Analysis Overview
SHA256
585526be5f878ec6bc2967e8ed58f40207b5500d797b5af4bf5f16cef511cb4b
Threat Level: Likely malicious
The file 934527f8ebb5c1088009cc9329dc3de6_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Checks if the Android device is rooted.
Requests dangerous framework permissions
Checks if the internet connection is available
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-04 01:24
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. | android.permission.PROCESS_OUTGOING_CALLS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-04 01:24
Reported
2024-06-04 01:28
Platform
android-x86-arm-20240603-en
Max time kernel
47s
Max time network
131s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/xbin/su | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Processes
com.example.androiddefender2
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| CN | 219.235.1.127:80 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
Files
/data/data/com.example.androiddefender2/databases/AndroidDefender.sqlite-journal
| MD5 | 04bf545873784b7e0f63e2e5216cd63c |
| SHA1 | f9f48c205a0e069d90f865308a4b1436fae97576 |
| SHA256 | 6f091a515a4b0fded997b9275fdd6f17aff14ba04c43158871c2f08310f8462c |
| SHA512 | c2d01e0ef525a040f247aea4c8eaeae926f9133ae3f1acf234a82baac37da0da79e4aecaee33687f5465b5a13ad19abf238449714e33374d332e287b71cb6e56 |
/data/data/com.example.androiddefender2/databases/AndroidDefender.sqlite
| MD5 | 8b2a0dd2e8288406bcb89e4acdcb8a13 |
| SHA1 | ac6e4943c333c5242717829c82f404c41b98c018 |
| SHA256 | b94501926027393a9d2cf91e76e9b66c0f6814674bf88d0474034c507ed19973 |
| SHA512 | 40073bc373d2d2d1a8285b5dab24f34eb14aa88e03d8fad7f75fde8755d015d9d4a19a23eb507c7151e6765ef9c507e34ec7187040fb62a3268231b3a5cfffa3 |
/data/data/com.example.androiddefender2/databases/AndroidDefender.sqlite-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.example.androiddefender2/databases/AndroidDefender.sqlite-wal
| MD5 | b6c826cb064cbf96e8b9ea2c288d999a |
| SHA1 | 797526ba369070a904cc5e0ca52aa6a46fce8469 |
| SHA256 | 2868b8af85930139acdc2860a69f040dfa2d6b2363a9a9147c1bd31d56e20c4e |
| SHA512 | 297c1b590c4ad4e112521f7b259f162fd2ebeb43a79b5318203bce8fa70831d03194e4e02d5653c41f75320d370f53dfcc436b8a186f68300badbcbe46b57453 |
/data/data/com.example.androiddefender2/databases/AndroidDefender.db-journal
| MD5 | ae27f29a1245fc8662e03c643dc17418 |
| SHA1 | 581322f72a254ed4de5d36453456d629c0a2b417 |
| SHA256 | ea71e557ee2a50400819604b4e27aac6353d8679f67aa0299bf8c3d6a9f98c34 |
| SHA512 | 371a29ff68fd66741d32fd7dedafc59e09ad87aa55449754767db57aa44b7e2dc5885d9ef3f3c88c6622b2b473dcdcb2dc5ced1f2df339097b95ac388d585e5f |
/data/data/com.example.androiddefender2/databases/AndroidDefender.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.example.androiddefender2/databases/AndroidDefender.db-wal
| MD5 | f02fc41a7c9f96237df2415f910ea84c |
| SHA1 | 74fc06eeafefae452d05fe6e2032cb173048b8ea |
| SHA256 | 739aba52ad6a9390eafd7158724d4ba9957b58dff991a8b0d917240b6ed4d588 |
| SHA512 | 6b737545f9afcdc75426bd3de424f70b19726e791e4a9a630963ee3fdd3e8af94cfd6336e51c8f97d95bb7cc4470216b0f0f9e4e2c980477d0c9d765329012e3 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-04 01:24
Reported
2024-06-04 01:28
Platform
android-x64-20240603-en
Max time kernel
27s
Max time network
131s
Command Line
Signatures
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Processes
com.example.androiddefender2
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.228:443 | tcp | |
| GB | 142.250.178.14:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.16.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
Files
/data/data/com.example.androiddefender2/databases/AndroidDefender.sqlite-journal
| MD5 | 3d7d044298ae9a1ffadd7f47d408c9d9 |
| SHA1 | 66fa55ae5f03cee8f03ec7aada1665fbedf7eb00 |
| SHA256 | 6d527d0df86873709385a1af7bad7e4cb9ddf03ad584c6c04fca250aa81e3976 |
| SHA512 | 2d182564a98a0660c60ae0c905ff0a23a4c45bd3df3ee6d6531df7fead7bbf3f3ae650e6fb8199851d9a05e79132aa79786b7e2843b9dbcae6e9499ca187f2ca |
/data/data/com.example.androiddefender2/databases/AndroidDefender.sqlite
| MD5 | 8b2a0dd2e8288406bcb89e4acdcb8a13 |
| SHA1 | ac6e4943c333c5242717829c82f404c41b98c018 |
| SHA256 | b94501926027393a9d2cf91e76e9b66c0f6814674bf88d0474034c507ed19973 |
