Analysis Overview
SHA256
6174cc9bfa3c267fc916dbabc3c2885f88d844f1f9b59708f65b9c74a995ae35
Threat Level: Likely malicious
The file 645d1f6b879a251b9e6108aafdf118c7_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Removes its main activity from the application launcher
Queries the mobile country code (MCC)
Checks memory information
Registers a broadcast receiver at runtime (usually for listening for system events)
Tries to add a device administrator.
Requests dangerous framework permissions
Declares broadcast receivers with permission to handle system events
Checks if the internet connection is available
Uses Crypto APIs (Might try to encrypt user data)
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-05-21 18:46
Signatures
Declares broadcast receivers with permission to handle system events
| Description | Indicator | Process | Target |
| Required by device admin receivers to bind with the system. Allows apps to manage device administration features. | android.permission.BIND_DEVICE_ADMIN | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-21 18:46
Reported
2024-05-21 18:49
Platform
android-x86-arm-20240514-en
Max time kernel
179s
Max time network
131s
Command Line
Signatures
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Tries to add a device administrator.
| Description | Indicator | Process | Target |
| Intent action | android.app.action.ADD_DEVICE_ADMIN | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.i6uu.knowall
system
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | www.nd-buu.com | udp |
| US | 1.1.1.1:53 | www.up-4g.com | udp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 142.250.180.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| GB | 142.250.187.206:443 | tcp |
Files
/storage/emulated/0/Android/.android/.hzconfig/.okp/BeanZhan/log
| MD5 | 135742eb16b419443f94e025f0fc8b72 |
| SHA1 | d71d8bbe0c03f72b1c5e276e213c833e16a25b3d |
| SHA256 | 7f7b2e09a8f38432fe7c078f4b65f4e528b832b850dfce83246b74038cbbfd19 |
| SHA512 | 3f56f6743b25601289570002c55a5a2d3a6903e475db39195b5c57da90d19f168bcc37d2807623c15569d526377c3dca8b98e557cfeac7d8f57a3760a6480d7e |
/storage/emulated/0/Android/.android/c-userAgent
| MD5 | d3c6e16dad4f6aa1e4619391b9eb63ac |
| SHA1 | 62534310880c5c89e6739c383975c26b6a7b4d36 |
| SHA256 | 3bc2accee0bd9675584d0073832695e7e76bd2d47d80ed9883e6b6184f3dfaee |
| SHA512 | e20a51645fdb7b7a4c783e8458f0cd06e2a506d225386fd44313ec329c46bfab3fbb1d2bca972cdc808f9598619cac1655f7702fed2c0da1054c709d62da5be0 |
/storage/emulated/0/Android/.android/.hzconfig/.okp/BeanZhan/log
| MD5 | 257aff5b76eebd078cd44a412b3c4264 |
| SHA1 | 2ff8a4542c9ae0a694668c55df691854d9c8813d |
| SHA256 | 9fe7fb86b39bbe393f374adc5eddd20f6d4ff2b5178548add095c86240213105 |
| SHA512 | e046856e0e4a4555fecdeb965e4d26f620a1e89ec0aefb17a0c75b8ead44bc332e40d4237f3c81dbefa92627cb75bcf2ef79849179b3da7f60f87beecd59353c |
/storage/emulated/0/Android/.android/c-imei
| MD5 | 748d9beeaa1899252a7365b780b95fb0 |
| SHA1 | 2158cbe9044f2b138df0094615afe6616e526c9d |
| SHA256 | 59290d2d5a77605f8140feb82e44e8438115fb2f93dc56ed4c225b88c21baaa8 |
| SHA512 | cdeb0c4cebf1cc96ebda6940763a940df76120ee991bc7f003480caf055a970f16e4a19ef2ba2c56fa056d539b981e16542ec7239a7b91dd3828585bc2d1e440 |
/storage/emulated/0/Android/.android/.hzconfig/.okp/BeanZhan/log
