Malware Analysis Report

2025-08-10 23:54

Sample ID 240517-vv9k4aab8w
Target 5099a889a84379e11014209337ca246e_JaffaCakes118
SHA256 6944a50fd88c982cd080fc098f094ee710cc73049662267f987f7bbaf52a3d73
Tags
collection discovery evasion persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

6944a50fd88c982cd080fc098f094ee710cc73049662267f987f7bbaf52a3d73

Threat Level: Shows suspicious behavior

The file 5099a889a84379e11014209337ca246e_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

collection discovery evasion persistence

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

Queries account information for other applications stored on the device

Queries information about the current Wi-Fi connection

Queries the mobile country code (MCC)

Requests dangerous framework permissions

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-17 17:19

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-17 17:19

Reported

2024-05-17 17:23

Platform

android-x86-arm-20240514-en

Max time kernel

173s

Max time network

142s

Command Line

com.teamlava.petshop

Signatures

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Queries account information for other applications stored on the device

collection
Description Indicator Process Target
Framework service call android.accounts.IAccountManager.getAccountsAsUser N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.teamlava.petshop

Network

Country Destination Domain Proto
GB 216.58.213.3:443 tcp
GB 142.250.200.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 petshop.teamlava.com udp
US 64.1.101.3:80 petshop.teamlava.com tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 cdn-content-https-s8.akamaized.net udp
GB 92.123.143.234:80 cdn-content-https-s8.akamaized.net tcp
GB 92.123.143.234:80 cdn-content-https-s8.akamaized.net tcp
GB 92.123.143.234:80 cdn-content-https-s8.akamaized.net tcp
US 64.1.101.3:80 petshop.teamlava.com tcp

Files

/data/data/com.teamlava.petshop/databases/GetJarDBApplicationKey-journal

MD5 4e6b36ee73c43f3e5d3ad54a9d242609
SHA1 7e3019c678d4e1227f17c26097bbdec782e04c3c
SHA256 f47f4f3f48a5c6588ad7da1746fe214d6158c08c59bbd774c1874feff6a97e4a
SHA512 db6a208e57e361cfd5d8a18777719b2017db30ebff2dddac74055eb8256eb26004f064db11c89aba2aa3ce9d79e2bc706761a5cef1fc9241a1db1b18bb9d5e85

/data/data/com.teamlava.petshop/databases/GetJarDBApplicationKey

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.teamlava.petshop/databases/GetJarDBApplicationKey-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.teamlava.petshop/databases/GetJarDBApplicationKey-wal

MD5 7c0625d35acc926e182eb36a34b23fa4
SHA1 0911566a57b2132369ce2b57320282be3ff7c6cb
SHA256 e4cfb0fa7ec47e8a6bde7a688bdbab7cb5fe1ef86effde48ca8fe64b0e7abae0
SHA512 ee44dd498668eeeaea5caacc5d3f630d976f942037c80fb189181e8f4b9ab1bbae013a3f93d9e434cd8260fd061de00c638779023d289b8d426d7ac2971f3357

/data/data/com.teamlava.petshop/databases/authCache-journal

MD5 216a09c8dbc7c80f462a181630aba475
SHA1 16223ddcdb71b7433d65e02809b8091bb5db13d7
SHA256 c780fa1ca204a3db4732c8206adc7dcc00dfd9948fcc358de1d73fc6915489e7
SHA512 e8804401cd5845fb9dd983cb1ecbee91f8489682736b66c56092dfb8aec47982c6febfc64162929527f1fb2673b36c2211a7a1f9442454663f100576c7fd3b75

/data/data/com.teamlava.petshop/databases/authCache-wal

MD5 421fb9008866c402800ba466749c6e3b
SHA1 09424b2f448250039aa31660eaff668bbbd37fea
SHA256 902eeb186af7462a08a5d20e584e61a63ea9d3fffe11c248434f0fae707d7352
SHA512 a059a9f00b2b55376e34934a14191b85039df7a9cb7d166b0290de67a6ef4ad42a6cd285bbeb85906a818b98af44879b5fc60367c9d1d760d92be50d41c3c91b

/data/data/com.teamlava.petshop/databases/settings-journal

MD5 afa1b9f7c42fb5bde754b9006875335a
SHA1 5388b460bc7374bffba71ac38d2b2fa7a340c53b
SHA256 e0ce8c18d196dde9be4a71555216d4e711a233664268a1edf76dffe21f60f493
SHA512 ff32977a438e9de32963dd0ac866eed49ec2949308d2ffd6c39b67ce4bb1f67f1887f7e4c5b15accf4d5f04fd11057cd9b9d201388181dcbc85dd51ed94e5995

/data/data/com.teamlava.petshop/databases/settings-wal

MD5 50289234a08216f39c6e499c4976d4de
SHA1 fc8b65ac88c86b9f0592b6a6ad31ba841d1d389f
SHA256 b90df1890023bb9a4165d056bfdf93c691c59202d597fba417ec05590df90bac
SHA512 d5b485435fe5d149ba988e1f24660bacd3a7ecac9278263eb72556aed8cd23acd4c9ca4064768277479b70d3ec74d29af1079e0de7eeb5e49b0c51f7810698f2

/data/data/com.teamlava.petshop/databases/GetJarDBUsage-journal

MD5 671a898ba0ee08970ae001fb518697da
SHA1 44306d18d188ab7925741cd025f39966bef473b7
SHA256 003ab3c4d7afea97295f479007312e06f70e3cc612b769c3fce1f7e6717bbec3
SHA512 15d2b4aa32c14efee175704a5cadcc405db77bb2c47841fbdb81f874546a6f815a6088ada390f95fb3bc68ab72f9ffcd71ebeede7e86ec1e9870ad74a703b26f

/data/data/com.teamlava.petshop/databases/GetJarDBUsage-wal

MD5 5a5b628de3667fb4a02ed6a54b085c1b
SHA1 dd2a5b74fe04ecaf9eec9742654c7ddda6f88556
SHA256 7423bfa6e9eaf96e61c9acfda4bbbff75a64fbe161a4c4d4b97366e4ec04af7a
SHA512 427df47d68729b90c07cfec3df42e4278763bf01594ee0423b71089d7d17f6d7ed7041a81f474a1e7504049cd7d730329ff0480d115db503fe7d652b0b03a9a0

/data/data/com.teamlava.petshop/databases/GetJarDBUsageRollup-journal

MD5 fc0fc5dca6e35bf1dfd2603377d5d79e
SHA1 d439d49ead25710a7c64098dfcc0a0cb297e819c
SHA256 7114f820da8c2f525d5483e13b051b667b2622aff976708882b39d9d0b5ca2e7
SHA512 113fa7d3362b55cf740a81b020424aeb8f0b74d96acd643fd4eb84b18e3559d949dca89c0ddb1939f49c46ae91475556e3ad0398275ac5693bb7c28b7f7ffefa

/data/data/com.teamlava.petshop/databases/GetJarDBUsageRollup-wal

MD5 e0a1504a2abc9c2a84baed479f1f2681
SHA1 8aa897aedc7468ae955f9198721aab7fff1dbc43
SHA256 74f8948a27ba3b41f1d7be828de17f5fcc08d77cfdfc92f0c0588fbe2566f3a0
SHA512 8ed7f009486ea277d65d683700929e85f15bf70c3d3b51b51ec0913182e3cfa769cfcc7da5c7fe73d12906119ae5cf2a9c87a01ec3a82ff9a0c02e5559824c17

/data/data/com.teamlava.petshop/files/game_context_offline_cache

MD5 1d13d914ab6dad1e1acde865abdc737c
SHA1 2a3b7cc461e498e23ac6593b9ee1d8fdb0743f2f
SHA256 0969c22dc53e19f75e0ea0b8ed23fc597722e152496603c4048cfd4b2b442ac8
SHA512 c51ddca3d6fccc9918acc9b4921fc7f05b7da13fac6134c5986b852f872ed2b398c2b4993841fa37cc0aec60261dd4176d44eb2b7e90e1d6d5fd36502b72dc60

/data/data/com.teamlava.petshop/cache/saved_images/itemWatered3.s8i_2v_31020

MD5 11a8c9946b00d9dbcf6e29a80573e51f
SHA1 7c774ebad555211ab11c9f1679cec96f3dba0c22
SHA256 be0042aca4ea715d6639850fe8bf25da034e82cc502634250877f3ac46b5a5e5
SHA512 3355bbd3944a9d0d38418f6171172ea7ad6fcfc1836863575296e6f16bd2a26d7351e778da0525710d76e5ebfb3f403b3c2e806d8a7fe5b9997e7c5176a9a05c

/data/data/com.teamlava.petshop/cache/saved_images/item6013.s8i_2v_31020

MD5 71d93e38fbfc69ce1ffb6ce634f4bc51
SHA1 fd2998e745af5dcf3548a90be405e3b970c094d4
SHA256 059583ad6f5548725fd8cade4b51645871800d24406815f0f4cde60c7304df2a
SHA512 82480c2ec55b20cb8e622dbc525191b05efe5080ea0aa67f9b2948fb78afc589443f3031e0e764c145d1fe08cee2f93f90fd6aaea5b48c614b09c0bd0fa8cf3f

/data/data/com.teamlava.petshop/cache/saved_images/item9001-10.s8i_2v_31020

MD5 f9cf0b8933eb8a21cf347804395476ce
SHA1 a63b7ed5eefdaa3b6d74c9813644f284f65ad85c
SHA256 2da1b8fa611c276a4dcdcbc7df0970c7ac1f73d55c15a4d64817824b76b28875
SHA512 6b787fc629700d470bbf9f1c95f6d39a55c3dfc9e24d1285a4200c4b1412ae23d387c918f43e6709911889abfcb124d498c9cad569f3d7cc6d64725cad5cc2ed

/data/data/com.teamlava.petshop/cache/saved_images/item9001-11.s8i_2v_31020

MD5 df7955ea4d3025795a8943a6990dfe9b
SHA1 b6c9cf28ce7e8e29eb0dea9272c64338bae1e528
SHA256 c81fe755f78e874c310c65765e120d565cc6defcc9e2952a19a58eb8f2416f23
SHA512 1a92fd6d96e7a2a02b8dffcfb6f7b2db2c3d8c02b87301ffa16f0976bea5b6d96744c4776302e27274b8b7c330709bda0e3ae9a678f9686003c64deb8a969669