Malware Analysis Report

2024-12-08 03:08

Sample ID 240510-ynj9eaef3z
Target 30c7a402e9c539d3127e9e7bb52097b6_JaffaCakes118
SHA256 7626ec21de63de1d4903c5ce6e7d5797b4b2efe9a3a1ad29622dbcab1ed9f8b4
Tags
discovery evasion privateloader persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7626ec21de63de1d4903c5ce6e7d5797b4b2efe9a3a1ad29622dbcab1ed9f8b4

Threat Level: Known bad

The file 30c7a402e9c539d3127e9e7bb52097b6_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

discovery evasion privateloader persistence

Privateloader family

Checks CPU information

Registers a broadcast receiver at runtime (usually for listening for system events)

Requests dangerous framework permissions

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-10 19:56

Signatures

Privateloader family

privateloader

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-10 19:55

Reported

2024-05-10 19:58

Platform

android-x64-20240506-en

Max time kernel

8s

Max time network

145s

Command Line

com.kochmedia.sampeters

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.kochmedia.sampeters

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.202:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 216.58.212.206:443 tcp
GB 216.58.204.66:443 tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp
GB 142.250.187.206:443 tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-10 19:55

Reported

2024-05-10 19:58

Platform

android-x86-arm-20240506-en

Max time kernel

88s

Max time network

140s

Command Line

com.kochmedia.sampeters

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.kochmedia.sampeters

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.213.10:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 stats.unity3d.com udp
US 1.1.1.1:53 config.uca.cloud.unity3d.com udp
US 34.111.113.40:443 config.uca.cloud.unity3d.com tcp
US 1.1.1.1:53 api.uca.cloud.unity3d.com udp
US 34.107.172.168:443 api.uca.cloud.unity3d.com tcp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
GB 142.250.187.202:443 semanticlocation-pa.googleapis.com tcp
GB 142.250.187.202:443 semanticlocation-pa.googleapis.com tcp

Files

/storage/emulated/0/Android/data/com.kochmedia.sampeters/files/Unity/local.4c3ca0bf64563364ba09b50056616101/Analytics/config

MD5 8673a8ac0b06a9d056d08d62f857ba4b
SHA1 a351bea1932270bafbe468584058fef20dcfc31e
SHA256 83b3f90c4edf1f122c8faf9784ca0aee4dd017c65493ac181c1814211703db96
SHA512 edf28eb7fcef654f139285d308f817ee230d6f064a4c865109d6dfe6f73c11f8f35737c8159c8a302118237ab980899ba5773f547cc9da4028643a53b08e324f

/storage/emulated/0/Android/data/com.kochmedia.sampeters/files/Unity/local.4c3ca0bf64563364ba09b50056616101/Analytics/ArchivedEvents/171537098200000.af199f32/e

MD5 37339fe7933fe58a99cd7a7a7c3091a7
SHA1 f5a90252e5aaa14d7b79bdac644c3968bcbff2ce
SHA256 7e3f46d8cfbdd1046d974da1a8192be27446347be588151d3618a3d35b4384e3
SHA512 a9cf1b93ec4dc34e306a50e12f3347bb35171a214702925485b7cbe51687ce90a15c9d916547ad3ceaf7d5614c1f43c383ffc22c8b88c6887f4003b3d7ed78af

/storage/emulated/0/Android/data/com.kochmedia.sampeters/files/Unity/local.4c3ca0bf64563364ba09b50056616101/Analytics/ArchivedEvents/171537098200000.af199f32/s

MD5 71ff670051865ec16eec66545a247984
SHA1 def6c01cef4ceeb752a7861dc0faa325398f496b
SHA256 5051e2fa5964de8f3346d2f99e407c7db78a5a8feec363c8911a122567cb6080
SHA512 15ed5723239e8dc88e177177e6459675c79867a7ffce2e2d83eec8347d579a589c0254f3b7320035085d485dbb50fe3e3837b084635d5ea0ccf5e62b580866ef

/storage/emulated/0/Android/data/com.kochmedia.sampeters/files/Unity/local.4c3ca0bf64563364ba09b50056616101/Analytics/ArchivedEvents/171537098200001.af199f32/e

MD5 a3484f8243a7e1c0a1e0914bdfdf7867
SHA1 3093b2430f4404b05fff4bb6c31369e07d18c53f
SHA256 9de24912f13f8c43c39002386cee793224c4eaae3a6db654a8e8a2b0472316fb
SHA512 f9ef697ebc1024e31953d0f49635dce50bd3388b65f9b9a3967057f82c25f197c48a318f655a206428826b63808134b7e0556699f1bd23f6aa8cd42b52d7f246

/storage/emulated/0/Android/data/com.kochmedia.sampeters/files/Unity/local.4c3ca0bf64563364ba09b50056616101/Analytics/values

MD5 46ff0b62705c3c6cb6a9fd942d913e4d
SHA1 d5c20137b81d84a270cb0368cacedfb66226447c
SHA256 68492a9531c2bee2ed729f1987fe49002424ef9b852954613c5e5120b50447d2
SHA512 64ab12fc2a086042e4b49aaa1bf361f97e5dcfc0bac11d2dd69996e6287828986819406d31f7dbe9b7654eb46431179506eaa979c7bea1edce76b368963df33f

/storage/emulated/0/Android/data/com.kochmedia.sampeters/files/Unity/local.4c3ca0bf64563364ba09b50056616101/Analytics/ArchivedEvents/171537098200002.af199f32/e

MD5 a24689f1c216a01241344bf1871d8491
SHA1 a0ca07446dc4347c78d25d5e4275021bc8b5f173
SHA256 2b48efc2d48d77a4f560b17ef4503f39f9fff169ffd1fa0c50ab2a9db271b6f9
SHA512 d59e36f98a547f280f434ed7f5983e317f3013ac89252a09d989c9432aa35c52b9849302ce38fad946e3907bb1a27bd5fa2bc532c7ffeeadcf8822b64743aaf9

/storage/emulated/0/Android/data/com.kochmedia.sampeters/files/Unity/local.4c3ca0bf64563364ba09b50056616101/Analytics/ArchivedEvents/171537098200002.af199f32/e

MD5 fa65412fff83f9e7e886433afd7a5777
SHA1 d325fde0929d03da231aebdcc4d6ccc1791521e8
SHA256 20f98d98bddad31cb4ba17c2902318ee59a325f75558182bc1eddf0d2ce6e101
SHA512 5096bb4cb64dfb3bbf17b4f65c61c89100df1e767841771ed7a24a7979625e8b890921d4a4ff1d3a7e6c09e912b451b3f7c63ad81ae9d213d7a69c9b43786a26