Malware Analysis Report

2025-08-05 19:13

Sample ID 240519-fsqmwabh62
Target 58b215e49112129d91c971d689be1473_JaffaCakes118
SHA256 8cdbf2e5e9e1aa7adb62ae970d1ca11271dc21662abccee345bee3c8d33f5cf5
Tags
discovery evasion persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

8cdbf2e5e9e1aa7adb62ae970d1ca11271dc21662abccee345bee3c8d33f5cf5

Threat Level: Shows suspicious behavior

The file 58b215e49112129d91c971d689be1473_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion persistence

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

Queries information about running processes on the device

Checks if the internet connection is available

Requests dangerous framework permissions

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-19 05:08

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-19 05:08

Reported

2024-05-19 05:11

Platform

android-x86-arm-20240514-en

Max time kernel

177s

Max time network

183s

Command Line

com.letv.tv

Signatures

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.letv.tv

com.letv.tv:cde

Network

Country Destination Domain Proto
GB 142.250.187.195:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 api.itv.letv.com udp
CN 115.182.93.220:80 tcp
CN 115.182.93.220:80 tcp
CN 115.182.93.220:80 tcp
US 1.1.1.1:53 dc.letv.com udp
US 1.1.1.1:53 ark.letv.com udp
CN 27.128.211.253:80 dc.letv.com tcp
CN 27.128.211.247:80 ark.letv.com tcp
US 1.1.1.1:53 api.platform.letv.com udp
CN 103.52.174.178:80 api.platform.letv.com tcp
GB 142.250.178.3:443 tcp
CN 27.128.211.252:80 dc.letv.com tcp
US 1.1.1.1:53 cnapi.soundink.net udp
US 208.100.26.245:443 cnapi.soundink.net tcp
CN 103.52.174.179:80 api.platform.letv.com tcp
CN 117.121.58.243:80 tcp
CN 117.121.58.243:80 tcp
CN 117.121.58.243:80 tcp
CN 27.128.211.248:80 ark.letv.com tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 api.letv.com udp
US 1.1.1.1:53 s.webp2p.letv.com udp
CN 111.32.149.243:80 s.webp2p.letv.com tcp
CN 123.125.89.242:80 tcp
CN 123.125.89.242:80 tcp
CN 123.125.89.242:80 tcp
US 1.1.1.1:53 www.baidu.com udp
HK 103.235.46.40:80 www.baidu.com tcp
CN 220.181.153.210:80 tcp
CN 220.181.153.210:80 tcp
CN 220.181.153.210:80 tcp
CN 115.182.93.220:80 tcp
CN 115.182.93.220:80 tcp
CN 115.182.93.220:80 tcp
CN 117.121.58.243:80 tcp
CN 117.121.58.243:80 tcp
CN 117.121.58.243:80 tcp
CN 123.125.89.242:80 tcp
CN 123.125.89.242:80 tcp
CN 123.125.89.242:80 tcp
CN 220.181.153.210:80 tcp
CN 220.181.153.210:80 tcp
CN 220.181.153.210:80 tcp
CN 115.182.93.220:80 tcp
CN 115.182.93.220:80 tcp
CN 115.182.93.220:80 tcp
CN 117.121.58.243:80 tcp
CN 117.121.58.243:80 tcp
CN 117.121.58.243:80 tcp
CN 123.125.89.242:80 tcp
CN 123.125.89.242:80 tcp
CN 123.125.89.242:80 tcp
CN 220.181.153.210:80 tcp
CN 220.181.153.210:80 tcp
CN 220.181.153.210:80 tcp
CN 115.182.93.220:80 tcp
CN 115.182.93.220:80 tcp
CN 115.182.93.220:80 tcp
CN 117.121.58.243:80 tcp
CN 117.121.58.243:80 tcp
CN 117.121.58.243:80 tcp
CN 123.125.89.242:80 tcp
CN 123.125.89.242:80 tcp
CN 123.125.89.242:80 tcp
CN 220.181.153.210:80 tcp
CN 220.181.153.210:80 tcp
CN 220.181.153.210:80 tcp
CN 115.182.93.220:80 tcp
CN 115.182.93.220:80 tcp
CN 115.182.93.220:80 tcp
CN 117.121.58.243:80 tcp
CN 117.121.58.243:80 tcp
CN 117.121.58.243:80 tcp

Files

/data/data/com.letv.tv/files/bschannel

MD5 f9adbcde11baa62c293d9c5b5465e1fa
SHA1 52bc5aa92403769975e0fce706472064f906ccc2
SHA256 558ed0f9e3cb89bc98f840c0f8f8c6acded0d84c466d9977349aa49cbf1b5371
SHA512 a161361b0fc8bc50a108150be03272527fa548b178b5f990f2d6bbf798e0d4ce63148e968634f2282b19e76e23f471e008efca37d50538a2096762ecf366b0b0

