Malware Analysis Report

2025-01-19 07:01

Sample ID 240522-vhy9lahg74
Target 67f53b5ce8611b198696c0ff90b7af2f_JaffaCakes118
SHA256 9f740f088b365f3a831c602e4c2435293edff0d801405545bd22f73508754ef6
Tags
discovery evasion impact persistence collection credential_access
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

9f740f088b365f3a831c602e4c2435293edff0d801405545bd22f73508754ef6

Threat Level: Likely malicious

The file 67f53b5ce8611b198696c0ff90b7af2f_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion impact persistence collection credential_access

Checks if the Android device is rooted.

Checks CPU information

Queries the mobile country code (MCC)

Checks Qemu related system properties.

Queries information about running processes on the device

Registers a broadcast receiver at runtime (usually for listening for system events)

Obtains sensitive information copied to the device clipboard

Checks memory information

Loads dropped Dex/Jar

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-22 17:00

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-22 17:00

Reported

2024-05-22 17:03

Platform

android-x86-arm-20240514-en

Max time kernel

179s

Max time network

160s

Command Line

com.mmpgaame.bddr

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.mmpgaame.bddr/cache/1582435991586.jar N/A N/A
N/A /data/user/0/com.mmpgaame.bddr/cache/1582435991586.jar N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.mmpgaame.bddr

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.mmpgaame.bddr/cache/1582435991586.jar --output-vdex-fd=215 --oat-fd=216 --oat-location=/data/user/0/com.mmpgaame.bddr/cache/oat/x86/1582435991586.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
GB 142.250.200.42:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.200.42:443 tcp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 config.uca.cloud.unity3d.com udp
US 34.111.113.40:443 config.uca.cloud.unity3d.com tcp
GB 142.250.187.228:443 www.google.com tcp
US 1.1.1.1:53 cdp.cloud.unity3d.com udp
US 34.107.172.168:443 cdp.cloud.unity3d.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 www.googletagservices.com udp
GB 172.217.169.66:443 www.googletagservices.com tcp
US 1.1.1.1:53 tpc.googlesyndication.com udp
GB 216.58.213.1:443 tpc.googlesyndication.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 172.217.169.66:443 www.googletagservices.com tcp
GB 142.250.179.238:443 tcp

Files

/data/data/com.mmpgaame.bddr/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/storage/emulated/0/Android/data/com.mmpgaame.bddr/files/Unity/local.a8d5159e91ea94045a5d0d59bd077c6f/Analytics/config

MD5 8673a8ac0b06a9d056d08d62f857ba4b
SHA1 a351bea1932270bafbe468584058fef20dcfc31e
SHA256 83b3f90c4edf1f122c8faf9784ca0aee4dd017c65493ac181c1814211703db96
SHA512 edf28eb7fcef654f139285d308f817ee230d6f064a4c865109d6dfe6f73c11f8f35737c8159c8a302118237ab980899ba5773f547cc9da4028643a53b08e324f

/storage/emulated/0/Android/data/com.mmpgaame.bddr/files/Unity/local.a8d5159e91ea94045a5d0d59bd077c6f/Analytics/ArchivedEvents/171639723900000.05f402d0/s

MD5 3012d95ea70877736a32ee116b6808a8
SHA1 51098f2aa8c6cd9524bf666f06bab439d0e044e5
SHA256 29d764d06ff6228ae1b134db75f068b519fe6f46151f52637fdbdfff7fc7c411
SHA512 0087d115bc7c4313c8fddc51f9b9cb596912efdb7ec614e2f28c621d68442a2907b6d274a9ebfd87cc41c69595805042896a8fce974cea4c4d1dfc420514f8ec

/storage/emulated/0/Android/data/com.mmpgaame.bddr/files/Unity/local.a8d5159e91ea94045a5d0d59bd077c6f/Analytics/ArchivedEvents/171639723900000.05f402d0/g

