Analysis Overview
SHA256
444bc8f17d282f8e830de8e324d6e873e57900d15c66b6e33d275b9ecc48538f
Threat Level: Shows suspicious behavior
The file 90fc7aa870a2ee94981fd5406b4cc9a8_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Queries information about running processes on the device
Queries information about the current Wi-Fi connection
Registers a broadcast receiver at runtime (usually for listening for system events)
Loads dropped Dex/Jar
Queries the phone number (MSISDN for GSM devices)
Requests dangerous framework permissions
Queries the unique device ID (IMEI, MEID, IMSI)
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 07:41
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-03 07:41
Reported
2024-06-03 07:44
Platform
android-x86-arm-20240514-en
Max time kernel
179s
Max time network
138s
Command Line
Signatures
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Processes
com.dbgj.stacore
getprop ro.board.platform
getprop ro.mediatek.platform
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.169.10:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | stat.anquanxia.com | udp |
| US | 107.149.163.133:80 | stat.anquanxia.com | tcp |
| GB | 142.250.200.3:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 107.149.163.133:80 | stat.anquanxia.com | tcp |
| GB | 216.58.212.234:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.180.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.180.14:443 | android.apis.google.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| GB | 172.217.169.10:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 216.58.212.202:443 | semanticlocation-pa.googleapis.com | tcp |
Files
/storage/emulated/0/data/.systemid
| MD5 | 8a91b4432ca9d0b2b2cb2f016616fd44 |
| SHA1 | 7b19aac960f73e53b904760d73c01d5df10eea12 |
| SHA256 | b1b5f8ab17360337631a5bba2b462345905ea5854e2c2f3cce3606aaa0913288 |
| SHA512 | 513ebe4e440ce8234094f1781471102c9b8917d8f5682abf0f7ed8771d1ecebfe67e1dabd0da2b23ad7ce737972df7c98c5c9d5fa5f7526247c42a8f535c81ae |
/storage/emulated/0/data/.systemmac
| MD5 | 0f607264fc6318a92b9e13c65db7cd3c |
| SHA1 | c1976429369bfe063ed8b3409db7c7e7d87196d9 |
| SHA256 | c248c629af1fe0a8c46b95668064c1d2952a9e91d207bc0cc3c5d584c2f7553a |
| SHA512 | 9dbd40b135b46c7be31b8c7d11c75b0b179af3a6550fca52ec447583aeb50aaaedb4b1e9373cf8826615149549a2efaee04efdc9a282e3a6b387c73099c13fb1 |
Analysis: behavioral8
Detonation Overview
Submitted
2024-06-03 07:41
Reported
2024-06-03 07:44
Platform
android-x64-arm64-20240514-en
Max time kernel
179s
Max time network
144s
Command Line
Signatures
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Processes
com.dbgj.stacore
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.169.14:443 | tcp | |
| GB | 172.217.169.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | stat.anquanxia.com | udp |
| US | 107.149.163.133:80 | stat.anquanxia.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.8:443 | ssl.google-analytics.com | tcp |
| US | 107.149.163.133:80 | stat.anquanxia.com | tcp |
| GB | 142.250.200.4:443 | tcp | |
| GB | 142.250.200.4:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
Files
/storage/emulated/0/data/.systemid
| MD5 | 1c0611719718992a8bab250eb883f988 |
| SHA1 | 6911573a7d2a2df67f03b766506b710bb119367a |
| SHA256 | 096b68dbe3b60f04eafe970f7eaa286284de73676234938aad627cc821546950 |
| SHA512 | 905fb40ebcff6c348c4a320be717979e77fe8bda05429b2dad8ca4f5d6fdb3019a3f3e70ff9100eebbf47f29c70f31e3951e589ac52bd51f01cdd75a1356b0e1 |
/storage/emulated/0/data/.systemmac
| MD5 | 0f607264fc6318a92b9e13c65db7cd3c |
| SHA1 | c1976429369bfe063ed8b3409db7c7e7d87196d9 |
| SHA256 | c248c629af1fe0a8c46b95668064c1d2952a9e91d207bc0cc3c5d584c2f7553a |
| SHA512 | 9dbd40b135b46c7be31b8c7d11c75b0b179af3a6550fca52ec447583aeb50aaaedb4b1e9373cf8826615149549a2efaee04efdc9a282e3a6b387c73099c13fb1 |
Analysis: behavioral14
Detonation Overview
Submitted
2024-06-03 07:41
Reported
2024-06-03 07:42
Platform
android-x64-arm64-20240514-en
