Analysis Overview
SHA256
6944a50fd88c982cd080fc098f094ee710cc73049662267f987f7bbaf52a3d73
Threat Level: Shows suspicious behavior
The file 5099a889a84379e11014209337ca246e_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks memory information
Queries account information for other applications stored on the device
Queries information about the current Wi-Fi connection
Queries the mobile country code (MCC)
Requests dangerous framework permissions
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-17 17:19
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-17 17:19
Reported
2024-05-17 17:23
Platform
android-x86-arm-20240514-en
Max time kernel
173s
Max time network
142s
Command Line
Signatures
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Queries account information for other applications stored on the device
| Description | Indicator | Process | Target |
| Framework service call | android.accounts.IAccountManager.getAccountsAsUser | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Processes
com.teamlava.petshop
Network
| Country | Destination | Domain | Proto |
| GB | 216.58.213.3:443 | tcp | |
| GB | 142.250.200.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | petshop.teamlava.com | udp |
| US | 64.1.101.3:80 | petshop.teamlava.com | tcp |
| GB | 172.217.169.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | cdn-content-https-s8.akamaized.net | udp |
| GB | 92.123.143.234:80 | cdn-content-https-s8.akamaized.net | tcp |
| GB | 92.123.143.234:80 | cdn-content-https-s8.akamaized.net | tcp |
| GB | 92.123.143.234:80 | cdn-content-https-s8.akamaized.net | tcp |
| US | 64.1.101.3:80 | petshop.teamlava.com | tcp |
Files
/data/data/com.teamlava.petshop/databases/GetJarDBApplicationKey-journal
| MD5 | 4e6b36ee73c43f3e5d3ad54a9d242609 |
| SHA1 | 7e3019c678d4e1227f17c26097bbdec782e04c3c |
| SHA256 | f47f4f3f48a5c6588ad7da1746fe214d6158c08c59bbd774c1874feff6a97e4a |
| SHA512 | db6a208e57e361cfd5d8a18777719b2017db30ebff2dddac74055eb8256eb26004f064db11c89aba2aa3ce9d79e2bc706761a5cef1fc9241a1db1b18bb9d5e85 |
/data/data/com.teamlava.petshop/databases/GetJarDBApplicationKey
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.teamlava.petshop/databases/GetJarDBApplicationKey-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.teamlava.petshop/databases/GetJarDBApplicationKey-wal
| MD5 | 7c0625d35acc926e182eb36a34b23fa4 |
| SHA1 | 0911566a57b2132369ce2b57320282be3ff7c6cb |
| SHA256 | e4cfb0fa7ec47e8a6bde7a688bdbab7cb5fe1ef86effde48ca8fe64b0e7abae0 |
| SHA512 | ee44dd498668eeeaea5caacc5d3f630d976f942037c80fb189181e8f4b9ab1bbae013a3f93d9e434cd8260fd061de00c638779023d289b8d426d7ac2971f3357 |
/data/data/com.teamlava.petshop/databases/authCache-journal
| MD5 | 216a09c8dbc7c80f462a181630aba475 |
| SHA1 | 16223ddcdb71b7433d65e02809b8091bb5db13d7 |
| SHA256 | c780fa1ca204a3db4732c8206adc7dcc00dfd9948fcc358de1d73fc6915489e7 |
| SHA512 | e8804401cd5845fb9dd983cb1ecbee91f8489682736b66c56092dfb8aec47982c6febfc64162929527f1fb2673b36c2211a7a1f9442454663f100576c7fd3b75 |
/data/data/com.teamlava.petshop/databases/authCache-wal
| MD5 | 421fb9008866c402800ba466749c6e3b |
| SHA1 | 09424b2f448250039aa31660eaff668bbbd37fea |
| SHA256 | 902eeb186af7462a08a5d20e584e61a63ea9d3fffe11c248434f0fae707d7352 |
| SHA512 | a059a9f00b2b55376e34934a14191b85039df7a9cb7d166b0290de67a6ef4ad42a6cd285bbeb85906a818b98af44879b5fc60367c9d1d760d92be50d41c3c91b |
/data/data/com.teamlava.petshop/databases/settings-journal
| MD5 | afa1b9f7c42fb5bde754b9006875335a |
| SHA1 | 5388b460bc7374bffba71ac38d2b2fa7a340c53b |
| SHA256 | e0ce8c18d196dde9be4a71555216d4e711a233664268a1edf76dffe21f60f493 |
| SHA512 | ff32977a438e9de32963dd0ac866eed49ec2949308d2ffd6c39b67ce4bb1f67f1887f7e4c5b15accf4d5f04fd11057cd9b9d201388181dcbc85dd51ed94e5995 |
/data/data/com.teamlava.petshop/databases/settings-wal
| MD5 | 50289234a08216f39c6e499c4976d4de |
| SHA1 | fc8b65ac88c86b9f0592b6a6ad31ba841d1d389f |
| SHA256 | b90df1890023bb9a4165d056bfdf93c691c59202d597fba417ec05590df90bac |
| SHA512 | d5b485435fe5d149ba988e1f24660bacd3a7ecac9278263eb72556aed8cd23acd4c9ca4064768277479b70d3ec74d29af1079e0de7eeb5e49b0c51f7810698f2 |
/data/data/com.teamlava.petshop/databases/GetJarDBUsage-journal
| MD5 | 671a898ba0ee08970ae001fb518697da |
| SHA1 | 44306d18d188ab7925741cd025f39966bef473b7 |
| SHA256 | 003ab3c4d7afea97295f479007312e06f70e3cc612b769c3fce1f7e6717bbec3 |
| SHA512 | 15d2b4aa32c14efee175704a5cadcc405db77bb2c47841fbdb81f874546a6f815a6088ada390f95fb3bc68ab72f9ffcd71ebeede7e86ec1e9870ad74a703b26f |
/data/data/com.teamlava.petshop/databases/GetJarDBUsage-wal
| MD5 | 5a5b628de3667fb4a02ed6a54b085c1b |
| SHA1 | dd2a5b74fe04ecaf9eec9742654c7ddda6f88556 |
| SHA256 | 7423bfa6e9eaf96e61c9acfda4bbbff75a64fbe161a4c4d4b97366e4ec04af7a |
| SHA512 | 427df47d68729b90c07cfec3df42e4278763bf01594ee0423b71089d7d17f6d7ed7041a81f474a1e7504049cd7d730329ff0480d115db503fe7d652b0b03a9a0 |
/data/data/com.teamlava.petshop/databases/GetJarDBUsageRollup-journal
| MD5 | fc0fc5dca6e35bf1dfd2603377d5d79e |
| SHA1 | d439d49ead25710a7c64098dfcc0a0cb297e819c |
| SHA256 | 7114f820da8c2f525d5483e13b051b667b2622aff976708882b39d9d0b5ca2e7 |
| SHA512 | 113fa7d3362b55cf740a81b020424aeb8f0b74d96acd643fd4eb84b18e3559d949dca89c0ddb1939f49c46ae91475556e3ad0398275ac5693bb7c28b7f7ffefa |
/data/data/com.teamlava.petshop/databases/GetJarDBUsageRollup-wal
| MD5 | e0a1504a2abc9c2a84baed479f1f2681 |
| SHA1 | 8aa897aedc7468ae955f9198721aab7fff1dbc43 |
| SHA256 | 74f8948a27ba3b41f1d7be828de17f5fcc08d77cfdfc92f0c0588fbe2566f3a0 |
| SHA512 | 8ed7f009486ea277d65d683700929e85f15bf70c3d3b51b51ec0913182e3cfa769cfcc7da5c7fe73d12906119ae5cf2a9c87a01ec3a82ff9a0c02e5559824c17 |
/data/data/com.teamlava.petshop/files/game_context_offline_cache
| MD5 | 1d13d914ab6dad1e1acde865abdc737c |
| SHA1 | 2a3b7cc461e498e23ac6593b9ee1d8fdb0743f2f |
| SHA256 | 0969c22dc53e19f75e0ea0b8ed23fc597722e152496603c4048cfd4b2b442ac8 |
| SHA512 | c51ddca3d6fccc9918acc9b4921fc7f05b7da13fac6134c5986b852f872ed2b398c2b4993841fa37cc0aec60261dd4176d44eb2b7e90e1d6d5fd36502b72dc60 |
/data/data/com.teamlava.petshop/cache/saved_images/itemWatered3.s8i_2v_31020
| MD5 | 11a8c9946b00d9dbcf6e29a80573e51f |
| SHA1 | 7c774ebad555211ab11c9f1679cec96f3dba0c22 |
| SHA256 | be0042aca4ea715d6639850fe8bf25da034e82cc502634250877f3ac46b5a5e5 |
| SHA512 | 3355bbd3944a9d0d38418f6171172ea7ad6fcfc1836863575296e6f16bd2a26d7351e778da0525710d76e5ebfb3f403b3c2e806d8a7fe5b9997e7c5176a9a05c |
/data/data/com.teamlava.petshop/cache/saved_images/item6013.s8i_2v_31020
| MD5 | 71d93e38fbfc69ce1ffb6ce634f4bc51 |
| SHA1 | fd2998e745af5dcf3548a90be405e3b970c094d4 |
| SHA256 | 059583ad6f5548725fd8cade4b51645871800d24406815f0f4cde60c7304df2a |
| SHA512 | 82480c2ec55b20cb8e622dbc525191b05efe5080ea0aa67f9b2948fb78afc589443f3031e0e764c145d1fe08cee2f93f90fd6aaea5b48c614b09c0bd0fa8cf3f |
/data/data/com.teamlava.petshop/cache/saved_images/item9001-10.s8i_2v_31020
| MD5 | f9cf0b8933eb8a21cf347804395476ce |
| SHA1 | a63b7ed5eefdaa3b6d74c9813644f284f65ad85c |
| SHA256 | 2da1b8fa611c276a4dcdcbc7df0970c7ac1f73d55c15a4d64817824b76b28875 |
| SHA512 | 6b787fc629700d470bbf9f1c95f6d39a55c3dfc9e24d1285a4200c4b1412ae23d387c918f43e6709911889abfcb124d498c9cad569f3d7cc6d64725cad5cc2ed |
/data/data/com.teamlava.petshop/cache/saved_images/item9001-11.s8i_2v_31020
| MD5 | df7955ea4d3025795a8943a6990dfe9b |
| SHA1 | b6c9cf28ce7e8e29eb0dea9272c64338bae1e528 |
| SHA256 | c81fe755f78e874c310c65765e120d565cc6defcc9e2952a19a58eb8f2416f23 |
| SHA512 | 1a92fd6d96e7a2a02b8dffcfb6f7b2db2c3d8c02b87301ffa16f0976bea5b6d96744c4776302e27274b8b7c330709bda0e3ae9a678f9686003c64deb8a969669 |