Malware Analysis Report

2025-08-05 19:14

Sample ID 240519-fa7tfaah2v
Target 58971085fe27da536818b1addb3321c4_JaffaCakes118
SHA256 1738610c289324cd0a4d74f24862e6463ea3d104940f35d22f21a2f9420a5e6d
Tags
discovery evasion persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

1738610c289324cd0a4d74f24862e6463ea3d104940f35d22f21a2f9420a5e6d

Threat Level: Shows suspicious behavior

The file 58971085fe27da536818b1addb3321c4_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion persistence

Checks CPU information

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks if the internet connection is available

Requests dangerous framework permissions

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-19 04:41

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-19 04:41

Reported

2024-05-19 04:44

Platform

android-x86-arm-20240514-en

Max time kernel

62s

Max time network

131s

Command Line

com.baiwang.instaface

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.baiwang.instaface

Network

Country Destination Domain Proto
GB 216.58.213.3:443 tcp
GB 142.250.200.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 feedback.umeng.com udp
US 1.1.1.1:53 oc.umeng.com udp
CN 59.82.23.79:80 oc.umeng.com tcp
US 1.1.1.1:53 data.flurry.com udp
US 74.6.138.67:80 data.flurry.com tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
US 1.1.1.1:53 oc.umeng.co udp
CN 223.109.148.130:80 alog.umeng.com tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umeng.co udp

Files

/data/data/com.baiwang.instaface/files/.flurryagent.6cbc6b65

MD5 6408756119852b61db571186d71dc44b
SHA1 fa6ce87ddfc90cdbb649f31cee21567b61caa250
SHA256 b173b935a7dda166e6d12b9273e24a3be390baab07b9a9529aa0774f2b68e829
SHA512 0f8dcda11537051eec1db7a63a7d9f0401a5a1a9497ce2fc925f0787f2ed88498557697241d012e375c9b8be883733bf1e42a6a0b2e2b87d252511094600d271

/data/data/com.baiwang.instaface/files/.flurrydatasenderblock.ca9917ae-88f4-4c96-9815-e0e3fbd83e06

MD5 b3fd31a0963fa3f97d0e4c8aa15302dd
SHA1 c69a14a876bb260c30127e865d96abac5aea3715
SHA256 9b7fc9284f31a0e9cc9040b51fcae270168082044ed0dcea2fa14dbb89743e68
SHA512 c2fd0e9f8e1f8dbba63a174892bde117aab17005522eb43ea6fc777f72e0f3a2d4d943650fcddfe7eb92e2f0b0fd9241b3a4a05099bce69aff367e1246be2855

/data/data/com.baiwang.instaface/files/.FlurrySenderIndex.info.Data_CNTD5RP237VMRKYDDNS5_151

MD5 923c7c746ee44f342517fd54ffe67090
SHA1 8f2e2cb944358b7a4f3eb05ee7a7ab52a59fd594
SHA256 78819ab45db398d1d65f7c900aab40dda82ffecb49232daed0a249c725f1d4c5
SHA512 c5bd508eaaf54ce11761947f8fdb435f4b839342cf60669fce7c52e1d78973ca31b93a05be322c5bde01007a4ec7bde36a15401061cfacfe2c6ec789658e8b6c

/data/data/com.baiwang.instaface/files/.FlurrySenderIndex.info.Main

MD5 ee0d1609d4ddd43117bb43f3603ae68e
SHA1 bf4f2c2db65a5f093a4a580465833895411b0506
SHA256 d8055f49ad0420e4a4941aae5af2120473a7bf19d9ff2bbe37d078fbcd23ee29
SHA512 fe1ea9f6ef90c2b7e399cbf15005b0c3d8548d1b69efcefe54101ff09e5bb421911a02b425a7ddfaa49e7f866817acffb39646647f6a316a42f6327302db9b2b

/data/data/com.baiwang.instaface/files/umeng_it.cache

MD5 33f5ddeed13d2d5b2528a4d8e1bf8dd0
SHA1 94504d5be7df1ce30fdb2f588d9c5df30c74460f
SHA256 7c21c434ea2e626dd7171af8b9572258543569e8e00b55cffa80b1a1d9227fae
SHA512 040ad0dac0ac0bdc3c3883f9cd7aa37ffde9111aa578cb568a68ed86ec01e6dc129a05982e464e98b31b10a9a451d7a295271d50213ab09a8733ac49c931fcb1

/data/data/com.baiwang.instaface/files/.um/um_cache_1716093751050.env

MD5 9ab135aef4e172fafb62275933d5469d
SHA1 2d0b1944dbfc834487c7d60397266e28ed4e5a20
SHA256 550ef0372d060a95298c18fb58e45cb3ea3ed092f7ffb2d6d2772dbdab6d733c
SHA512 9cfd6324ea939688261236886ce9e47139cf77a3ec56a6ff19380119ed2a265cb41dabef22b904c71985702594dc1bbf41dc2889b93188464c3a3806c09ac0e5

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-19 04:41

Reported

2024-05-19 04:41

Platform

android-33-x64-arm64-20240514-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 216.58.204.68:443 udp
GB 216.58.204.68:443 udp
N/A 224.0.0.251:5353 udp

Files

N/A