Max time network
8s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 07:41
Reported
2024-06-03 07:45
Platform
android-x64-arm64-20240514-en
Max time kernel
11s
Max time network
136s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.companyname.Space_Program/files/stares/updates/sta.jar | N/A | N/A |
Queries the phone number (MSISDN for GSM devices)
Processes
com.companyname.Space_Program
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.46:443 | tcp | |
| GB | 142.250.200.46:443 | tcp | |
| GB | 142.250.200.46:443 | tcp | |
| GB | 172.217.169.42:443 | tcp | |
| GB | 172.217.169.42:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| US | 1.1.1.1:53 | stat.anquanxia.com | udp |
| US | 107.149.163.133:80 | stat.anquanxia.com | tcp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp |
Files
/storage/emulated/0/data/.systemid
| MD5 | 8e553b09fb9d45b23cdfad4fc5142153 |
| SHA1 | 905f77133d4ffa96fc7d57cbce84cf1adb63fdfb |
| SHA256 | e8863732261ad589b0d4faf8c5dbfa7117b9594bb032979a6daae125af617728 |
| SHA512 | 4bc47d16b7ebaa08350de36064a3783891d7aa72e1a28dde73b052c6056b503754a3e523b3a01b773f5a3dcdb37757a1f658151e69b8b581fd12cd2b99dbcd39 |
/data/user/0/com.companyname.Space_Program/files/stares/updates/sta.jar
| MD5 | 6bb4a9ad273b9145612ba1b22df71c80 |
| SHA1 | b2345dc7429dd5eaf6ac3e01e5ff13d8df983efe |
| SHA256 | 3fc5c73077df4f0ab20d662f9581b40cab0812d2a11aedea240416228096068e |
| SHA512 | 558afc8776af7a59e886a31f0cb7e799266d371f6c8a12f040b4120a3d861da81c925a14ee12c246555e4d9a2624204e09ae7d1aca81ac923eb4d4841ab040a2 |
/data/user/0/com.companyname.Space_Program/files/stares/updates/sta.jar
| MD5 | e86c274dc95a84271f67bbca9d98b4e5 |
| SHA1 | 18b4cdbcf54d65cfc69123b901d240536fdbb47e |
| SHA256 | e7e5a9e89703911aee3e8db1e8137e9403f6371bb352956fc333490bb71b5495 |
| SHA512 | d62d47498deb05ff6b2593f17c6c6a73f9febbdf5f1fa56c6e59c37c6b8ec8b7a8033b8236005326981bb51b9aea7a53eda6a28451bf37ebb61fb5ee6e9a1738 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-03 07:41
Reported
2024-06-03 07:42
Platform
android-x86-arm-20240514-en
Max time network
6s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.200.42:443 | tcp | |
| GB | 142.250.178.10:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-03 07:41
Reported
2024-06-03 07:41
Platform
android-x64-20240514-en
Max time network
8s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.227:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-03 07:41
Reported
2024-06-03 07:41
Platform
android-x64-arm64-20240514-en
Max time network
9s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-06-03 07:41
Reported
2024-06-03 07:41
Platform
android-x86-arm-20240514-en
Max time network
6s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-06-03 07:41
Reported
2024-06-03 07:42
Platform
android-x64-20240514-en
Max time network
5s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 07:41
Reported
2024-06-03 07:45
Platform
android-x86-arm-20240514-en
Max time kernel
13s
Max time network
160s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.companyname.Space_Program/files/stares/updates/sta.jar | N/A | N/A |
| N/A | /data/user/0/com.companyname.Space_Program/files/stares/updates/sta.jar | N/A | N/A |
Queries the phone number (MSISDN for GSM devices)
Processes
com.companyname.Space_Program
getprop ro.board.platform
getprop ro.mediatek.platform
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.companyname.Space_Program/files/stares/updates/sta.jar --output-vdex-fd=57 --oat-fd=58 --oat-location=/data/user/0/com.companyname.Space_Program/files/stares/updates/oat/x86/sta.odex --compiler-filter=quicken --class-loader-context=&
Network
| Country | Destination | Domain | Proto |
| GB | 216.58.213.3:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | stat.anquanxia.com | udp |
| US | 107.149.163.133:80 | stat.anquanxia.com | tcp |
| GB | 172.217.169.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
Files
/storage/emulated/0/data/.systemid
