Malware Analysis Report

2025-08-05 19:14

Sample ID 240519-exhbmaaa6x
Target 58824ab8733f211baf62e9fdd6bd7e18_JaffaCakes118
SHA256 a81e51eab85141fc460f2670fdfe0641896a0d1041b8bc9c70c96aa8c555e791
Tags
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

a81e51eab85141fc460f2670fdfe0641896a0d1041b8bc9c70c96aa8c555e791

Threat Level: Shows suspicious behavior

The file 58824ab8733f211baf62e9fdd6bd7e18_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary


Requests dangerous framework permissions

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-19 04:19

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-19 04:19

Reported

2024-05-19 04:22

Platform

android-x86-arm-20240514-en

Max time kernel

3s

Max time network

130s

Command Line

com.songsoftware.sgm

Signatures

N/A

Processes

com.songsoftware.sgm

Network

Country Destination Domain Proto
GB 142.250.200.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 172.217.169.42:443 semanticlocation-pa.googleapis.com tcp
GB 216.58.204.67:443 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

/data/data/com.songsoftware.sgm/.sec_version

MD5 4afb4a79279802acc73440da6316b87d
SHA1 67a9ad1f776d40b5494283101e802b3ac0672818
SHA256 c7d13adcb97aeab3a5016cfd9138254daca3d33acb3d1729cb5d4c31cef23ece
SHA512 9c71b817c9531b6574fb5d0a91019929472a1914f1279a2ba965d9471cdc694542257eb650edade70452786a1d0cffec09242abc191bcc747b6f32596c849c87