Analysis Overview
SHA256
9e14bedc5f5a619ffd5ed95eb98312384ac0da2667bacbf3daeea5f359b67212
Threat Level: Shows suspicious behavior
The file 679f92481a5fd52740f69c7639a4311f_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Checks memory information
Queries the mobile country code (MCC)
Reads the content of SMS inbox messages.
Reads the content of the SMS messages.
Registers a broadcast receiver at runtime (usually for listening for system events)
Obtains sensitive information copied to the device clipboard
Checks CPU information
Requests dangerous framework permissions
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-22 14:46
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-22 14:46
Reported
2024-05-22 14:49
Platform
android-x86-arm-20240514-en
Max time kernel
162s
Max time network
151s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Reads the content of SMS inbox messages.
| Description | Indicator | Process | Target |
| URI accessed for read | content://sms/inbox | N/A | N/A |
Reads the content of the SMS messages.
| Description | Indicator | Process | Target |
| URI accessed for read | content://sms/ | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Processes
com.tk.tmovie
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.200.42:443 | tcp | |
| GB | 142.250.178.10:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| CN | 120.55.16.135:80 | tcp | |
| CN | 116.62.69.130:80 | tcp | |
| CN | 116.62.69.130:80 | tcp | |
| US | 1.1.1.1:53 | vod.taiku001.com | udp |
| US | 1.1.1.1:53 | mvod.lianmengad.com | udp |
| CN | 116.62.69.130:443 | mvod.lianmengad.com | tcp |
| CN | 116.62.69.130:443 | mvod.lianmengad.com | tcp |
| CN | 116.62.69.130:80 | mvod.lianmengad.com | tcp |
| CN | 116.62.69.130:80 | mvod.lianmengad.com | tcp |
Files
/storage/emulated/0/2024-05-22WJLog.txt
| MD5 | ebaa92488a9b5550cd07b745c00e24d8 |
| SHA1 | 417a47c1adcdf2215d01c90f1fb7c802fda45634 |
| SHA256 | a5e11734dc179a116dfeb2064553e22509508140856eacb2fd22d62fe375b681 |
| SHA512 | b8c6c9ac3eb732a8aa877fea59dd4b4450271998984fce47389afbb8dbbc2829d40afaeb9a8eda8bf402703e2f9e71d556f9b25a2918f6de558d05be96cb6340 |
/storage/emulated/0/2024-05-22WJLog.txt
| MD5 | 2500add4ce82941ca9e9704c356ac0bc |
| SHA1 | b28fb6187c62d1a0f21b3c2c03e1c0907e8db401 |
| SHA256 | 6fa48a0560e639d00a787d99ec1b943cccf91e88adbe0780eab8d2602a9b9e91 |
| SHA512 | 4a100d3008be0776bd97cae5b98f8369a3c921761ed9dee06e40f49c9c5290d38780e6301782663a575095f0d331addc6f8b3c2be31a909f7a935b9578f35a3c |
/storage/emulated/0/2024-05-22WJLog.txt
| MD5 | df694ea48826dbd66d2d5e79765bb15e |
| SHA1 | a639fbee387df5d8f38afa4db1ac3d592693adc2 |
| SHA256 | 1ebd4127bfb91b85576bdcd02a6eb9c220acd4d4fc0d6632930fe59e56afe8f1 |
| SHA512 | 9dffb0ac40277d5bb24a76e86348471e392e5385011655a9c074b46f1e1a03733241e654ae06d1f95be9b7760ea01de9a382966e8cf75ec36c381f5ac652e0c9 |
/storage/emulated/0/2024-05-22WJLog.txt
| MD5 | 5935cfbf1208145bae8a313db3d9231e |
| SHA1 | 1b5fe6c1ccf41cbe2c24c6d5f07815ff2ea830bf |
| SHA256 | c6378e8fe085802a3986a015fac2a8e7c8eaa3c77dafee5a03b97601d955f2de |
| SHA512 | 7e287a832cf6565d481bc401fe3780498fdcd2e6f3c2061b53ff77d7e227321c9bd54b93f34929058eb4ad826ddadcd5b345436537ba41fa3854b7ebe4ff1ff5 |
/storage/emulated/0/2024-05-22WJLog.txt
| MD5 | 8932317bb93e4e05e6e55fc94b614f0b |
| SHA1 | 4ad0a6c682869ac3eeefd5fec862cb48ffda596e |
| SHA256 | 09cf1fd5791d999579bb8e0984e9b8a4ef1f8135c83505ee197fac3c96e090a2 |
| SHA512 | a9a0a1418a4f3547197707e64da980950b4503767ed2e3a12cf078639d9f3320977bfbf83be390ce7cbcda2eb8db0893610fa4a653367448babf18875f9239d5 |
/storage/emulated/0/2024-05-22WJLog.txt
| MD5 | 3987b2e1da5cee637c2776196c29b674 |
| SHA1 | f560ddb36dcdd5115f3cd59457262c93c4259366 |
| SHA256 | feaeb32786f314df84e341565b3c4812adc2ecf7558cb7e262cb66b9ae75bc85 |
| SHA512 | 4956212f601686f9dd5a4acb44a88422f82ee11c6aaa3f740821a715bba319175de2ee86853a509b8a8ead49be2ec140cfbe766b9e13bfd12b30a5e07478ef23 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-22 14:46
Reported
2024-05-22 14:49
Platform
android-x64-20240514-en
Max time network
138s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.204.72:443 | ssl.google-analytics.com | tcp |
| GB | 216.58.213.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| GB | 142.250.180.4:443 | tcp | |
| GB | 142.250.180.4:443 | tcp | |
| GB | 216.58.212.194:443 | tcp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-22 14:46
Reported
2024-05-22 14:49
Platform
android-x64-arm64-20240514-en
Max time kernel
179s
Max time network
157s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Reads the content of SMS inbox messages.
