Malware Analysis Report

2025-01-19 06:58

Sample ID 240522-eb63vsba86
Target 65e5f74e7191119fdd745f3cdad91369_JaffaCakes118
SHA256 f057384601dbfd965120a50d05c3d1adf4f7b2a76b3f12dc28b88d584faf683d
Tags
banker discovery evasion impact persistence collection credential_access
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

f057384601dbfd965120a50d05c3d1adf4f7b2a76b3f12dc28b88d584faf683d

Threat Level: Likely malicious

The file 65e5f74e7191119fdd745f3cdad91369_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

banker discovery evasion impact persistence collection credential_access

Checks if the Android device is rooted.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about running processes on the device

Queries the mobile country code (MCC)

Obtains sensitive information copied to the device clipboard

Loads dropped Dex/Jar

Checks CPU information

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

Checks if the internet connection is available

Queries the unique device ID (IMEI, MEID, IMSI)

Reads information about phone network operator.

Requests dangerous framework permissions

Listens for changes in the sensor environment (might be used to detect emulation)

Checks the presence of a debugger

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-22 03:47

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-22 03:47

Reported

2024-05-22 03:50

Platform

android-x86-arm-20240514-en

Max time kernel

179s

Max time network

173s

Command Line

com.secondarm.taptapdash

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.secondarm.taptapdash/cache/1582435991586.jar N/A N/A
N/A /data/user/0/com.secondarm.taptapdash/cache/1582435991586.jar N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Checks the presence of a debugger

evasion

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.secondarm.taptapdash

com.secondarm.taptapdash:service

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.secondarm.taptapdash/cache/1582435991586.jar --output-vdex-fd=162 --oat-fd=164 --oat-location=/data/user/0/com.secondarm.taptapdash/cache/oat/x86/1582435991586.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
GB 142.250.200.14:443 tcp
GB 142.250.180.10:443 tcp
N/A 224.0.0.251:5353 udp
GB 216.58.204.67:443 tcp
US 1.1.1.1:53 graph.facebook.com udp
GB 157.240.214.1:443 graph.facebook.com tcp
US 1.1.1.1:53 magic.cmcm.com udp
US 1.1.1.1:53 helpcmplaysdk1.ksmobile.com udp
US 1.1.1.1:53 t.appsflyer.com udp
GB 216.137.44.95:443 t.appsflyer.com tcp
US 1.1.1.1:53 helpcmplaysdk1.ksmobile.com udp
US 49.51.185.68:80 helpcmplaysdk1.ksmobile.com tcp
US 1.1.1.1:53 a.applovin.com udp
US 34.117.147.68:443 a.applovin.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 helptaptapdash1.ksmobile.com udp
US 1.1.1.1:53 rt.applovin.com udp
US 1.1.1.1:53 d.applovin.com udp
US 34.110.179.88:443 d.applovin.com tcp
US 34.117.147.68:443 rt.applovin.com tcp
US 1.1.1.1:53 helptaptapdash1.ksmobile.com udp
US 1.1.1.1:53 www.secondarm.com udp
US 35.160.204.87:80 www.secondarm.com tcp
US 1.1.1.1:53 data.flurry.com udp
US 74.6.138.67:443 data.flurry.com tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
US 49.51.185.68:80 helpcmplaysdk1.ksmobile.com tcp

Files

/data/data/com.secondarm.taptapdash/cache/com.parse/applicationId

MD5 755f2ab578c203e0a125b89d7c227c00
SHA1 10b9926fadfa088513d3de42593a35bd92d4e6c8
SHA256 3b3200868fb359b08e668f2e9912bd6527738beb9689b225f4357548a6510c64
SHA512 ee25f387fc6ccb2b66f2320f67e45c2c6fab27ddd91f9a2c1666fa65d2771d1e537f6abffdba88c10f68dd1b4fac66cef571fa0f34ddda2252585eb047ff74a2

/data/data/com.secondarm.taptapdash/files/Chanel.dat

MD5 1d5f82385615ada17ee4e252d760547d
SHA1 ebf807682a7aa2be478e373ffc4e1e6507c34346
SHA256 0469f35aee9a76fe6b50a0bdac8dcb772d8fc4dec0038e64d2d744c255389d43
SHA512 df9886f3c4d91ea83662a2ec7e378ee2db6ad8c76ede066f7be102fb54c23362e3258b4ed37e7716de70ab7d6c6f359080fbb775eb709837f3a3b5f6e98eed7f

/data/data/com.secondarm.taptapdash/files/drptcache/inner_self/104-82413159-664d6acc-3.ich_tmp

