Malware Analysis Report

2024-11-16 10:46

Sample ID 240603-kh8sxsae88
Target 91259f3c92e136a5326b9b2500433eea_JaffaCakes118
SHA256 74ff8d1ad8450bcb636ab8c590eabafbc339ff40fc0a6ea3ad6342f248c7992f
Tags
discovery evasion
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

74ff8d1ad8450bcb636ab8c590eabafbc339ff40fc0a6ea3ad6342f248c7992f

Threat Level: Shows suspicious behavior

The file 91259f3c92e136a5326b9b2500433eea_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion

Checks CPU information

Loads dropped Dex/Jar

Requests dangerous framework permissions

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 08:37

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 08:37

Reported

2024-06-03 08:40

Platform

android-x86-arm-20240514-en

Max time kernel

179s

Max time network

148s

Command Line

com.headupgames.bridgeconstructorplayground

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.headupgames.bridgeconstructorplayground/app_app_apk/bridgeconstructorplayground.dat.jar N/A N/A

Processes

com.headupgames.bridgeconstructorplayground

Network

Country Destination Domain Proto
GB 142.250.187.195:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

/data/data/com.headupgames.bridgeconstructorplayground/files/TrzqqcDfq

MD5 304d468bb1ddfbb833cdd8555b4372d2
SHA1 cf82325cb767935d71d56481d09711d060aa6efb
SHA256 4fdb5c1d929f9d508df09cc23183ab8e967e7adff4ae0b8d4afdbb75d5523372
SHA512 6f99ef1fa4252497a76cf7fe17c8e045a7c752116b2a3b68292c8130186aea605155e0e838c8d90f046502683f1346da3daba4a79d29571404fe964a8a4e476f

/data/user/0/com.headupgames.bridgeconstructorplayground/app_app_apk/bridgeconstructorplayground.dat.jar

MD5 c5175d33d0e809a662c85a9a163cd6e5
SHA1 68db29bc71ec2ed0d0d3c211867e964ca49be62d
SHA256 4d4cc16aa973e24801fd5546877ecfda96a62f3eb24c1c59459ddf870abab4ad
SHA512 fd2c8f82fdb61a7d063634f1100435e2d61b5a901998c048c5b11a0606b0b8538a46cf05c46b8c0f278a396a56702ccf862f25fdfe077fa5cb0064ad5a9c451f