Analysis Overview
SHA256
8cedf8bd07b9bcd7df2cd502211b60078bf9bd0605be4b365fd64a0bc2860658
Threat Level: Likely malicious
The file 5cbe9b2a34091eb4eb9cd8613d242439_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Removes its main activity from the application launcher
Loads dropped Dex/Jar
Registers a broadcast receiver at runtime (usually for listening for system events)
Requests dangerous framework permissions
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-20 02:33
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-20 02:33
Reported
2024-05-20 09:34
Platform
android-x86-arm-20240514-en
Max time kernel
179s
Max time network
130s
Command Line
Signatures
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.jjgege.camera3/files/8888881-1000/comjjgegecamera3.jar | N/A | N/A |
| N/A | /data/user/0/com.jjgege.camera3/files/8888881-1000/comjjgegecamera3.jar | N/A | N/A |
| N/A | /data/user/0/com.jjgege.camera3/files/8888881-1000/V4/1716197460895.jar | N/A | N/A |
| N/A | /data/user/0/com.jjgege.camera3/files/8888881-1000/V4/1716197460895.jar | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Processes
com.jjgege.camera3
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.jjgege.camera3/files/8888881-1000/comjjgegecamera3.jar --output-vdex-fd=47 --oat-fd=48 --oat-location=/data/user/0/com.jjgege.camera3/files/8888881-1000/oat/x86/comjjgegecamera3.odex --compiler-filter=quicken --class-loader-context=&
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.jjgege.camera3/files/8888881-1000/V4/1716197460895.jar --output-vdex-fd=47 --oat-fd=48 --oat-location=/data/user/0/com.jjgege.camera3/files/8888881-1000/V4/oat/x86/1716197460895.odex --compiler-filter=quicken --class-loader-context=&
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.195:443 | tcp | |
| GB | 142.250.200.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | cu.smaxdn.com | udp |
| US | 35.91.124.102:8089 | cu.smaxdn.com | tcp |
| US | 1.1.1.1:53 | apply.smaxdn.com | udp |
| US | 35.91.124.102:9099 | apply.smaxdn.com | tcp |
| GB | 142.250.178.3:443 | tcp | |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
Files
/data/data/com.jjgege.camera3/files/8888881-1000/comjjgegecamera3.jar
| MD5 | 5c3c8fed0398447cb0f68fba94709991 |
| SHA1 | 053da3c028cb697ca1b3eb98383d17ccdc53bebb |
| SHA256 | ad056f2c07e78bf38db7f54f5488e750b7187b66b3521ee8de2e5059d6d43633 |
| SHA512 | 8eed153d663643892284948d4a7ec5bb95c2dc593b6b98ae43355d981f6d8a3e5e9d1224e81823bb26f998d3a0498b3a1b32bb820df875ec198965d5cbb2c699 |
/data/user/0/com.jjgege.camera3/files/8888881-1000/comjjgegecamera3.jar
| MD5 | b507a9f53848ad48486e406ddb37660d |
| SHA1 | fb5ed7f0cec031b590f832785555d1c0b26bcf67 |
| SHA256 | 04b07c67571240b211a0947506223866f1f3bdeb3b53d942ed8976197daaddfa |
| SHA512 | 33a67946caa69aba337d681b78ce5b0ebeccfe925cf77d8d33155718ca76e66bc1fd3d0eb482e86f2a9de36ff6df1226f5dc588db5aa6dea68f7df29a36f66a5 |
/data/user/0/com.jjgege.camera3/files/8888881-1000/comjjgegecamera3.jar
| MD5 | 4c200f3ab7633657a1d86a094939b063 |
| SHA1 | a95262ca64a00e28c852adc76b66c4eb253aec09 |
| SHA256 | 23223c001de5e93edc3af8556b77c5d83e7a62af9840e7a945a262847b033487 |
| SHA512 | 18e5f776b8f052ee4b5c4c0a1b6468bf04c0780e967f2fe9b9d211aa4992b3767b2664c51e53dc30209f2f13c724e2c89cad8c3ced7e813e08a960863bb16d3e |
