Analysis Overview
SHA256
1738610c289324cd0a4d74f24862e6463ea3d104940f35d22f21a2f9420a5e6d
Threat Level: Shows suspicious behavior
The file 58971085fe27da536818b1addb3321c4_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Checks CPU information
Queries information about the current Wi-Fi connection
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks if the internet connection is available
Requests dangerous framework permissions
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-19 04:41
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-19 04:41
Reported
2024-05-19 04:44
Platform
android-x86-arm-20240514-en
Max time kernel
62s
Max time network
131s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Processes
com.baiwang.instaface
Network
| Country | Destination | Domain | Proto |
| GB | 216.58.213.3:443 | tcp | |
| GB | 142.250.200.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | feedback.umeng.com | udp |
| US | 1.1.1.1:53 | oc.umeng.com | udp |
| CN | 59.82.23.79:80 | oc.umeng.com | tcp |
| US | 1.1.1.1:53 | data.flurry.com | udp |
| US | 74.6.138.67:80 | data.flurry.com | tcp |
| US | 1.1.1.1:53 | alog.umeng.com | udp |
| CN | 223.109.148.177:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | oc.umeng.co | udp |
| CN | 223.109.148.130:80 | alog.umeng.com | tcp |
| GB | 172.217.169.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
| CN | 223.109.148.176:80 | alog.umeng.com | tcp |
| CN | 223.109.148.141:80 | alog.umeng.com | tcp |
| CN | 223.109.148.179:80 | alog.umeng.com | tcp |
| CN | 223.109.148.178:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | alog.umeng.co | udp |
Files
/data/data/com.baiwang.instaface/files/.flurryagent.6cbc6b65
| MD5 | 6408756119852b61db571186d71dc44b |
| SHA1 | fa6ce87ddfc90cdbb649f31cee21567b61caa250 |
| SHA256 | b173b935a7dda166e6d12b9273e24a3be390baab07b9a9529aa0774f2b68e829 |
| SHA512 | 0f8dcda11537051eec1db7a63a7d9f0401a5a1a9497ce2fc925f0787f2ed88498557697241d012e375c9b8be883733bf1e42a6a0b2e2b87d252511094600d271 |
/data/data/com.baiwang.instaface/files/.flurrydatasenderblock.ca9917ae-88f4-4c96-9815-e0e3fbd83e06
| MD5 | b3fd31a0963fa3f97d0e4c8aa15302dd |
| SHA1 | c69a14a876bb260c30127e865d96abac5aea3715 |
| SHA256 | 9b7fc9284f31a0e9cc9040b51fcae270168082044ed0dcea2fa14dbb89743e68 |
| SHA512 | c2fd0e9f8e1f8dbba63a174892bde117aab17005522eb43ea6fc777f72e0f3a2d4d943650fcddfe7eb92e2f0b0fd9241b3a4a05099bce69aff367e1246be2855 |
/data/data/com.baiwang.instaface/files/.FlurrySenderIndex.info.Data_CNTD5RP237VMRKYDDNS5_151
| MD5 | 923c7c746ee44f342517fd54ffe67090 |
| SHA1 | 8f2e2cb944358b7a4f3eb05ee7a7ab52a59fd594 |
| SHA256 | 78819ab45db398d1d65f7c900aab40dda82ffecb49232daed0a249c725f1d4c5 |
| SHA512 | c5bd508eaaf54ce11761947f8fdb435f4b839342cf60669fce7c52e1d78973ca31b93a05be322c5bde01007a4ec7bde36a15401061cfacfe2c6ec789658e8b6c |
/data/data/com.baiwang.instaface/files/.FlurrySenderIndex.info.Main
| MD5 | ee0d1609d4ddd43117bb43f3603ae68e |
| SHA1 | bf4f2c2db65a5f093a4a580465833895411b0506 |
| SHA256 | d8055f49ad0420e4a4941aae5af2120473a7bf19d9ff2bbe37d078fbcd23ee29 |
| SHA512 | fe1ea9f6ef90c2b7e399cbf15005b0c3d8548d1b69efcefe54101ff09e5bb421911a02b425a7ddfaa49e7f866817acffb39646647f6a316a42f6327302db9b2b |
/data/data/com.baiwang.instaface/files/umeng_it.cache
| MD5 | 33f5ddeed13d2d5b2528a4d8e1bf8dd0 |
| SHA1 | 94504d5be7df1ce30fdb2f588d9c5df30c74460f |
| SHA256 | 7c21c434ea2e626dd7171af8b9572258543569e8e00b55cffa80b1a1d9227fae |
| SHA512 | 040ad0dac0ac0bdc3c3883f9cd7aa37ffde9111aa578cb568a68ed86ec01e6dc129a05982e464e98b31b10a9a451d7a295271d50213ab09a8733ac49c931fcb1 |
/data/data/com.baiwang.instaface/files/.um/um_cache_1716093751050.env
| MD5 | 9ab135aef4e172fafb62275933d5469d |
| SHA1 | 2d0b1944dbfc834487c7d60397266e28ed4e5a20 |
| SHA256 | 550ef0372d060a95298c18fb58e45cb3ea3ed092f7ffb2d6d2772dbdab6d733c |
| SHA512 | 9cfd6324ea939688261236886ce9e47139cf77a3ec56a6ff19380119ed2a265cb41dabef22b904c71985702594dc1bbf41dc2889b93188464c3a3806c09ac0e5 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-19 04:41
Reported
2024-05-19 04:41
Platform
android-33-x64-arm64-20240514-en
Max time network
7s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 216.58.204.68:443 | udp | |
| GB | 216.58.204.68:443 | udp | |
| N/A | 224.0.0.251:5353 | udp |