MD5 3e6f73c2e16f942cb022af8becf26375
SHA1 d3be7eb335b2d24c99639d4b11524209f860d08c
SHA256 92f7491233b60c1b8d6b75a78687c896e3d2bbceacbc58af109d1f4b9f5611ca
SHA512 9c87f21e04794b5326369d2bd05351048e000a6851bd782493aa59dd73ebef628db21f224031ef4780c62291faff28bbe186c78624389aaf5c9145a034697344

/data/data/com.secondarm.taptapdash/files/drptcache/inner_self/103-97955980-664d6acd-3.ich_tmp

MD5 a40c1ffe87ea0d7d140a3f7b2481c261
SHA1 09685a508f02768c7f5f63bbc325c1aeb4f9081f
SHA256 63f38d0a64ee2ff189fc825d17a4137da07e16da0bf2a5655f668551b192ce67
SHA512 f4c6dd00ce35cb93c4b41dd0f38907439160db21919b27151d80e25acde58111f543ca94997b97422bdd924315dd535cf85c8c19ebbe7603e9b6e0b19af8541e

/data/data/com.secondarm.taptapdash/files/drptcache/inner_self/103-b849eb3c-664d6acd-4.ich_tmp

MD5 2f98afe0f8a34b14ebbcf28ee8253571
SHA1 17706278a491b4890dab18e1a7349564032073b7
SHA256 033adbc9d489a8120c52bc3bde4ebc1161e7f7f23f27209135992521d354e36f
SHA512 b7f61ccb8bbee8fff0a2c9efe0014699dbcaf2d8ff1ee9514d67ca8681dfed8278f3aae025ed01eb8ed878e963af8be6344da763afb06424ce18f1ce9ca836da

/data/data/com.secondarm.taptapdash/files/drptcache/inner_self/103-bc451d36-664d6acd-5.ich_tmp

MD5 14ab1472b6aba129b85c0af33a5a73b4
SHA1 4b0df500328782c42b3b6b40af249a868f6a3a3d
SHA256 380c2adfbb1c801b2fe423aed4ff42ad7d7e40f01f613a946b9bf7ae3eb48424
SHA512 3e4d496ebf8329efcbf87a323f3aba2663560de9785792d5803846bc75056fd72a3756e46d74681e18fc6ad69373fe2e5375eabe5b3dcbcc34e2e30c52187f62

/data/data/com.secondarm.taptapdash/files/drptcache/inner_self/103-96e4d0f-664d6acd-6.ich_tmp

MD5 f528db7ff54250b8656d8df730d5d4c6
SHA1 b69080a7a2a307047f72a476c5a0e110ac66c4b9
SHA256 1b2c6ec68834e83b216b2037ff15f3b43066fe5c55c6a454220b8322f5380763
SHA512 5401b5b5e867e4a2482f5f81dafcf6c6e095564d9290e8346ba849a04284e934f2bf30080974e7ea62f57015461d7ad4d2411e032958dc034538c1cbaca0cb9e

/data/data/com.secondarm.taptapdash/files/drptcache/inner_self/103-57b5711-664d6acd-7.ich_tmp

MD5 110b017d82647ffc129c3ec6c9b2899a
SHA1 5f332c53e871da52e3fa417cd97f51a2607bc7c6
SHA256 46d4160881d8adf3fcd2e5bae0b79e21bfb26ccbc0ab7b88b3d8867bf5885264
SHA512 1cf31cfb9c3a04ff5446439e18a8939da6839b03c7c0ceac5eeaf025fc71a12b75c2c44b1644b939b61b5682d2d6d8a0465de260c8158d51751392865d6989db

/data/data/com.secondarm.taptapdash/files/drptcache/inner_self/103-b0500728-664d6acd-8.ich_tmp

MD5 a8df8ad5e1760563af650efb2c733aa6
SHA1 6d3e77975ed0784f90d00f131e41d081b7176734
SHA256 24fa0bb7423529e8f5c8d1e5dd0a9b5f52d34c0296513b299330931299bbde34
SHA512 4308656f5a0261c079a69d33468964b91bbc78980b25091841b6f3842e8dc22363ee9b70db8b7f36ee56dc6e62af62a7d7c09ff20227f0b5f0148925eecb05cc

/data/data/com.secondarm.taptapdash/files/UnityAdsStorage-public-data.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

/data/data/com.secondarm.taptapdash/files/UnityAdsStorage-public-data.json

MD5 5ad7d71b83154321a4c1072f612408c0
SHA1 f3be92960977aebc25c2e8ffb731690f8b1c7bb3
SHA256 58454514c286f6f7badae4ad1760cba3d737ccdcf53cf6a768640edb27c03405
SHA512 6d719553926885d56cab13e6327f62708a95485181a59b297fdd32407af1ea44323999b3340eb0c88e4cdc7ae9c87fceb2d68ecb5746f0683ed375f517f1f594

/data/data/com.secondarm.taptapdash/files/drptcache/common/103-7281bd18-664d6ad0-9.ich_tmp

