Malware Analysis Report

2025-08-10 23:57

Sample ID 240518-jvmksaag4v
Target 53b9778a1fd815ccc80f0a9adbc3a702_JaffaCakes118
SHA256 8f3bc133c35cdc58d8b8606fd8cbc738245f60013fb52ec333d0fc786ccb5874
Tags
discovery impact
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

8f3bc133c35cdc58d8b8606fd8cbc738245f60013fb52ec333d0fc786ccb5874

Threat Level: Shows suspicious behavior

The file 53b9778a1fd815ccc80f0a9adbc3a702_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery impact

Queries information about running processes on the device

Requests dangerous framework permissions

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-18 07:59

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-18 07:59

Reported

2024-05-18 08:02

Platform

android-x86-arm-20240514-en

Max time kernel

69s

Max time network

154s

Command Line

menrui.lelidou.ShiSanShui91

Signatures

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

menrui.lelidou.ShiSanShui91

Network

Country Destination Domain Proto
GB 142.250.200.42:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 service.sj.91.com udp
US 1.1.1.1:53 urlservice.sj.91.com udp
CN 59.56.21.252:80 service.sj.91.com tcp
CN 59.56.21.123:80 urlservice.sj.91.com tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 newgamecenter.sj.91.com udp
US 1.1.1.1:53 dataservice2.sj.91.com udp
CN 59.56.21.254:80 newgamecenter.sj.91.com tcp
CN 59.56.21.254:80 newgamecenter.sj.91.com tcp
CN 59.56.21.254:80 newgamecenter.sj.91.com tcp
CN 45.126.120.229:80 dataservice2.sj.91.com tcp
CN 59.56.21.252:80 service.sj.91.com tcp
GB 172.217.169.66:443 tcp
GB 142.250.179.238:443 tcp

Files

/data/data/menrui.lelidou.ShiSanShui91/databases/gamecentersdk.db-journal

MD5 2602b9e1e8a64b671af81581f6bb0e68
SHA1 1c91f539ceabee65528ab88286ef35bd9a3fde23
SHA256 59e62df676f8155e9a03a5070c163a59da12453fb6ce8a676d65fafe0e8bd5d8
SHA512 05db91c1f1a33041f00263cf4639fef203341ac5195537e576155ba370f0279aab1627329912331e6568c375daf5b9168e43973fd98b2108f4984584b990d934

/data/data/menrui.lelidou.ShiSanShui91/databases/gamecentersdk.db

MD5 d72d90a2c2b7d542090c2ce25d588b93
SHA1 c8d69b8601cc0869b36fa400b4aa85f1b512e303
SHA256 f52870c7425d532c1900349fb04f377aafd1531b45c73f949b7719d9807aef06
SHA512 1fa80811a7fed5acb79fa3e951ff9bca8681750ec4208708b139a372249c35971411475196f185e2b8045990ff461c531a6d95a08809dedd32e7b98df4d6bfad

/data/data/menrui.lelidou.ShiSanShui91/databases/gamecentersdk.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/menrui.lelidou.ShiSanShui91/databases/gamecentersdk.db-wal

MD5 38e6aa133c497dccc7601babd4da4966
SHA1 0ec3e9caf4ac5d451d4653b943d8abffa81c96a4
SHA256 e568a718e409159a32b3ba9c3814606b6b7ed83b0a82bd9ed57ff0099d0d7daf
SHA512 f084b8067bda81508327393ea8f5a44601620e03070e66c8c038f2e0b5f37d20b17f30ca0de44c8f0c86ed6eaa228486b4b6013a822465c0651b9cb81baea831

/data/data/menrui.lelidou.ShiSanShui91/databases/gamecentersdk.db-wal

MD5 b4d14388c72b6794e6b62eb954f04f6d
SHA1 a0c92f5e2c15b3d0f5cde989c8382abaf2bed417
SHA256 f438c1483f069a493d61e593589acff15ea88fd4e8db102799458dc7ae20406f
SHA512 8b38266aeed571b974ff97cf7ef9438fff0fe381f63dcf68f1d40bcf9669b845d0f31fc894106d38763e2a61dc687a1e64659659e0005ff74b1d4931a6ba5bf4

/data/data/menrui.lelidou.ShiSanShui91/databases/gamecentersdk.db

MD5 e066b25b6da3f173c798700b005b639c
SHA1 de3380be353c7f5492a5255f5c91147743518bbb
SHA256 a315ddcf6411f42bd22adf993d608376d2475ff774739cb2fe5571b4b7bca62d
SHA512 acdfff230b9f2bd12dda8feee9d738b1ce549ee5290f710593925d8034aad18f0b2f63ef5f2fee518be16ca6b56202d61e0d369bbea2ab233756b2647eabe57c

/data/data/menrui.lelidou.ShiSanShui91/databases/gamecentersdk.db-wal

MD5 42c7899064f95a10921f051519ace0be
SHA1 41cb52e41cba7c014c221ee57495a83eac96e997
SHA256 e325dab4c0e5de2bb4a3db14b880c9d35321d42742c97284a6d395e81ebe8011
SHA512 eefc5a8293da2b60cfc6bee7fbec3e18a1a5294745b3df73127e348961664311e01e54def475acfbea23b7bf52d445a5e344a0b24f336f556038214ab1a24b8b

/data/data/menrui.lelidou.ShiSanShui91/databases/gamecentersdk.db

MD5 37613a853a1d354b6dfbae74074763e1
SHA1 adfcdf06c8d8d50e471c3fc3497cfd714bd97650
SHA256 821bfd6f2d396c8e717c8241c2b82f7e19588bb68ff8f00b70d8509e0a7dd102
SHA512 f84e6a027ddbb6629446960a16c3cdc9c57061ccf6903774023371c453ab549ebf023d5ceec51f7ae0b4cb506ded5316cd9b051f04680f75eb3e0c743841af57

/data/data/menrui.lelidou.ShiSanShui91/databases/gamecentersdk.db-wal

MD5 e57339bbc7269f139b06a58d5324d387
SHA1 26f8615696dc503616dd513af5c9dc1359227744
SHA256 b651d2663a33f7f31c8dba10567202757d1c9f7a0577c79e8d3b2d42ec47e650
SHA512 9da3df7daac2c0d56f69cd2f339524be02c7d2ff19a29dc0994b3a37f047d9a42de4a7fa185209b7dbac3dde4b94f3e8fdc949d095ca6fa475a66f8269681ad8

/data/data/menrui.lelidou.ShiSanShui91/databases/gamecentersdk.db

MD5 156ffdcb79c4a6e9c2a2ed4787e0d79f
SHA1 b325dc521fa9bb097af85d4ed0dead9405d1e309
SHA256 c66ce596518ac2d472363e627c3e6781f3d7cbcfe6e4a84369c529f8f33026d7
SHA512 ae3f00547fa23ccd8fbb152c00c427998c0a9c1a9fcda660fa887e7a2fadb3357c81faa914282a05557d6b5e23758a981da23e2a871b8b7d9e68a4f083b95adb

/data/data/menrui.lelidou.ShiSanShui91/databases/gamecentersdk.db-wal

MD5 2f3f4cd4120da91cb2d9d720cd3611e9
SHA1 a239d5565f6aa6631e42318be95cb42247c774b7
SHA256 6a21ba8c2b8a307d005d09e4947a904753154fe438e33be1383ad89b53e596e6
SHA512 9d7a265222ea28e5f85b6aae07638847cf81558fc5d6990b845fc136f9d98e71e937c286fb8117a876de0d208e1861ae9021cb72ee005c47e3acc167ec62ebe0

/data/data/menrui.lelidou.ShiSanShui91/databases/gamecentersdk.db

MD5 2b9428db4cc7bf8dc09d97eeee589bee
SHA1 fc4449b3b78db9260babd63aa7d15d2bbb595afd
SHA256 45e92f5e04cf7ba8b946086d66265d93b762cd595839890eb558a54ebd3e5916
SHA512 cda849c0ff15d0d1c14acb4ddb473e1d66fbe925a6b2a886c5d54c9f50cc1c41ee56958aec49e30814f7652ff81d4ef9996950712c3a6c30674ba66c343dd8d4

/data/data/menrui.lelidou.ShiSanShui91/databases/gamecentersdk.db-wal

MD5 44c14e621b8c816950b6cd59844ccabf
SHA1 f09ab9fb907c58fc67e304783333c08c4ed81fd3
SHA256 47faddcb0f5e5f914f2f874a202ce0552e5cab9119f7fe5f36874dbca466232b
SHA512 3312673f26817efb23f57cd9940cdbcb122b7ab71b1a0c468e32ec2a5d972b8559ee6ac879b255d2f80d88e03945d5d145a8d3adbcd9d3b20d85c48baa8bf9a4

/data/data/menrui.lelidou.ShiSanShui91/databases/gamecentersdk.db

MD5 d55f8232e75d21bad5d655c01c87a29c
SHA1 e7ee6638f8b1609e052492ecb6da7f46f29cfe53
SHA256 5278e3f34621022e69a4ad2971401926bfcd6044feea511a344268300d05072e
SHA512 e6aa088e1294f981434e81f8364779328d43c567e0918712ce128e00d8617461f4b21d88cb49c66c73427b5d194b7c94348352d94959dbf7e73d0fc051cf04c6