| MD5 | 00bf99b40e022253cc4cf68578c40fb8 |
| SHA1 | fcaaa46e9399868d13d62a3e74cee966f1419a34 |
| SHA256 | f2c6bddcf7fe45fb41146a0ef31c3ab612c15061c292df95f1eed4b70a8e4deb |
| SHA512 | 15aaecd110d3389c1ac62c9b601d470e887f987a3aa765b8e7cab8923fa1139073901806cf3569898440ffd5fac575472232c50f871e8e07df4e3709358ef6b5 |
/storage/emulated/0/Android/.android/c-imsi
| MD5 | 4b75c50754c47755bb6178f186fe81d9 |
| SHA1 | 052f5e320f526cf3cb4ce981fe49b8e1f5d6464e |
| SHA256 | db76e954e8a83bf685d0ae8f4d80a14ada31d442f60aeff7423457a2474931b6 |
| SHA512 | 51c5d86f35f4cf6fad0753e03ece31b7d17f1e2be8e63e013dc91b9ace99b1ad92608791495592311d71e53a6f377b0e7eced23ea91be2ed1a19f20420d3cf9e |
/storage/emulated/0/Android/.android/.hzconfig/.okp/BeanZhan/log
| MD5 | 17da4cba3b238ff94cf62c3713dd71e3 |
| SHA1 | 2860bfbf68aca880dd7eb5716204c33b1f0e7534 |
| SHA256 | 9df1f837be4e75f9fa1bbdf1266632b19bf76fd8d6da26cf43859dc65b3a9a8c |
| SHA512 | a2c251b3d9ba4f89ca65646029cef8ff195441e0632e719cd3dacf72c14b7d875f4cee5985af8eb0981439d8c775c56a225ebcdf05f99edec5e2e241f7867b70 |
/storage/emulated/0/Android/.android/.hzconfig/.okp/BeanZhan/log
| MD5 | 9932ab958a3ad33779e8a1f943831192 |
| SHA1 | 22ad5068409a9e44903cc1256324a5e3abd96462 |
| SHA256 | bfcb81ff5cd3470d212e2bae4a7b872dfdbcd2a4173ee3758d47c94a1c684a53 |
| SHA512 | 68910ae3d434a069a08c5715e28ec8d0a318ef1143833fb50f2efc1cf13ac0aedc44a78248f37f2e80b702ce125810f774c1f655a5235aa49af897fe424ec3ee |
/storage/emulated/0/Android/.android/.hzconfig/993a943c7a6f65c5f8dafb8d30175e0c/c-intercept
| MD5 | b68d0e79c4e8e441a14cba2a929408bb |
| SHA1 | 82127d8b2466d502294950486e30e7584ee3878d |
| SHA256 | a8b55a9d389ef4c5e03457142b0421421b4873ba011ca61253deeb7726d3ca50 |
| SHA512 | 010556dbaeaa4cd44ce1773ed35cf893684d46fe9498df97cfc7a3e86c2ce060ef9e7bd14c8c46e19c732de4c1d927281b0009e96ec11529c6183bc03e1348c6 |
/storage/emulated/0/Android/.android/.hzconfig/993a943c7a6f65c5f8dafb8d30175e0c/c-phone
| MD5 | 03c03447e1afadbc7b36f708595c5d44 |
| SHA1 | c4fc425270d098606f7e79b756bd6fbaadc2a718 |
| SHA256 | 84b9be03b1628f5c6b57506aa699daff7a0ddd54588a63e70dc3570f302fa930 |
| SHA512 | 8ad31256b987843ce79e327cfabfb8c3d00968573ecd97c081577725acff32c8c5b8cfe7193833aa5be321dc9cafbb0fadf9e4ce06f98b06580709d1544bb9cb |
/storage/emulated/0/Android/.android/.hzconfig/993a943c7a6f65c5f8dafb8d30175e0c/c-imsi
| MD5 | 11abca93427a493510ed491065c59d7a |
| SHA1 | 9008fdfd52416ea229a86c51158b97a8dec99d73 |
| SHA256 | 6ba1d8b50f60723da697630dea4bd14da5c2230b6c0bce1c2170641888255157 |
| SHA512 | e2dddf4a4c9d29758869cbc42c081879f88480c81db3472ece54a972a0aed8732dc43623edd264d4deaeee38173badaebdc034e6051e52a12bbcbf9fc4abd168 |
/storage/emulated/0/Android/.android/.hzconfig/993a943c7a6f65c5f8dafb8d30175e0c/c-count
| MD5 | 897316929176464ebc9ad085f31e7284 |
| SHA1 | 09d2af8dd22201dd8d48e5dcfcaed281ff9422c7 |
| SHA256 | 9a271f2a916b0b6ee6cecb2426f0b3206ef074578be55d9bc94f6f3fe3ab86aa |
| SHA512 | a546d1300f49037a465ecec8bc1ebd07d57015a5ff1abfa1c94da9b30576933fb68e3898ff764d4de6e6741da822a7c93adc6e845806a266a63aa14c8bb09ebb |
/storage/emulated/0/Android/.android/.hzconfig/993a943c7a6f65c5f8dafb8d30175e0c/config
| MD5 | 2cf4c28468037cc93de7b41e627cdb4e |
| SHA1 | 8b2c5ffbfd1273600afd48632cc0eab64f827952 |
| SHA256 | 71117afaa4b3d414d4dc5a74e1061f1745a2b7e9f3d25a5220d51f3172201683 |
