Analysis Overview
SHA256
2460d37c3da7b17d042cae66777d4f6ad63c27caca25222d28edb00604abb8e9
Threat Level: Known bad
The file 2b88a087c08012cb81a1e5e4059d6ef7_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Privateloader family
Checks CPU information
Registers a broadcast receiver at runtime (usually for listening for system events)
Acquires the wake lock
Checks if the internet connection is available
Requests dangerous framework permissions
Uses Crypto APIs (Might try to encrypt user data)
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-09 20:20
Signatures
Privateloader family
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-09 20:20
Reported
2024-05-09 20:23
Platform
android-x86-arm-20240506-en
Max time kernel
17s
Max time network
131s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.vitotechnology.SolarWalk2
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | graph.facebook.com | udp |
| GB | 157.240.214.1:443 | graph.facebook.com | tcp |
| GB | 216.58.204.78:443 | tcp | |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| GB | 157.240.214.1:443 | graph.facebook.com | tcp |
| US | 1.1.1.1:53 | config.uca.cloud.unity3d.com | udp |
| US | 34.111.113.40:443 | config.uca.cloud.unity3d.com | tcp |
| US | 1.1.1.1:53 | couchdb.swalk.co | udp |
| DE | 18.245.86.128:80 | couchdb.swalk.co | tcp |
Files
/data/data/com.vitotechnology.SolarWalk2/databases/google_app_measurement_local.db-journal
| MD5 | 1a310015b84af07c401d59a3d284eef8 |
| SHA1 | 8872e02266ef5dd7439cf8fe4fac85d939363a04 |
| SHA256 | bd033d12fb49adfca5dfba0cc0df7b46cf6fe7cd645ffd6209d8ff973cd59958 |
| SHA512 | 203589280af2c30e48ab691c671a23b65bce20c6e4d641294af9ff5b569d4b9697aa095bb597d4c5d8458218406196334ed10112048d3d32298e9888f6ff860c |
/data/data/com.vitotechnology.SolarWalk2/databases/google_app_measurement_local.db
| MD5 | d84480280a6e624d832cb647c4801824 |
| SHA1 | cd1db171015acd431ef29dd413ba29b5a0ab3447 |
| SHA256 | 10e7a6ecff13b9b3087cc4c680bfd7968bc89f2d84c54092c0244621b3219755 |
| SHA512 | 1b62dc4ba0bedf6c8908d81b91e1744d0a63ccc11b0a11863bec432b164cf570285e35883aa88b2aeb1ca41ac449954965dcc3944d4feae545ce800d2fc1f471 |
/data/data/com.vitotechnology.SolarWalk2/databases/google_app_measurement_local.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.vitotechnology.SolarWalk2/databases/google_app_measurement_local.db-wal
| MD5 | 92e55be4000c9c310c48fecfdcba8aed |
| SHA1 | ccc5044856f7c51ea8d1b14253feb107dc0f17e4 |
| SHA256 | 93f96bd66033852a0d233ef0ee70581448fcdaf09a134118a8994178bf355517 |
| SHA512 | 23eacf6befb6e6fedb6f775cc3549904a9d1f849a89c7baf1a570fe080a14ec965120a0dada802b13d1b9eb1799d8ab385e4c045945eb448e7e41b08dff81c1c |
/data/data/com.vitotechnology.SolarWalk2/databases/google_app_measurement_local.db-wal
| MD5 | a9f25a027e8bed90109bef1339dd6b21 |
| SHA1 | 50378d39a21221384ba919c37bff1f24edc367ab |
| SHA256 | 1d06b03f02585fee23e0d2e2373759da79e4bea62cda74f34c74b5bcb2ede26e |
| SHA512 | 1d41cdf80c1e2316bb27f0265d7f706a21a6cdae529eb9543602668a13995e34d13455ee867acf727bc28b3df22ebca282e3ca279d07f9eb2c43205080a121b1 |
/data/data/com.vitotechnology.SolarWalk2/databases/google_app_measurement_local.db
| MD5 | d2e67def4df5a22613f40deee0df37cc |
| SHA1 | ae20c48873f842e92f90b198b67a76bdf210e5a4 |
| SHA256 | d6c67275473dce1bb9fae882bdcdb3915fd3f60acffc23b25805059d9362dadc |
