Malware Analysis Report

2025-08-10 23:59

Sample ID 240518-yfveeacf49
Target 5676e2bdded8fb5da19447f1a9b07249_JaffaCakes118
SHA256 2cb11b89cd9fab5ed4d8459ff84364ca8667dd541b9e3b8532bf7e857b5ec839
Tags
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

2cb11b89cd9fab5ed4d8459ff84364ca8667dd541b9e3b8532bf7e857b5ec839

Threat Level: Shows suspicious behavior

The file 5676e2bdded8fb5da19447f1a9b07249_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary


Requests dangerous framework permissions

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-18 19:44

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-18 19:44

Reported

2024-05-18 19:47

Platform

android-x86-arm-20240514-en

Max time kernel

2s

Max time network

139s

Command Line

com.szinteractive.GoBotix

Signatures

N/A

Processes

com.szinteractive.GoBotix

Network

Country Destination Domain Proto
GB 142.250.187.195:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp

Files

/data/data/com.szinteractive.GoBotix/.cache/classes.dve

MD5 c01204563003c40d28f5108a78ec8755
SHA1 c472ce0f002b2a604d5feada7e8518086c1d5ac3
SHA256 0ac6ea5ef39067aebf3598cdbff8e98c837ad9620bd6c75b3e9022bbc146823b
SHA512 a626205def49f0dc695ec7dd2b6ab4f625d2e03615aea999393aa377bc76f7e23bc517fb032e100421e3c4629fee9e25e8fa804bf592ba675926992dea68a266

/data/data/com.szinteractive.GoBotix/.cache/classes.jar

MD5 fd774c903bd3b2744c3eabcd07c3e99e
SHA1 07121d31fe7dfbcb1ac13007cc1c0fe6d4fc5b8e
SHA256 9178a95c865c53ea9621bd6a1f852b04422802ef87577ab534ffb840993924ec
SHA512 ed253bfd14f87859165cc0633e239fa6def3a67dad3035e5d1fb3625ea5a73e4c0d2335945a39609c0cfe413032e38368e707a143de67ffeb15fbbd63f60279b

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-18 19:44

Reported

2024-05-18 19:47

Platform

android-x64-20240514-en

Max time kernel

3s

Max time network

157s

Command Line

com.szinteractive.GoBotix

Signatures

N/A

Processes

com.szinteractive.GoBotix

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 216.58.213.14:443 tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
GB 216.58.212.194:443 tcp
GB 142.250.180.14:443 tcp

Files

/data/data/com.szinteractive.GoBotix/.cache/classes.dve

MD5 b77109e206aa794b1498bc0730299ac9
SHA1 dded470cdb496b1333950ee57becfad6be5e892c
SHA256 f307ca427d9c31db99b0b786b23a0070cf70aaf1e8516ddfc8912884f82bbb97
SHA512 f94ef25557e15fe15dda9227b2f708636a459304a689d4f177552475564ed5073bdc43bc489184d2a3b0ab7e9e7fdaf70cba5b0d1b812c3d1468d961fdaee6a0

/data/data/com.szinteractive.GoBotix/.cache/classes.jar

MD5 fd774c903bd3b2744c3eabcd07c3e99e
SHA1 07121d31fe7dfbcb1ac13007cc1c0fe6d4fc5b8e
SHA256 9178a95c865c53ea9621bd6a1f852b04422802ef87577ab534ffb840993924ec
SHA512 ed253bfd14f87859165cc0633e239fa6def3a67dad3035e5d1fb3625ea5a73e4c0d2335945a39609c0cfe413032e38368e707a143de67ffeb15fbbd63f60279b