Malware Analysis Report

2025-08-05 19:14

Sample ID 240519-fpt6wsbf2t
Target 58acb7aab82bb348d6d881594ada2e7e_JaffaCakes118
SHA256 67283252078f7706692582b6e28fd3590687ff928dc08a0fe6a9f8950508b9bb
Tags
persistence discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

67283252078f7706692582b6e28fd3590687ff928dc08a0fe6a9f8950508b9bb

Threat Level: Shows suspicious behavior

The file 58acb7aab82bb348d6d881594ada2e7e_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

persistence discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

Requests dangerous framework permissions

Queries the unique device ID (IMEI, MEID, IMSI)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-19 05:03

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-19 05:03

Reported

2024-05-19 05:06

Platform

android-x86-arm-20240514-en

Max time kernel

167s

Max time network

170s

Command Line

com.pip.android.mcgame.vn

Signatures

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.pip.android.mcgame.vn

Network

Country Destination Domain Proto
GB 142.250.187.195:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.206:443 android.apis.google.com tcp

Files

/data/data/com.pip.android.mcgame.vn/databases/recordstoredb-journal

MD5 6e9ceb0567afac398b22e963cb853da9
SHA1 4dff99527c4cc5ac96741fdc6c5d4a94c60e5808
SHA256 d7b530231586761bda3183bdb951319941b45a26eeb502598e3335615a6f49d2
SHA512 949f6f64212d8341326f0f9fe7ef14b59e2ecf5e75d98d2285ea22d15d5b15cc9afa610c5ac478639693ca8b07f772235ac5210057a717a29aeace7bd3e376bd

/data/data/com.pip.android.mcgame.vn/databases/recordstoredb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.pip.android.mcgame.vn/databases/recordstoredb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.pip.android.mcgame.vn/databases/recordstoredb-wal

MD5 6d951500ac93f2aaf06f51cc545d9086
SHA1 dafa0dbde91ffe29041c58609322ff359d6c13f8
SHA256 edda043c59c1af4c3a3abefef124e3b79a85e98afc68e22c75922dd24df7153e
SHA512 0ee855fa3cc928c8bfe0044bad3d03975a1bb79c881e851b342f883a71228a5bdc0f546b2df77dc8a850de863e4335562a72b252a3bfd9499992e3a4a43daf98

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-19 05:03

Reported

2024-05-19 05:06

Platform

android-x64-20240514-en

Max time kernel

167s

Max time network

141s

Command Line

com.pip.android.mcgame.vn

Signatures

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Processes

com.pip.android.mcgame.vn

Network

Country Destination Domain Proto
GB 216.58.204.67:443 tcp
N/A 224.0.0.251:5353 udp
GB 216.58.204.74:443 tcp
GB 216.58.204.74:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
GB 216.58.213.14:443 tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
GB 216.58.212.194:443 tcp
GB 142.250.180.14:443 tcp

Files

/data/data/com.pip.android.mcgame.vn/databases/recordstoredb-journal

MD5 6a59300c8a12090547336bb09b7e2685
SHA1 5dba8a9574b77d791e65aef0724e8b601ba4de6e
SHA256 2e12799af6d0e22d7ccd183806dd6ace05327a3ebb5356261565458c3359e138
SHA512 c136f42447ac3f671dbb68cd46aa0090437c9ee9e12adbe830740ab7142be177cb2a917a3502364f4c2e146c3d56757d9a067cccaa71966c80800f0d77ed1f90

/data/data/com.pip.android.mcgame.vn/databases/recordstoredb

MD5 a474f0454ff762cf0febcbdd5cfc63b0
SHA1 2759979940b313834590e07aff41581a3ab0c666
SHA256 53a4666658f75028e77de3f16fa58caf3cd5a5521a3d1da6edae69abcc43febd
SHA512 7a12b058071f47ae326d06867fbc1e9a43550290acf5c35b33b74c1c044d9e180c60465ddd9a64a1732c2b47f325573007df862d6056a8cd296dd6071a7a9bd0

/data/data/com.pip.android.mcgame.vn/databases/recordstoredb-journal

MD5 b7b180f3447e1527e8c13f557d428a6d
SHA1 022a595968c8346246c28bbecf2d62dd55eb7c3c
SHA256 a0365ff4a24fd6d63afdba8c8978df56086411560e82aaeee022f3c1f3dcfa68
SHA512 77135ff8a49039c953c3ae0f9abd339d1f7439f22f62f78aee6911cf4954ada4aadf9707c3b9206bfe8ca68f47ee84c67019baad080d19316a4fd6fe6a20ec6d

/data/data/com.pip.android.mcgame.vn/databases/recordstoredb-journal

MD5 727d6783a364a1ca83993283e0602559
SHA1 925780f2649b82b14d2dabffed6023d5359ac7b5
SHA256 338e0e248d668871397715107e189a007c7c20aaeb56195b7ab23a8cc085648c
SHA512 67d396753ec04bcf3db75879f059b3c41f0183ff8301487e55963bc91f337e18b0272317479089dc2e693957963468ffd4c88c2612f8b6a04da9e825cb8810ac

/data/data/com.pip.android.mcgame.vn/databases/recordstoredb-journal

MD5 0c15aede5ff18fb168149878acbe1d3a
SHA1 ddc0a4719b38a0bb500c75c594f4d1e9e3bb5091
SHA256 f1071e341001900217c60bcfa2a8c11f140effc717152e27c0b1f37b50d83c00
SHA512 ea2dd39963702fb7b39e3c805fd84c60b750f6eaa9f2f90836652f497fcdc54f207cbab27b081904725e17df72720aa298e70984fafe6a43d4c2d7de16f0521f

/data/data/com.pip.android.mcgame.vn/databases/recordstoredb-journal

MD5 eb2a02dbc3e2194f378fed4b588ef1fa
SHA1 cf6c0a93963a9fb2e1fdbd56026e148d6f925f43
SHA256 ce4b0eaddd7ee73651cb5cb3f77fdf0ca18b7add4716e7e2155abfe3a380a732
SHA512 9471209fdd47d029cbbad3ee937350d7c9a1fa67c772f592e4b120063d09f2f5600c1de7d55ac04b42ddb10a1f3c1d05bbf54c9cb161ad0e9f2e052402686e28

/data/data/com.pip.android.mcgame.vn/databases/recordstoredb-journal

MD5 dd0e54dee8be47c8e21ba24c33edb18c
SHA1 e572c7c533bbc26633c464b823e5c046d057852e
SHA256 1988bdd8cf498ad134b59a7f5bf897aacc21a4d408c53638d50b3984333ac84a
SHA512 60110a21ca714f5d7fac11aa635e6183d9017a5dd57f2c6d77640e384532c4c586cef8343ae600e6c4d4c506fc3e8dcbb6a7d695519b7a960074c9b5cf1f47cc

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-19 05:03

Reported

2024-05-19 05:06

Platform

android-x64-arm64-20240514-en

Max time kernel

130s

Max time network

130s

Command Line

com.pip.android.mcgame.vn

Signatures

N/A

Processes

com.pip.android.mcgame.vn

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.8:443 ssl.google-analytics.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp

Files

/data/user/0/com.pip.android.mcgame.vn/databases/recordstoredb-journal

MD5 b173f1c72e800c031ebad4292ebb1386
SHA1 debc53c2cfcb9f0f318ccb3c12c1e79c248f2b11
SHA256 f2172ceb40dadb347127984811f4cde11518117861a5c8605d27ee04b19ed60e
SHA512 212cc2a7a1fa467f845c0085d71a42d50cc8b4af30808e0ab3192007bd228b69627835e5268c9ecda1c6aa6f395ce20d71e31a8fa1c30f91d4f113512c70db29

/data/user/0/com.pip.android.mcgame.vn/databases/recordstoredb

MD5 a1772ce3d99e15a58a4e2d4afc013df1
SHA1 71dbf3f81b9edcd3c4958d1462799b2139652373
SHA256 dd4d818d3f59edf05287848722da963d232cda602744e0300582e47dd3d3f4c1
SHA512 1a4de641e5914acfc7e76008133930bced60b20ccb287038343339d68cd41d59c572311f2356dd8ad69d8804e74cee8db8d8526c397969b1b2747581465dcf50

/data/user/0/com.pip.android.mcgame.vn/databases/recordstoredb-journal

MD5 e2fff0fa2994c83e343f9eb87aa90bfa
SHA1 40a908e99a58ca7be62801673132540e04e1ab0e
SHA256 75441b2c9bfc822d7111822a0771e77d23aafaef0fbd63661db587fba42e3d9e
SHA512 b3114f5aaf491f207bd744bc39315a0809e3dbd59961ab5d3ba1392af9b257c326c81701251c82b88d773525a5b4c324c6343d1167291d32d6d4bbfea18541f7

/data/user/0/com.pip.android.mcgame.vn/databases/recordstoredb-journal

MD5 6a164b56bfa3b344101b64e813195262
SHA1 c940a744e00516dd5eb2e01e1fc47856fcb9f3ad
SHA256 3a1c3909a5eef07b96eb4a40fcf4990540afe140dd6ca7a2d5965ae2b2beedc0
SHA512 7b33cf725f64e025f93385ce4bcc92af965374ebe2909459ee2a822015e96228e05cb21c2351bd17b83e923535f4407951c98a72dc6df9cafcedd23f501fc7c2

/data/user/0/com.pip.android.mcgame.vn/databases/recordstoredb-journal

MD5 d320c53ddff83c3db62a6401179cc9ea
SHA1 f0f2edbe1678d6ce7045aa95a7819cdc4c487e19
SHA256 a9ba24f408132c94d2f5941b0ad94ac2abe1b42b6d8f93697ef60197752a7e1e
SHA512 ee021a26b2f8c9a07fbc39e124fdbd7584776c2f76cde48c90250bb86f1300a9961cb5982307a3f3e195bb810f77964395041afd04a0362141df4c750ecd2ca1

/data/user/0/com.pip.android.mcgame.vn/databases/recordstoredb-journal

MD5 5982844ed2ba4fb74f717f54fa2b5517
SHA1 8491e9c9a565a0fd95fb5efe1d1889bf014eeae5
SHA256 c1b80e99958b7bf968b737928783729c193f3d9c8a3afcf84f16a524c03d505c
SHA512 0c9929b36c907c1ecbcb17d22b03e795c2f941a04d54257f828efb39cbfa20d7551e21e6a534e87af80fd80862023dcd7f9bc4bc65a46334139634487dc75995

/data/user/0/com.pip.android.mcgame.vn/databases/recordstoredb-journal

MD5 f481a3ad57d5ab00cbc99d1bff6b5d74
SHA1 6c051144c0c93b0febce614ecd48d1234c6d84e5
SHA256 f02efc56c472e3eb8f034c601b92ab0306ce516dba2c775f73077acff4017409
SHA512 5afd1055fd2550c7136d15bd8eea4fb383cc63a29c5b201a9e79bf5794fdf7d4c85eabc039a99869bddbbfe7257caf767f3ab711b61378031a8c91fe198f2453