Analysis Overview
SHA256
a8ee78344ecdecab87e8ae8a4308a1f02e072fd32734b3a52314a5ac285d7a7c
Threat Level: Shows suspicious behavior
The file 51d81ded7ddebc8ad413888e6cdb8418_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Checks CPU information
Loads dropped Dex/Jar
Tries to add a device administrator.
Requests dangerous framework permissions
Declares broadcast receivers with permission to handle system events
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-05-17 22:40
Signatures
Declares broadcast receivers with permission to handle system events
| Description | Indicator | Process | Target |
| Required by device admin receivers to bind with the system. Allows apps to manage device administration features. | android.permission.BIND_DEVICE_ADMIN | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-17 22:40
Reported
2024-05-17 22:44
Platform
android-x86-arm-20240514-en
Max time kernel
5s
Max time network
157s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.imangi.templerun/app_app_apk/templerun.dat.jar | N/A | N/A |
| N/A | /data/user/0/com.imangi.templerun/app_app_apk/templerun.dat.jar | N/A | N/A |
Tries to add a device administrator.
| Description | Indicator | Process | Target |
| Intent action | android.app.action.ADD_DEVICE_ADMIN | N/A | N/A |
Processes
com.imangi.templerun
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.imangi.templerun/app_app_apk/templerun.dat.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.imangi.templerun/app_app_apk/oat/x86/templerun.dat.odex --compiler-filter=quicken --class-loader-context=&
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.212.228:443 | www.google.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| GB | 172.217.169.66:443 | tcp | |
| GB | 142.250.179.238:443 | tcp |
Files
/data/data/com.imangi.templerun/files/file
| MD5 | d1531b1622de54fe3a0187c3344600e9 |
| SHA1 | d47cbc8e977ffc6f492483716f00534153677778 |
| SHA256 | 3bdbb4fe8397cd2b842430b39ccff01a8663c751945ef5e9a09e267fb8b1d359 |
| SHA512 | e1931e50078ec69a0ba99ee2098dfe20afce3c7a75283e50b585ef585ed8eb28db887895fa73b04991e6e590ddbf71ceeaffe37d836068348e5f7fc7049c6d12 |
/data/data/com.imangi.templerun/files/file
| MD5 | 028636f9d6766c0a39007e32f834cf07 |
| SHA1 | 26b58b45d7562eb6aa962d6d44f7e849295d498b |
| SHA256 | d032ec273fa4a979cacda1e7ada04917a9ac428e71fab09a4615b1580af52f25 |
| SHA512 | d334a50b67e0389fd24c0c49c5b60ef3b4f57878dd59fb1c20c3b5d883f5099ea36826804de5ba1ab5dea795ca3ec5c8a3d305247ae87f629fecae44df59aece |
/data/data/com.imangi.templerun/files/file
| MD5 | 78534689875a165443d47e01cdb8d40c |
| SHA1 | 1513904e3a267e01ecde41a3f65f0d2644eecb61 |
| SHA256 | 9301592f89ad537d023396419ce072f49e67b7cb5a88a9e9e48c6e83a9c7307d |
| SHA512 | 5570505930dc65e3c23a30e72143df4909c1fe4ec3fb189e6c18e72c9da207ae102ddf71bd2a8a144069ffd06f7e84e85b37733dc48f6165186e2ba2aba3cf87 |
/data/user/0/com.imangi.templerun/app_app_apk/templerun.dat.jar
| MD5 | 3946acf376d44a910fe8ef3eaa77eeb4 |
| SHA1 | c09834a04a949e57c38b6c246c02d5839f5d9b0e |
| SHA256 | 8c41934e4341b12669fac65433b984e41c6973ddd4e6e1d791c46d6a4376eecd |
| SHA512 | d8d02b96bce596709371382fe4637a0fd157def4c25d35752c7f8ac4d8322a7514098229049fe91bfc3966bc320f1f222bbdb44df4545a8202377478352d256c |
/data/user/0/com.imangi.templerun/app_app_apk/templerun.dat.jar
| MD5 | fd6bf1abeae11d9824d76caf5caa7879 |
| SHA1 | 4a8d6a3915c1110cc2b930ac8d2e078dbc27d5a6 |
| SHA256 | e0a5fcc5765df8da40ca8b8b4eb5b2683be402a26d3d78dbb81fb14c3462d080 |
| SHA512 | d84d61944182660d3b66c21a65be241215e3b39b69881cd8c99cab0867418c5a51285c3c9d98b405804d403be4de0ca7e05cdf6769019f351a93902e9368ba84 |