MD5 e55f63002cdbc3dce8f40d55c12e7ed9
SHA1 b0031a2b8b1428378053fe3cec824eb9966e50df
SHA256 e20df34ca21a271d3e00b0256218dbd270b6d9f9b45baa2f9b649c27ce04190a
SHA512 117bfbf679cbb1a3711677a04dc34ad28a2dcd9310a342800f318843fcdd6ea92e4e7922401bbf3085486d6347012b8e6797ba50c85bbb3215a2537b232a38d7

/data/data/com.secondarm.taptapdash/files/drptcache/inner_common/105-4c76566-664d6ad0-a.ich_tmp

MD5 ce75a8734559ad0445ab61bcf40ede5e
SHA1 4730811ca1132d7d137030f063180c7186cc23e1
SHA256 695434604c65cad7fef572828162c9f1350fa7fabd2fddbddc460d49eaf0eaa9
SHA512 1836beba7bc1a12300936c967145ec0478c3a221b09d7a68b98f1fde32ab005fcb5924cdf67abbb948f2818b6d4b7a2dee2461214973fd85c909a7fafc3355f9

/data/data/com.secondarm.taptapdash/files/pnofb.png

MD5 4c21a4ae77f1608be7a249c59f20d48b
SHA1 9cea951cf96fb41cdf83c682d74d34c27098fc8e
SHA256 78fa11a9707a333d30f9945b725d3601d29aafba1294df39ba5c66113b0c6622
SHA512 18310e92fa27e2f08436349b73a94c14e7c2ea7ab7727ae0fa335e4b145ae5c6febaf38c0dd5aff8edecdeeb35f22626ffbb228284df07f8a7ffdee4b4254dc5

/data/data/com.secondarm.taptapdash/files/.yflurrydatasenderblock.e2f11cb6-0e6b-4263-9162-b828e482227c

MD5 2d89b2de90b6f7d7c860f8301feca71f
SHA1 48475f0902b7dc91c4015972fcbcf2e6a9a12f72
SHA256 552aa177904ff0693600279699bd29c1cf64ae0e10b1a484a6ecf91b2ca3dd00
SHA512 d78f623092918a44e21297f07f96142a7cf857f3f5236d3dd059ed5d23d3f3a808cc59623757ed812e2aaed9d0e717d608292bf0e4fc2a3c0d181a399ffcf3ae

/data/data/com.secondarm.taptapdash/files/.YFlurrySenderIndex.info.AnalyticsData_JWSMRPCKFVG83C9ZFYDD_211

MD5 c5488e355bf6b9f9afab4019ee391046
SHA1 39b2b01a46b64e60b6fadee69ab418974ee12575
SHA256 98a0803001e1bfc0ef6ffcbb083a2ff0d25246ff275a1755cfc70d4f7c546b5a
SHA512 de1d2726b3a6f2fa696c7860b152812ecbff8c1c8120162ae7eb49b366eda6311386c866fc02d70f69c238b25464b21d2f1679cdfc0a7b204d5f4e375cb07224

/data/data/com.secondarm.taptapdash/files/.YFlurrySenderIndex.info.AnalyticsMain

MD5 e6ab0c491832e46f1a0806a071c17085
SHA1 82402cebde95c3bc122ce62c3f7e38ba27ebb941
SHA256 0a95663388533d88401025d64e944d7196384bd750fd28764c6071b6b081e443
SHA512 59523673121682886e2e63f4ccd63efb6ae8174c1e932c8256f70171f46c05c54daaf1e79102fdf689d046125a8ad9eb82825808b9b9b59c95da27d31766ca6f

/data/data/com.secondarm.taptapdash/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/data/com.secondarm.taptapdash/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 d6269588e29b6fb0c327b98122a0ec15
SHA1 bde9ce2ec1aae706c52e0fa0e5c03fd92f155322
SHA256 cb59c5b7cbe2cbdbae8815f2e97ef2eeb580e92720a5cce305fe66db5fffba39
SHA512 c9c9a1e036dd0baa08be4e85571db5a391bcec5a870de5ed04cb28ef4fd6631e245c88fbda25eb7aab6c9aabec0b05230d57ac2d24412506d92735dd34a4d300

/data/data/com.secondarm.taptapdash/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/data/com.secondarm.taptapdash/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664D6ACE02AF-0001-10AA-2107A7380188BeginSession.cls_temp

MD5 4de0a91a983a38df1f4bce14faf9ccc6
SHA1 0d68bb35954c2e1f24e81f6645834538636157f0
SHA256 0e91709f33c53c0fe5cf9f27510d5edbcff79d0a44937e34bcefb32bd7194774
SHA512 17957a81443decb7801c82c93657f6672bc31a1726a3997660db38dc7b3cef8ecd082a754d4507138e0c29f60ad509659a76ce732c10450aa30cb09d6f95c5b1