MD5 c81e728d9d4c2f636f067f89cc14862c
SHA1 da4b9237bacccdf19c0760cab7aec4a8359010b0
SHA256 d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35
SHA512 40b244112641dd78dd4f93b6c9190dd46e0099194d5a44257b7efad6ef9ff4683da1eda0244448cb343aa688f5d3efd7314dafe580ac0bcbf115aeca9e8dc114

/storage/emulated/0/Android/data/com.mmpgaame.bddr/files/Unity/local.a8d5159e91ea94045a5d0d59bd077c6f/Analytics/ArchivedEvents/171639723900000.05f402d0/c

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

/storage/emulated/0/Android/data/com.mmpgaame.bddr/files/Unity/local.a8d5159e91ea94045a5d0d59bd077c6f/Analytics/ArchivedEvents/171639723900000.05f402d0/e

MD5 ce2fd8389fa89788f12929ab2f45c1b9
SHA1 6a6e463545b1a52e1091fece481f9533bc7f9ae8
SHA256 203f97f45bfe9e3cb0e88b4d23ce3573b5c30e4c1c4b860850092490e1ab5c3d
SHA512 4d6b9f4e54a718551fdb34c164b55267a82189eb018575b18666bfd2a7ad184e91278923880b2ab45f32096c2dd4cd5fefd2b1c271c687a72236a4b289e6281d

/storage/emulated/0/Android/data/com.mmpgaame.bddr/files/Unity/local.a8d5159e91ea94045a5d0d59bd077c6f/Analytics/ArchivedEvents/171639723900001.05f402d0/e

MD5 332c7ac86c114a4d0e50f629eae43c39
SHA1 c339946ab0c0dd9ef918bbaee668c7da7c8c9830
SHA256 dbe6978422c69a70ff42abe68c674412ad2fe320f54638d60631d8e0667c139b
SHA512 51a0e0f7ee5f17b440f6cd2135144b38039b552a2e5e14ced2f17746fb0fa8bdf4a375c8a6bad7faf98d8bf27347da6318857fd0ba18239821f94e8e5744dbd4

/data/user/0/com.mmpgaame.bddr/cache/1582435991586.jar

MD5 fde2ee00cbd121cfab5290b078aa3ceb
SHA1 e2b77d5320e155e413d040a8c20020962065b2f8
SHA256 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512 a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

/storage/emulated/0/Android/data/com.mmpgaame.bddr/files/Unity/local.a8d5159e91ea94045a5d0d59bd077c6f/Analytics/values

MD5 d27e73da6f479bc66bebf77efa39d4e4
SHA1 031e5458b5123dd690505e0806387978e977a3f2
SHA256 4a2fd6d88cdc576b4faa1d8ec09e3f9b4beae84a04e727eca8231e8c397631b2
SHA512 5810b80dddde96cd806e7c883b42d43e3d7ce9b0b8a43d0625b3ed9630225e645a5dc8cf00d51dc9f54e712492e7b711fa9083a7df32f753f6dd48e621456b38

/storage/emulated/0/Android/data/com.mmpgaame.bddr/files/Unity/local.a8d5159e91ea94045a5d0d59bd077c6f/Analytics/ArchivedEvents/171639724000002.05f402d0/e

MD5 38919af1e670cc48ab3d6a874a922aca
SHA1 ce69c245b9bfd5250ec610e6df16ea8557b7e30a
SHA256 10b69743bad4e4d21a5bad941ef4ec118687b16e89d7fa975e259147d56449c4
SHA512 339ec53de8657a63c03c3632db0d6b2e521ff2e08b9a670745a6879abc93f2f5e6ccb116eadf03ae1384347afe02c8b1d0ba65c3d158203caa7be1d2571aefd2

/data/user/0/com.mmpgaame.bddr/cache/1582435991586.jar

MD5 2048eb6124a452540ee51dae4145aadf
SHA1 d05005b2cd7fe4cd652b0d7fd1bdac2c19d51451
SHA256 105c54b6fe3f25350e92187467761598e4c21d62b1091b77d091f65f3bd98864
SHA512 bb6cb3853dd2a5d0701e20607d4e153ae201268dd2e5e2d06cc2df208b3b4dc50132a4ab428251b1644d2399fcc717662438d082ff14203387bab8794109d44d