/storage/emulated/0/letv/bschannel

MD5 241330befbbc1dbbe9f3590dbf0bc45a
SHA1 9772cb4296a09664155439a06c58ebaf098d57ed
SHA256 9cd63a3bbaac19848d80151e467c488fdbaaab2f775df098ea74f854d2137358
SHA512 947b67188ab245f949dc163a8a2fe0228b588c9f70e9a1b4683020fbdc1536a837a9a2105f338c6b5de44af99d5dde4f948dc6cc60ca8363567bf5f2e14730c4

/storage/emulated/0/letv_log/storage/log/com.letv.tv/applog.log

MD5 4c6ae9ca414083c963be3bf601cc0fc6
SHA1 940bee93f696070a73e0dd241a8491dfbaea622f
SHA256 fda47b23c858f6e80cb721fc42c72e7768536363992c6bbacd868c39daab8338
SHA512 d77ec2c09ad48594c63391b88313eba3a6ae4bb82e92fd55b6ee8501680f4b49152641b6af7a9cee8887e85845428ee235aea59a45576bb8bc9e2af5a3e0c183

/storage/emulated/0/letv_log/storage/log/com.letv.tv/applog.log

MD5 f7a63faa95d91bbd96f638d2b4ae6ead
SHA1 43fa0fb31be5115dae16c89af3f0059dbae12f62
SHA256 355c57561676d433e67ab6825e5a66c7279b3a32de9055b593e6816b7fbd9008
SHA512 8c5f751e68548531359d5f17a2f032ff6b75f9df5997c3338d2dde9d10d2d68ce25f507ed5d57c8a2b5be4b4f6fcdfb043e3d011bf70b95f4e96b646adc47ba5

/storage/emulated/0/letv_log/storage/log/com.letv.tv/applog.log

MD5 e86373724ec40c65ea9dfebb04b9af38
SHA1 fbf43ce55d360341c796692e1a15e1331f4b5953
SHA256 5c0053fcfca3a9fc045028634679953aad48d5205820e24236c08d2711de183e
SHA512 85414a46604e6988edaa81a371a1ac39acc2c838692559fd35a152ea5fab1f2d17914af1ad6b55ae9ae4e2908722e386a0a22dca1a6f91dd26447a7fb1df0a20

/storage/emulated/0/letv_log/storage/log/com.letv.tv/applog.log

MD5 afe9080546a54aedd469d703f94d2bc9
SHA1 9c8eda384cb34e4d0f361084e3643b72705097b9
SHA256 5995b099dc13a7a8ccca6c4d5c27e3a79259a545efe18cc3bd99c1c835372c57
SHA512 22b5326a560fd6ea2be8ba8a2f3b380fbfd9250d389b003e2acb9d90d5c4e18cc0a694b06a8d445b25a92fd3d76bcc94f25e62085ece4e10fe40a0bc67d2c8e6

/storage/emulated/0/letv_log/storage/log/com.letv.tv/applog.log

MD5 32a2490a16507c85998f52b5a50a2182
SHA1 c79b67aa23e0055c35adf1ff4140ebd94f94f0c7
SHA256 9a276f40645c8b199932404d1178d0a9ccdbe47d7b4a51fa7eeb849d372fc0b1
SHA512 5f01613467282527118280d2832a2acc020c2691fceaf75c49ea777b430fbd614284836c9826b111357880a15bb2393490333cb5f020de4c346f71967f8d14ed

/storage/emulated/0/letv_log/storage/log/com.letv.tv/applog.log

MD5 2fc13898724f1c4dc8ce8bf456eec39a
SHA1 7ad259d25c05e85189297da1b80e9f06bd4c6934
SHA256 5e150de45ac0d9f623226b7b9fad0879f2d4016b189cd1b6669fdb0bb10d48c4
SHA512 c6c7fd9af8f2127f658fe4623d3087bf1411c3ec4e271551baaa88bab8b636f3f0704ea2c5170f7241f446ee3e534b2fc52c4e95d3d581f4edf85e5f62388a73

/storage/emulated/0/soundink_tv_sdk_log.txt

MD5 ffc83f909f66f58e2a99ea6735228945
SHA1 32249f581fd3a11ad7723376663beae5e23a23c2
SHA256 6d1766a8f539cb9b2c360fdc6950a0f209122f903e106ea51954ef214676e78f
SHA512 852cbb581c71d0f66d64ea01da0603c0b69f89111c0c68b54abb023ac8fb286573519493ad25c15bc53683c86735f99812a70f588a8312e23879dad084cc9ff6

/data/data/com.letv.tv/app_datas/cde-download-states.json

MD5 e3059d2b8175ab86944134b68e428802
SHA1 ef690caa31e6d2aaac4fc1802fdc9dc269c67097
SHA256 83f2c64d744ee1bd78b8a18b3235fcff8a9b5f69d6975aa00a78e2f93fec6239
SHA512 a2eb72b9f083991e7abcbd1f8abdaac50a7ec62a11ef25c57c7ae77b92c01a87fbc2eedd7cae398e90e75537dc6e91a9ba1e9247783eab0021eabfe5f1b79b69