Analysis Overview
SHA256
0e5ecc9da8cab97c51fb6a599e82a6e1c0f461fa43543faba74b0ab8fff8341f
Threat Level: Likely malicious
The file 90fc919ab5e4e05335504ca51fff848a_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Checks if the Android device is rooted.
Checks memory information
Registers a broadcast receiver at runtime (usually for listening for system events)
Reads information about phone network operator.
Requests dangerous framework permissions
Checks if the internet connection is available
Checks the presence of a debugger
Uses Crypto APIs (Might try to encrypt user data)
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 07:42
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 07:42
Reported
2024-06-03 07:42
Platform
android-33-x64-arm64-20240514-en
Max time network
11s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 216.58.204.68:443 | udp | |
| GB | 216.58.204.68:443 | udp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.178.14:443 | udp | |
| GB | 142.250.178.14:443 | tcp | |
| GB | 142.250.178.14:443 | tcp | |
| GB | 142.250.187.195:443 | tcp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 07:42
Reported
2024-06-03 07:45
Platform
android-x86-arm-20240514-en
Max time kernel
127s
Max time network
161s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/app/Superuser.apk | N/A | N/A |
| N/A | /system/xbin/su | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Reads information about phone network operator.
Checks the presence of a debugger
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.paypal.android.p2pmobile
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.200.42:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| GB | 142.250.200.42:443 | tcp | |
| GB | 142.250.200.42:443 | tcp | |
| US | 1.1.1.1:53 | www.paypalobjects.com | udp |
| US | 151.101.2.133:443 | www.paypalobjects.com | tcp |
| US | 1.1.1.1:53 | api-m.paypal.com | udp |
| US | 151.101.193.35:443 | api-m.paypal.com | tcp |
| US | 151.101.193.35:443 | api-m.paypal.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | app.adjust.com | udp |
| NL | 185.151.204.15:443 | app.adjust.com | tcp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 172.217.169.66:443 | tcp | |
| GB | 142.250.179.238:443 | tcp |
Files
/data/data/com.paypal.android.p2pmobile/databases/com.paypal.android.p2pmobile.appconfig.db-journal
| MD5 | 43c4d642af3b1299ed88b078560ad71f |
| SHA1 | 5ef101756b4ac204aae9c03bc748a00126b1b51f |
| SHA256 | 0d1416f4ffdc344009e72815cd2b355e58b35c687fb1b1cf78b9cbd92ac62ca3 |
| SHA512 | e3b32796223f452e4896ce6565c831b8730b896724e6304adfbb19f8a1a01459f900b3ba9ffb48171e7369b5aa7abb320f2403882cd3bbba19b949be9cb7cace |
/data/data/com.paypal.android.p2pmobile/databases/com.paypal.android.p2pmobile.appconfig.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.paypal.android.p2pmobile/databases/com.paypal.android.p2pmobile.appconfig.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.paypal.android.p2pmobile/databases/com.paypal.android.p2pmobile.appconfig.db-wal
