Analysis Overview
SHA256
59069daedf165cf0b2ae9fb8a379823350333457ed90e7919ce2c39107ad870e
Threat Level: Likely malicious
The file 6b2d3355e2b2d91ee90bdb41c4d9daba_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Checks if the Android device is rooted.
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Registers a broadcast receiver at runtime (usually for listening for system events)
Loads dropped Dex/Jar
Obtains sensitive information copied to the device clipboard
Queries the mobile country code (MCC)
Checks CPU information
Checks memory information
Queries information about running processes on the device
Requests dangerous framework permissions
Checks if the internet connection is available
Reads information about phone network operator.
Checks the presence of a debugger
Uses Crypto APIs (Might try to encrypt user data)
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-23 14:03
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-23 14:03
Reported
2024-05-23 14:08
Platform
android-x86-arm-20240514-en
Max time kernel
102s
Max time network
136s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/app/Superuser.apk | N/A | N/A |
| N/A | /system/xbin/su | N/A | N/A |
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/mmapps.mirror.free/cache/1582435991586.jar | N/A | N/A |
| N/A | /data/user/0/mmapps.mirror.free/cache/1582435991586.jar | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Checks the presence of a debugger
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
mmapps.mirror.free
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/mmapps.mirror.free/cache/1582435991586.jar --output-vdex-fd=88 --oat-fd=89 --oat-location=/data/user/0/mmapps.mirror.free/cache/oat/x86/1582435991586.odex --compiler-filter=quicken --class-loader-context=&
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.169.74:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.180.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.212.227:443 | tcp | |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| US | 1.1.1.1:53 | www.startappexchange.com | udp |
| US | 1.1.1.1:53 | init.startappexchange.com | udp |
| DE | 132.145.224.90:80 | init.startappexchange.com | tcp |
| DE | 132.145.224.90:80 | init.startappexchange.com | tcp |
| DE | 132.145.224.90:80 | init.startappexchange.com | tcp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| DE | 132.145.224.90:80 | init.startappexchange.com | tcp |
| DE | 132.145.224.90:80 | init.startappexchange.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.180.8:443 | ssl.google-analytics.com | tcp |
Files
/data/data/mmapps.mirror.free/files/.TwitterSdk/cl/com.crashlytics.sdk.android/session_analytics.tap.tmp
| MD5 | c33583fae4e0b61cde1c5b9227963237 |
| SHA1 | fe2ebe4d27469af1460f7e852031a04208ef629b |
| SHA256 | 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc |
| SHA512 | fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e |
/data/data/mmapps.mirror.free/files/.TwitterSdk/cl/com.crashlytics.sdk.android/664F4D0E02F2-0001-10AB-A9BD5E2B5AC8BeginSession.cls_temp
| MD5 | 95756c9d8e0ddf00e890f9470a19cefc |
| SHA1 | 1de4c07c9b4f86231b67049a15cc395215c29158 |
| SHA256 | c6700f9c9fb6ba1ce83c667141bb12c278f88c31d30d6715bbdfc362aaf3b00e |
| SHA512 | 7549441521f7f761d7f5d8c8cb6d834d18f64dcc1f0a448f87d53a0c504b75c856256877bd6b2fc028552937ea25db43e1a4be1da2f78845ffc4c0d1e467674c |
/data/data/mmapps.mirror.free/files/gaClientId
| MD5 | 70d0d2f189673e1e2151adf89d987e8d |
| SHA1 | 56267195601dd7f4e65231662d105023816edc86 |
| SHA256 | e81703148e1cf1e27a898da1c01878c7cc2e4742ce39952dbddad104f900e02c |
| SHA512 | e00e5acf85a4ab4d8cd19718c390ff0f2a3f5394a0f66c07478f819f0ced06e563ae61590e31d167a553303cbb6ae8c12cd5d4455d6ef69d72ed02d5baa1df22 |
/data/data/mmapps.mirror.free/files/.TwitterSdk/cl/com.crashlytics.sdk.android/664F4D0E02F2-0001-10AB-A9BD5E2B5AC8SessionApp.cls_temp
| MD5 | ebc68458825482e8a1d11674ccd84d67 |
| SHA1 | d549a8d368560c83b63c7da79816a632b0e00885 |
| SHA256 | 2d73ef4fab14fbff7b14bdabc40706c0cd599c3e704d333a0bfefca35097f94e |
| SHA512 | b1d1ee4f327a8dd6ed67303b0b24af42b3790eea2ab688e9a20382a519df0e92d7e08cbb785949346b531fc5eff2b1817ee334240387ff23cad2445d54b6dea0 |
/data/data/mmapps.mirror.free/files/.TwitterSdk/cl/com.crashlytics.sdk.android/664F4D0E02F2-0001-10AB-A9BD5E2B5AC8SessionOS.cls_temp
| MD5 | 9b3d4522944ce6396563812bfdb92fa9 |
| SHA1 | 6d2a6133c8f01938a48ccc77ef86ad8ca335c020 |
| SHA256 | d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9 |
| SHA512 | 091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727 |
/data/data/mmapps.mirror.free/files/.TwitterSdk/cl/com.crashlytics.sdk.android/664F4D0E02F2-0001-10AB-A9BD5E2B5AC8SessionDevice.cls_temp
| MD5 | 516b5289372e371f8fa8528e699fe92f |
| SHA1 | 0a515aa451700405786787d486f2120f0e268a90 |
| SHA256 | 0ef5399520c6d643d63ba9a954abd6d8ead845bad24b71be106dee321a77d3d2 |
| SHA512 | 57885d5b69ddf1dff0f8fe8bf83ea0ae06671fabf13ebff4e7b2bd8806e40e055349ddce8e56b21f6f96c479837acc300aa9d6cb03a3aac8a05da8805bfc98b4 |
/data/data/mmapps.mirror.free/files/.TwitterSdk/cl/com.crashlytics.sdk.android/session_analytics.tap
| MD5 | 68bbb45979fccee8b10ce00584d2a009 |
| SHA1 | 63fd9cf8b5188cedb5d5226b10bdf9f4b5860620 |
| SHA256 | 8438498b9c8dc7b9e8daf908c5ab8fe7b0b214305a636f11caf7109295cf922f |
| SHA512 | 08cd3340c5721d64b4dcb4bb237745cdfa6b90a808edc1296b4c0227470b483f34df6f304771ab40f39cc29456b2f5c166d635e2a9088f4a58e4b52b9b3de8d6 |
/data/data/mmapps.mirror.free/files/.TwitterSdk/cl/com.crashlytics.sdk.android/session_analytics_to_send/sa_4ee562a6-d824-44c2-9d46-0ebc1710998d_1716473102875.tap
| MD5 | 7f40d5debe7352ab2523d1458aaceb65 |
| SHA1 | 2797eb51a3f94a718977fac75e77ad94822664f5 |
| SHA256 | 02da8fbbc931fff84ff35c8413b57b1cbff3e2408dc2d5db59bb089249dd77df |
| SHA512 | 10b6b3687fe670e31207ad3a1e11a06f0f88a158e89548f36147ece1cc45fc5968cb393e9741e9f177d3c2967b23be7198fea5c85d702ddfd1142b0d385fb5aa |
/data/data/mmapps.mirror.free/cache/1582435991586.jar
| MD5 | e8e0527a01aefdb89afd2c508f131da1 |
| SHA1 | f1103e6b260c657ceb3d95f1b023af3fda8b133a |
| SHA256 | f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce |
| SHA512 | fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34 |
/data/user/0/mmapps.mirror.free/cache/1582435991586.jar
| MD5 | fde2ee00cbd121cfab5290b078aa3ceb |
| SHA1 | e2b77d5320e155e413d040a8c20020962065b2f8 |
| SHA256 | 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685 |
| SHA512 | a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56 |
/data/user/0/mmapps.mirror.free/cache/1582435991586.jar
| MD5 | 2048eb6124a452540ee51dae4145aadf |
| SHA1 | d05005b2cd7fe4cd652b0d7fd1bdac2c19d51451 |
| SHA256 | 105c54b6fe3f25350e92187467761598e4c21d62b1091b77d091f65f3bd98864 |
| SHA512 | bb6cb3853dd2a5d0701e20607d4e153ae201268dd2e5e2d06cc2df208b3b4dc50132a4ab428251b1644d2399fcc717662438d082ff14203387bab8794109d44d |
/data/data/mmapps.mirror.free/files/.TwitterSdk/cl/com.crashlytics.sdk.android/session_analytics.tap
| MD5 | 6192ff9ee3615c7250464ad797e33892 |
| SHA1 | 3e87caf08cd150dbe4498390b4e7d1720d54cc71 |
| SHA256 | 68bcadcacf8022734bffb2d40a59fc0fa6d4c1d8f1b4132bea9dc95053fcd451 |
| SHA512 | aa61fd2d7785c6e03553540a8d1765d7848859d92b3621ac176c2232557f281f5e034fa78c5c36f7efe4519dbb4afcc79c17c7f10c39e91aeddbcc9152b6fd42 |
/data/data/mmapps.mirror.free/files/gaClientIdData
| MD5 | 8f251d30f7cc6a1766edf48a81e0d22e |
| SHA1 | baa1f0b18c04a222adb9150af05f6275d300d4a5 |
| SHA256 | 9e766f5624e75f080176df10a0eff2ec8b4110825afb9e19167caf17b1c16ca5 |
| SHA512 | 42311bbe3847644d93c03297d9d81f7e276637f77c981f9b545a5fff61f6fc82769cfb4702cab7470f2f201b8a39887bbdf06bfc3c2b851bfa0f7b588ce0a819 |
/data/data/mmapps.mirror.free/cache/oat/1582435991586.jar.cur.prof
| MD5 | a3b78d197d786c13687c3f0f89703bd8 |
| SHA1 | 9967f0726b6b1ed3f198904547b81920f8329621 |
| SHA256 | c5e6754556dbe01b055066f23c28ddaaf5fe67cee4baed00d59dc993335b3d97 |
| SHA512 | 9a47c9bb977edec9d29d22f280e0078ca931a722eaecc2b085c6b5aaf6246d17a6ad07c9faca45070bb5b89a3ee6cf896f5e2c7e73fb033e3ac57471df70a8b1 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-23 14:03
Reported
2024-05-23 14:07
Platform
android-x64-20240514-en
Max time kernel
86s
Max time network
135s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/xbin/su | N/A | N/A |
| N/A | /system/app/Superuser.apk | N/A | N/A |
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/mmapps.mirror.free/cache/1582435991586.jar | N/A | N/A |
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Reads information about phone network operator.
Checks the presence of a debugger
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
mmapps.mirror.free
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.212.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| GB | 172.217.169.14:443 | tcp | |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| US | 1.1.1.1:53 | www.startappexchange.com | udp |
| US | 1.1.1.1:53 | init.startappexchange.com | udp |
| DE | 132.145.224.90:80 | init.startappexchange.com | tcp |
| DE | 132.145.224.90:80 | init.startappexchange.com | tcp |
| DE | 152.70.183.52:80 | init.startappexchange.com | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| DE | 132.145.224.90:80 | init.startappexchange.com | tcp |
| DE | 132.145.224.90:80 | init.startappexchange.com | tcp |
| GB | 142.250.200.46:443 | tcp | |
| GB | 172.217.16.226:443 | tcp | |
| GB | 216.58.204.68:443 | tcp | |
| GB | 216.58.204.68:443 | tcp |
Files
/data/data/mmapps.mirror.free/files/.TwitterSdk/cl/com.crashlytics.sdk.android/session_analytics.tap.tmp
| MD5 | c33583fae4e0b61cde1c5b9227963237 |
| SHA1 | fe2ebe4d27469af1460f7e852031a04208ef629b |
| SHA256 | 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc |
| SHA512 | fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e |
/data/data/mmapps.mirror.free/files/gaClientId
| MD5 | 10fd2cba1b9f186542ff605670bdaa73 |
| SHA1 | fc1b4c7a51375d9c035013bfe7cd0fad148f51a2 |
| SHA256 | 355eebfea41cac95c2a1364c896dc90867313cb6252e929cd47c659a55975fcd |
| SHA512 | 1da0840e3f658e48b4b3fac0ec5d7adf10b2c186229874ee083992b7f72f431a918e59b7a9d24516c7bb843955abe4d45280ae174ce10c634281735ab5ba3e70 |
/data/data/mmapps.mirror.free/files/.TwitterSdk/cl/com.crashlytics.sdk.android/664F4CDB0103-0001-13EE-2BF531436AAABeginSession.cls_temp
| MD5 | cc563a338b4f080d6f9600812e51e968 |
| SHA1 | cad6b5524fe2b08c1207c355856da7e57fa42fd5 |
| SHA256 | e709708b9ea048009fc1e1e3a13165245dbbd5e2db78e63b12124a9a0c13d03d |
| SHA512 | 78188d8124d64cc7daab9b95b5a28e2a056a0033659cb2f359d2795376f77d6b63565ff7632087a2035189173751abb581b9c807b8b8db458b3ebbcfaff5eeb3 |
/data/data/mmapps.mirror.free/files/.TwitterSdk/cl/com.crashlytics.sdk.android/session_analytics.tap
| MD5 | 357a9a7864792ead535d2ffa03b7163a |
| SHA1 | 8ae74fe692d819adc5428990a107ac4a21b6dd73 |
| SHA256 | a60cf929509aaea85eca4ea38b1d88c5517ba5481864672101133a7734504742 |
| SHA512 | c7a879a7ac25953ad9b7c534dedecbfa370c792aecd0a0744f052128b2e0e5825cb68f2572613b795a744b1803a8de9b32aaa1a087b13271a626a959ec31060b |
/data/data/mmapps.mirror.free/files/.TwitterSdk/cl/com.crashlytics.sdk.android/664F4CDB0103-0001-13EE-2BF531436AAASessionApp.cls_temp
| MD5 | cc74b5f72e98c4e84096a034ee660fdf |
| SHA1 | e68d3cf01314dd0bf3d2b12eb324b91f4285e011 |
| SHA256 | d348a0097a9f198b39571b8778736221b082187e53242490854083bb898740db |
| SHA512 | 6c1298c4fc6559ece06ca1f6e16bf88be86933845845969799ec4bbcc84d5c514ac1b688989c73ed0cd370960cc1e1ea8be82ac6dfb303dd5a3a0b6cc9bd6939 |
/data/data/mmapps.mirror.free/files/.TwitterSdk/cl/com.crashlytics.sdk.android/664F4CDB0103-0001-13EE-2BF531436AAASessionOS.cls_temp
| MD5 | 2566d27ce8c28d8961f082c375d7535e |
| SHA1 | 92fe585b1a2c9c523d2fa1f65ab5c1b6a1a6edaf |
| SHA256 | 5acdb54ddba2e264f6822fbdbc4e9b5158f57d43785c2f01d981956b18f7a90a |
| SHA512 | 1c70679bbd25a57f9ac02083d5af0fe72b1417cf3070a195497f03d6f492e87b1ed3f570de7ea7c814c995a1530e32610d9570f31a480648f4062e8d3287be8f |
/data/data/mmapps.mirror.free/files/.TwitterSdk/cl/com.crashlytics.sdk.android/664F4CDB0103-0001-13EE-2BF531436AAASessionDevice.cls_temp
| MD5 | f16077ce74679b6665cb21f0a84a04fb |
| SHA1 | 12e3217a254f921ab85bf3887d23019bfb1426a0 |
| SHA256 | f374052dbe3f9b8e9dfd7168ac4bd69b81c7d6a2114246e35a1e70c0836da77b |
| SHA512 | e1ccd52961a94ce7b0e6e80fa34eb2ec5a85dcfd443f9514af1dc160d039ddb1e9c97b36a2d868ef8c5d091334f5d387e8576d819a6416f94a37a84c65302d11 |
/data/data/mmapps.mirror.free/files/.TwitterSdk/cl/com.crashlytics.sdk.android/session_analytics_to_send/sa_93989be3-8833-4fe4-b2d7-227d1a6f74d6_1716473051865.tap
| MD5 | c9fdd2a0e2b5597c2fc2a4fd85e2b850 |
| SHA1 | df7f00dbfe2d11ff57728c97ae0f2a124d8a2585 |
| SHA256 | e98a58d7520d8810995b403269799d9224c5f79249f36b301cc908c97b1b35ed |
| SHA512 | 4be7b915e73f74901dd8d40c1db4eddd10fb2d90cad535f1a18f194f77045cee17d9c58250329a3258d89b1ba240cb8ad6a559a14f80ba86af1050482392af37 |
/data/data/mmapps.mirror.free/cache/1582435991586.jar
| MD5 | e8e0527a01aefdb89afd2c508f131da1 |
| SHA1 | f1103e6b260c657ceb3d95f1b023af3fda8b133a |
| SHA256 | f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce |
| SHA512 | fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34 |
/data/user/0/mmapps.mirror.free/cache/1582435991586.jar
| MD5 | fde2ee00cbd121cfab5290b078aa3ceb |
| SHA1 | e2b77d5320e155e413d040a8c20020962065b2f8 |
| SHA256 | 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685 |
| SHA512 | a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56 |
/data/data/mmapps.mirror.free/files/.TwitterSdk/cl/com.crashlytics.sdk.android/session_analytics.tap
| MD5 | ce93ec8bc653afd4b9cb8ac50e8ffb18 |
| SHA1 | 2013da1557cb85aea33541e8506fb9e703d968f9 |
| SHA256 | 330545c3c12553495650726627a60051aa188ca577ec257b07221a4645ab1021 |
| SHA512 | 1bebe58d49f5dd720a565a87f2502c0467e5c72c18e329b08172b2c570dfb073b88defd21c2f2bbc8c8b7d105768b7ee5567009e0188a19f2f429720a4c172ef |
/data/data/mmapps.mirror.free/files/gaClientIdData
| MD5 | bd7257873a40e76cde8812486913e442 |
| SHA1 | 29e89fac71a8d80ba597016d7388b026937fc351 |
| SHA256 | a5bf0bc0469f82b05516ebc6d99751d403ddb0a5ffbd6f30e6a7f990c73e49f5 |
| SHA512 | ddf01f89cc30b7fb3e3060cf262851eba16aac23d56d981ce54b4ffa7865ae4d5be84217a496348e385a50ee2af69299b72cccfdc1adbd578a0aea0e51f10e18 |
/data/data/mmapps.mirror.free/cache/oat/1582435991586.jar.cur.prof
| MD5 | 0d54a4386313e9b5ab0c662b0b63185e |
| SHA1 | dcc4b657094d0402aaea007dde418641bf286047 |
| SHA256 | 211cf6da70f0de77c5ec0fffbe7d48633f4a6ea8823b6fdf8978f2938eade032 |
| SHA512 | d426226bfe32f3b8e0845e77e0a81d8eae25365d43befc8af74270b5076e95e9e0abc0f2d0326abf446e56e248a550030ff2282c5680997bdcb3fcdc7c456b05 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-23 14:03
Reported
2024-05-23 14:07
Platform
android-x64-arm64-20240514-en
Max time kernel
166s
Max time network
133s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/app/Superuser.apk | N/A | N/A |
| N/A | /system/xbin/su | N/A | N/A |
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/mmapps.mirror.free/cache/1582435991586.jar | N/A | N/A |
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Reads information about phone network operator.
Checks the presence of a debugger
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
mmapps.mirror.free
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.212.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | tcp |
| US | 1.1.1.1:53 | init.startappexchange.com | udp |
| US | 1.1.1.1:53 | www.startappexchange.com | udp |
| DE | 132.145.224.90:80 | www.startappexchange.com | tcp |
| DE | 132.145.224.90:80 | www.startappexchange.com | tcp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | tcp |
| DE | 132.145.224.90:80 | www.startappexchange.com | tcp |
| DE | 132.145.224.90:80 | www.startappexchange.com | tcp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | tcp |
| DE | 132.145.224.90:80 | www.startappexchange.com | tcp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp |
Files
/data/user/0/mmapps.mirror.free/files/.TwitterSdk/cl/com.crashlytics.sdk.android/session_analytics.tap.tmp
| MD5 | c33583fae4e0b61cde1c5b9227963237 |
| SHA1 | fe2ebe4d27469af1460f7e852031a04208ef629b |
| SHA256 | 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc |
| SHA512 | fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e |
/data/user/0/mmapps.mirror.free/files/gaClientId
| MD5 | 07688c577202a289529626b0fd520619 |
| SHA1 | 1d2fc33292af84ab98263f4b7676f2f42780766f |
| SHA256 | 89afa5691cd4a4e75c19a733aad4a63653128164b43a4f6a26dccd5fe66c9735 |
| SHA512 | 2e862a93b5353b2b22c8f2676e9fd8aff83d3037c7e7860b87cf5923c617aa05567cf65244048a9e10bf8b0c745ffd7dd08f29310a82b203e271c410a4b2119d |
/data/user/0/mmapps.mirror.free/files/.TwitterSdk/cl/com.crashlytics.sdk.android/664F4CE003CC-0001-11FC-5AE675F35082BeginSession.cls_temp
| MD5 | 0332f9f844e0f93117a21e82f75ab5f6 |
| SHA1 | 7ed9aa6687b5a58d9a037e49e04349c038d25488 |
| SHA256 | 5d50b3db4158f2d9fbdd8eaae5e4b3ec38ff503f5f6de23864f86ca24a134176 |
| SHA512 | 7eb385e94b0e83e1e5ca5a5b7aaf49c1fada09010599082d1a2ef21acb7e1c5a67e3c0ed31c66762b252a8cf77e61569d3c206518723ceb476795b535826629f |
/data/user/0/mmapps.mirror.free/files/.TwitterSdk/cl/com.crashlytics.sdk.android/664F4CE003CC-0001-11FC-5AE675F35082SessionApp.cls_temp
| MD5 | 579a5bee2e24535529c0ec625edb5765 |
| SHA1 | ec4f0a0cc5d5faf90e2feff4ad7476e3185f87c8 |
| SHA256 | 0315f5d633aa2967db08762ae98d646a9181b02c51e1e3cc546c0106ab2eec9a |
| SHA512 | 4f3ac969776fdc97df43112a595b51fd3c12a6328aa6bca7ff0dfb58ec57d0f5bcd4650679c02044f4c074abca3b8bac61f4371a981b33e2b2f516339328ac04 |
/data/user/0/mmapps.mirror.free/files/.TwitterSdk/cl/com.crashlytics.sdk.android/664F4CE003CC-0001-11FC-5AE675F35082SessionOS.cls_temp
| MD5 | b3d9541cc92a9153d14e5160f8d8c008 |
| SHA1 | 2e1ac80eb381dd82a03795b682f92020348c0113 |
| SHA256 | 1ead5b213c87f182ffce484c34f7d9f140ad3425c0f303f460492efe8a26c56d |
| SHA512 | 78074409135a210ba4e1407ad9b3f784f5683e83aac4ce3482d4e8135425cf2b30db1ff5dd0041901c490a551a477237c6d255671c7b1fad74090980dcf3334f |
/data/user/0/mmapps.mirror.free/files/.TwitterSdk/cl/com.crashlytics.sdk.android/session_analytics.tap
| MD5 | 46149af3b517ae40fabb11f2ef1b7b6b |
| SHA1 | bb990d1dad46fdc4b8788936bf91a2d20a387451 |
| SHA256 | d309923a045441f5efd0b89b6832fee912330ed32b4fed2fdb5f8f389857873b |
| SHA512 | 3ee664406ca290c0f925c408f7105a8c255a96fb8d2996a759f268da9e89a0487f7995bf6a761e81cbdfd11abf9755c7c6625b484bbcd6b3a0997f3ac3c717de |
/data/user/0/mmapps.mirror.free/files/.TwitterSdk/cl/com.crashlytics.sdk.android/664F4CE003CC-0001-11FC-5AE675F35082SessionDevice.cls_temp
| MD5 | 341847a33177dc68bb320adcd5da9646 |
| SHA1 | 1f494262a1b2aa88d40fe1b5325ef78ec237363b |
| SHA256 | 196d0e5753999d6cd8c315b03a6736aead366c4ea0d82e6efc26e22cd77eac82 |
| SHA512 | f4c7f5a2498a8b1661739e3b319d9f430d2228f7f41e662fc3f23b1889b902f57286c9ed39a60ff15addb42f2dfb088c00ca86b186ca7743e2e982885c95b3a8 |
/data/user/0/mmapps.mirror.free/files/.TwitterSdk/cl/com.crashlytics.sdk.android/session_analytics_to_send/sa_a643a90e-03e8-4ccb-90cb-d0b8e8ee6874_1716473057212.tap
| MD5 | 05815d9dd3c3bab8795558374253265d |
| SHA1 | fb16faa77c595d37005f55d0895a6b16fee514bd |
| SHA256 | cb86f31f04dd6ecd221d59d0008a743e8225b1c0bafdcce1b6d6a6c5882dd106 |
| SHA512 | d4d04a5d7680d5d6f3d88a7781cb28a5fe86a75d1abc1ff7df8ed83af6853f71563f8eb1801dd56d997ca100d7c729fb58ab6c8b18172b8d52a7795cda04e9c8 |
/data/user/0/mmapps.mirror.free/cache/1582435991586.jar
| MD5 | e8e0527a01aefdb89afd2c508f131da1 |
| SHA1 | f1103e6b260c657ceb3d95f1b023af3fda8b133a |
| SHA256 | f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce |
| SHA512 | fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34 |
/data/user/0/mmapps.mirror.free/cache/1582435991586.jar
| MD5 | fde2ee00cbd121cfab5290b078aa3ceb |
| SHA1 | e2b77d5320e155e413d040a8c20020962065b2f8 |
| SHA256 | 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685 |
| SHA512 | a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56 |
/data/user/0/mmapps.mirror.free/files/.TwitterSdk/cl/com.crashlytics.sdk.android/session_analytics.tap
| MD5 | 08ec8d58264cffbf3ce19d7f34914f49 |
| SHA1 | 28dfe7be2b0fe2ec8089496d36d938033f12b600 |
| SHA256 | df943a777ca64ed58255d0118fae400b97ad6d7882146e397966623f1024237f |
| SHA512 | aef29a8922eb6236eb21131f1a30eddaef9843a3e38bacc505ae50eeded0665325a8a3cde3c565627e049a419ca541c20c59927d17e99b7f6ae56cb497579120 |
/data/user/0/mmapps.mirror.free/files/gaClientIdData
| MD5 | 9d990a9d06ae609d8daaa6de80c1c099 |
| SHA1 | 04b8e733d78c51ef885aea07f8b3c862269867a9 |
| SHA256 | 27a792c94f565dff0e8fe9a0c71e3bc0d8542028d6987bbebef4c1182aeb2e83 |
| SHA512 | 94682eb6dda027975adbd9ba2c06b183fb9c9577e18b0a4adb1747a960e2e3b22a47858249a2ec7f1c506e10d63b0b4b587fb3234a096fbd1d086f59b44f5f6a |
/data/user/0/mmapps.mirror.free/cache/oat/1582435991586.jar.cur.prof
| MD5 | f9431a0cde5766b6a47fe517f0dbe91f |
| SHA1 | 41ebffb9e03db4e211961286e6c233726d1c704f |
| SHA256 | 48409024aacda3669e2112419ca8742dedca12f5310521730db60c8387710616 |
| SHA512 | 3102a350b8cdbfe686564eb79892a609f3cccd74d4b420f831156b1c57b736853f1cba0988d4dea7bf728f341e3ed2b997274684726afa2d97d31115e5213382 |