e2891368757cbdd67b5c32ec2eb640d9f7f403e6d3f99c

/storage/emulated/0/Android/data/com.vitotechnology.SolarWalk2/files/Unity/local.103411be10bba4184a3da412c0d0b3f1/Analytics/values

MD5 f4fc584463db18d2f51a352d427604f8
SHA1 5b89ac635522ac62012e8a55853904399988da7e
SHA256 db0aad0aee5372043afaa8b758fd7cc28dd2e755bae748e238277f410861f6ad
SHA512 02aaafc391d5cdaae7cc988794d9611007f3eed1bec268a8376fd91eec2b06681bc5e98cd028c48653e0fb7a36a495e80fb8ddeac7137005b92261fa139edb50

/data/data/com.vitotechnology.SolarWalk2/databases/DownloadsDB-journal

MD5 86f57212d828310eac940415155e824d
SHA1 df5affa29022e31f718b11e82276733afaf4d700
SHA256 ee5c4dc26a70a173e819f95ac4b93e824243fddbaf6130ab197ef4e288701978
SHA512 785160760fe361a19478ce26c16caf31a854e29c18e257e59d07b55d01a086b3391217f16d793518a2ddf9efb0d35668d43dfeb189d3f6f414fae42ba2bc37ad

/data/data/com.vitotechnology.SolarWalk2/databases/DownloadsDB

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.vitotechnology.SolarWalk2/databases/DownloadsDB-wal

MD5 c9aba795e4a412411a07fe1e39092c43
SHA1 8106313d26a14db8d96ac62fb3ae3dc6c16cbcc2
SHA256 f1f754b8803888afaf39c2d4fb2d20a0a25ff2dbf531667df4c7639f144cc39c
SHA512 fc42a20fa201c44353786b1de6ec89485708d8efe5de8fe35c73ab5b18e0c1be71e8ccf73209d587dc1cc86a61226da88170eed258758003ac2eb34e59ca896e

/data/data/com.vitotechnology.SolarWalk2/databases/google_app_measurement_local.db-wal

MD5 576d363042ca37dbc1d7536f85958cd6
SHA1 a7425c052908ea31d90790cb2d2c8fc262d26009
SHA256 3db08d427b8e52ad2d99b8e71f0cacadc3607da14bc3d1967521883065e615fe
SHA512 2f445d666429150f0f5c02c238588aeec0a0cd46fd43e85a518f6e35ff05aa6336b6e76e1461c70a4b83fc00555b14b855df72bc42c015eaa130a9fe0327c32b

/data/data/com.vitotechnology.SolarWalk2/databases/google_app_measurement_local.db

MD5 f82f33600372e00394de2a7fc4b99dbf
SHA1 8f9f56eb4ae8c865d48994c0267667a588fe701f
SHA256 93c4d591abd43cd6134946aa91fc5b74bb050f3475cb02c8c5f0d09c10466190
SHA512 779f19379b677088923cdf016c3d3f1a38c3c214f49d15103e3f1083b4b8b38745781691764783449bbd842a17b369652d1f071e1188b577ee94dfeb5e0bcfdd

/data/data/com.vitotechnology.SolarWalk2/databases/google_app_measurement_local.db-wal

MD5 deb0227b479a4a5f39d638b7d5e1571b
SHA1 bf3bf338f612cacc04befa6719b89cfb2da282d1
SHA256 73af8eb26b32e67a0ccecb8fa552b104e7e602f345674b50d0a16d335375524c
SHA512 d0730b35074ba27e9765636740cd64cdba034ca5fb49624897a90c903de634cc370c1109a5654d2cf242338ea0d01850efbed59f63060e0f247abfd114c68f66

/data/data/com.vitotechnology.SolarWalk2/databases/google_app_measurement_local.db

MD5 88d6d4676dbd13b0fe5927c36ec13b5b
SHA1 abc4ad030fe84b9286aaf007d147b71624fb2765
SHA256 a44b4281aca3d6543411296d29f84bdb7f74033c24c750aab00e0e12872f0dbc
SHA512 f1c4a8fb59f19ebaadc298b24e88a07674b4b87042773150e460260fd5886068db8ca01d7a4347062a83aa36c29a38fcb4bf7f09dbc35aed8efcd1343e41808a

/data/data/com.vitotechnology.SolarWalk2/files/AppEventsLogger.persistedevents

MD5 c24cf9c625b7236296f1354e92f26257
SHA1 0069a69b6d4e9deef9ce699268bf41a08bf69a84
SHA256 2330097ed705465eddfe4252a048eb3d50d4622cdc746fa4285e483b2e462aec
SHA512 715c2488c73611f2294b6aea7eb6bcd46f1c4da66ac74f53b0ad45b47150ddb149a2493fa992ea32f3c7a6d969c9f5ae34db64845659bcc5e25558538242382e

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-09 20:20

Reported

2024-05-09 20:20

Platform

android-33-x64-arm64-20240508.1-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 172.217.16.234:443 udp
GB 172.217.16.234:443 tcp
GB 142.250.187.196:443 udp
GB 142.250.187.196:443 udp
BE 173.194.76.188:5228 tcp
GB 216.58.213.4:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A