| MD5 | 8830cf16b3c60e0683ef79a92fcb46d1 |
| SHA1 | 8f98260852ea09c9ea9270b9c58d39c9cb051a5e |
| SHA256 | f06308a504ac3244e9c12abc55b3941d0a856d2229d8262244ef59c2670d8914 |
| SHA512 | 171cb4bc8c7fb67136f7b14f0bf08ed9488af80efa858754064e460d60d183d92e1448c6b01e4bbae3806cb205dd158ec45f176282267f443ae95fe3d2fc062e |
/data/data/com.paypal.android.p2pmobile/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/665D73E002FE-0001-1101-1575B553B71EBeginSession.cls_temp
| MD5 | d9c53883de5301adb35fdeda67c9c3bd |
| SHA1 | fd6a5fc84657b2645f3abcd6c764a3a7cfd4b350 |
| SHA256 | bbe57d37eeda8b5b0a5f51352f6975c0bb1cd90d3d20ab19e8b66e3db0e56452 |
| SHA512 | 8f8bc4203f848ba72818da3607eac443cd0d3d901dba6b4f72fa97adf863fc6a6f315b4a4919f19f04818c58460a14b248a6abdd0935aae940a0d6d6a763a6b7 |
/data/data/com.paypal.android.p2pmobile/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/665D73E002FE-0001-1101-1575B553B71ESessionApp.cls_temp
| MD5 | cd77994a40f7afda144ddcc05e98ca0f |
| SHA1 | a2fc56f4e4ec753c448a93b051a4e9d54929fd55 |
| SHA256 | 43c2213b166a70adab4be3b95834ad44b3b2fa5b8f8e456d9fe216f02cb10487 |
| SHA512 | 35cf505e4a7842eea2013ea7a336f2383e1811ec61843eca6db63e2f0341eb2faec01aef6a65ba46be0e90cc7fd947b381292dff1b7759d6b9fe82bcfa5adaf5 |
/data/data/com.paypal.android.p2pmobile/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/665D73E002FE-0001-1101-1575B553B71ESessionOS.cls_temp
| MD5 | 9b3d4522944ce6396563812bfdb92fa9 |
| SHA1 | 6d2a6133c8f01938a48ccc77ef86ad8ca335c020 |
| SHA256 | d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9 |
| SHA512 | 091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727 |
/data/data/com.paypal.android.p2pmobile/files/CONFIG_DATA
| MD5 | 5f6ef5af562f1adf3ac7b924e8e8fcaf |
| SHA1 | 80eae74a41b495af0ccac7d4f5081b96940d2c44 |
| SHA256 | 53ad16c256c796a8a5edd6be849f0f8d0214c5a37bf8311cd07c91916e823138 |
| SHA512 | 1297d50bf1c55681b5a99e48b4cb62da6a092730043b860aabd9ed18f615681d445cda81664983d1813ad321bf6f3647a2431c3417765279c900c7d662c7a67e |
/data/data/com.paypal.android.p2pmobile/files/CONFIG_TIME
| MD5 | 209db0d11f40c9e544ea463d97523b75 |
| SHA1 | a93a02539f0655db7a6778b8bfd1a4d8647f3efd |
| SHA256 | 997ccd5a03325b52a5e05e13ecb94279fbbcea74edc6d6ad00c01d614059ae76 |
| SHA512 | 541ea0cdd53fc5ed73e3f2bbdbb762ac539e9529782f70c0e8f523dff3c0f89a541b5d7f5f3a7d6ec4fa01efe5555aecfd3f230ce5dda9059e43ba449a81b077 |
/data/data/com.paypal.android.p2pmobile/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/665D73E002FE-0001-1101-1575B553B71ESessionDevice.cls_temp
| MD5 | 1f1a20b0eebc14f3cd1fb10af50893f8 |
| SHA1 | 4d7596cbab7fbb1902c98538ae2741c9fad01460 |
| SHA256 | 64ce5343904e9637510fac505391441cf9f3ef5f5f18f7ecceea2bdf2ae6fe51 |
