Malware Analysis Report

2024-12-08 03:02

Sample ID 240510-3at9nsac72
Target 318a968a21aad759b7bb2b53d03989b9_JaffaCakes118
SHA256 12bee94b65864aeac63cbb243ed459f45db8329079668f2132750ad384208d12
Tags
privateloader discovery evasion persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

12bee94b65864aeac63cbb243ed459f45db8329079668f2132750ad384208d12

Threat Level: Known bad

The file 318a968a21aad759b7bb2b53d03989b9_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

privateloader discovery evasion persistence

Privateloader family

Checks CPU information

Loads dropped Dex/Jar

Registers a broadcast receiver at runtime (usually for listening for system events)

Requests dangerous framework permissions

Checks if the internet connection is available

Reads information about phone network operator.

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-10 23:19

Signatures

Privateloader family

privateloader

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-10 23:19

Reported

2024-05-10 23:22

Platform

android-x86-arm-20240506-en

Max time kernel

133s

Max time network

150s

Command Line

com.knik1985.Sergeant_Mahoney

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.knik1985.Sergeant_Mahoney/app_working/applovin.dex N/A N/A
N/A /data/user/0/com.knik1985.Sergeant_Mahoney/app_working/applovin.dex N/A N/A
N/A /data/user/0/com.knik1985.Sergeant_Mahoney/app_working/chartboost.dex N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Processes

com.knik1985.Sergeant_Mahoney

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 stats.unity3d.com udp
US 1.1.1.1:53 config.uca.cloud.unity3d.com udp
US 34.111.113.40:443 config.uca.cloud.unity3d.com tcp
US 1.1.1.1:53 api.appodeal.com udp
NL 23.111.25.220:443 api.appodeal.com tcp
NL 23.111.25.220:443 api.appodeal.com tcp
NL 23.111.25.220:443 api.appodeal.com tcp
US 1.1.1.1:53 api.uca.cloud.unity3d.com udp
US 34.107.172.168:443 api.uca.cloud.unity3d.com tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
NL 23.111.25.220:443 api.appodeal.com tcp
NL 23.111.25.220:443 api.appodeal.com tcp
NL 23.111.25.220:443 api.appodeal.com tcp
NL 23.111.25.220:443 api.appodeal.com tcp

Files

/storage/emulated/0/.appodeal

MD5 88278dd6f1c310e699905218a9161893
SHA1 616e70e35b2ce06b150fb71911606ea34fa100b6
SHA256 469abedf5797bb56f1afa35a227eba1d8f7b3e22c99426e527da4b0d839dde15
SHA512 86b75a46ffbd2c5f9d3dc8c3a3ab8c52a5a93ae22c669c3f20b7a715be6875af0fdbe25e7899e6b4c8ec9d328b634d2674d5749c2174ad3af0e95b3483fbb106

/data/data/com.knik1985.Sergeant_Mahoney/app_working/applovin.dex

MD5 e5b12c5953e9ac647f7fdc692d41cc48
SHA1 90e9cbb35610b26fd8bf36bd3347ab0712f7675b
SHA256 edaaca89f61a7011df8e2471b62f58e9b8f6053d415f0714ab9d5d5334eac0ba
SHA512 09a49d3688e9750b28cc5b869dffb69fc7e4a1a58d7075ec3c68def6d55277f8c2eada7adc596cfcb8aa0a648d16cf8058995e95844e6ab2294f9b1c5c85e025

/data/data/com.knik1985.Sergeant_Mahoney/app_working/chartboost.dex

MD5 40774cb3139cd0ba623d36181ce52e57
SHA1 f0c69f0ce76f9ab5bc5aa3d3bde2298c0ad255af
SHA256 d8d462a65dba5b7f75f4e2ffa521a4777be5f3dc4773ed570de70c55a8efbf7d
SHA512 023ab55ec06dd6d8520d8d8e1b4780b7604835fde6e7662e1695d09deceb6c1c052bf2cd9dea361764bf98ff7be81a001abb3780a2ec2521aa1618fe59e90413

/storage/emulated/0/Android/data/com.knik1985.Sergeant_Mahoney/files/Unity/dc4161cd-cafb-4f19-9f48-246114ffbd71/Analytics/config

MD5 8673a8ac0b06a9d056d08d62f857ba4b
SHA1 a351bea1932270bafbe468584058fef20dcfc31e
SHA256 83b3f90c4edf1f122c8faf9784ca0aee4dd017c65493ac181c1814211703db96
SHA512 edf28eb7fcef654f139285d308f817ee230d6f064a4c865109d6dfe6f73c11f8f35737c8159c8a302118237ab980899ba5773f547cc9da4028643a53b08e324f

/storage/emulated/0/Android/data/com.knik1985.Sergeant_Mahoney/files/Unity/dc4161cd-cafb-4f19-9f48-246114ffbd71/Analytics/ArchivedEvents/171538319100000.b634fe9e/e

MD5 7fc9ee3afa7bfc354284fa828fee9248
SHA1 aa12a8e7c4a11fc90cadc49a11248cf89cbed4f8
SHA256 ce7b72aa11b516de11013f6891f282173b3d0f1f5894b9b532d90d6b2ef09365
SHA512 927ec9f323b1c47ef20b035cccd2b66becaa245fb18b9f72685813f33090ef0f2c0670caadc3f8d1ac0c0192de28a7e68c718c1c439718cf197e8f9c2c8c44b3

/storage/emulated/0/Android/data/com.knik1985.Sergeant_Mahoney/files/Unity/dc4161cd-cafb-4f19-9f48-246114ffbd71/Analytics/ArchivedEvents/171538319100000.b634fe9e/s

MD5 b29544262969aa76f818a3fd997d84b2
SHA1 6d29f2824f1394103394a7428f58fadb7d4dcafa
SHA256 55f3d0e3dd2817bc44fe17656dffa4b3998f2e57d72f6c3ee9584ed9dfdd5c67
SHA512 780a7fb9868a290a5389e72a9618757ae547efdc78aec318eb0fdbe630cc8de5dc75d6ab8f37ad829396fda3910cd31a9ee692dc14a9a43ce0a5c87821ab2b4e

/storage/emulated/0/Android/data/com.knik1985.Sergeant_Mahoney/files/Unity/dc4161cd-cafb-4f19-9f48-246114ffbd71/Analytics/ArchivedEvents/171538319100001.b634fe9e/e

MD5 458c88bbe12c71c20a4b1f1d8955f1aa
SHA1 d936c502671f09180f72d9061e11a295245dd348
SHA256 2c89e589f1bed6d9b9676af58d9e9d6fcb5c3ae9c6a2e691babcaa9cae8c3b5f
SHA512 832bf94093d98a8237df1670202ab318590043b0d8205efdcbce6cd766ad2c5de4c0c39a674713be8216a1724b26cc95f9b025255a886682e8a14188c75648de

/storage/emulated/0/Android/data/com.knik1985.Sergeant_Mahoney/files/Unity/dc4161cd-cafb-4f19-9f48-246114ffbd71/Analytics/values

MD5 5a9ce2a0fbdd36a05ed8ac3cdd298fde
SHA1 f017a2e8d411fe2ea86c46fd8f3a9aa5372c0bd6
SHA256 21d265fc70671a5982eb539212cdaa723838c49472ff5ac7e2cde6fc253d50bd
SHA512 fb95a21cae26750c21b8aac2a4414ca33a3250f9df181102dda8d970a3cf9e714cf2fd2ca5a0f2fa20057949748f2550e65a89c07a429f53fd359793f9cda540

/storage/emulated/0/Android/data/com.knik1985.Sergeant_Mahoney/files/Unity/dc4161cd-cafb-4f19-9f48-246114ffbd71/Analytics/ArchivedEvents/171538319200002.b634fe9e/e

MD5 419d3a1dfc052b87f5903b3d8eff421d
SHA1 cce704fc54d248070b98e178fe1a13ac12693df0
SHA256 36b05d8a01c55156e10c7e533e2041bdca715d24125e0f29e0552c36ed940784
SHA512 f467e6ac2087caee06a1b574906506cb54bdcf880702e90bcc04e4f747cdd1503187e1a8c6b1eeb5fc1a2df8082574fec1eea21d887471d804222dee7798483d

/storage/emulated/0/Android/data/com.knik1985.Sergeant_Mahoney/files/Unity/dc4161cd-cafb-4f19-9f48-246114ffbd71/Analytics/ArchivedEvents/171538319200002.b634fe9e/e

MD5 de14151911bb6171e44e337b1a7fd793
SHA1 855b8b4107700ffe3a3fe5fe24ab46773b2c057a
SHA256 bfb45d65aa3c6425d16a16cf89036cb5aa03694c5a7ba4959defe49d0b73610f
SHA512 016d73943f785012a35db4814b2d894faa4c6e573914acd333d538876542dd5565f5bd11766a285ee47f74ada473ba4386aa9a100b50a8a6f61a47c76fc5e40d

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-10 23:19

Reported

2024-05-10 23:23

Platform

android-x64-20240506-en

Max time network

186s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.10:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.72:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 142.250.179.238:443 tcp
GB 216.58.212.234:443 tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp
GB 216.58.212.202:443 tcp
GB 172.217.169.78:443 tcp
BE 64.233.166.188:5228 tcp
GB 142.250.187.195:443 tcp
GB 216.58.212.234:443 tcp
GB 142.250.187.195:443 tcp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 g.tenor.com udp
GB 216.58.213.4:443 www.google.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 172.217.16.238:443 www.youtube.com tcp
GB 216.58.213.4:443 www.google.com tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.204.68:443 www.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
BE 64.233.167.84:443 accounts.google.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
US 1.1.1.1:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 1.1.1.1:53 ighwdvpyxoe udp
US 1.1.1.1:53 bkmsohzwqywihx udp
US 1.1.1.1:53 qgotsoz udp

Files

N/A