| MD5 | 4122b08ca238e618a6d485b7ae27f840 |
| SHA1 | ec69780584b2e4b184f0a3eab61751856f363dc3 |
| SHA256 | ca8aa5a681fbb867819b227cf3290eab53a029f3f4ef949cfd445c8005265634 |
| SHA512 | a67615ba7b8f035cbc2b3b2a1f43edb9bd8f61df460504fe4fb122205decb853595f305a8ea824798fd39d54cd284d6d95717a512242922e729c4f9d632c3bec |
/data/data/com.companyname.Space_Program/files/stares/updates/sta.jar
| MD5 | 6bb4a9ad273b9145612ba1b22df71c80 |
| SHA1 | b2345dc7429dd5eaf6ac3e01e5ff13d8df983efe |
| SHA256 | 3fc5c73077df4f0ab20d662f9581b40cab0812d2a11aedea240416228096068e |
| SHA512 | 558afc8776af7a59e886a31f0cb7e799266d371f6c8a12f040b4120a3d861da81c925a14ee12c246555e4d9a2624204e09ae7d1aca81ac923eb4d4841ab040a2 |
/data/user/0/com.companyname.Space_Program/files/stares/updates/sta.jar
| MD5 | e86c274dc95a84271f67bbca9d98b4e5 |
| SHA1 | 18b4cdbcf54d65cfc69123b901d240536fdbb47e |
| SHA256 | e7e5a9e89703911aee3e8db1e8137e9403f6371bb352956fc333490bb71b5495 |
| SHA512 | d62d47498deb05ff6b2593f17c6c6a73f9febbdf5f1fa56c6e59c37c6b8ec8b7a8033b8236005326981bb51b9aea7a53eda6a28451bf37ebb61fb5ee6e9a1738 |
/data/user/0/com.companyname.Space_Program/files/stares/updates/sta.jar
| MD5 | 930b928b30123dde3a54ec559976a435 |
| SHA1 | 27c7c40ee682f200d1bfd5960dfd952894cd16e6 |
| SHA256 | 0d9581f5e4a7b9cd40294f043459f416cc3c1a4ad851d6480c098e6e86602801 |
| SHA512 | 824447f3f2f48909bfcceafb8f01792313449f51860d575b8f39eae04910581fcc365cb9e34c2c7fa68e2a61da8eeafa49badd36cf3902bad3647dd354eaa26a |
Analysis: behavioral7
Detonation Overview
Submitted
2024-06-03 07:41
Reported
2024-06-03 07:44
Platform
android-x64-20240514-en
Max time kernel
179s
Max time network
155s
Command Line
Signatures
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Queries the unique device ID (IMEI, MEID, IMSI)
Processes
com.dbgj.stacore
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | stat.anquanxia.com | udp |
| US | 107.149.163.133:80 | stat.anquanxia.com | tcp |
| US | 107.149.163.133:80 | stat.anquanxia.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.204.72:443 | ssl.google-analytics.com | tcp |
| GB | 216.58.213.14:443 | tcp | |
| GB | 142.250.180.4:443 | tcp | |
| GB | 142.250.180.4:443 | tcp | |
| GB | 216.58.212.194:443 | tcp | |
| GB | 142.250.180.14:443 | tcp |
Files
/storage/emulated/0/data/.systemid
| MD5 | a6ab3bb7f744212839dece2d877e4373 |
| SHA1 | cb44e79ceada9cbb39c66c88eaf8c0327545cb04 |
| SHA256 | dc2acec4caf8f97ae24f6ff5b483eec5c4f6a2565a2b2831f0d945472255b9af |
| SHA512 | 979b3d35679cc4bd9ed86d1562fdb84b22505527a7b5038a1c3a1204889a7dd831800d12a4b45bec9bf5b8c123cb03aad6a86cc5ab7dfbe5619b16ae1e807bd1 |
/storage/emulated/0/data/.systemmac
| MD5 | 0f607264fc6318a92b9e13c65db7cd3c |
| SHA1 | c1976429369bfe063ed8b3409db7c7e7d87196d9 |
| SHA256 | c248c629af1fe0a8c46b95668064c1d2952a9e91d207bc0cc3c5d584c2f7553a |
| SHA512 | 9dbd40b135b46c7be31b8c7d11c75b0b179af3a6550fca52ec447583aeb50aaaedb4b1e9373cf8826615149549a2efaee04efdc9a282e3a6b387c73099c13fb1 |
Analysis: behavioral10
Detonation Overview
Submitted
2024-06-03 07:41
Reported
2024-06-03 07:41
Platform
android-x64-20240514-en
Max time network
7s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-06-03 07:41
Reported
2024-06-03 07:41
Platform
android-x64-arm64-20240514-en
Max time network
9s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-06-03 07:41
Reported
2024-06-03 07:41
Platform
android-x64-20240514-en
Max time network
7s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-06-03 07:41
Reported
2024-06-03 07:42
Platform
android-x64-arm64-20240514-en
Max time network
5s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-06-03 07:41
Reported
2024-06-03 07:42
Platform
android-x86-arm-20240514-en
Max time network
5s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.200.34:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-06-03 07:41
Reported
2024-06-03 07:42
Platform
android-x86-arm-20240514-en
Max time network
5s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |