Analysis Overview
SHA256
8f3bc133c35cdc58d8b8606fd8cbc738245f60013fb52ec333d0fc786ccb5874
Threat Level: Shows suspicious behavior
The file 53b9778a1fd815ccc80f0a9adbc3a702_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Queries information about running processes on the device
Requests dangerous framework permissions
Uses Crypto APIs (Might try to encrypt user data)
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-18 07:59
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-18 07:59
Reported
2024-05-18 08:02
Platform
android-x86-arm-20240514-en
Max time kernel
69s
Max time network
154s
Command Line
Signatures
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
menrui.lelidou.ShiSanShui91
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.200.42:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | service.sj.91.com | udp |
| US | 1.1.1.1:53 | urlservice.sj.91.com | udp |
| CN | 59.56.21.252:80 | service.sj.91.com | tcp |
| CN | 59.56.21.123:80 | urlservice.sj.91.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | newgamecenter.sj.91.com | udp |
| US | 1.1.1.1:53 | dataservice2.sj.91.com | udp |
| CN | 59.56.21.254:80 | newgamecenter.sj.91.com | tcp |
| CN | 59.56.21.254:80 | newgamecenter.sj.91.com | tcp |
| CN | 59.56.21.254:80 | newgamecenter.sj.91.com | tcp |
| CN | 45.126.120.229:80 | dataservice2.sj.91.com | tcp |
| CN | 59.56.21.252:80 | service.sj.91.com | tcp |
| GB | 172.217.169.66:443 | tcp | |
| GB | 142.250.179.238:443 | tcp |
Files
/data/data/menrui.lelidou.ShiSanShui91/databases/gamecentersdk.db-journal
| MD5 | 2602b9e1e8a64b671af81581f6bb0e68 |
| SHA1 | 1c91f539ceabee65528ab88286ef35bd9a3fde23 |
| SHA256 | 59e62df676f8155e9a03a5070c163a59da12453fb6ce8a676d65fafe0e8bd5d8 |
| SHA512 | 05db91c1f1a33041f00263cf4639fef203341ac5195537e576155ba370f0279aab1627329912331e6568c375daf5b9168e43973fd98b2108f4984584b990d934 |
/data/data/menrui.lelidou.ShiSanShui91/databases/gamecentersdk.db
| MD5 | d72d90a2c2b7d542090c2ce25d588b93 |
| SHA1 | c8d69b8601cc0869b36fa400b4aa85f1b512e303 |
| SHA256 | f52870c7425d532c1900349fb04f377aafd1531b45c73f949b7719d9807aef06 |
| SHA512 | 1fa80811a7fed5acb79fa3e951ff9bca8681750ec4208708b139a372249c35971411475196f185e2b8045990ff461c531a6d95a08809dedd32e7b98df4d6bfad |
/data/data/menrui.lelidou.ShiSanShui91/databases/gamecentersdk.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/menrui.lelidou.ShiSanShui91/databases/gamecentersdk.db-wal
| MD5 | 38e6aa133c497dccc7601babd4da4966 |
| SHA1 | 0ec3e9caf4ac5d451d4653b943d8abffa81c96a4 |
| SHA256 | e568a718e409159a32b3ba9c3814606b6b7ed83b0a82bd9ed57ff0099d0d7daf |
| SHA512 | f084b8067bda81508327393ea8f5a44601620e03070e66c8c038f2e0b5f37d20b17f30ca0de44c8f0c86ed6eaa228486b4b6013a822465c0651b9cb81baea831 |
/data/data/menrui.lelidou.ShiSanShui91/databases/gamecentersdk.db-wal
| MD5 | b4d14388c72b6794e6b62eb954f04f6d |
| SHA1 | a0c92f5e2c15b3d0f5cde989c8382abaf2bed417 |
| SHA256 | f438c1483f069a493d61e593589acff15ea88fd4e8db102799458dc7ae20406f |
| SHA512 | 8b38266aeed571b974ff97cf7ef9438fff0fe381f63dcf68f1d40bcf9669b845d0f31fc894106d38763e2a61dc687a1e64659659e0005ff74b1d4931a6ba5bf4 |
/data/data/menrui.lelidou.ShiSanShui91/databases/gamecentersdk.db
| MD5 | e066b25b6da3f173c798700b005b639c |
| SHA1 | de3380be353c7f5492a5255f5c91147743518bbb |
| SHA256 | a315ddcf6411f42bd22adf993d608376d2475ff774739cb2fe5571b4b7bca62d |
| SHA512 | acdfff230b9f2bd12dda8feee9d738b1ce549ee5290f710593925d8034aad18f0b2f63ef5f2fee518be16ca6b56202d61e0d369bbea2ab233756b2647eabe57c |
/data/data/menrui.lelidou.ShiSanShui91/databases/gamecentersdk.db-wal
| MD5 | 42c7899064f95a10921f051519ace0be |
| SHA1 | 41cb52e41cba7c014c221ee57495a83eac96e997 |
| SHA256 | e325dab4c0e5de2bb4a3db14b880c9d35321d42742c97284a6d395e81ebe8011 |
| SHA512 | eefc5a8293da2b60cfc6bee7fbec3e18a1a5294745b3df73127e348961664311e01e54def475acfbea23b7bf52d445a5e344a0b24f336f556038214ab1a24b8b |
/data/data/menrui.lelidou.ShiSanShui91/databases/gamecentersdk.db
| MD5 | 37613a853a1d354b6dfbae74074763e1 |
| SHA1 | adfcdf06c8d8d50e471c3fc3497cfd714bd97650 |
| SHA256 | 821bfd6f2d396c8e717c8241c2b82f7e19588bb68ff8f00b70d8509e0a7dd102 |
| SHA512 | f84e6a027ddbb6629446960a16c3cdc9c57061ccf6903774023371c453ab549ebf023d5ceec51f7ae0b4cb506ded5316cd9b051f04680f75eb3e0c743841af57 |
/data/data/menrui.lelidou.ShiSanShui91/databases/gamecentersdk.db-wal
| MD5 | e57339bbc7269f139b06a58d5324d387 |
| SHA1 | 26f8615696dc503616dd513af5c9dc1359227744 |
| SHA256 | b651d2663a33f7f31c8dba10567202757d1c9f7a0577c79e8d3b2d42ec47e650 |
| SHA512 | 9da3df7daac2c0d56f69cd2f339524be02c7d2ff19a29dc0994b3a37f047d9a42de4a7fa185209b7dbac3dde4b94f3e8fdc949d095ca6fa475a66f8269681ad8 |
/data/data/menrui.lelidou.ShiSanShui91/databases/gamecentersdk.db
| MD5 | 156ffdcb79c4a6e9c2a2ed4787e0d79f |
| SHA1 | b325dc521fa9bb097af85d4ed0dead9405d1e309 |
| SHA256 | c66ce596518ac2d472363e627c3e6781f3d7cbcfe6e4a84369c529f8f33026d7 |
| SHA512 | ae3f00547fa23ccd8fbb152c00c427998c0a9c1a9fcda660fa887e7a2fadb3357c81faa914282a05557d6b5e23758a981da23e2a871b8b7d9e68a4f083b95adb |
/data/data/menrui.lelidou.ShiSanShui91/databases/gamecentersdk.db-wal
| MD5 | 2f3f4cd4120da91cb2d9d720cd3611e9 |
| SHA1 | a239d5565f6aa6631e42318be95cb42247c774b7 |
| SHA256 | 6a21ba8c2b8a307d005d09e4947a904753154fe438e33be1383ad89b53e596e6 |
| SHA512 | 9d7a265222ea28e5f85b6aae07638847cf81558fc5d6990b845fc136f9d98e71e937c286fb8117a876de0d208e1861ae9021cb72ee005c47e3acc167ec62ebe0 |
/data/data/menrui.lelidou.ShiSanShui91/databases/gamecentersdk.db
| MD5 | 2b9428db4cc7bf8dc09d97eeee589bee |
| SHA1 | fc4449b3b78db9260babd63aa7d15d2bbb595afd |
| SHA256 | 45e92f5e04cf7ba8b946086d66265d93b762cd595839890eb558a54ebd3e5916 |
| SHA512 | cda849c0ff15d0d1c14acb4ddb473e1d66fbe925a6b2a886c5d54c9f50cc1c41ee56958aec49e30814f7652ff81d4ef9996950712c3a6c30674ba66c343dd8d4 |
/data/data/menrui.lelidou.ShiSanShui91/databases/gamecentersdk.db-wal
| MD5 | 44c14e621b8c816950b6cd59844ccabf |
| SHA1 | f09ab9fb907c58fc67e304783333c08c4ed81fd3 |
| SHA256 | 47faddcb0f5e5f914f2f874a202ce0552e5cab9119f7fe5f36874dbca466232b |
| SHA512 | 3312673f26817efb23f57cd9940cdbcb122b7ab71b1a0c468e32ec2a5d972b8559ee6ac879b255d2f80d88e03945d5d145a8d3adbcd9d3b20d85c48baa8bf9a4 |
/data/data/menrui.lelidou.ShiSanShui91/databases/gamecentersdk.db
| MD5 | d55f8232e75d21bad5d655c01c87a29c |
| SHA1 | e7ee6638f8b1609e052492ecb6da7f46f29cfe53 |
| SHA256 | 5278e3f34621022e69a4ad2971401926bfcd6044feea511a344268300d05072e |
| SHA512 | e6aa088e1294f981434e81f8364779328d43c567e0918712ce128e00d8617461f4b21d88cb49c66c73427b5d194b7c94348352d94959dbf7e73d0fc051cf04c6 |