Malware Analysis Report

2025-08-05 19:13

Sample ID 240519-hmwytafc38
Target 59161bebf010601de41a8a8f42e186b9_JaffaCakes118
SHA256 18867ad9fde6f580a929f80614cc3293ea22ba864964ab7dc0c66e6c41eb2e7b
Tags
discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

18867ad9fde6f580a929f80614cc3293ea22ba864964ab7dc0c66e6c41eb2e7b

Threat Level: Likely malicious

The file 59161bebf010601de41a8a8f42e186b9_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion impact persistence

Checks if the Android device is rooted.

Loads dropped Dex/Jar

Queries information about running processes on the device

Queries information about the current Wi-Fi connection

Queries the mobile country code (MCC)

Checks Android system properties for emulator presence.

Checks CPU information

Checks memory information

Registers a broadcast receiver at runtime (usually for listening for system events)

Requests dangerous framework permissions

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-19 06:51

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-19 06:51

Reported

2024-05-19 06:55

Platform

android-x86-arm-20240514-en

Max time kernel

173s

Max time network

142s

Command Line

com.infinitapp.onetwoboom

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Checks Android system properties for emulator presence.

evasion
Description Indicator Process Target
Accessed system property key: ro.product.model N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.infinitapp.onetwoboom/cache/1582435991586.jar N/A N/A
N/A /data/user/0/com.infinitapp.onetwoboom/cache/1582435991586.jar N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.infinitapp.onetwoboom

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.infinitapp.onetwoboom/cache/1582435991586.jar --output-vdex-fd=59 --oat-fd=60 --oat-location=/data/user/0/com.infinitapp.onetwoboom/cache/oat/x86/1582435991586.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
GB 216.58.213.3:443 tcp
GB 142.250.200.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 172.217.169.34:443 googleads.g.doubleclick.net tcp
GB 172.217.169.34:443 googleads.g.doubleclick.net tcp
GB 172.217.169.34:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 alog.umeng.com udp
CN 223.109.148.177:80 alog.umeng.com tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
CN 223.109.148.130:80 alog.umeng.com tcp
CN 223.109.148.178:80 alog.umeng.com tcp
CN 223.109.148.141:80 alog.umeng.com tcp
CN 223.109.148.179:80 alog.umeng.com tcp
CN 223.109.148.176:80 alog.umeng.com tcp
US 1.1.1.1:53 alog.umeng.co udp

Files

/data/data/com.infinitapp.onetwoboom/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/user/0/com.infinitapp.onetwoboom/cache/1582435991586.jar

MD5 fde2ee00cbd121cfab5290b078aa3ceb
SHA1 e2b77d5320e155e413d040a8c20020962065b2f8
SHA256 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512 a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

/data/user/0/com.infinitapp.onetwoboom/cache/1582435991586.jar

MD5 2048eb6124a452540ee51dae4145aadf
SHA1 d05005b2cd7fe4cd652b0d7fd1bdac2c19d51451
SHA256 105c54b6fe3f25350e92187467761598e4c21d62b1091b77d091f65f3bd98864
SHA512 bb6cb3853dd2a5d0701e20607d4e153ae201268dd2e5e2d06cc2df208b3b4dc50132a4ab428251b1644d2399fcc717662438d082ff14203387bab8794109d44d

/data/data/com.infinitapp.onetwoboom/files/umeng_analytics_envelope_cache

MD5 aff83f71fd39caf17fe943280edc8fcc
SHA1 c642faea11004d04e8a42871a372f03de4e04bbb
SHA256 833402240ef0cd9b5b4d51f7a6ac154e525eb179a0c5c50bc78a7816b4672ac8
SHA512 439965fd0e6af11566cd3b810fddfb2cd308ab8e268a32a38a26bde133e049f0612ab93d9f4893509d10cabd6ca1ace09528cf67d1da94595992154d5f1ba621

/data/data/com.infinitapp.onetwoboom/files/umeng_analytics_cache

MD5 8b83e36abdb200f6eff344675529a721
SHA1 3bcfed5a47925ce01ee455fff6a5bb7105b363f2
SHA256 acb6d7c6ceddc2f89435524a0e7ce723116a4f8dbeee073052b9c22b0862f336
SHA512 0d858bd7b9bf7d9e6371841e53f0ec93cd8013c0f8bcfed332554adcfa21c93f113de93b6a8a1b3f82ec2ad04f91d6dcaefea2735d84651487552b15631bc528

/data/data/com.infinitapp.onetwoboom/files/umeng_analytics_envelope_cache

MD5 f2fe255e70eacbc4d169b996a3e57c08
SHA1 e6542b958089a13218514d9da9f38e6f5f074376
SHA256 6af57a721ccbb8323d2c446c54a4a0401bc7dd9b38ee01bce59d164c7e5ca01a
SHA512 9b5d677f6a92ab36954717a29b46aab2e1a0aea3eb555868a02901b920e6205205be7c41fed2a798ffbbb8595f6b0cc77862a4e68e685dc4940bdc0192396cea

/data/data/com.infinitapp.onetwoboom/files/umeng_analytics_cache

MD5 a562f8206651659b8a0a33ed4857ed1a
SHA1 7d1fa9572c0c3caeaa96297e7bedf1ba0bf76579
SHA256 b3e66f2b74f59adf32db0d04430a438e394178f5a21671a1b5ec45dc922573bb
SHA512 ad0f28cd082fc8806863a667d270c4456ccda5e490895faf8f0bf3e7cc5625406417f8a0cedd527f962a7ee557bb67982e082d82f3db27f31796452da8c5da1f

/data/data/com.infinitapp.onetwoboom/files/umeng_analytics_cache

MD5 0e469038dfa9638b6dead899a6278c51
SHA1 50b6e72782224751a1fd356002167a01199381d7
SHA256 09e03075061f7c5778f943b8a0ed45c4367ac5d4d696c4d8ed7bc2355a881e67
SHA512 ce02aaae921d68641a392db894d9e85ce41aa48d805528b98d03069cc9b755a7060875ed79011e1934ba1b1d28c18269ba9c93d40d5f8fe70d97616f5d3ee789

/data/data/com.infinitapp.onetwoboom/files/umeng_analytics_cache

MD5 d6f29f375d1a6a34eb287a8806b5da3a
SHA1 e39187ae9e6491e66d9f774577763ceb9e681393
SHA256 c0e0d8bd8a8192ce40f777990858d3c7d28590eb8ebe832d3af0240df29dd21f
SHA512 e35b65463cc16eb6f3657c15cd80eb83b8e5ee87173108ae94d785b23cd3b9091b248b5bf57ad6ab2538a7c346ed84a499602aeaaef7738b3fbd5c62f6dbc90b

/data/data/com.infinitapp.onetwoboom/files/umeng_analytics_cache

MD5 10b219a73bebd1621c9ae7907439c53e
SHA1 e4e6db748e4e0c3652fc0dce25e971b19a6c1930
SHA256 9fb2cc45482e3977b35be937ea2b81222f489c6fbf178c3e058b6e5f3b1b351e
SHA512 539c2f0ac82bbf347874ec61e9f1926fc13488e602127b57aea3c3d2fa7cd7171f05895e175e65992b72ad72abf220e458e784af4b9c2e61810cbfc20ce96cd3

/data/data/com.infinitapp.onetwoboom/files/umeng_analytics_cache

MD5 fda3e7ee85254cb30297dc2dbf465283
SHA1 2914101eafd9f55f6f72200a119c6a86a89507f9
SHA256 684dc3bca7ee0bb0f9ee882baaa471b4bbc58e79057169aee7c5a6323930fec4
SHA512 b83f1fa3198c5dc8109e35190cef203d58fabb0ebaf67a5c15c7b6497c006ddb1848e070ec1b5239490aaf4dfe1f93b6b4a77546e8290d37b5228a88e6169191