| SHA512 | 40dd4996c9cea10acf36ba5e57ca4f1793aa52a72301d384e3175e9d1437fc3d6fe83af36e32a00d071bbe0809a3a3e36119361d4875420be7a4fa620386c0ec |
/data/data/com.paypal.android.p2pmobile/files/CoreStateData
| MD5 | 7e7df8d66e70bf73097cac3c3d512bf9 |
| SHA1 | 39a8f3e7ccf0901922ab46c54d714581e9af421a |
| SHA256 | 47d8bce10adb0dfa20d5f1983e5671ee6a25d1b59efb7e8b56fd9c23606fba1b |
| SHA512 | 56830eb6937ec497756b8ecffa313561418712d2760d9136051dcb4619b7c946cb10575d25e686d5f680b6b6185cfa1c3a86c06d38a9fc0956f2f0725a1bcfb6 |
/data/data/com.paypal.android.p2pmobile/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp
| MD5 | c33583fae4e0b61cde1c5b9227963237 |
| SHA1 | fe2ebe4d27469af1460f7e852031a04208ef629b |
| SHA256 | 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc |
| SHA512 | fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e |
/data/data/com.paypal.android.p2pmobile/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
| MD5 | d060c45fefbd0c9130a3887ee58421a5 |
| SHA1 | 5f4c8192a37c7f50ce2dad0856c936bb9e2387e6 |
| SHA256 | 9c8c24bd6a7ee06c082c688c8f0f6504bc74e7e61c9ab3e0f883b4e5bbec27a6 |
| SHA512 | cec3d9acb19eb8020229356d9cc3512a3b27e81ef8341c8e560fac1dc7f914bd51eae6953f79d1e081e4d93f2f622b063a7a8f15ce0461d7d28590d08a9298e8 |
/data/data/com.paypal.android.p2pmobile/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_8be76383-8232-48c8-bc28-2b0cbd660981_1717400547566.tap
| MD5 | fd3e525dd7549ca7cd408c6d1ab73dfc |
| SHA1 | bd28ce431c812ba6982e359200ea26523ecba394 |
| SHA256 | c647ea70fe52686f5bc2e34ede0e8799878958d34ee31c2ee1d152b78d0da0ce |
| SHA512 | 2095694e26f93744f79a6bd9d8b0d3bd2ede0b5aa7500cb949be1e03c787c086b3fe369e459243d97fc2fc817fda14c3d7209cd2d374f4fca5a5b41e67d146d6 |
/data/data/com.paypal.android.p2pmobile/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
| MD5 | 76018dd9560f5fb22019adeb60127efc |
| SHA1 | f72d95a10fa4502f841b6461b951508720a47343 |
| SHA256 | 881e18f37c173c898cda430f5f8fbaee0c71553997104dae169c2421f0bb5319 |
| SHA512 | 37736c01783688b1da5d6f84cc3e7f1dede41e77822f7aad375c23e3f04b051c6ae8da6a1b68b3c9e613d718c83891ae54d244c4539ea1d5a0b73ac7caf20303 |
/data/data/com.paypal.android.p2pmobile/files/AdjustIoActivityState
| MD5 | 2a5761ad19459fa6cf73d4641f8c8d39 |
| SHA1 | 3e58f3dc500d41b57e0275a29dfd4d0b7b4b267e |
| SHA256 | 4987f8a8525e13509ed66fad693d10a4ffda87dd9e3cef486a7d5519c3b682d6 |
| SHA512 | 1db1594af2aec597d525c35c17d48305e8e3e3dcbd6312a6ec34d8eff0e1190edbd6407709b670554d9f4c4f1355d4a5f0cf3137bc553d2e63a4a7d75cf58640 |
/data/data/com.paypal.android.p2pmobile/files/AdjustIoPackageQueue
| MD5 | ebf6f743c57ffc4aa7e725791a53f83d |
| SHA1 | b63e4675d90b8d469fa2a9efa8ad19007d75214a |
| SHA256 | cc02a2d90570ad256fac123b0db66ce99636519b24a2bc0646b980758af68a71 |
| SHA512 | f6d1ee68154f778fb1cc25c72fad8831b0a67489970bb35fe150e9477a13a1a8f0969b75029dc419b72c9307953d32554a47e6176f553d9a1d20f749ea3918b3 |