| SHA512 | 228d2260f1c798fe2ebf357c2652ef951a3d015818bae5798cf90b99390578548fc9e7d30a261ac56e1a9436804b6c3802645c2474fcfdbf227954a964a9b42d |
/storage/emulated/0/Android/.android/.hzconfig/993a943c7a6f65c5f8dafb8d30175e0c/index
| MD5 | a3aefbcbf31fa0bc12b9a73bc9d67976 |
| SHA1 | b9584684faa01e39bf3fa4db606dbaa86bb46943 |
| SHA256 | 99a357b646bc6d0d81ac188c8bfffcbf6ab8f8f72a5d262fe81624f6f9a9a66c |
| SHA512 | cd4cac5877e1c6998bb8e17966de516c6fa3169df25e81a8a3d3754288274c6312275782c52ca63bc7b443f4fb6cc629cc65f155ad290458f52abed8225ca5da |
/storage/emulated/0/Android/.android/.hzconfig/993a943c7a6f65c5f8dafb8d30175e0c/c-count
| MD5 | b026324c6904b2a9cb4b88d6d61c81d1 |
| SHA1 | e5fa44f2b31c1fb553b6021e7360d07d5d91ff5e |
| SHA256 | 4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 |
| SHA512 | 3abb6677af34ac57c0ca5828fd94f9d886c26ce59a8ce60ecf6778079423dccff1d6f19cb655805d56098e6d38a1a710dee59523eed7511e5a9e4b8ccb3a4686 |
/storage/emulated/0/Android/.android/.szconfig/.okp/BeanLin/log
| MD5 | e11138cf3171a61f82f68128617ab523 |
| SHA1 | 190aa7e54847de54497f75bbb022899dbffdc0ba |
| SHA256 | f21bfe1efbeac3f88091a66c2f71cb3c838f75368dfc93eaee8213216018d773 |
| SHA512 | 387613c84abe233b9a3f0ae0990a0e976db89ff031ac8241048546dac0bc13c7f17c02af6c09576723a85586b701b70ea2cc0a1e57e6342ee5b3150ee3d4de84 |
/storage/emulated/0/Android/.android/.szconfig/993a943c7a6f65c5f8dafb8d30175e0c/c-intercept
| MD5 | 0a909baa2a7964f6876d98b5924da185 |
| SHA1 | 17fe9662c6b9ae4e4b642c47529976e69f877670 |
| SHA256 | e8bbcd33ef7d5142b898fa7a8727bed5010c3d9e381fb46c658503669c0aa0a5 |
| SHA512 | 7485b503687c7c173371a03041c153543d2e2c9fd8b183ada4ce7547b65f78c5e712a7274e059ae9dab7a2edc959a7fd4bcb220aa8a680a10d0d2365761d3293 |
/storage/emulated/0/Android/.android/.hzconfig/993a943c7a6f65c5f8dafb8d30175e0c/index
| MD5 | ac63f03f800c493b3c24d008a55bee43 |
| SHA1 | 21199b85aab05db95777c723799a71eb759a66f9 |
| SHA256 | 4ea437cacd9ae36c26f66a0e6cb928dc583b669a1f1e01ba67a3c45c9929e875 |
| SHA512 | e2593bef6957521ab4754ae7cbcb71c4463fceec7dbfe27d843fea392976e511258feea946269b47e7bdef5bec4044573fe098f6a73d2590af7986c9dfdbff74 |
/storage/emulated/0/Android/.android/.hzconfig/993a943c7a6f65c5f8dafb8d30175e0c/c-lastTime
| MD5 | 1f954c543b8468ce8405e446f652b3bf |
| SHA1 | 2127043125b03aeb089ec644005f572d5bc53a77 |
| SHA256 | 3e637eebdccd8fd582775f8c7a32dd3aa7314e594783684f08e9e5b872083c31 |
| SHA512 | f176797debb4ff5018351ad65e84e636cab11b15c6c97405132b14a24d9103e9dff71bb6785bf410ccd8ac893bb4f94dc2b1a3e5df7fb5f9d3fc3517f44c16e4 |
/storage/emulated/0/Android/.android/.hzconfig/993a943c7a6f65c5f8dafb8d30175e0c/c-nextTime
| MD5 | e0cf812053ffac15e6aca336855f3c07 |
| SHA1 | 9f92b2edee0a4ca808385f2888d2efd051a64e46 |
| SHA256 | ef68587e6ac4b05484a0ee6901d8534d6af4d22d770d8173d66087d791a5c0db |
| SHA512 | ee7ea6eea4511c565ac2354b51b74c50adc016d96e05ed19c001ec939c3a1c41ea4d00f1f00fba0cb833fdff6d880abea169891fb2fa6fa0701532fb74e356b7 |
/storage/emulated/0/Android/.android/.hzconfig/993a943c7a6f65c5f8dafb8d30175e0c/c-nextAdTime
| MD5 | adb03945d0f69e0f8e29e0e58d07d02b |
| SHA1 | 3f6efcd4de10f65d159fd9fdb940530ce453a05c |
| SHA256 | f2a8881e9a3808c94de5edae8213b7d3bc5c10d6574805867decff716a2af814 |
| SHA512 | 5c09d06131dafee1ee142df237edb05898b908c77b5aaf499177b01cf2a5e66a118793d44ae82c987696c88e298c59db935bf13edae50e6c59eb09a49df84b09 |