Analysis Overview
SHA256
e83844fabd0f98c30c98901f65dfb657fa8a3bd0e5f6b7eaaafadf29fad1546b
Threat Level: Shows suspicious behavior
The file 66ebd45845c6fd22fbe0dc7f224d06e4_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Obtains sensitive information copied to the device clipboard
Checks memory information
Queries the mobile country code (MCC)
Registers a broadcast receiver at runtime (usually for listening for system events)
Requests dangerous framework permissions
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-22 10:18
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-22 10:18
Reported
2024-05-22 10:22
Platform
android-x86-arm-20240514-en
Max time kernel
19s
Max time network
143s
Command Line
Signatures
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.gameloft.android.ANMP.GloftFWHM
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | eve.gameloft.com | udp |
| CA | 208.71.185.246:20001 | eve.gameloft.com | tcp |
| CA | 208.71.185.246:20001 | eve.gameloft.com | tcp |
| US | 1.1.1.1:53 | iap-eur.gameloft.com | udp |
| CA | 198.136.44.127:443 | iap-eur.gameloft.com | tcp |
| US | 1.1.1.1:53 | secure.gameloft.com | udp |
| CA | 208.71.186.74:443 | secure.gameloft.com | tcp |
| GB | 216.58.212.227:443 | tcp | |
| US | 1.1.1.1:53 | 201205igp.gameloft.com | udp |
| CA | 208.71.185.246:80 | 201205igp.gameloft.com | tcp |
| CA | 208.71.186.74:443 | secure.gameloft.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.201.104:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.180.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
Files
/data/data/com.gameloft.android.ANMP.GloftFWHM/files/gaClientId
| MD5 | a68d49933c3aaa839f0febfa85516ef6 |
| SHA1 | 04a78a863c9d810e522cd9ca344f9f11a5fd3513 |
| SHA256 | 827aebb70bd01891b6919181066a2ff5ef5be188a9c0c8713f47d3b18e3e45fe |
| SHA512 | 2081c283ec014ce98d954f0e6e95c5b763fb862cc9c67d4dbbc1f70fae1d3bd44c7d17d9c2d725dcf2eba447cef14289bbd349855f5ad8e325f042df0c012e77 |
/data/data/com.gameloft.android.ANMP.GloftFWHM/databases/gameloft_sharing-journal
| MD5 | 955177304aa9345da2fea3c0fd633523 |
| SHA1 | 32cab1781236c0ed34dfb01abfab45ab4a0be339 |
| SHA256 | 5e106436cd7c81c3326701d1e4fc14268ebf9de271c576b933c2beaeda023a71 |
| SHA512 | d278125e7f82ce09496887b2156a6fd96ded46af9e6932cc01eedd53877960424f99e44615a58936685846c1ee7e62e0441dd076905f946ba188045e3d47a915 |
/data/data/com.gameloft.android.ANMP.GloftFWHM/databases/gameloft_sharing
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.gameloft.android.ANMP.GloftFWHM/databases/gameloft_sharing-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.gameloft.android.ANMP.GloftFWHM/databases/gameloft_sharing-wal
| MD5 | cf69cb819ce07afa4fc534adcc33b618 |
| SHA1 | 7d8a5ec5c4fe125f8357f2975855b3d1ad0dc663 |
| SHA256 | 58f0405b560ca45ec4caae6056300b4565b6470cde25da73c6926aba43ac54e4 |
| SHA512 | 6e2caa350b3e817163b53e53011e5fb33589bfabf4372ce8491ed16eeb536dbd7b618fae84d252695e65df9c4e581d28571acf819156d044725bfd0e087afdb4 |
/data/data/com.gameloft.android.ANMP.GloftFWHM/files/gaClientIdData
| MD5 | 265ffdbfe1e867b777b49549d685153c |
| SHA1 | e2e81e739b6177cba969927b2d1d7de9947296bb |
| SHA256 | 0e4ff5819464c705ac03d74eaef91526d03aaf9b27bdac96c60ed2116bc03aaa |
| SHA512 | 5170ae9a084fdbc93116034429f8f563956417244e7e1f7ce9810ebe0cb69de03dc940bb8ecb3d055d53f1380f4918ad9279f2e88fdbac01e8f03219822c70ef |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-22 10:18
Reported
2024-05-22 10:22
Platform
android-x64-20240514-en
Max time kernel
51s
Max time network
170s
Command Line
Signatures
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.gameloft.android.ANMP.GloftFWHM
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.204.74:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| GB | 172.217.169.14:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.201.104:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | eve.gameloft.com | udp |
| CA | 208.71.185.246:20001 | eve.gameloft.com | tcp |
| CA | 208.71.185.246:20001 | eve.gameloft.com | tcp |
| US | 1.1.1.1:53 | iap-eur.gameloft.com | udp |