/data/data/com.paypal.android.p2pmobile/files/AdjustIoPackageQueue
| MD5 | 2665c22d9bde026e3fdcf4444b0a85b3 |
| SHA1 | 411bbd6ac4ad27c445c2a65f625a4b4b75999bc2 |
| SHA256 | 33d965f41de137b40cf3176c7313a4b4ed90523142de091d6f557f9de7bd5b3f |
| SHA512 | 142485854d8559fa185f91a3581214b1dd49e5acc2b33cb8c736d46d403cd4e52b12e8466c590563e8070ed5c07f33b92a7108ea37ad0dbdbecac2dec8d7b0f0 |
/data/data/com.paypal.android.p2pmobile/files/AdjustIoActivityState
| MD5 | 23565fba7896cad61ecd4eb96a4a0916 |
| SHA1 | c28c7f2acdc02f1f689cf859718d0dc0dabe758b |
| SHA256 | 0a24326291f63580504020a2fbd88c9b93c769d87b944b24e98c96b1f0db6bf6 |
| SHA512 | 98af571b2e04f938aacc2f48acda3b715ae17fb4406aaa39d8b6a22da374c261c064e41c0e0c3b850ca2cab6fdf8c0cb13d179f01a47c9b5364ff83213310d65 |
/data/data/com.paypal.android.p2pmobile/files/AdjustIoActivityState
| MD5 | cac6e48dd269745172ed037d9b7e3539 |
| SHA1 | 620118d930086b18dc04e84c8e9f2183055e2c86 |
| SHA256 | 885b9fdc41e45cb6517199b78daf148579c0e91eb2ebd88cceca284f02199dd6 |
| SHA512 | 80d1f6c993d3a045cc706ad6b0116b8aaff483cc8c7f60cea2adf1ca63cf7b29b9698c4b6f8ef9458d9e839fd05615840817550ab43347370b31d7edda77246d |
/data/data/com.paypal.android.p2pmobile/files/AdjustIoActivityState
| MD5 | 68bf420e40322f39c866d64a06b8b5ff |
| SHA1 | 6d38b03829919ce1473f34190c553be658d6f6e6 |
| SHA256 | 48c6c8a19cf29d7c234da142468a918f26d37328b6c91104066f3544ef99231f |
| SHA512 | 7f7e664e15fcf868d61c25fd801356ec1aef9dd60bfe9d96a9fafa0254179b3c73eec65781d61e18b8585ba6edfdee210ef183d796fe4bab68780721dd307168 |
/data/data/com.paypal.android.p2pmobile/files/AdjustIoPackageQueue
| MD5 | f04a5693fb414dd569d6b39ebdb1476a |
| SHA1 | 565678999739aa537b70e215d780ba346ee90dd6 |
| SHA256 | 68a60402730b9a3c192cdafee11533de90408e0b1f5c59eca73d35d92ce447b7 |
| SHA512 | 6eb405608ca095b3fc82ef7331f7a2490977b74b10dd70b1c21f89849aa6ec82797739cb8c60a3c731ef94b7d0c09675e12be7e4eb49848239041c633f740e1e |
/data/data/com.paypal.android.p2pmobile/files/AdjustIoActivityState
| MD5 | cfa054b066d3365a957fb8356fd40579 |
| SHA1 | adb129bc72c830e3413f6b33a89b3499f8c3dc53 |
| SHA256 | 57ba5b69ccc2cb0f5c6ce77b165813ec9550725ffd6e9d84caf022bcfa464bec |
| SHA512 | 8a142849d47856d2bdb0d6a6b9c096285d27d55e9067ac41e3bf00673b39c52ed07377ec4605757de6821af5e543d574cd735310902a5c83c6b9f3c874d97e85 |
/data/data/com.paypal.android.p2pmobile/files/AdjustIoActivityState
| MD5 | 2efe41559a29b689c673c245dedfe7fd |
| SHA1 | 93b7b5516f82fd3315aec7757ae947731a514f2a |
| SHA256 | 82f159858b314b63cf454ecf5cb62664d04a4b5563c2f990360c83ed4d2615c1 |
| SHA512 | 552b3bf9a4c92730fcca261cf23b05fbd98f5ae09ce258d7635d2a4a4766d4fd27aaeb2abe43956757bebcf8bbecaadccd040d74b28a0f0b467ec4a50da093b4 |
/data/data/com.paypal.android.p2pmobile/files/AdjustIoPackageQueue
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |