Analysis Overview
SHA256
12bee94b65864aeac63cbb243ed459f45db8329079668f2132750ad384208d12
Threat Level: Known bad
The file 318a968a21aad759b7bb2b53d03989b9_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Privateloader family
Checks CPU information
Loads dropped Dex/Jar
Registers a broadcast receiver at runtime (usually for listening for system events)
Requests dangerous framework permissions
Checks if the internet connection is available
Reads information about phone network operator.
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-10 23:19
Signatures
Privateloader family
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-10 23:19
Reported
2024-05-10 23:22
Platform
android-x86-arm-20240506-en
Max time kernel
133s
Max time network
150s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.knik1985.Sergeant_Mahoney/app_working/applovin.dex | N/A | N/A |
| N/A | /data/user/0/com.knik1985.Sergeant_Mahoney/app_working/applovin.dex | N/A | N/A |
| N/A | /data/user/0/com.knik1985.Sergeant_Mahoney/app_working/chartboost.dex | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Reads information about phone network operator.
Processes
com.knik1985.Sergeant_Mahoney
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | stats.unity3d.com | udp |
| US | 1.1.1.1:53 | config.uca.cloud.unity3d.com | udp |
| US | 34.111.113.40:443 | config.uca.cloud.unity3d.com | tcp |
| US | 1.1.1.1:53 | api.appodeal.com | udp |
| NL | 23.111.25.220:443 | api.appodeal.com | tcp |
| NL | 23.111.25.220:443 | api.appodeal.com | tcp |
| NL | 23.111.25.220:443 | api.appodeal.com | tcp |
| US | 1.1.1.1:53 | api.uca.cloud.unity3d.com | udp |
| US | 34.107.172.168:443 | api.uca.cloud.unity3d.com | tcp |
| GB | 142.250.179.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| NL | 23.111.25.220:443 | api.appodeal.com | tcp |
| NL | 23.111.25.220:443 | api.appodeal.com | tcp |
| NL | 23.111.25.220:443 | api.appodeal.com | tcp |
| NL | 23.111.25.220:443 | api.appodeal.com | tcp |
Files
/storage/emulated/0/.appodeal
| MD5 | 88278dd6f1c310e699905218a9161893 |
| SHA1 | 616e70e35b2ce06b150fb71911606ea34fa100b6 |
| SHA256 | 469abedf5797bb56f1afa35a227eba1d8f7b3e22c99426e527da4b0d839dde15 |
| SHA512 | 86b75a46ffbd2c5f9d3dc8c3a3ab8c52a5a93ae22c669c3f20b7a715be6875af0fdbe25e7899e6b4c8ec9d328b634d2674d5749c2174ad3af0e95b3483fbb106 |
/data/data/com.knik1985.Sergeant_Mahoney/app_working/applovin.dex
| MD5 | e5b12c5953e9ac647f7fdc692d41cc48 |
| SHA1 | 90e9cbb35610b26fd8bf36bd3347ab0712f7675b |
| SHA256 | edaaca89f61a7011df8e2471b62f58e9b8f6053d415f0714ab9d5d5334eac0ba |
| SHA512 | 09a49d3688e9750b28cc5b869dffb69fc7e4a1a58d7075ec3c68def6d55277f8c2eada7adc596cfcb8aa0a648d16cf8058995e95844e6ab2294f9b1c5c85e025 |
/data/data/com.knik1985.Sergeant_Mahoney/app_working/chartboost.dex
| MD5 | 40774cb3139cd0ba623d36181ce52e57 |
| SHA1 | f0c69f0ce76f9ab5bc5aa3d3bde2298c0ad255af |
| SHA256 | d8d462a65dba5b7f75f4e2ffa521a4777be5f3dc4773ed570de70c55a8efbf7d |
| SHA512 | 023ab55ec06dd6d8520d8d8e1b4780b7604835fde6e7662e1695d09deceb6c1c052bf2cd9dea361764bf98ff7be81a001abb3780a2ec2521aa1618fe59e90413 |
/storage/emulated/0/Android/data/com.knik1985.Sergeant_Mahoney/files/Unity/dc4161cd-cafb-4f19-9f48-246114ffbd71/Analytics/config
| MD5 | 8673a8ac0b06a9d056d08d62f857ba4b |
| SHA1 | a351bea1932270bafbe468584058fef20dcfc31e |
| SHA256 | 83b3f90c4edf1f122c8faf9784ca0aee4dd017c65493ac181c1814211703db96 |
| SHA512 | edf28eb7fcef654f139285d308f817ee230d6f064a4c865109d6dfe6f73c11f8f35737c8159c8a302118237ab980899ba5773f547cc9da4028643a53b08e324f |
/storage/emulated/0/Android/data/com.knik1985.Sergeant_Mahoney/files/Unity/dc4161cd-cafb-4f19-9f48-246114ffbd71/Analytics/ArchivedEvents/171538319100000.b634fe9e/e
| MD5 | 7fc9ee3afa7bfc354284fa828fee9248 |
| SHA1 | aa12a8e7c4a11fc90cadc49a11248cf89cbed4f8 |