/data/data/com.jjgege.camera3/files/8888881-1000/V4/base.so
| MD5 | c49a117ec047aa41e7efb8f13e1027bb |
| SHA1 | 1977d01e63ac06b9c7a04c1b0012cb392379d67e |
| SHA256 | 58ca75e48b06ff096cd4a3a8b82ee3d9e75ef66bdd9de15833c488dfcb907989 |
| SHA512 | 2dadde9392bb5045b579f1d8f28ce3f82c4dec2f08754b846f31b7c5cb77fcf3f93e04a1997f2f68ddfbc8443dd2cb64a9f6d945e1bf4e3d2e2e982ba03ea8ff |
/data/data/com.jjgege.camera3/files/8888881-1000/V4/1716197460895.jar
| MD5 | 447bb8682b4936d4c2d412b2913c0aa0 |
| SHA1 | 3c8218b85ffca484634520d2864e47b1ef26adc6 |
| SHA256 | 8f4ff38ebb450310721fbad734d7b8b2071b2f3a7f321b5d01fdf5a07e7f3dfc |
| SHA512 | baeb303fdbb79ab5d286437441e916367862e3ec734980f8a0c15421b569a53eb41190b067c8c4a8987dffd16c090686dad32e88ca51e1dba453e425cb3c8d37 |
/data/user/0/com.jjgege.camera3/files/8888881-1000/V4/1716197460895.jar
| MD5 | a5a564a613f526e9785fedfc70d07eb8 |
| SHA1 | 3cc1b6d36d8da5780667e8e7ecf02f7a5c275ed8 |
| SHA256 | 414140e55ae8fc49b28cb61d24caeb9b8bafe4e399e532eb870c760be88f1f34 |
| SHA512 | 89d77638a32ceff64e5373b39db39d24414ae8aed44a5446c2d0e3fa6e7b63e27cf33072aeb978588f179b2aeabc5a9fa76701f03a03e3d75f92b1cdd1907bbe |
/data/user/0/com.jjgege.camera3/files/8888881-1000/V4/1716197460895.jar
| MD5 | b15df5ac0775da741df900e4d3da5334 |
| SHA1 | bff4c27059fec0dd8a5477c6c1790321ae348fed |
| SHA256 | 067711cc3dc059cda4b7f1db13a8915720cd14ea3dda93a0b7a8a060a3e38aca |
| SHA512 | bf41145c8828c7ddee4b83101a0422f1e5dc2ff7fe886f132f697972998285dffbd511d00a7f8f37f22d6dc844eafdacf1b66c59e60f24ab805d6102be18423e |
/data/data/com.jjgege.camera3/databases/8888881-1000_point.db-journal
| MD5 | 77f099cd363340c5b64779ce30554f63 |
| SHA1 | ccba08e0a1591bd84dae4d6983847f4be4a71df2 |
| SHA256 | db04f72cc54e0fbc22be9d1b8c07dfa69d447dd95badcd89c384813b762166dd |
| SHA512 | 58838c15ff598e84f780612f49cbd195bb190722e0afde5ff48e1ddf6bf418d2a948e74a6f193499746b92bb2e63d6e85a5656cf71994766f31f3603127382b4 |
/data/data/com.jjgege.camera3/databases/8888881-1000_point.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.jjgege.camera3/databases/8888881-1000_point.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.jjgege.camera3/databases/8888881-1000_point.db-wal
| MD5 | 6e89b44c182f0d06e767565174a1fa0e |
| SHA1 | ba76ac7f119df0a6763fa215f9a10ada3d5e46d9 |
| SHA256 | 0e7f25d583b5c09bbac1fbfe86e99f1ae6491e010affb3b066249ec30354851e |
| SHA512 | fd90079acf88b7b0bd56b4c511e0069cd1845883899d79a9923a5e2ac855acc68e4ec5b032a512a9cb1f3fdd8420062c116e9f910825deda1da46f0907dc96c7 |
/data/data/com.jjgege.camera3/databases/8888881-1000_com.db-journal
| MD5 | 914d3f4255fed99ad9f268e5dc52fc3b |
| SHA1 | 29e7b2b19617644c61c5478bd95117bcf46f78d7 |
| SHA256 | 9d3a6878553714180e72e5e00d7c9ee92dea23c158e75f896b171bd0a8fdd965 |
| SHA512 | 0098ef3c058884bb494c856150b798b7c7a727d7905a7a234f281dc40c2efca2f154e523e78e6ffc2957fc530bcde066aaf71e51e91e78de88e45c15426bd4ea |
/data/data/com.jjgege.camera3/databases/8888881-1000_com.db-wal
| MD5 | f8918bc883b3444a166fd7c43f488e0f |
| SHA1 | 142320365346dad506620b13247f44a38df4dc1d |
| SHA256 | ee2e286a9f7eb897f4e2b66dfc0b4f139fbb67eef8d4796b4692b063ba5d7dae |
| SHA512 | 426022ee9bd3d1a071267f33e067e4e87b8ef222926bfa020068b181865bfa44e4de2b926d52d81d9c8bf422883060fe9ad06223498ade7eb75f2403e6c40883 |