| SHA512 | 7cb5cbfa594d457c32f7a7697e66c4c57284e8beda744f1f5313c586da278dcb421ff3fded054c992f557841a950c7851024b66b75f44585691f5200a8c8de87 |
/storage/emulated/0/Android/data/com.vitotechnology.SolarWalk2/files/Unity/local.103411be10bba4184a3da412c0d0b3f1/Analytics/config
| MD5 | 8673a8ac0b06a9d056d08d62f857ba4b |
| SHA1 | a351bea1932270bafbe468584058fef20dcfc31e |
| SHA256 | 83b3f90c4edf1f122c8faf9784ca0aee4dd017c65493ac181c1814211703db96 |
| SHA512 | edf28eb7fcef654f139285d308f817ee230d6f064a4c865109d6dfe6f73c11f8f35737c8159c8a302118237ab980899ba5773f547cc9da4028643a53b08e324f |
/data/data/com.vitotechnology.SolarWalk2/databases/google_app_measurement_local.db-wal
| MD5 | 43afdd7ad8d5e39c7eec2ede59ffd0e6 |
| SHA1 | 1b63bfdbaa08b0dddc3b6acd356be7fcfe2eebe5 |
| SHA256 | 594d9f92db54192b5dd93f3c2f04aa448327cd20bbd246bea6f70e6d7ec7d969 |
| SHA512 | 4b1bbb12051e3e9b36c04463b6b9a75ade6461b67913a2a0d2bc05b1bbddfa8208819bdf06309030a0ca8194bee4cc706f9f5f0d1fa60b558e238bb8d726a094 |
/data/data/com.vitotechnology.SolarWalk2/databases/google_app_measurement_local.db
| MD5 | 4898050df33a9ae445fea97008fd787f |
| SHA1 | 09f928ab032c2083bbe3c97ad8df506e45cd2195 |
| SHA256 | 49dc0552be46c36a5c993e032359e7bbe57e6dfe87145b0e52e71b290ebd7074 |
| SHA512 | 7396d56fcb20f29a997bd46e7dc950bf3d56b96a6358ba8f819d46030a1fbe363223450f01377b7a3c0c037584f4f27675573b3cfe681d1cb8f714e20661682d |
/storage/emulated/0/Android/data/com.vitotechnology.SolarWalk2/files/remote_config.json
| MD5 | 2e220e26906b613c5334a9ddeb155cd3 |
| SHA1 | 0f0adaee46482e74886b8b1023a25e164bb13d69 |
| SHA256 | bd07ed57372e90633b9942c184d51d4c4826ef958f028a14a33b4c5b4fda71a4 |
| SHA512 | b911d1eaecc110452862d101553c86678f3916e9c1b00b0b14a95afb2fbf171bc1eae8a79abfa8098d2d89c7d82c5dbd6178412323b5021d76893f6437550d9d |
/storage/emulated/0/Android/data/com.vitotechnology.SolarWalk2/files/remote_config.json.etag
| MD5 | 8356dea43545b8310f0a36336cfc4596 |
| SHA1 | d0f712a5759b92e6964cf12a3d1d8d070f68bbe3 |
| SHA256 | 97d29c8a0693cb1815c52ea163e6ff408cabfc2cdbb8e66a49e87c5541a90183 |
| SHA512 | cf734a75e1c9540e761561fedc6a9960d424668f1787b2d5e5a9098cfce91efe28b28551cf6cebaeb483508db36bc130a70ea3d538864841928d92f8223ccae5 |
/data/data/com.vitotechnology.SolarWalk2/databases/google_app_measurement_local.db-wal
| MD5 | 29b03bd29afc609569b6a06bb35ac6d4 |
| SHA1 | 072bdc8bc8e1132c5ec2cf6e88595dca33535095 |
| SHA256 | 4f71f2dd49ba859f9992bab5a2497cc3b4d921d7a35cdd879d6b7b08a8171849 |
| SHA512 | b930689c24ab59abaad4251ff6738217e9827f19165e285288e59c0e4bb787f7c5b33b85c9c67627002f9d08cad63ccbd1f04d8ad11f6b80fa83981982b10398 |
/data/data/com.vitotechnology.SolarWalk2/databases/google_app_measurement_local.db
| MD5 | 7065f597085f5eb2f99533e11c52bf81 |
| SHA1 | b2a8a1df8f948e5560346b6744914973c2aafd95 |
| SHA256 | 26d92476a3fe0069d1c0f132f3b57347b1b717404d8fe275633744a2ee09594d |
| SHA512 | 3632e2500e119d9220c0e6c832583b1b606744d58ca6a203ec93b038dc374b65e9cc48cb5a21063879e2891368757cbdd67b5c32ec2eb640d9f7f403e6d3f99c |
/storage/emulated/0/Android/data/com.vitotechnology.SolarWalk2/files/Unity/local.103411be10bba4184a3da412c0d0b3f1/Analytics/values
| MD5 | f4fc584463db18d2f51a352d427604f8 |
| SHA1 | 5b89ac635522ac62012e8a55853904399988da7e |
| SHA256 | db0aad0aee5372043afaa8b758fd7cc28dd2e755bae748e238277f410861f6ad |
| SHA512 | 02aaafc391d5cdaae7cc988794d9611007f3eed1bec268a8376fd91eec2b06681bc5e98cd028c48653e0fb7a36a495e80fb8ddeac7137005b92261fa139edb50 |