| SHA256 | ce7b72aa11b516de11013f6891f282173b3d0f1f5894b9b532d90d6b2ef09365 |
| SHA512 | 927ec9f323b1c47ef20b035cccd2b66becaa245fb18b9f72685813f33090ef0f2c0670caadc3f8d1ac0c0192de28a7e68c718c1c439718cf197e8f9c2c8c44b3 |
/storage/emulated/0/Android/data/com.knik1985.Sergeant_Mahoney/files/Unity/dc4161cd-cafb-4f19-9f48-246114ffbd71/Analytics/ArchivedEvents/171538319100000.b634fe9e/s
| MD5 | b29544262969aa76f818a3fd997d84b2 |
| SHA1 | 6d29f2824f1394103394a7428f58fadb7d4dcafa |
| SHA256 | 55f3d0e3dd2817bc44fe17656dffa4b3998f2e57d72f6c3ee9584ed9dfdd5c67 |
| SHA512 | 780a7fb9868a290a5389e72a9618757ae547efdc78aec318eb0fdbe630cc8de5dc75d6ab8f37ad829396fda3910cd31a9ee692dc14a9a43ce0a5c87821ab2b4e |
/storage/emulated/0/Android/data/com.knik1985.Sergeant_Mahoney/files/Unity/dc4161cd-cafb-4f19-9f48-246114ffbd71/Analytics/ArchivedEvents/171538319100001.b634fe9e/e
| MD5 | 458c88bbe12c71c20a4b1f1d8955f1aa |
| SHA1 | d936c502671f09180f72d9061e11a295245dd348 |
| SHA256 | 2c89e589f1bed6d9b9676af58d9e9d6fcb5c3ae9c6a2e691babcaa9cae8c3b5f |
| SHA512 | 832bf94093d98a8237df1670202ab318590043b0d8205efdcbce6cd766ad2c5de4c0c39a674713be8216a1724b26cc95f9b025255a886682e8a14188c75648de |
/storage/emulated/0/Android/data/com.knik1985.Sergeant_Mahoney/files/Unity/dc4161cd-cafb-4f19-9f48-246114ffbd71/Analytics/values
| MD5 | 5a9ce2a0fbdd36a05ed8ac3cdd298fde |
| SHA1 | f017a2e8d411fe2ea86c46fd8f3a9aa5372c0bd6 |
| SHA256 | 21d265fc70671a5982eb539212cdaa723838c49472ff5ac7e2cde6fc253d50bd |
| SHA512 | fb95a21cae26750c21b8aac2a4414ca33a3250f9df181102dda8d970a3cf9e714cf2fd2ca5a0f2fa20057949748f2550e65a89c07a429f53fd359793f9cda540 |
/storage/emulated/0/Android/data/com.knik1985.Sergeant_Mahoney/files/Unity/dc4161cd-cafb-4f19-9f48-246114ffbd71/Analytics/ArchivedEvents/171538319200002.b634fe9e/e
| MD5 | 419d3a1dfc052b87f5903b3d8eff421d |
| SHA1 | cce704fc54d248070b98e178fe1a13ac12693df0 |
| SHA256 | 36b05d8a01c55156e10c7e533e2041bdca715d24125e0f29e0552c36ed940784 |
| SHA512 | f467e6ac2087caee06a1b574906506cb54bdcf880702e90bcc04e4f747cdd1503187e1a8c6b1eeb5fc1a2df8082574fec1eea21d887471d804222dee7798483d |
/storage/emulated/0/Android/data/com.knik1985.Sergeant_Mahoney/files/Unity/dc4161cd-cafb-4f19-9f48-246114ffbd71/Analytics/ArchivedEvents/171538319200002.b634fe9e/e
| MD5 | de14151911bb6171e44e337b1a7fd793 |
| SHA1 | 855b8b4107700ffe3a3fe5fe24ab46773b2c057a |
| SHA256 | bfb45d65aa3c6425d16a16cf89036cb5aa03694c5a7ba4959defe49d0b73610f |
| SHA512 | 016d73943f785012a35db4814b2d894faa4c6e573914acd333d538876542dd5565f5bd11766a285ee47f74ada473ba4386aa9a100b50a8a6f61a47c76fc5e40d |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-10 23:19
Reported
2024-05-10 23:23
Platform
android-x64-20240506-en
Max time network
186s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.169.10:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.169.72:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| GB | 142.250.179.238:443 | tcp | |
| GB | 216.58.212.234:443 | tcp | |
| GB | 172.217.169.68:443 | tcp | |
| GB | 172.217.169.68:443 | tcp | |
| GB | 216.58.212.202:443 | tcp | |
| GB | 172.217.169.78:443 | tcp | |
| BE | 64.233.166.188:5228 | tcp | |
| GB | 142.250.187.195:443 | tcp | |
| GB | 216.58.212.234:443 | tcp | |
| GB | 142.250.187.195:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 1.1.1.1:53 | g.tenor.com | udp |
| GB | 216.58.213.4:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| GB | 172.217.16.238:443 | www.youtube.com | tcp |
| GB | 216.58.213.4:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 64.233.167.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | mdh-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | ighwdvpyxoe | udp |
| US | 1.1.1.1:53 | bkmsohzwqywihx | udp |
| US | 1.1.1.1:53 | qgotsoz | udp |