Analysis Overview
SHA256
9b2decf4631db7072c8a17e2a91aa1b49c936db91e41b2682d1b0267a2e0568a
Threat Level: Likely malicious
The file 895ce02f93f6c715793b18ad07f66ad6_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Checks if the Android device is rooted.
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Queries information about the current Wi-Fi connection
Checks if the internet connection is available
Requests dangerous framework permissions
Uses Crypto APIs (Might try to encrypt user data)
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-01 04:28
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-01 04:28
Reported
2024-06-01 04:31
Platform
android-x86-arm-20240514-en
Max time kernel
174s
Max time network
131s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/bin/su | N/A | N/A |
| N/A | /system/xbin/su | N/A | N/A |
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.androidemu.harvezhadanren
com.androidemu.harvezhadanren:emulator
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.200.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ads.wapx.cn | udp |
| US | 1.1.1.1:53 | app.wapx.cn | udp |
| US | 1.1.1.1:53 | app.waps.cn | udp |
| GB | 216.58.204.67:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
Files
/data/data/com.androidemu.harvezhadanren/nesroms/harvezzhxzlb/harvezhadanren.nes
| MD5 | 6e456b88a318156364066d197a8a43d4 |
| SHA1 | b5bcca95dd7ea0ff6f3882e809c560052c212a24 |
| SHA256 | 0b5d24ccf0335b5f70a02fd162b20fa3a6defb83408f37a8701de83d5fcf2c9a |
| SHA512 | 9479b4cb3757fdc1e6b827fc4d1cb84390428fb5052f87739ac11254c09586a81ffa40df01898d35a2caa8e9f21a1539149a2bf35efe2b111a0ad3f65d5044be |
/storage/emulated/0/Android/data/cache/CacheTime.dat
| MD5 | 90b712219627736caa907ea4701c3e64 |
| SHA1 | c3c2eb7c5b37129c0f90b54188bc09b7f7a40372 |
| SHA256 | c66681851589b6d65249f2f68a45437f4a872849c67cbc82b03abf04df46c4e0 |
| SHA512 | 9c28ece538c5aeefea56ab15f1bb5b7c4a4e22aa10fab0370c7d300a414cd763ccaac23dcef2586c98c403ac44956d93429edea415ccdf2c259389994f03094a |
/storage/emulated/0/Android/data/.class/android
| MD5 | 3d01a0cc7abc4fc30bb3e60da34f59ef |
| SHA1 | a77628ffc105519271a9bdfc24bc0ada1aadd20d |
| SHA256 | 687bd1f19832d515445c688a6acdaf9212540c0b08796179b9a1b27497f45e29 |
| SHA512 | 6d3fffcd24d6a65a48a89313861896434f7dcf4dee695dc84f3b55d6c19e457a7a68dd6f5e464acb007d16922b44192f994e24064d69062c36481f2cf80636fc |
/storage/emulated/0/Android/data/cache/AppPackage.dat
| MD5 | 8a315191fe188557163acb5ad69f1b44 |
| SHA1 | cdce41aa2155a4c8cd91957846c2f603f009b22d |
| SHA256 | 8a6bf3fd34ecf79f09fc45ee0555bc444d9bf437b8a9942819f9c3288b5db2b1 |
| SHA512 | 2de2e662962323a32f28e76a98d3addf59eecb100e4b977ae23860659319b34f363a63e35a8ad223dc3d07386ba7950708ecb2675b1f27233c95dbb75082e1a0 |
/storage/emulated/0/Android/data/cache/UnPackage.dat
| MD5 | 79c40fa0eab9353ff1d411d11a2201ff |
| SHA1 | 8dac5d4903d6c0b49f25f8da4dfcf7422bda3e71 |
| SHA256 | 64381b2b90e6e8e31b57bf80ff71dea044ee6dedfdd607e17de3b31b67828e32 |
| SHA512 | 43694eabe2a9a9d3d503f36ab3587778389f8348d1933854fc702889960e978aa1c71ca70ae57b11badddb80f9731341ce99a3f04a11e047daa9b9ccc692eaef |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-01 04:28
Reported
2024-06-01 04:28
Platform
android-33-x64-arm64-20240514-en
Max time network
7s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.16.234:443 | tcp | |
| GB | 142.250.179.228:443 | udp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.179.228:443 | udp |