Analysis Overview
SHA256
b10d78c4f2aef2e24a037ac5753062d69442e8b2d61d6f249dfb451abc68ba08
Threat Level: Likely malicious
The file 9124ec1867b71a3cee84bd0127e3cf2e_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Requests cell location
Checks CPU information
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks Android system properties for emulator presence.
Queries information about running processes on the device
Checks memory information
Loads dropped Dex/Jar
Queries information about the current Wi-Fi connection
Queries information about the current nearby Wi-Fi networks
Reads information about phone network operator.
Requests dangerous framework permissions
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
Checks if the internet connection is available
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 08:36
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 08:36
Reported
2024-06-03 08:39
Platform
android-x86-arm-20240514-en
Max time kernel
18s
Max time network
150s
Command Line
Signatures
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Checks Android system properties for emulator presence.
| Description | Indicator | Process | Target |
| Accessed system property | key: ro.product.model | N/A | N/A |
| Accessed system property | key: ro.product.model | N/A | N/A |
| Accessed system property | key: ro.product.model | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/data/org.chromium.caster_receiver_apk_FMMusic/dex/qcast_sdk_core_client.dex | N/A | N/A |
| N/A | /data/data/org.chromium.caster_receiver_apk_FMMusic/dex/qcast_sdk_core_client.dex | N/A | N/A |
| N/A | /data/data/org.chromium.caster_receiver_apk_FMMusic/dex/qcast_sdk_core_server.dex | N/A | N/A |
| N/A | /data/data/org.chromium.caster_receiver_apk_FMMusic/dex/qcast_sdk_core_server.dex | N/A | N/A |
| N/A | /data/data/org.chromium.caster_receiver_apk_FMMusic/dex/qcast_sdk_core_server.dex | N/A | N/A |
| N/A | /data/data/org.chromium.caster_receiver_apk_FMMusic/dex/qcast_sdk_core_client.dex | N/A | N/A |
| N/A | /data/data/org.chromium.caster_receiver_apk_FMMusic/dex/qcast_sdk_core_client.dex | N/A | N/A |
| N/A | /data/data/org.chromium.caster_receiver_apk_FMMusic/dex/qcast_sdk_core_server.dex | N/A | N/A |
| N/A | /data/data/org.chromium.caster_receiver_apk_FMMusic/dex/qcast_sdk_core_server.dex | N/A | N/A |
| N/A | /data/data/org.chromium.caster_receiver_apk_FMMusic/dex/qcast_sdk_core_server.dex | N/A | N/A |
| N/A | /data/data/org.chromium.caster_receiver_apk_FMMusic/dex/qcast_sdk_core_server.dex | N/A | N/A |
| N/A | /data/data/org.chromium.caster_receiver_apk_FMMusic/dex/qcast_sdk_core_server.dex | N/A | N/A |
| N/A | /data/data/org.chromium.caster_receiver_apk_FMMusic/dex/qcast_sdk_core_server.dex | N/A | N/A |
| N/A | /data/data/org.chromium.caster_receiver_apk_FMMusic/dex/qcast_sdk_core_server.dex | N/A | N/A |
| N/A | /data/data/org.chromium.caster_receiver_apk_FMMusic/dex/qcast_sdk_core_server.dex | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
| Description | Indicator | Process | Target |
| N/A | alog.umeng.com | N/A | N/A |
Reads information about phone network operator.
Processes
org.chromium.caster_receiver_apk_FMMusic
org.chromium.caster_receiver_apk_FMMusic:castlinkerservice
org.chromium.caster_receiver_apk_FMMusic:sandboxed_process0
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/org.chromium.caster_receiver_apk_FMMusic/dex/qcast_sdk_core_server.dex --output-vdex-fd=46 --oat-fd=47 --oat-location=/data/data/org.chromium.caster_receiver_apk_FMMusic/dex/oat/x86/qcast_sdk_core_server.odex --compiler-filter=quicken --class-loader-context=&
org.chromium.caster_receiver_apk_FMMusic:castlinkerservice
org.chromium.caster_receiver_apk_FMMusic:sandboxed_process1
org.chromium.caster_receiver_apk_FMMusic:castlinkerservice
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.200.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.204.67:443 | tcp | |
| US | 1.1.1.1:53 | data.mistat.xiaomi.com | udp |
| US | 1.1.1.1:53 | alog.umeng.com | udp |
| NL | 20.33.39.104:443 | data.mistat.xiaomi.com | tcp |
| CN | 223.109.148.179:80 | alog.umeng.com | tcp |
| US | 1.1.1.1:53 | discovery.qcast.cn | udp |
| CN | 47.97.217.117:80 | discovery.qcast.cn | tcp |
| US | 1.1.1.1:53 | log.qcast.cn | udp |
| CN | 47.97.217.117:80 | log.qcast.cn | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 142.250.180.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
Files
/data/data/org.chromium.caster_receiver_apk_FMMusic/asset_res/system_js/my_app.html
| MD5 | 2c8dbceaeb092bb6cd97a98783181510 |
| SHA1 | 6241a489e63b8baa9535249aa8bd1cf25e7c0402 |
| SHA256 | 79f19de2ce52f3410a7d09243c3759ec78e0a7ade5d1e486ea2d996f2de15ec0 |
| SHA512 | 1bb5b729e8dff89517bc684026e184dc89f6b2212d23829aef8f6b5e108f4f41d08df01676c99fd03b47e491bdea742c587710e642349b76fa628929a0a3e1b1 |
/data/data/org.chromium.caster_receiver_apk_FMMusic/asset_res/system_js/my_app.js
| MD5 | a58ee05434ce8a2c6eb644712d4587a3 |
| SHA1 | e84b8dc4150cbe63a88004d5895493867fb9cd22 |
| SHA256 | b9f841b677c020cc1e40655ee947dfc8434d6fd5da0abde132f7e64698406475 |
| SHA512 | 0272d7639071adc778dc38c0ea4742ff4c7dc8005937625050393f160b2f73500a8da26c41c2550a75faeb28f636cc7035551ac7681aa5ce30a0c3fd7bfdc896 |
/data/data/org.chromium.caster_receiver_apk_FMMusic/asset_res/system_js/README
| MD5 | e1c2ff1c6ad39791142aef2d783d8fec |
| SHA1 | 59893468323273b2d8c5c32a2ff6a24c0eb2ce0e |
| SHA256 | cf5e418ac24a2ffccdbdc802dd5262d1d615146849451e5a169e44bafed8ff38 |
| SHA512 | c47fd9347b8b53f36caa15b535aa647469457f50a4c5e05edc18b5d65b07e75e729020c7b0360b834f0febb7f77522065946b56638b4410057d410c17db39fee |
/data/data/org.chromium.caster_receiver_apk_FMMusic/asset_res/system_js/tab_blank_root.html
| MD5 | 2603e3a7eba8b03af315c590c0ebeb76 |
| SHA1 | 1843c16eaa2dac0570d41c0e3d306151289eef68 |
| SHA256 | 501b8e6adc184ee1a1ccd7904e60566abf509cbcb1d17580fcd062d28b6b1e50 |
| SHA512 | 1858d96de812f90e9a8d9d38ad397916e1fc606138708aac765bec26d3ded3d950852f1ee0ea5075140da6f646c4206178d58f066ef782ab15b7e8465579e152 |
/data/data/org.chromium.caster_receiver_apk_FMMusic/asset_res/system_js/utils.js
| MD5 | 8d7b680dd495c8f0809369ce07043831 |
| SHA1 | a110f9675184357f10095cc3eb04b325f2413858 |
| SHA256 | 4f9f84a9a5133f48e07c63a4541c281a4abe49097ad836414b7eec540426f45a |
| SHA512 | 8007a03cb9789345998a1e1daa015ab0daf57d2dbf346642e8af9b85964f6b2756c01acf1738e505e00490d98abe52e7e52e1aba83e3571b29572a7cd5a60556 |
/data/data/org.chromium.caster_receiver_apk_FMMusic/asset_res/system_js/websql.js
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/org.chromium.caster_receiver_apk_FMMusic/asset_res/system_js/appcontext.js
| MD5 | cfb4b781ef7f8aa93841df1b35bbb0ee |
| SHA1 | 30e43d41a2665d3dbb797efdc3e4174a5988792f |
| SHA256 | 714dfde9dc4b7a1c3a881f7e1a1169b77ed32c2dc893430a98b75d52e4b29bc7 |
| SHA512 | 5a0a873d2ac33246fa5ba342604222319f5671ce8ef57f505c18188526b3237ea5892a9796b3c70a1b6b848c4897d2a6b5c416af064de00e06635ed24fcf0700 |
/data/data/org.chromium.caster_receiver_apk_FMMusic/asset_res/system_js/blank.html
| MD5 | b8639ac0df7466d734bb2a29d9da93a6 |
| SHA1 | 3000732c8cbc68a569a3925d0a6a2700e07f415e |
| SHA256 | 12333f0a11a4c58c8bff33b44d4585b6bb142caf1b898985a69e44be7c6a8371 |
| SHA512 | 550e8011fa7357a56aa0c1a9734767434342dacf2658d6781c03ebc226a5a7f02e82a874fec811f4c9603a48f7740debab0f8d2421682fd2f3fb42b3196a8ef9 |
/data/data/org.chromium.caster_receiver_apk_FMMusic/asset_res/system_js/call_by_java.js
| MD5 | 07e7eb9912ab457bc8fcc17c77976c75 |
| SHA1 | c3534c94bd1065078f6305e13fe2307d2016b070 |
| SHA256 | e73ac11ab21faf81953216d009fbe800e68918774fecc945da168b6a49b5a3f4 |
| SHA512 | bdd84d2ca87241151eea7990e39e3c15683fdefb48215341257957c9a6e30a572937c54cfe4dc292754d58b11c5b34b8158a66886ddd5432c1a4db8130356bb3 |
/data/data/org.chromium.caster_receiver_apk_FMMusic/asset_res/system_js/console_log.js
| MD5 | 1f5cac225639ab360f6967cbeec1f59f |
| SHA1 | 0557a0e7360a02580c0fe13163779b0a60df9ee8 |
| SHA256 | 97b71713e185d0cce6969c5b8f5fe9ef98aadfa523b60a20727febe6fae99cac |
| SHA512 | ea5318e437923964ee516527d0455a124197e2130a4b87c114b3b82e9633c5236aa30f0faa7c58e643d2105b6429e587278de16f9d9620934e03b0fa8780d8ed |
/data/data/org.chromium.caster_receiver_apk_FMMusic/app_content_shell/paks/content_shell.pak
| MD5 | 736b282401615ae39eb0f278759258f7 |
| SHA1 | 730db06ab2a8409bb2ab2441848b7706bb120c47 |
| SHA256 | c487e0133b3a7e5772d5147365e41d2648a635c2ca2e66047661fc5222bf2874 |
| SHA512 | 14ada472efbeaf0625e0a55f7e46b91aa2ce2a11cb86e235409f39532b2d68d904ddcc4d8c10b6e537d3e9ed9c3f43c981226f1aea752e7c5c5f34838533006f |
/data/data/org.chromium.caster_receiver_apk_FMMusic/app_content_shell/icudtl.dat
| MD5 | 016b7c560b53fe4fcf41f4b2eca9f61f |
| SHA1 | b7e60915aeb077c7e4ba54f87b4b8b8c4f335956 |
| SHA256 | 86030aafd3e4128b37d50bfa63aecad20bcccacd8037925f9ada49a40620394c |
| SHA512 | 867b84f196609c212736904ed733ca9c24a0e9d1a4d3b5246955c053b743801b4e7f1d0b44aceaf2cc108b80c06b016399bb8b27b97e91e0eeca1ce95b56a609 |
/data/data/org.chromium.caster_receiver_apk_FMMusic/databases/download_v3.db-journal
| MD5 | 7a1d6ccb06b32885912198ab3385159b |
| SHA1 | 8f97a6ceaefd7b6908228d76822bc17226f68660 |
| SHA256 | 97e65ed5b06225a84ee3e0cf354ca0b329febe8097ee0af815e9d6f8807a0787 |
| SHA512 | d83925e3e6edfbc9e489d26f95f7de55fa606f09f430137a71df389ad0294b10470cb18aa1e5e78b80721467ea40f4eb3792da7787d805cd58188ad03a70a864 |
/data/data/org.chromium.caster_receiver_apk_FMMusic/databases/download_v3.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/org.chromium.caster_receiver_apk_FMMusic/databases/download_v3.db-wal
| MD5 | 4e8b936d172d86b15ddf7e05771495a2 |
| SHA1 | ff5e63ddd62eaec9f382663a9fa6d384b25ddaf3 |
| SHA256 | a0876d98db3130275ac5de56dc92a1150902678ec80847f1442fb9d291d92423 |
| SHA512 | 4de440dafee528b510c69bd572de47151d1ad1361b61e671235260a0b2e3510e469debcb888ab124220ac35b40df2415b5a344e6ed29db0f4e2c56a48e4d8368 |
/data/data/org.chromium.caster_receiver_apk_FMMusic/databases/mistat.db-journal
| MD5 | 860810f99338bca622cd56fbfa1d74c3 |
| SHA1 | e17d487789b0998f7f0e9331c0f8bd055c5df820 |
| SHA256 | 702b2e0a9f1d1b717809a9a7d3ed99b256fa3857781a686f509d9776cc647178 |
| SHA512 | 6a9f6fd50a956d84d5aa538418e53593ef83590dc4e5d1f9d619f579b9a6f5cdf7395a4c06f2f6efe319d96f07547ba892d93062ace6b22b1e93f226dac1506b |
/data/data/org.chromium.caster_receiver_apk_FMMusic/databases/mistat.db-wal
| MD5 | 04f2ea793e2bb21794c5e9fb3feeb077 |
| SHA1 | b99058e9aac21b2e6dcf244f24807fd8c725adac |
| SHA256 | adc65a48b4ca46837e4fee222fa27edb6607ee08c2e924706e2bb84bae8bd8cd |
| SHA512 | c20e8f0123e69dec98e6864bd21305ac0ad85b1dfb7a09a4a3026338f45f935a043a4c2a376ac16a02688dc291bd862491cbb156518661066c52fb380f521809 |
/data/data/org.chromium.caster_receiver_apk_FMMusic/files/umeng_it.cache
| MD5 | aa48d6f337b6ee86b2283fc86a3c6c37 |
| SHA1 | 4ee0fda1accfb1aca0c2dfa1182bfb6f94053f67 |
| SHA256 | 148bb088cebcf473b505270a2a7707c33787c451994828339eca1153a8f744d8 |
| SHA512 | ec4a71f884fb886dfdfee3db1b3dbe7793bc500b2f6891ee29c552b43bb44746b4f0de604307d4f6a3327ed127cab43c0621c8d4e859027c6877b5649fec47f3 |
/data/data/org.chromium.caster_receiver_apk_FMMusic/dex/qcast_sdk_core_server.dex
| MD5 | 8ea415a63e02abe51a07d1d4c7987b9f |
| SHA1 | 45abb3d8b8cb3ac8a55df29f3f3b80452507c786 |
| SHA256 | b0e1409c9e224a1765e41e5abf4b330dcd4eaa9ab043c4bc05cc80960ce08491 |
| SHA512 | 9911cd78a71c5adf3dabf6cc1162d06174ebc0c618c2dca8cda21521c9ac698f9fc9f263ebd16e19c93f80ee6a6d186a20cd8ebbdfe6abfff2592eff87e3f7dc |