/storage/emulated/0/Android/data/com.mmpgaame.bddr/files/Unity/local.a8d5159e91ea94045a5d0d59bd077c6f/Analytics/ArchivedEvents/171639724000002.05f402d0/e

MD5 a7982815ab0f77b5fa13a97a6977fa35
SHA1 256c46644681a01b1290cf0513fa0acaeec4d83f
SHA256 c85d2af6df154975e0a60c483302d336be94c9a1883deb700377c1392be7dec8
SHA512 4a8b50b3eb59295b936eafd6560bf5a702e54999567cfb3fa8eea9970dd63e5abc064f833a5d34b70eb681d8566d8c7583bf47b66127efc720549fa9a58a7933

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-22 17:00

Reported

2024-05-22 17:03

Platform

android-x64-20240514-en

Max time kernel

179s

Max time network

150s

Command Line

com.mmpgaame.bddr

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks Qemu related system properties.

evasion
Description Indicator Process Target
Accessed system property key: ro.kernel.qemu N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.mmpgaame.bddr/cache/1582435991586.jar N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.mmpgaame.bddr

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 config.uca.cloud.unity3d.com udp
US 34.111.113.40:443 config.uca.cloud.unity3d.com tcp
US 1.1.1.1:53 cdp.cloud.unity3d.com udp
US 34.107.172.168:443 cdp.cloud.unity3d.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
GB 172.217.169.14:443 tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 tpc.googlesyndication.com udp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
US 1.1.1.1:53 www.googletagservices.com udp
GB 142.250.187.226:443 www.googletagservices.com tcp
GB 142.250.187.238:443 tcp
GB 142.250.200.2:443 tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp

Files

/data/data/com.mmpgaame.bddr/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/user/0/com.mmpgaame.bddr/cache/1582435991586.jar

MD5 fde2ee00cbd121cfab5290b078aa3ceb
SHA1 e2b77d5320e155e413d040a8c20020962065b2f8
SHA256 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512 a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

/storage/emulated/0/Android/data/com.mmpgaame.bddr/files/Unity/local.a8d5159e91ea94045a5d0d59bd077c6f/Analytics/config

MD5 8673a8ac0b06a9d056d08d62f857ba4b
SHA1 a351bea1932270bafbe468584058fef20dcfc31e
SHA256 83b3f90c4edf1f122c8faf9784ca0aee4dd017c65493ac181c1814211703db96
SHA512 edf28eb7fcef654f139285d308f817ee230d6f064a4c865109d6dfe6f73c11f8f35737c8159c8a302118237ab980899ba5773f547cc9da4028643a53b08e324f

/storage/emulated/0/Android/data/com.mmpgaame.bddr/files/Unity/local.a8d5159e91ea94045a5d0d59bd077c6f/Analytics/ArchivedEvents/171639724700000.e8231c26/s

MD5 05c5217509dbe174ffb29776b8b3d2d2
SHA1 f0d32a7bc9d024a13385a079fd6c41f89efa7d54
SHA256 135041f9ee23ca64f9d247e2dc1117197efb282d28781a44d5638b52f0ff5f61
SHA512 ddefb7c526805a728a272592cd759d62f10aeb63e0983ac1e2d349a67d3af6f026a8975b4f1f72c4066163f1385aa4ad1e429528db9f97c67260e52805dc42e3

/storage/emulated/0/Android/data/com.mmpgaame.bddr/files/Unity/local.a8d5159e91ea94045a5d0d59bd077c6f/Analytics/ArchivedEvents/171639724700000.e8231c26/g

MD5 c81e728d9d4c2f636f067f89cc14862c
SHA1 da4b9237bacccdf19c0760cab7aec4a8359010b0
SHA256 d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35
SHA512 40b244112641dd78dd4f93b6c9190dd46e0099194d5a44257b7efad6ef9ff4683da1eda0244448cb343aa688f5d3efd7314dafe580ac0bcbf115aeca9e8dc114

/storage/emulated/0/Android/data/com.mmpgaame.bddr/files/Unity/local.a8d5159e91ea94045a5d0d59bd077c6f/Analytics/ArchivedEvents/171639724700000.e8231c26/c

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

/storage/emulated/0/Android/data/com.mmpgaame.bddr/files/Unity/local.a8d5159e91ea94045a5d0d59bd077c6f/Analytics/ArchivedEvents/171639724700000.e8231c26/e

MD5 f32086d8ea16ce84eedd0f2a9d233d08
SHA1 e18e97389b5dccb2402059e6aa5e732e09aca153
SHA256 44a5b1eba83616d04bd97964585147389ed5356448566e14b3686162f333a78f
SHA512 e3ce0f5afbed751b958c79b69285af02c2f7faed7ce250e431b98d91200ca86c05e260995487732f1a6833f6bf6994fae2d31b6d125b46fb8d91668c3f525729

/storage/emulated/0/Android/data/com.mmpgaame.bddr/files/Unity/local.a8d5159e91ea94045a5d0d59bd077c6f/Analytics/ArchivedEvents/171639724700001.e8231c26/e

MD5 1330a229d564e1b0a3e4b805ac2ca973
SHA1 eee203148e6d83ecc703aa2718c07e33b9cb4da5
SHA256 177804505822ed3bf021bc8525938b1ed7a2b54949e44a4b453888427148436c
SHA512 1be75de5c13d2ca6da5b6cecd5ea49c369d2a68fd31fef58e746215c6d8ac941e059b9371971ece385db03b9ad5f25486088f8b174b41c37148fe3917b05f606

/storage/emulated/0/Android/data/com.mmpgaame.bddr/files/Unity/local.a8d5159e91ea94045a5d0d59bd077c6f/Analytics/ArchivedEvents/171639724700002.e8231c26/e

MD5 55c7d3c624dbc70ae2bc03ab29ab3142
SHA1 25031565d2502f9982bb30991b7eb7668321c468
SHA256 f80509c79329a623ae2e6e1d5feff0036c895d0ef843e68b2de3da7b68df0eb2
SHA512 cd15f22d934141fe87c6cd12b26e3514a87295e4b20001a369722ae38a7f35c2cfe58f203c1ad5389873ba38c32581a2cdb57315da16886dd42665f31c98293c

/storage/emulated/0/Android/data/com.mmpgaame.bddr/files/Unity/local.a8d5159e91ea94045a5d0d59bd077c6f/Analytics/values

MD5 ab70b4c349f3479307c5d15fd965e385
SHA1 b4a3bf0b523cfd229d6e0049e3a3d1f092b379e4
SHA256 4a8751f627df9a574346752decdf70210dc7e23816d1ddbf098f27e997af6caf
SHA512 03eb10e5f04fc14a0823f663710a55351490443a4461a1ee115de7e9188eaf1b2d4d47c22132d322c31ea26f6c4433b07fd1f52713579429462b8dbfd2162654

/storage/emulated/0/Android/data/com.mmpgaame.bddr/files/Unity/local.a8d5159e91ea94045a5d0d59bd077c6f/Analytics/ArchivedEvents/171639724700002.e8231c26/e

MD5 a034e6836b067daa23808e48c0b022cf
SHA1 5293547dc1d51fca2d239e51d9fd5e86a329e51d
SHA256 fcb565dd5f06f3abec5cfd72dbb48797630ac3fd9b6bc7976c1e0de5f4680584
SHA512 842cdc6500884f2f81ce834347ba6759cdede05fc06e8dd95dcd638bcb32aea4f75c19317c5d5f52527074dddb3ef66ed840fb544d13abdf3f4ebe5f18a51443