Analysis Overview
SHA256
2d2e2bb5cb09c17b16dffce095715802918ea1181f9760f7b585047496033848
Threat Level: Shows suspicious behavior
The file 3e3345c0efcef8dbdf0f156810c49f10_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Checks CPU information
Queries information about the current Wi-Fi connection
Checks if the internet connection is available
Requests dangerous framework permissions
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-13 06:42
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-13 06:42
Reported
2024-05-13 06:45
Platform
android-x86-arm-20240506-en
Max time kernel
75s
Max time network
130s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Processes
com.vipheyue.chat
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | heyue.oss-cn-hangzhou.aliyuncs.com | udp |
| CN | 118.31.219.201:80 | heyue.oss-cn-hangzhou.aliyuncs.com | tcp |
| US | 1.1.1.1:53 | alog.umeng.com | udp |
| CN | 223.109.148.177:80 | alog.umeng.com | tcp |
| GB | 216.58.204.78:443 | tcp | |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| CN | 223.109.148.176:80 | alog.umeng.com | tcp |
| CN | 223.109.148.178:80 | alog.umeng.com | tcp |
| CN | 223.109.148.141:80 | alog.umeng.com | tcp |
| CN | 223.109.148.130:80 | alog.umeng.com | tcp |
| CN | 223.109.148.179:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | alog.umeng.co | udp |
Files
/data/data/com.vipheyue.chat/files/umeng_it.cache
| MD5 | ec58c19cd8eb589004b27db27798c791 |
| SHA1 | c7d463da453064116c6823f83dbd62044e974f1c |
| SHA256 | 82187b251c807e295f787924c8afcbdb9366b361c48027d70cba37b3b6183e4c |
| SHA512 | dee90b6c765cb2bd6ed8bdbe540151125f7db48e18b0905cb0d47658415217eeee6efbe2ca056a233d26e8ca2d9159f40e80e22de24632554b6edacef5ea64c1 |
/data/data/com.vipheyue.chat/files/mobclick_agent_sealed_com.vipheyue.chat
| MD5 | 289008b9634551cd374e94140842cc3a |
| SHA1 | e1674d817d6b036c983c0933f8e74c80d87b3e66 |
| SHA256 | a2b6e870f17acb19b9420a4cbd6a60e7618f1676cb7618f0acba86821cac9e0e |
| SHA512 | aaadd4d3afe851be475bb7b1a515086d4b8c05e16c9b61c55da8ce27a9e7034614b69cc9b95b47d927a88db68b0a180eafccd99bcf43dff41000b84d2feacc3c |