Analysis Overview
SHA256
b83bd8c755cb7546ef28bac157e51f04257686a045bbf9d64bec7eeb9116fd8a
Threat Level: Shows suspicious behavior
The file 4293504296dad91b884b5e7be64f8294_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Tries to add a device administrator.
Declares broadcast receivers with permission to handle system events
Declares services with permission to bind to the system
Requests dangerous framework permissions
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-05-14 18:52
Signatures
Declares broadcast receivers with permission to handle system events
| Description | Indicator | Process | Target |
| Required by device admin receivers to bind with the system. Allows apps to manage device administration features. | android.permission.BIND_DEVICE_ADMIN | N/A | N/A |
Declares services with permission to bind to the system
| Description | Indicator | Process | Target |
| Required by accessibility services to bind with the system. Allows apps to access accessibility features. | android.permission.BIND_ACCESSIBILITY_SERVICE | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an application to read the user's call log. | android.permission.READ_CALL_LOG | N/A | N/A |
| Allows an application to monitor incoming MMS messages. | android.permission.RECEIVE_MMS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to collect component usage statistics. | android.permission.PACKAGE_USAGE_STATS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-14 18:52
Reported
2024-05-14 18:52
Platform
android-x86-arm-20240506-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-14 18:52
Reported
2024-05-14 18:55
Platform
android-x64-20240514-en
Max time kernel
13s
Max time network
147s
Command Line
Signatures
Processes
com.kmc.prod
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.204.72:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.169.46:443 | android.apis.google.com | tcp |
| GB | 172.217.169.14:443 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| GB | 142.250.200.2:443 | tcp |
Files
/data/data/com.kmc.prod/databases/iDataBase.db-journal
| MD5 | 033d4a14880ed270e73240a235820b1c |
| SHA1 | ed3db825f815e61ee4b139fe9b78b413af8119e9 |
| SHA256 | acb46e0003abf811ba5b3dae4c824f7bcae118d37aa1b2646e22699fbe416d3a |
| SHA512 | 761280c3488d4a0ac512c8ad587a9ebe60a5fc662cc6927904a221c470104fe78f9524abe98775b4ce58d9b3ce613c5914da0f73b8d668b5811f6169ce6aff38 |
/data/data/com.kmc.prod/databases/iDataBase.db
| MD5 | 92d34fbdd5aa7ca549ea4db14fcebdc6 |
| SHA1 | 4487ccea90422d1523345df3efabee40acc9466f |
| SHA256 | f5494b50ffd533284da4188f66f930bfbbdf352a20d8954dac3068c63fdd55fc |
| SHA512 | 2e1a0c9382f515edc7109cf48e45d80a7c8f8675bdbe39d2de6bf5eff8130feea2e4a381c9770f87eacea1638e7b3f9583314c16b1bc3120f505a0cd268f3780 |
/data/data/com.kmc.prod/databases/iDataBase.db-journal
| MD5 | 0dce3855eb721204ab7f12aa88badcd6 |
| SHA1 | 06aacc9931e1b22ae7e8ade8c898eecf00cea756 |
| SHA256 | f3bd1540db5d06f4ca3eb4327400de6dc5168a62bab1dbcf63c606bc3c657817 |
| SHA512 | 295fa11714bd3f96497f1888f92892b227050a61551d514f89a44c5f7ced94d43f48707e6afcbf91ee186c30e885e73810144412983667e3e69ba8e1e9ae9242 |
/data/data/com.kmc.prod/databases/iDataBase.db-journal
| MD5 | a98e85433b70cdec3b9c439f06d48442 |
| SHA1 | 07583ca20fca6383fd52ed76e2a3473cac3163de |
| SHA256 | d45426acf0b335391b2faaab2149b9ee41c67e8de1ff358529bb1a755ec09946 |
| SHA512 | a8dd1556c8c91745438fe2a551bff57adf842ad250c586e93f72196c9417f8d36eda2472611e4c4e0b9f38638161a96aa2866472af2783877553fb9c152bcf26 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-14 18:52
Reported
2024-05-14 18:55
Platform
android-x64-arm64-20240514-en
Max time kernel
12s
Max time network
163s
Command Line
Signatures
Tries to add a device administrator.
| Description | Indicator | Process | Target |
| Intent action | android.app.action.ADD_DEVICE_ADMIN | N/A | N/A |
Processes
com.kmc.prod
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.40:443 | ssl.google-analytics.com | tcp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| GB | 142.250.180.3:443 | tcp |
Files
/data/user/0/com.kmc.prod/databases/iDataBase.db-journal
| MD5 | 2e9e74c560122a952990fd9e1e48c1b2 |
| SHA1 | 696cc53d955f6b94c22975188313c51173104a8b |
| SHA256 | 39cfa163c44ebae4b355c9a787258389ebc0964f0c27765d4695d64d5be06b3b |
| SHA512 | 08e2bb8712fee7ba542425fc9cfdf76f0c237bd06cf660d667b79e59e0a50a0266f0a227f46aff51109e5247284e2a5574c5837691c2525ad63e79dfd360ad98 |
/data/user/0/com.kmc.prod/databases/iDataBase.db
| MD5 | 7f82d3bc5b4b3a819d410d1067f0f166 |
| SHA1 | 056e506a7e6461673d3232e06d423f8f4e08065f |
| SHA256 | 3b5952edacf8c791e51c8f2fb0896930b6eef609a4a25222dd738bb28b7c6c86 |
| SHA512 | 2e3e0cf96eab3191ea49c39e61bfe4e8211e701e3e4ae8fdf8cf22c6bc12e868ba84e63851f118e18e83b7962038f3321f10a8ded47d51e50a94115d5b9ccbe8 |
/data/user/0/com.kmc.prod/databases/iDataBase.db-journal
| MD5 | 2094753ed5df21ded53396764033e58f |
| SHA1 | 03a0eac42478c8aaeb195d5d1e4fab434b34af51 |
| SHA256 | 5f01d18918ea3d7ae9ddce2b1fd758849f74c9f76937c8dc2615928f4b18d9f4 |
| SHA512 | b8e827c4ebe37ab65c3a0699f7c9665e00eb362cc13e6570727c07669008f2327dc82153673f78156d56a939cb29e506e4c50760a89ba79d432d5ea1bf17a02d |
/data/user/0/com.kmc.prod/databases/iDataBase.db-journal
| MD5 | 22862170a54a66adf1cc914fc13428fb |
| SHA1 | 0e93e71745130ca7e16e0f9d91a9dfe2b30e2721 |
| SHA256 | 606a1182a3b765281977fc7985d7e902c5efc105105c2db5a2effd2ab200f4ff |
| SHA512 | f1a440dff646b6a9f46e0817feb019a82544ecbde7b0135a3799227219bec9298e610f45481f6b2c52b72be37c6def728175234a12059353b8dfe772582dfeec |