| CA | 198.136.44.127:443 | iap-eur.gameloft.com | tcp |
| US | 1.1.1.1:53 | secure.gameloft.com | udp |
| CA | 208.71.186.74:443 | secure.gameloft.com | tcp |
| US | 1.1.1.1:53 | 201205igp.gameloft.com | udp |
| CA | 208.71.185.246:80 | 201205igp.gameloft.com | tcp |
| CA | 208.71.186.74:443 | secure.gameloft.com | tcp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| GB | 142.250.200.2:443 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| GB | 172.217.16.228:443 | tcp |
Files
/data/data/com.gameloft.android.ANMP.GloftFWHM/files/gaClientId
| MD5 | 6e127aedab6c38479689b22ed5b57fbe |
| SHA1 | d7912fa49fe19314f1683b2bfbb74d300c34d4bc |
| SHA256 | ba889002562f58aefd4c9a1c41f8dbc1377b108d91c8ff3cc6fbddcc7977419f |
| SHA512 | 874971f555a2c968f29f07260b83eaca46522b513e1c0856a87a53ea8ed6e85f2cb0a7bc2afd0508666d2770897b68b29426e8abc5f734f7b3a839ec8c7403a1 |
/data/data/com.gameloft.android.ANMP.GloftFWHM/databases/gameloft_sharing-journal
| MD5 | 750d9917bffdb87e86aa3ef45a527783 |
| SHA1 | b23a0ac0a02249677abfc9886c1e8160fe1f6d00 |
| SHA256 | d38139365a4c51b97b2549348a206f545036392b216aa39f1aef793f65c32197 |
| SHA512 | e02a5d42e13c668f840342573b8c8992a55f1703aaacdec7a0243023bc7bf097ba81ba7d0466a6bb20375d2d64bf21217899be34ef8146f08234eac88e0ed6ab |
/data/data/com.gameloft.android.ANMP.GloftFWHM/databases/gameloft_sharing
| MD5 | 8dd59b526bc79a3d7bc97d6970579314 |
| SHA1 | 6f14f7dea83cc2370be250310d5fa04e92f5d861 |
| SHA256 | 16b5a9d1e18c80d0443eaa663c78b4468bbcc99486c46e6971fa67a48f53dbd4 |
| SHA512 | 56b8781c1496bc74e802cb02d7a196ef7ecdedd43d5a54c1443cced80d6743cccdf2845fa01cbe9aaec585c0c432d31490b238cd4238baaa2f1c08c4ef092b4c |
/data/data/com.gameloft.android.ANMP.GloftFWHM/databases/gameloft_sharing-journal
| MD5 | 5912b475b7c5fc4379670a4e8fc7fbb3 |
| SHA1 | a22f0fa2b3141f96376f37db9435a2493d16e47f |
| SHA256 | bd0e81e6e68787df38065de11907034c24dd88a46f2aa31ec915892ca26bff7e |
| SHA512 | aa5a2d6cbfc5e7c196c5b2715e113c27e2ae523e2a8b965545d0aa4076d1c2026b72c7b341552ef4f902ee995f474252d0f7abcc2a8b572885a449035e5e0944 |
/data/data/com.gameloft.android.ANMP.GloftFWHM/databases/gameloft_sharing-journal
| MD5 | 83679d52c4dc4ba273198e26bbe0bdc6 |
| SHA1 | c6056415458a1ad5adfb07e00136aafcf42fe0ac |
| SHA256 | f329ea4aae48a0a222aec999cadca156750a77020e84715fda37f04a51948635 |
| SHA512 | 46a32da4db5fe32c66577cebf3d38d1809a4ff26b30ac74bc4b8b30db20230de5369ec4972016e0ec6aee6f33e763789328bace3bb00f287591920d5cc3f1275 |
/data/data/com.gameloft.android.ANMP.GloftFWHM/databases/gameloft_sharing-journal
| MD5 | edc835fb623c99975ad250d802754e49 |
| SHA1 | f1a81ec0cf0557e24696f06e930c030ea80695aa |
| SHA256 | 5d4039f13b547632bd690b442927c4161fbcc56c8164bcaf943735c52ea9ae26 |
| SHA512 | 0c882b8c88ea7065e718e4761b9dfbaa359a392585f457e2ba0b14690d769ab0762f3bef6e10762d56c1b8ba22d821d36634302cf31d5abcb725e933ab745f94 |
/data/data/com.gameloft.android.ANMP.GloftFWHM/databases/gameloft_sharing-journal
| MD5 | a71c99fec9ec55a723d38273de46e631 |
| SHA1 | bbbda2398dcba4da077181edd813f4591aa46587 |
| SHA256 | d2f8637c2fef3a40034745b7a9e6214b28e8caf97a8977c44fbf61527067782d |
| SHA512 | 1ab0a78efaea1f0cd33e5342bd6eceb36ce2a621b7c8d67fb6bd13c9a1a0ec2e3702a28987c37f1300b528f2fcd20db471303f9d90516d0feefae06ceb822008 |
/data/data/com.gameloft.android.ANMP.GloftFWHM/databases/gameloft_sharing-journal
| MD5 | dc2a92dfa4c567c7fb4fa95961c44774 |
| SHA1 | a8d3cca3682256d7897bd29a0501617d598ffe77 |
| SHA256 | 4cb5c2fe80596b7b91651f0afe61bfa457d669585cebc19b4f8c3237544ad45d |
| SHA512 | 78e19122e231cd319e5acc000bd9ef61e37c1ef6d58ef994ea870f1560caab5999b7f0169ca744f890cf5f7cfd16378c340378d3f068d9b09343152efe880588 |
/data/data/com.gameloft.android.ANMP.GloftFWHM/files/gaClientIdData
| MD5 | 3f992548b201d8c64dafd65461098446 |
| SHA1 | 3a749af513904a918c46bace0ef71dcba4ff23c0 |
| SHA256 | 084edeb8b90e8965136d23472136ac7d4711f65a3e535dbb2afa4025439ce5dd |
| SHA512 | 03d257234f7891bafa6e6f8a99d3d9bf1150d37966d8082759678de89484cb4e88c04d493b0dee7b69b74b0f4246147ab95db1b1e9dd4f0bc7ba11d9d072e20c |