Malware Analysis Report

2024-09-09 16:11

Sample ID 240514-rmtm5aag85
Target 41ccd6db9b33c7da2c9d985337163c7e_JaffaCakes118
SHA256 7b5a4d4b175ad448f2559b461072d9efae64a77036b38694567b254694cdab62
Tags
irata discovery evasion persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7b5a4d4b175ad448f2559b461072d9efae64a77036b38694567b254694cdab62

Threat Level: Known bad

The file 41ccd6db9b33c7da2c9d985337163c7e_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

irata discovery evasion persistence

Irata payload

Irata family

Checks CPU information

Checks memory information

Queries the mobile country code (MCC)

Queries the phone number (MSISDN for GSM devices)

Registers a broadcast receiver at runtime (usually for listening for system events)

Requests dangerous framework permissions

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-14 14:19

Signatures

Irata family

irata

Irata payload

Description Indicator Process Target
N/A N/A N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-14 14:19

Reported

2024-05-14 14:21

Platform

android-x86-arm-20240506-en

Max time kernel

31s

Max time network

135s

Command Line

beiwei.aldary.com

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

beiwei.aldary.com

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 www.aldary.com udp
JP 107.148.123.147:80 www.aldary.com tcp
JP 107.148.123.147:80 www.aldary.com tcp
JP 107.148.123.147:80 www.aldary.com tcp
US 1.1.1.1:53 www.qq.com udp
GB 23.215.228.198:80 www.qq.com tcp
GB 23.215.228.198:443 www.qq.com tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp

Files

/data/data/beiwei.aldary.com/files/persons3.db

MD5 0d2cf0d30e37004a69d1a8541be71d9b
SHA1 e811b5249481ca94cab1dde64088db8d1ab6ead6
SHA256 072c57923ebeecbc83721062033e15b44856846f07890be43fa3db80bb2e8090
SHA512 85b5d93f3c7449165c2b8179b0fcd97e09c031fbde020f5f482154722e88842fe3e802c20b4a2c8933790af644bdbbf5a3e112a0893453530bcc92828f78e42e

/data/data/beiwei.aldary.com/files/persons3.db-journal

MD5 dc99866c86387a6f771cccf43a46c066
SHA1 84d9a1e02c29edd882a402bb28b196b8a0f8af6a
SHA256 2274304b0fe49853c1baa98e9b5f95bd80372b928ad0b41869bbace16096ffba
SHA512 9eef7adc525891aef9c3b722ca1cc6600c0e6b53c30f25d6c3a5b14c7db012af6aeb7e164e667f3748e1ceaa90cce2e54a1817d1ef13c78d49d810613c229679

/data/data/beiwei.aldary.com/files/persons3.db

MD5 770d1f3a05b07fe30617e528adfcf9dd
SHA1 02e871a72721d29a15860b620d44bae32f17a8f6
SHA256 f7217ee5eba0e34f579068d2c0ee70c1d25450f465663b73223d4ea4d8525c78
SHA512 421293a3b1c676f194abd2d2f9afc7095f3a5bc13480906174165b9844889c84761f53f4cc9eb082b6d063049de3742cd5648418e0534b6dacdced60dc76566a

/data/data/beiwei.aldary.com/files/persons3.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/beiwei.aldary.com/files/persons3.db-wal

MD5 a2d2dec7b61a23f3412b0c91c7b2116d
SHA1 5e625ddd74bde4104695d16b71ba0051ea3d83a1
SHA256 5f07e80b05a07085e19d56a900f25ebd0af4a5be921fb498e9aa180543250628
SHA512 e730b43e000a9cd3e005abe0091162d389e6fdc6e04e5ba202826f141d2cbcc202d43c601f817dee9060c703936e7101eeec818cdc4e22d5afeab0bfd700a7f9

/data/data/beiwei.aldary.com/cache/~test.test

MD5 098f6bcd4621d373cade4e832627b4f6
SHA1 a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA256 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512 ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

/data/data/beiwei.aldary.com/libs/libarm.so

MD5 6cbd1f78e87c908cb371445b8d7240de
SHA1 56c25114c844b49079b01086f6a98371a92d2dd5
SHA256 8e112346cfd2c7719c6cc507dced46ef524f9fb713be4267b80703a460679418
SHA512 1ea3e1d2d2a7f2e6f80f5d21792ae84b763ab98540b5083a31998ff169c95fdc450a938d6305f28a4353941e3495df2d7ae78328ab29a6535c33c8c3b9607199

/data/data/beiwei.aldary.com/libs/libffmpeg.so

MD5 8a821f486a361a7fcd5285a154480ad9
SHA1 6980d8b1d927af02c6bae512a93c95de0fbffc83
SHA256 150135c1eb4dc85bf29b19f1a2e7862db8977318933447efa6601524497a0d5f
SHA512 9dcd33e380d74e30ce5f08621fb8eeb80b45abee536983f5c8c162a64990c56d4a0cf68af70936a6c3b17fe5934b0133fe04939389a1c033f5368bdc576c48e4

/data/data/beiwei.aldary.com/libs/libOMX.11.so

MD5 48ba306c506dc7b722e83c70580971b6
SHA1 322ea42d7accc8b23f21dbf8ab6d438f4ae92341
SHA256 ea2553290360c1e47b9e30fca7fc6a84c6914988ab438c0f54b2ee9a15fd702c
SHA512 c9c12d5b5d1825cf6321a485ead8c452dcbfa32ae131f7fdc22d9f1b7b2e5361f926c84328bbb7ee43fd92f764b80f8ccc39d3f671da4cb5c2879a4ee35aa6b4

/data/data/beiwei.aldary.com/libs/libOMX.14.so

MD5 a9821a9c293ad7eb9fd5cd051d09ef46
SHA1 10260e3da87f850ff932419a9b32b61a0220110e
SHA256 11ced22b81f3c7b65769fdf9212902c8e5923b7ec55fda149e811a77a4a3b760
SHA512 d862701fdffe38af4910ac4c3e3475754da369d4d3b204215ab5e6c86288321c731cd86620bcdac468a145e0b99de185180e6695a6c29956df59dcfa1143d6b5

/data/data/beiwei.aldary.com/libs/libOMX.18.so

MD5 82d5147024a8e03501dfd270eddeb865
SHA1 6a38d20416497dd97e37ae6630ce6d59384679c6
SHA256 7922041eed7170894912149f252c09be91145d0584da7d12aece95edd277d0b0
SHA512 9af9f1ba14e51efe9dce0e4cc52638136eb82e9610b5dd753d0842be0eedbaa3cffb564379489604ea4057eeeebc72ae6cfa37fa46791fc7a12a7fc33d78f684

/data/data/beiwei.aldary.com/libs/libOMX.9.so

MD5 7f127c97108fd5974229ebce208c7983
SHA1 fe37cb1688090d59ae0d2bd4aab3befbc2fe82f0
SHA256 084b5779bf8ba80b8b1bb44bc5000489a6db14beda450f7ad7f33b0ad9b73f46
SHA512 842a76c08e4505c3157e2740510ccd9376b281c7db413d4d1a28c9fd0de798b47f96410bf94b415bdee9ee8c6b98630514e21a0d873200c7c1cf0fb08e93e4c2

/data/data/beiwei.aldary.com/libs/libstlport_shared.so

MD5 d19aaa7033a7fd0febdcfcfb1a0adda9
SHA1 f677ed7985c253fd7db46f495de9e3e2d6def99e
SHA256 2de0d31c1dc1f045c395ab0cbaf52b93dd6ffa76ef7a66d963344914a76e5192
SHA512 197b509bfb49e9b5d94de10385398c4241e04fa404a2763fad5ad1e1df91c4aed1bc66b2cf6cb9b835bd2d3f5ad3d86e064b6fdedac9dfaa6817ca1e65782101

/data/data/beiwei.aldary.com/libs/libvao.0.so

MD5 feae9643a68fff4651fe4705f502a848
SHA1 57903f170f8aa52347de75a16541de42425fc7e2
SHA256 dff6ba0a54d84ef9d6881e926be053c9ba65f4cb830f595941702c4bd214f153
SHA512 290ebab6e51a65c53b9454d4d3673c1c6955e11c7e99d5ab9cca5fac7bddae0d91c215c3f12a669dd1b59601067dbaad7adcf565495c281f20abf71495403a20

/data/data/beiwei.aldary.com/libs/libvplayer.so

MD5 2a096702c7a26e3b0c1e825b9acb3b01
SHA1 c4f9e277ffd9cdf1b12f95a9602df2cfab4fa9f8
SHA256 a6331a3f05b0fa023b8a3bc29873a593503fbee0b390f7f29608c955a554f296
SHA512 7dd9d340ffe931a39ec3950e2af6f2d96e90cdf131306e187aaa9c7edf5691e649989b37bae1c97fdac4f3a16cb96fc967c7ac8213c4b45c50634b02c3b05075

/data/data/beiwei.aldary.com/libs/libvscanner.so

MD5 d757041c627326b62278e04fbbc544d5
SHA1 ad619c4a2dfe3b709e39b38129763093d38e82df
SHA256 da34e7570303d4048e8bddab4262e4c9d35b2398cbdb2e3797c2cfee562f5f29
SHA512 e7db796c6d8db0803d858457cf120762eb02d95a60a74484426ad8d374b7d6b8356ce34d8719c51d1411b9106022ad1f03db600041f4ce7aa7300b6698b14c16

/data/data/beiwei.aldary.com/libs/libvvo.0.so

MD5 feb3b16f3ad114b97eef5411dea2ecc9
SHA1 aec4598355918734c61385f7ab3d6bc7d3114268
SHA256 ec2327574cdd145ce53a06d8d23ffd00dc64c4180364c705ed0ce48e19c4a8b3
SHA512 e7cf9deb19cbe34fba51165fe21594bf5892b6b94ff6f8acc48ca8fc35be12b14a692074572a0beb539b5af209dc439c00126328f60c9069e85c8af206a3931b

/data/data/beiwei.aldary.com/libs/libvvo.7.so

MD5 0eb5f9da48302b51cf9eb5fb205437ae
SHA1 bcb781fafbf46561f793d9bb0af69bdd87e5b6a9
SHA256 20f344b67b43b1047cb52b1cd410befeab5b9e5c0ec6ada1ec7ab17725f67c9a
SHA512 e948ecc13cf034a443bde4c1dee58dde1073235b70aa870670127eac37c8960a95d1fa0831b456a506166aa9f47ecdc356b1e756e7d9573086a9d44c953de5f1

/data/data/beiwei.aldary.com/libs/libvvo.8.so

MD5 1faaa5d0c445c5b461d7b048ecb10cac
SHA1 5a65c32e8dcc8cfb40a0fb56206ffb568bbfd769
SHA256 e56411ca9a114b31c8f8682bedc495fa675690d48dc9eb76a2d1c4ed261378f0
SHA512 a30096e18602db304cbc4198e31df7bac69a0a6d01c6b944f70e6636a1cd6bada817d4af07446abab9865906e1cb3b8e01c49aabbf4a6689d4b7d72fb9891890

/data/data/beiwei.aldary.com/libs/libvvo.9.so

MD5 43c6a540da5ab5ca82164fc3e265896d
SHA1 9b34d3694e7e4176ee0d01558da3795dfb1e0b20
SHA256 1f7abd3f2bbadb3dc163f3d2cad86174e6bcccc17746fdcefc3d78095a9293ad
SHA512 17685315db8539c82f01300433d08315cfbd9e6d001b2ec0d37c242d0280132220a3d286635c41881b8331fe1be6384ffd60e5279ed145746545e38b5eac95a2

/data/data/beiwei.aldary.com/libs/libvvo.j.so

MD5 2d5618af7843c69b92ed959c70a1a039
SHA1 e942b6622147d647e5ba84dd6de3abe42d4f99b2
SHA256 e0b5383244f32ba4844aec18ea9ddd019692739ff0e69ff0ffae6629d8620c81
SHA512 e743c9e05b32a6a06031300f554d3152455433ee3fc8604c93b16d9a6ae7ae1dcaa3449394031339a4187ccdf84b6a0d752466620ada34e4f9e46ef52ae6e24d

/data/data/beiwei.aldary.com/libs/.lock

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a