/data/data/com.secondarm.taptapdash/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664D6ACE02AF-0001-10AA-2107A7380188BeginSession.json

MD5 a4d6dd1af422669ddcde746c5290f87f
SHA1 e7e201790fe78dd3efbaff474ea54d82dc745677
SHA256 044f8fc0134033125e70d414c556c2434a6b9d6ce9f8607f93eb560a1c969fc9
SHA512 c8e164e73a2fffdd4665f0cf22fea9fa95b57ed37cb1d1b59f57452d2e40e285ab0fea2c20da407fcc4bb7d027ab64f8e5e1771c8c55d051c238e9e704e32626

/data/data/com.secondarm.taptapdash/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664D6ACE02AF-0001-10AA-2107A7380188SessionApp.cls_temp

MD5 e76bdaac7fa089b27c66fc671b26d0d0
SHA1 dcdea697f802511e836ac415c780a30e6ebb4daf
SHA256 7497674411977d84b9fdf1d0939c9723cefb349e9f606b6bd5e5632e6b72c1e3
SHA512 f426a689f4a4b74766a7bfbf92a63774c41c0cd4ccd346ac12ed8d0b2f59719af2a0ad2a07b8867b64088a1dc5432483b8bbd27ce63dc7cfaf9450347dede37a

/data/data/com.secondarm.taptapdash/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664D6ACE02AF-0001-10AA-2107A7380188SessionApp.json

MD5 50603ea47937c185caa59b73655d3004
SHA1 2207601de9bc3a6aaf26a13aa94281147e31bcd1
SHA256 3a18470882409c7143e13b88536a5eb7afc0d15ff78f831c09ad1dbf7b3520ca
SHA512 a08d36fe0a82a2ebe9aaeffc0524d9672fe9ead60683ace53cc85379718f424fd5cc1bad9c71aa6b715c1cb5d2cb982be50a7854a4b539195ed4557e92156771

/data/data/com.secondarm.taptapdash/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664D6ACE02AF-0001-10AA-2107A7380188SessionOS.cls_temp

MD5 9b3d4522944ce6396563812bfdb92fa9
SHA1 6d2a6133c8f01938a48ccc77ef86ad8ca335c020
SHA256 d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9
SHA512 091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

/data/data/com.secondarm.taptapdash/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664D6ACE02AF-0001-10AA-2107A7380188SessionOS.json

MD5 93023624eb8dff5c20050da136aaae0a
SHA1 acfd1ffed752c28fb135ba83c0c6345ddf2f6995
SHA256 968bcd7c4f1abed89a09cc0e6dadd238a81e8655e64196b39a86be49ceecd39c
SHA512 bb25dfa144d3f0e17203936c503c5fedec5f9ca710e177f99e273010ba4a682199d4bda5684151d65f3cb1549f4611b3a645ce39646d3db9a1b2c17d6b160579

/data/data/com.secondarm.taptapdash/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664D6ACE02AF-0001-10AA-2107A7380188SessionDevice.cls_temp

MD5 ec6b901e5366682c9092b2e0e0229c4d
SHA1 af228fcf65cc1f09fb4b60724d53545ad7c725b8
SHA256 d053aeaa0999937057c319faa80fce1bacbfaa41561f900a0f902eedf0430887
SHA512 3916513adac59b6edb4ee9b28ede670b3dec95bf05a56c1ef9a102f9cf8215d36eb21ffa11b0056543d1fdad1ab4f61f47df4f4bf961a2a79f6a5541119bca40

/data/data/com.secondarm.taptapdash/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664D6ACE02AF-0001-10AA-2107A7380188SessionDevice.json

MD5 71215d8820809736b3f67c0d13aca469
SHA1 62c03b2c23016ff6e3934b359099da149de0fd0b
SHA256 32275d53ea75da059fd86aca9facc7580d22e075fb006fe9f98a575fae06d216
SHA512 425c74bfe6da820a7f2a3e241c7745434cdde8f164fa3ebe92ed6d73c22db5c7482cfc31508e7662a4388f58f313bf69d3d46c01f9fd1e707c08ad93892090ee

/data/data/com.secondarm.taptapdash/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/log-files/crashlytics-userlog-664D6ACE02AF-0001-10AA-2107A7380188.temp

MD5 13eac2ec56cbbc71998293748a5dfc43
SHA1 8e8272f5f815804b3389eb5de3be39548b7b4495
SHA256 2056073f670063cb39da03fe070976a0742c99ea7aa86af3ef3efd380ead4d86
SHA512 54762232c6049c8664f510631941a5d4cc98fb081965fee89e52dbde8c12d05e31d070427d937ef7976dfa6bec33230fc19bc143fcdad3ad331a17af89109493

/data/user/0/com.secondarm.taptapdash/cache/1582435991586.jar

MD5 fde2ee00cbd121cfab5290b078aa3ceb
SHA1 e2b77d5320e155e413d040a8c20020962065b2f8
SHA256 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512 a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

/data/user/0/com.secondarm.taptapdash/cache/1582435991586.jar

MD5 2048eb6124a452540ee51dae4145aadf
SHA1 d05005b2cd7fe4cd652b0d7fd1bdac2c19d51451
SHA256 105c54b6fe3f25350e92187467761598e4c21d62b1091b77d091f65f3bd98864
SHA512 bb6cb3853dd2a5d0701e20607d4e153ae201268dd2e5e2d06cc2df208b3b4dc50132a4ab428251b1644d2399fcc717662438d082ff14203387bab8794109d44d

/data/data/com.secondarm.taptapdash/files/AppEventsLogger.persistedevents

MD5 bd90db76cc07976b95c321393200b079
SHA1 0a3f17ee5eb11dcd61cd5858c1e3b2861926d4f9
SHA256 975d3c75b3c200710abd9e544fbc86ebce358c84b6ccabb37904edb4bd4cbd83
SHA512 267aab2f4a92ae271822b17d158cee1605cabebe904f3042fd4a4ce78780846807a5bb77594fe57c6580325d348d71f745065a5ee1993d680b9fe194b714443f

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-22 03:47

Reported

2024-05-22 03:50

Platform

android-x64-20240514-en

Max time kernel

179s

Max time network

182s

Command Line

com.secondarm.taptapdash

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.secondarm.taptapdash/cache/1582435991586.jar N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Checks the presence of a debugger

evasion

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.secondarm.taptapdash

com.secondarm.taptapdash:service

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 graph.facebook.com udp
GB 157.240.214.1:443 graph.facebook.com tcp
US 1.1.1.1:53 magic.cmcm.com udp
US 1.1.1.1:53 helpcmplaysdk1.ksmobile.com udp
US 1.1.1.1:53 helpcmplaysdk1.ksmobile.com udp
US 49.51.185.68:80 helpcmplaysdk1.ksmobile.com tcp
US 1.1.1.1:53 t.appsflyer.com udp
GB 216.137.44.111:443 t.appsflyer.com tcp
US 1.1.1.1:53 a.applovin.com udp
US 34.117.147.68:443 a.applovin.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 www.secondarm.com udp
US 35.160.204.87:80 www.secondarm.com tcp
US 1.1.1.1:53 rt.applovin.com udp
US 1.1.1.1:53 d.applovin.com udp
US 34.117.147.68:443 rt.applovin.com tcp
US 34.110.179.88:443 d.applovin.com tcp
GB 216.137.44.111:443 t.appsflyer.com tcp
US 1.1.1.1:53 data.flurry.com udp
US 74.6.138.65:443 data.flurry.com tcp
US 1.1.1.1:53 helptaptapdash1.ksmobile.com udp
US 1.1.1.1:53 helptaptapdash1.ksmobile.com udp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
GB 157.240.214.1:443 graph.facebook.com tcp
GB 172.217.16.238:443 tcp
GB 142.250.179.226:443 tcp
GB 142.250.178.4:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
US 1.1.1.1:53 helpcmplaysdk1.ksmobile.com udp
US 49.51.185.68:80 helpcmplaysdk1.ksmobile.com tcp

Files

/data/data/com.secondarm.taptapdash/cache/com.parse/applicationId

MD5 755f2ab578c203e0a125b89d7c227c00
SHA1 10b9926fadfa088513d3de42593a35bd92d4e6c8
SHA256 3b3200868fb359b08e668f2e9912bd6527738beb9689b225f4357548a6510c64
SHA512 ee25f387fc6ccb2b66f2320f67e45c2c6fab27ddd91f9a2c1666fa65d2771d1e537f6abffdba88c10f68dd1b4fac66cef571fa0f34ddda2252585eb047ff74a2

/data/data/com.secondarm.taptapdash/files/Chanel.dat

MD5 b4760d812bd5e723911d3f346611c8f0
SHA1 82753987ee0d5612816e761537987d81b6cd2fbb
SHA256 bcf66c18a619b76916ca263ddd2503bb18cc4685eade8534414f4ef90c0c6ad0
SHA512 5626e97418427b3fc7f592165721a00eaf40e3b13c92b717020242be30084b1f9720500547fbd4c7d48695c744525940bacd04ac65edeed1f7aad429b9b3af89

/data/data/com.secondarm.taptapdash/files/drptcache/inner_self/104-df635321-664d6acf-3.ich_tmp

MD5 9202ad590f4b893da6eebfd67d75ff6f
SHA1 2a1616a5c80a1ca26e036f8db585f1e363b5ee82
SHA256 1e0739c619f0956ef28e816fbe469122075b7e6d79a2268d607ebf7d65f4a428
SHA512 0e66b8397efba76881b55b5ae90b74ba6a9580eb3d61c433f81b1ace03eaf6f7662fc19bf455ab414a92256d10ce149d4a7d8ea3cdcb6eb9fdd4f9030103f73f

/data/data/com.secondarm.taptapdash/files/drptcache/inner_self/103-6acaa741-664d6ad0-3.ich_tmp

MD5 9f2efa4094ad4f883e223c59c5e7b99a
SHA1 057fad403f346e4abf31c933490edaf709d0600f
SHA256 898c29cc10389988958e532b1968d37274d5ab4fc2fccacb3c725f70084b1a84
SHA512 d31ecdb095f9fda966affdd710c6180bb6f04fa597c936dbe4d110642d2229f954679eb6783d829b70d907af40438a9f93172e008d5018a190b5dc7eb195d2a7

/data/data/com.secondarm.taptapdash/files/drptcache/inner_self/103-a31ebf20-664d6ad0-4.ich_tmp

MD5 8405327abc3ba01899ef7b1b473f67ab
SHA1 cddc668f97f7834f09d89f58020f8458cf49b426
SHA256 9f5a0bfca1801c2ba6f3ec7ca2c82eda03b469689f929c2d0641d8e5bbb7679b
SHA512 7905d689dad083ff0615f2ecc30425fb51ed3a5c413695b05ef308b684e3407d18238a4b3869a1558edf73faa38c0e691daae00b8832411aca195e8377f4777f

/data/data/com.secondarm.taptapdash/files/drptcache/inner_self/103-43cf5ac8-664d6ad0-5.ich_tmp

MD5 0db739fcbffc0d58119c52e1a74a396b
SHA1 e36ae598efba3c71d5d668ca397b5e662076af3a
SHA256 6f7bffb35cc76dbbfa9271b4f94540ffa0ed5afbc4d886f4bc0788ed640559c7
SHA512 9b61e246ac4110b4dfde78419cda4776a76ec4c7302688457cd5e83b20eab09096e9b2e6892eb4be67edfe265117f204b83ae3e7d370163a940d080e0cef71fe

/data/data/com.secondarm.taptapdash/files/drptcache/inner_self/103-1c7ff990-664d6ad0-6.ich_tmp

MD5 b2f8c987dabe6eb0ae1db56bd286e0b9
SHA1 d97548b55128f3e12e478631340c7524253ad27c
SHA256 1831a9ca0af70a63661df888f8126e7a8f136c823fb31a6e43a4ea2354905d72
SHA512 c226b2cdfddc72282317afd0d4b27341cec0ac4a00b9160c630f670d291c0c626142689fc6e09c6c9234288773a848251dfe2a0d003f64a1f77c4d869b3563a2

/data/data/com.secondarm.taptapdash/files/drptcache/inner_self/103-e67cd1e9-664d6ad0-7.ich_tmp

MD5 ac3cb9a6af12ab1f2d654ff459c3c960
SHA1 3cf66f435de571deb2c83045fd9673fe736d1558
SHA256 cf07249ae0b173dd190ac45514eed20ea8da6a76da2dbf04992ed4ef565b5a38
SHA512 b79eb90d2f206384a0f7215a940f3adc25841d02a3d910d1024f6563185cc3e33e9ec1dd6c61dd6a7709d0ec0df6691ab3862f5a2f550efdcb11c8ac95520a9e

/data/data/com.secondarm.taptapdash/files/drptcache/inner_self/103-513eba70-664d6ad1-8.ich_tmp

MD5 3281844fff44d38dad8c5aca7a0f1123
SHA1 c0c0e4f75ee282d21e0d4fe4d28eadd0aadafeee
SHA256 2af83a31f32032022f5e7e2322a2c1e4686b71114d22f9c046c383b70844993e
SHA512 d2503976ace40671106dab7662d8aa431afc9a89f9f84029c63e3edc38385138ff8a3c3b6497a2b07d63522931625d7bc9bc4b45e6416dd0d9823bac5f091884

/data/data/com.secondarm.taptapdash/files/UnityAdsStorage-public-data.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

/data/data/com.secondarm.taptapdash/files/UnityAdsStorage-public-data.json

MD5 0f19f285ee596727b6dc0c8066ba19a4
SHA1 901c43fea1f82aaf397cbad13e54f367190e7cce
SHA256 38e10461ce3f0c2fb0569b289b863011de488d297fedd538736e58d77439e01c
SHA512 ff79a9b9d653bc2cadf43466975bf15d34eb92c6c213d311f7b08eae27c7725eda5d603999f20443c8f67d32feba4b360642fe69d7e8e9371a58bceb5fb46e03

/data/data/com.secondarm.taptapdash/files/pnofb.png

MD5 4c21a4ae77f1608be7a249c59f20d48b
SHA1 9cea951cf96fb41cdf83c682d74d34c27098fc8e
SHA256 78fa11a9707a333d30f9945b725d3601d29aafba1294df39ba5c66113b0c6622
SHA512 18310e92fa27e2f08436349b73a94c14e7c2ea7ab7727ae0fa335e4b145ae5c6febaf38c0dd5aff8edecdeeb35f22626ffbb228284df07f8a7ffdee4b4254dc5

/data/data/com.secondarm.taptapdash/files/.yflurrydatasenderblock.5aaf97a8-ce1c-4d53-a091-0ea8f237e7a6

MD5 94153d81d61b08264fea554bc386c08b
SHA1 bf0de757216bc3cb050438c346fd2c5f185e58db
SHA256 19fc005a51e901971224b757221f87396b78744326f6eca633acafbee3bc5d50
SHA512 639133bd7bfce0584906ed96ad558fa4f5abae2207edc3b75280bb7a64f3b7259dddd29f3bcb04d1e2921ea4142e54c76fe49298edbbc710832657528cef0f58

/data/data/com.secondarm.taptapdash/files/.YFlurrySenderIndex.info.AnalyticsData_JWSMRPCKFVG83C9ZFYDD_211

MD5 f46e556069dc3d14faa5b8ef2969570e
SHA1 4c330f719604012f1847905a8f6e782683e452e7
SHA256 00a544cfb2a0c209bccd2802827fabc459b63cad752019d759ae9a630194f3ae
SHA512 825d96b4c8df395f26a60b77f39c70422890dff74776fb2bc183d8d608beb7813c4f61d6917c59ee52706124cdec7b1224b1b7330525e3fc2b076c942820ab25

/data/data/com.secondarm.taptapdash/files/.YFlurrySenderIndex.info.AnalyticsMain

MD5 e6ab0c491832e46f1a0806a071c17085
SHA1 82402cebde95c3bc122ce62c3f7e38ba27ebb941
SHA256 0a95663388533d88401025d64e944d7196384bd750fd28764c6071b6b081e443
SHA512 59523673121682886e2e63f4ccd63efb6ae8174c1e932c8256f70171f46c05c54daaf1e79102fdf689d046125a8ad9eb82825808b9b9b59c95da27d31766ca6f

/data/data/com.secondarm.taptapdash/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/user/0/com.secondarm.taptapdash/cache/1582435991586.jar

MD5 fde2ee00cbd121cfab5290b078aa3ceb
SHA1 e2b77d5320e155e413d040a8c20020962065b2f8
SHA256 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512 a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

/data/data/com.secondarm.taptapdash/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664D6AD200CA-0001-1489-2107A7380188BeginSession.cls_temp

MD5 e52e41c167b9bc56698baa0d0b3f437c
SHA1 8b8721acbd308a28dac681faf6fe5171793359e8
SHA256 b811ab0a5d3eb51ac0198b6d086885bb84f00ec80299fd40b4410d236396a64b
SHA512 a7a62f5856ac2c13101833984f96de2b84c55807267101b955f192b3e83a519dae084cb5c33ecf9e3f3c5fa974ce03dccfaa21a1fa0be26b13700a389a371871

/data/data/com.secondarm.taptapdash/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664D6AD200CA-0001-1489-2107A7380188BeginSession.json

MD5 3b44ae8c3e2277351c715b1aa3e0eead
SHA1 a5e1defa7ad3b08e1063366329fdf6763190513e
SHA256 356e639e12f59ddfbdaca88def3f4122b4f4d636b5953c08c5185cb4ccb0eec5
SHA512 9c9a8256f246369594dcb909d4bddfd051a884a6bc39c8e8a225efc8318672fc8369cef3b65383ad57afb650cd58238bb0f42319f825265afcd9eb868d8261bc

/data/data/com.secondarm.taptapdash/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/data/com.secondarm.taptapdash/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 6b7970e41e713684c7cc9fa8c13d3b1c
SHA1 7ff8ccab166609ab280d982db41cacd5121d586b
SHA256 a10dd53d436dda49389bb02c479d9ae7c831f734a3e48848b8e385e759e8ed52
SHA512 8635afddb3c4efc60f5714ae70c2b688a647896616d71f3f5d4cea680edced9c71fecdef76c1eb2a73de317c10f6340b72c102439935b9372498ae0889400ed6

/data/data/com.secondarm.taptapdash/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664D6AD200CA-0001-1489-2107A7380188SessionApp.cls_temp