/data/data/com.vitotechnology.SolarWalk2/databases/DownloadsDB-journal
| MD5 | 86f57212d828310eac940415155e824d |
| SHA1 | df5affa29022e31f718b11e82276733afaf4d700 |
| SHA256 | ee5c4dc26a70a173e819f95ac4b93e824243fddbaf6130ab197ef4e288701978 |
| SHA512 | 785160760fe361a19478ce26c16caf31a854e29c18e257e59d07b55d01a086b3391217f16d793518a2ddf9efb0d35668d43dfeb189d3f6f414fae42ba2bc37ad |
/data/data/com.vitotechnology.SolarWalk2/databases/DownloadsDB
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.vitotechnology.SolarWalk2/databases/DownloadsDB-wal
| MD5 | c9aba795e4a412411a07fe1e39092c43 |
| SHA1 | 8106313d26a14db8d96ac62fb3ae3dc6c16cbcc2 |
| SHA256 | f1f754b8803888afaf39c2d4fb2d20a0a25ff2dbf531667df4c7639f144cc39c |
| SHA512 | fc42a20fa201c44353786b1de6ec89485708d8efe5de8fe35c73ab5b18e0c1be71e8ccf73209d587dc1cc86a61226da88170eed258758003ac2eb34e59ca896e |
/data/data/com.vitotechnology.SolarWalk2/databases/google_app_measurement_local.db-wal
| MD5 | 576d363042ca37dbc1d7536f85958cd6 |
| SHA1 | a7425c052908ea31d90790cb2d2c8fc262d26009 |
| SHA256 | 3db08d427b8e52ad2d99b8e71f0cacadc3607da14bc3d1967521883065e615fe |
| SHA512 | 2f445d666429150f0f5c02c238588aeec0a0cd46fd43e85a518f6e35ff05aa6336b6e76e1461c70a4b83fc00555b14b855df72bc42c015eaa130a9fe0327c32b |
/data/data/com.vitotechnology.SolarWalk2/databases/google_app_measurement_local.db
| MD5 | f82f33600372e00394de2a7fc4b99dbf |
| SHA1 | 8f9f56eb4ae8c865d48994c0267667a588fe701f |
| SHA256 | 93c4d591abd43cd6134946aa91fc5b74bb050f3475cb02c8c5f0d09c10466190 |
| SHA512 | 779f19379b677088923cdf016c3d3f1a38c3c214f49d15103e3f1083b4b8b38745781691764783449bbd842a17b369652d1f071e1188b577ee94dfeb5e0bcfdd |
/data/data/com.vitotechnology.SolarWalk2/databases/google_app_measurement_local.db-wal
| MD5 | deb0227b479a4a5f39d638b7d5e1571b |
| SHA1 | bf3bf338f612cacc04befa6719b89cfb2da282d1 |
| SHA256 | 73af8eb26b32e67a0ccecb8fa552b104e7e602f345674b50d0a16d335375524c |
| SHA512 | d0730b35074ba27e9765636740cd64cdba034ca5fb49624897a90c903de634cc370c1109a5654d2cf242338ea0d01850efbed59f63060e0f247abfd114c68f66 |
/data/data/com.vitotechnology.SolarWalk2/databases/google_app_measurement_local.db
| MD5 | 88d6d4676dbd13b0fe5927c36ec13b5b |
| SHA1 | abc4ad030fe84b9286aaf007d147b71624fb2765 |
| SHA256 | a44b4281aca3d6543411296d29f84bdb7f74033c24c750aab00e0e12872f0dbc |
| SHA512 | f1c4a8fb59f19ebaadc298b24e88a07674b4b87042773150e460260fd5886068db8ca01d7a4347062a83aa36c29a38fcb4bf7f09dbc35aed8efcd1343e41808a |
/data/data/com.vitotechnology.SolarWalk2/files/AppEventsLogger.persistedevents
| MD5 | c24cf9c625b7236296f1354e92f26257 |
| SHA1 | 0069a69b6d4e9deef9ce699268bf41a08bf69a84 |
| SHA256 | 2330097ed705465eddfe4252a048eb3d50d4622cdc746fa4285e483b2e462aec |
| SHA512 | 715c2488c73611f2294b6aea7eb6bcd46f1c4da66ac74f53b0ad45b47150ddb149a2493fa992ea32f3c7a6d969c9f5ae34db64845659bcc5e25558538242382e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-09 20:20
Reported
2024-05-09 20:20
Platform
android-33-x64-arm64-20240508.1-en
Max time network
7s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.16.234:443 | udp | |
| GB | 172.217.16.234:443 | tcp | |
| GB | 142.250.187.196:443 | udp | |
| GB | 142.250.187.196:443 | udp | |
| BE | 173.194.76.188:5228 | tcp | |
| GB | 216.58.213.4:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp |