Malware Analysis Report

2024-09-09 19:08

Sample ID 240517-2lxnhaeh86
Target 51d81ded7ddebc8ad413888e6cdb8418_JaffaCakes118
SHA256 a8ee78344ecdecab87e8ae8a4308a1f02e072fd32734b3a52314a5ac285d7a7c
Tags
discovery evasion impact privilege_escalation
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

a8ee78344ecdecab87e8ae8a4308a1f02e072fd32734b3a52314a5ac285d7a7c

Threat Level: Shows suspicious behavior

The file 51d81ded7ddebc8ad413888e6cdb8418_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion impact privilege_escalation

Checks CPU information

Loads dropped Dex/Jar

Tries to add a device administrator.

Requests dangerous framework permissions

Declares broadcast receivers with permission to handle system events

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-17 22:40

Signatures

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-17 22:40

Reported

2024-05-17 22:44

Platform

android-x86-arm-20240514-en

Max time kernel

5s

Max time network

157s

Command Line

com.imangi.templerun

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.imangi.templerun/app_app_apk/templerun.dat.jar N/A N/A
N/A /data/user/0/com.imangi.templerun/app_app_apk/templerun.dat.jar N/A N/A

Tries to add a device administrator.

privilege_escalation impact
Description Indicator Process Target
Intent action android.app.action.ADD_DEVICE_ADMIN N/A N/A

Processes

com.imangi.templerun

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.imangi.templerun/app_app_apk/templerun.dat.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.imangi.templerun/app_app_apk/oat/x86/templerun.dat.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 www.google.com udp
GB 216.58.212.228:443 www.google.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 172.217.169.66:443 tcp
GB 142.250.179.238:443 tcp

Files

/data/data/com.imangi.templerun/files/file

MD5 d1531b1622de54fe3a0187c3344600e9
SHA1 d47cbc8e977ffc6f492483716f00534153677778
SHA256 3bdbb4fe8397cd2b842430b39ccff01a8663c751945ef5e9a09e267fb8b1d359
SHA512 e1931e50078ec69a0ba99ee2098dfe20afce3c7a75283e50b585ef585ed8eb28db887895fa73b04991e6e590ddbf71ceeaffe37d836068348e5f7fc7049c6d12

/data/data/com.imangi.templerun/files/file

MD5 028636f9d6766c0a39007e32f834cf07
SHA1 26b58b45d7562eb6aa962d6d44f7e849295d498b
SHA256 d032ec273fa4a979cacda1e7ada04917a9ac428e71fab09a4615b1580af52f25
SHA512 d334a50b67e0389fd24c0c49c5b60ef3b4f57878dd59fb1c20c3b5d883f5099ea36826804de5ba1ab5dea795ca3ec5c8a3d305247ae87f629fecae44df59aece

/data/data/com.imangi.templerun/files/file

MD5 78534689875a165443d47e01cdb8d40c
SHA1 1513904e3a267e01ecde41a3f65f0d2644eecb61
SHA256 9301592f89ad537d023396419ce072f49e67b7cb5a88a9e9e48c6e83a9c7307d
SHA512 5570505930dc65e3c23a30e72143df4909c1fe4ec3fb189e6c18e72c9da207ae102ddf71bd2a8a144069ffd06f7e84e85b37733dc48f6165186e2ba2aba3cf87

/data/user/0/com.imangi.templerun/app_app_apk/templerun.dat.jar

MD5 3946acf376d44a910fe8ef3eaa77eeb4
SHA1 c09834a04a949e57c38b6c246c02d5839f5d9b0e
SHA256 8c41934e4341b12669fac65433b984e41c6973ddd4e6e1d791c46d6a4376eecd
SHA512 d8d02b96bce596709371382fe4637a0fd157def4c25d35752c7f8ac4d8322a7514098229049fe91bfc3966bc320f1f222bbdb44df4545a8202377478352d256c

/data/user/0/com.imangi.templerun/app_app_apk/templerun.dat.jar

MD5 fd6bf1abeae11d9824d76caf5caa7879
SHA1 4a8d6a3915c1110cc2b930ac8d2e078dbc27d5a6
SHA256 e0a5fcc5765df8da40ca8b8b4eb5b2683be402a26d3d78dbb81fb14c3462d080
SHA512 d84d61944182660d3b66c21a65be241215e3b39b69881cd8c99cab0867418c5a51285c3c9d98b405804d403be4de0ca7e05cdf6769019f351a93902e9368ba84