MD5 e76bdaac7fa089b27c66fc671b26d0d0
SHA1 dcdea697f802511e836ac415c780a30e6ebb4daf
SHA256 7497674411977d84b9fdf1d0939c9723cefb349e9f606b6bd5e5632e6b72c1e3
SHA512 f426a689f4a4b74766a7bfbf92a63774c41c0cd4ccd346ac12ed8d0b2f59719af2a0ad2a07b8867b64088a1dc5432483b8bbd27ce63dc7cfaf9450347dede37a

/data/data/com.secondarm.taptapdash/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664D6AD200CA-0001-1489-2107A7380188SessionApp.json

MD5 50603ea47937c185caa59b73655d3004
SHA1 2207601de9bc3a6aaf26a13aa94281147e31bcd1
SHA256 3a18470882409c7143e13b88536a5eb7afc0d15ff78f831c09ad1dbf7b3520ca
SHA512 a08d36fe0a82a2ebe9aaeffc0524d9672fe9ead60683ace53cc85379718f424fd5cc1bad9c71aa6b715c1cb5d2cb982be50a7854a4b539195ed4557e92156771

/data/data/com.secondarm.taptapdash/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664D6AD200CA-0001-1489-2107A7380188SessionOS.cls_temp

MD5 2566d27ce8c28d8961f082c375d7535e
SHA1 92fe585b1a2c9c523d2fa1f65ab5c1b6a1a6edaf
SHA256 5acdb54ddba2e264f6822fbdbc4e9b5158f57d43785c2f01d981956b18f7a90a
SHA512 1c70679bbd25a57f9ac02083d5af0fe72b1417cf3070a195497f03d6f492e87b1ed3f570de7ea7c814c995a1530e32610d9570f31a480648f4062e8d3287be8f

/data/data/com.secondarm.taptapdash/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664D6AD200CA-0001-1489-2107A7380188SessionOS.json

MD5 5caea4b68c57072f7f52a5a41720566c
SHA1 4d9712f1702c7238949da43f7d8ae6efb233a666
SHA256 3223857b618b924c2b0fbc7bfb373a1aacf300a7b5ab585e18fffcf19039f363
SHA512 fe1455d21c521aeae3292bdcc386f6d2005dc253930c03e44dbcb972f96b849670d2aba039ea59e1a5ebc0350e6315151d17bcda55c161a62987d4bb01e91f9f

/data/data/com.secondarm.taptapdash/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664D6AD200CA-0001-1489-2107A7380188SessionDevice.cls_temp

MD5 6f9858c234d5830c924b3adb50c969d2
SHA1 08a6cfb25ed2da2d16aaa05e4a5baf8fbd7b8d32
SHA256 fb3e46db06af8d54120462cef642340ce1cc5de16b1a7712695da605138bf92b
SHA512 6870c4db3de6c06d137fe6638732b3ff1683586959f58441d971901d3c58962cf09bf61c3d5196d20bfe608559dea61d11c507432b7b9552a33890023efb3b27

/data/data/com.secondarm.taptapdash/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664D6AD200CA-0001-1489-2107A7380188SessionDevice.json

MD5 d5b53116d49071009e657fb04c54ea14
SHA1 cf39b7f418fa61288d7545d65c3dc261a5cf2686
SHA256 b3fbc1500da59bd3c5839e2522ce3aaeae3c60bad6764691edc019c011d07efc
SHA512 9d4464a563f2fff1156eed1ba6aee077ce8e3846963ed421eaa7f38ba5eb4a0c4a37b4f98bb996bf39ac1b9ae4fd4b35c904c2f64db2c94e4a81ba71741d63d5

/data/data/com.secondarm.taptapdash/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/log-files/crashlytics-userlog-664D6AD200CA-0001-1489-2107A7380188.temp

MD5 88ecf97b1a2379d440d8acfd7d6c2085
SHA1 14675a88aabd5debb6ae0f095fd414aa7cffc4b0
SHA256 e7ff6df79e11376c7b58c16f889d17084fd3450d7346a6b08450f64ec8f65053
SHA512 2da028ff8770a13c630529c569f2be56443edd3cbd08a06280f81f1721ad19ed31132be55fcce6926d81325259d85a7af1185168cf7de207ee6f2317e335b106

/data/data/com.secondarm.taptapdash/files/AppEventsLogger.persistedevents

MD5 bd90db76cc07976b95c321393200b079
SHA1 0a3f17ee5eb11dcd61cd5858c1e3b2861926d4f9
SHA256 975d3c75b3c200710abd9e544fbc86ebce358c84b6ccabb37904edb4bd4cbd83
SHA512 267aab2f4a92ae271822b17d158cee1605cabebe904f3042fd4a4ce78780846807a5bb77594fe57c6580325d348d71f745065a5ee1993d680b9fe194b714443f