| Description | Indicator | Process | Target |
| URI accessed for read | content://sms/inbox | N/A | N/A |
Reads the content of the SMS messages.
| Description | Indicator | Process | Target |
| URI accessed for read | content://sms/ | N/A | N/A |
Processes
com.tk.tmovie
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.169.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| CN | 120.55.16.135:80 | tcp | |
| CN | 116.62.69.130:80 | tcp | |
| CN | 116.62.69.130:80 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.204.72:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | vod.taiku001.com | udp |
| US | 1.1.1.1:53 | mvod.lianmengad.com | udp |
| CN | 116.62.69.130:443 | mvod.lianmengad.com | tcp |
| CN | 116.62.69.130:443 | mvod.lianmengad.com | tcp |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| CN | 116.62.69.130:80 | mvod.lianmengad.com | tcp |
| CN | 116.62.69.130:80 | mvod.lianmengad.com | tcp |
Files
/storage/emulated/0/2024-05-22WJLog.txt
| MD5 | 07da7fea98503b3e23912f04b0f83867 |
| SHA1 | b41e43d2bed950d9d987f36aa71194e324e9e24f |
| SHA256 | 3a8a91ac62a312fb043d8113f1c176ae5192bb28727d8c9f23555959c00e58d1 |
| SHA512 | 5710ad74831de328bdb16f35b26c3261d2f3fb8919c352a06a57649c4e4d2d5ee251199352558a2dfee432865f371ab8c18bac9a5f8295880672a45fe2fc8ad5 |
/storage/emulated/0/2024-05-22WJLog.txt
| MD5 | 8742bee78770b95805749aaffbd9d826 |
| SHA1 | dbd1266bd3c63f67a126c4a06fd0d60736d7ce8a |
| SHA256 | d821c3e84847e6d7b7213c7e8b3298f4aea10f38cf2b39528fc679d765716386 |
| SHA512 | 6d6d057b78fa9aa20a19454e39913340477a9ba27b5374951cb734b67ee2f533290c33c595b659ece8608eed27d4294f725798934fa4d62319898072f85c272d |
/storage/emulated/0/2024-05-22WJLog.txt
| MD5 | 0ca3aa8875a434a060b4d3f05406a441 |
| SHA1 | f5126354cc1d21f3b915e984ca348067e9ad0b95 |
| SHA256 | d0f3770caf130fb2c65b97aa82bc7047152b5ea630e7acf1f9e8898d9fc563b8 |
| SHA512 | 5c595dc9e59f4098ea84504048fbdb779da0279d0a98fdf3ffbc4382fe8057f4eca9c0ba415e06747330349ae6bbd5485770ef02771a10b03e7bbdba7c40efdb |
/storage/emulated/0/2024-05-22WJLog.txt
| MD5 | 7e273f5bd293e1143934cf45ecc3b4e9 |
| SHA1 | f4a1681c9df5d62811ca65af5fd906375076c616 |
| SHA256 | ff9f4281580539df1b43c42d67a84943e2a4537d79882dd8b541d83635c62c40 |
| SHA512 | 8dbf6c458a487070663caad139d594bd28ed128217c175dd13a642f83137cc64b11e97fe9fbb86ff5afbc732dc15b900e1ae2413eb269eef2b90d553ea9bed74 |
/storage/emulated/0/2024-05-22WJLog.txt
| MD5 | c84c7bae2623dd42b37416d306d54829 |
| SHA1 | c5c40e436b2d3a781667005826b593fab34e4097 |
| SHA256 | 60999c21e9224c9d163b3684536f341be16ff29b2e54dcb483a39b24d6dfd78a |
| SHA512 | 3dde9ab3c0ae7996ce89dacfa37074cc24b188ceb06cc0561723d32657061925792ac55a94777c4650d51a470fa24b9a0d0dcd4ce0fc9cb53c8f2a8226465762 |
/storage/emulated/0/2024-05-22WJLog.txt
| MD5 | 5f76ad56e49febff284559a69165e509 |
| SHA1 | 2eb8bece17d3ce9819e32e42855af025bf839768 |
| SHA256 | 1cd60de7cab492343de6d6bbf3afa0314b96b5e1629cc3420c9c850fb8e6f463 |
| SHA512 | f8e3ab3ef7a3b112af924ae8e1e681060d1d9bc49b753cffff7b91139300fc767b4409eea665460c0670eb390cbd77125afef83c1726a9eae9844389303508ca |