Malware Analysis Report

2025-08-11 00:07

Sample ID 240513-hgrf5sdh54
Target 3e3345c0efcef8dbdf0f156810c49f10_JaffaCakes118
SHA256 2d2e2bb5cb09c17b16dffce095715802918ea1181f9760f7b585047496033848
Tags
discovery evasion
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

2d2e2bb5cb09c17b16dffce095715802918ea1181f9760f7b585047496033848

Threat Level: Shows suspicious behavior

The file 3e3345c0efcef8dbdf0f156810c49f10_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion

Checks CPU information

Queries information about the current Wi-Fi connection

Checks if the internet connection is available

Requests dangerous framework permissions

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-13 06:42

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-13 06:42

Reported

2024-05-13 06:45

Platform

android-x86-arm-20240506-en

Max time kernel

75s

Max time network

130s

Command Line

com.vipheyue.chat

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.vipheyue.chat

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 heyue.oss-cn-hangzhou.aliyuncs.com udp
CN 118.31.219.201:80 heyue.oss-cn-hangzhou.aliyuncs.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
GB 216.58.204.78:443 tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umeng.co udp

Files

/data/data/com.vipheyue.chat/files/umeng_it.cache

MD5 ec58c19cd8eb589004b27db27798c791
SHA1 c7d463da453064116c6823f83dbd62044e974f1c
SHA256 82187b251c807e295f787924c8afcbdb9366b361c48027d70cba37b3b6183e4c
SHA512 dee90b6c765cb2bd6ed8bdbe540151125f7db48e18b0905cb0d47658415217eeee6efbe2ca056a233d26e8ca2d9159f40e80e22de24632554b6edacef5ea64c1

/data/data/com.vipheyue.chat/files/mobclick_agent_sealed_com.vipheyue.chat

MD5 289008b9634551cd374e94140842cc3a
SHA1 e1674d817d6b036c983c0933f8e74c80d87b3e66
SHA256 a2b6e870f17acb19b9420a4cbd6a60e7618f1676cb7618f0acba86821cac9e0e
SHA512 aaadd4d3afe851be475bb7b1a515086d4b8c05e16c9b61c55da8ce27a9e7034614b69cc9b95b47d927a88db68b0a180eafccd99bcf43dff41000b84d2feacc3c