| SHA512 | 40073bc373d2d2d1a8285b5dab24f34eb14aa88e03d8fad7f75fde8755d015d9d4a19a23eb507c7151e6765ef9c507e34ec7187040fb62a3268231b3a5cfffa3 |
/data/data/com.example.androiddefender2/databases/AndroidDefender.sqlite-journal
| MD5 | 6a59bee792d5c2cf3a3ee861b33c0ad2 |
| SHA1 | d4de595c2f37d492e77f0d1f32bb40aa9acd5a3a |
| SHA256 | cbdac0906827252ca1879cf7462bf9f569a1646337a8bf2245aaac244ba60b52 |
| SHA512 | b378ee90d06e27fa8ab0ccdcbc4149127fd921d189ae2723a50a12050e033faa41212daf357ce1c76f78b95660a2f740f0d2f2f4851f88e5dc2be51fdfc3d440 |
/data/data/com.example.androiddefender2/databases/AndroidDefender.sqlite-journal
| MD5 | 0a9471b5969dacf5623d67f54f2f80c3 |
| SHA1 | 60fb4e179a6dcb920bd2199bf3dd2679d8857bfa |
| SHA256 | 0accc62694d1be3ca2e44a646df19a9b870b740fbd95b25af0f6de10a110f44e |
| SHA512 | c9eda4daf17b5f3fad74e33be4861026645cd4cf9056a1e9573b41624b289c0704228edddef602b9deadfe1cdac516947caf2bed81ee8acbd1d74bce478fd98d |
/data/data/com.example.androiddefender2/databases/AndroidDefender.db-journal
| MD5 | bc963400bba2b9dca5b940ae086bedb9 |
| SHA1 | 48365c5d41ed42ee94868520fd921324c82058f5 |
| SHA256 | 8f6becb74546df5efc96c0c846e69894c4be3c412fa3b309f958330134aae7bb |
| SHA512 | a3266ec423ae23bc51940602ab0d571f46485048dccdd8cc7ee7ce38d442b90c46989483f6fded4209509aa72eee9026379ebdf5c968395c55ed25322feadf1d |
/data/data/com.example.androiddefender2/databases/AndroidDefender.db
| MD5 | f27e5603404d6189276495dba972017e |
| SHA1 | c596e5651bfde1ab4c2f8b048f0648bc68acd33d |
| SHA256 | e3b903b8b5c5f48784621bac417f8d0d5c8c2cf43931d4e70ec11be95802cef9 |
| SHA512 | 21418d1344a98b484ac755de6d4486840c6bac645b354e6ee2b4004a5fcef95967ea21edac767fda1658a673ff254803133a05f86954ac1436f388daeb9db8ba |
/data/data/com.example.androiddefender2/databases/AndroidDefender.db-journal
| MD5 | 14bd91e85358fd02d4622c5bc8459c65 |
| SHA1 | 8928e69b28c80fc8a4b3d095aca6036508646f58 |
| SHA256 | 2f8121cf320449aead2bf1368a596f7db03048b787dbe0a6ecb904c1155000db |
| SHA512 | e150507d3dd6d8f2cf12f39a8da07694d87d9091f1fdfa50aee85a686044bf00d1665a334e260e7d7ebc7b1d7298c006c4d127233cf09d9f6c49d5c307589492 |
/data/data/com.example.androiddefender2/databases/AndroidDefender.db-journal
| MD5 | 6e428b64eed4b95073e62d1586180ff6 |
| SHA1 | 86ddb56a036047eb2fa9c38e816a25ca072d4831 |
| SHA256 | f89f944bb34a2c011900bc16f9bc3428fee1b05e1a00c23a18727004997cbce6 |
| SHA512 | 485cb21a429f9ecba8a284d8d1e87e50ae5d9e21fb8e7fb521caac5b7c907a852637564f36822373e64f92b9b926521852a76cb922bb32cb1817c846625e05e3 |
/data/data/com.example.androiddefender2/databases/AndroidDefender.db-journal
| MD5 | fca55fc9793336310231dbafb5eefd4a |
| SHA1 | 56cba684686fedaed653d62fc788438050835f57 |
| SHA256 | 186ff4efc39087cd88703321acc2215f07599ab511e859a1df3ab6d98cb82c7b |
| SHA512 | f4f5357d7d19b6a5fb9862cf7a6683a733b9865fcbb1a2c5e077ef7d980b43535d07d50d12a995af929ff78242992817ec2686bccef941af9363dd9bd591b94c |
/data/data/com.example.androiddefender2/databases/AndroidDefender.db-journal
| MD5 | 394db3feb9427ac547fbb45ae922648e |
| SHA1 | aaf39a8237806d6ac9490a17788c11a9b46c6964 |
| SHA256 | a38558a20dedd113a599acca6b3f05d7245f0890477e560005ef50839113557e |
| SHA512 | 986d174617bb5de4c88009db9b2a35c44aad4c425923f62f9c38de90b5066a54bdb88d500e89932e9f2768a049cf0d5249d8d1ad7643c3aacad0c4884a49366e |
/data/data/com.example.androiddefender2/databases/AndroidDefender.db-journal
| MD5 | 476bdd5145a3c7b24154a4341a963879 |
| SHA1 | 5f222a4c811e9e576cc4bc40bfb20a344e4b28e6 |
| SHA256 | d442bc7b6f5d4a4f139a3e901643d969b05c5f2878993a76c8aa40a48d412749 |
| SHA512 | a47a99b32f58725c82cc8098d1dfdad931aa4d1d4351b9c653fe215acc40c02240307d81dc522e49baf639715d2f188ceec911b1fcceb4edc2e725ac53782cae |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-04 01:24
Reported
2024-06-04 01:28
Platform
android-x64-arm64-20240603-en
Max time kernel
16s
Max time network
132s
Command Line
Signatures
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Processes
com.example.androiddefender2
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.179.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| CN | 219.235.1.127:80 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.178.8:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.180.4:443 | tcp | |
| GB | 142.250.180.4:443 | tcp |
Files
/data/user/0/com.example.androiddefender2/databases/AndroidDefender.sqlite-journal
| MD5 | 496c9ee820969bda3def43599e142f25 |
| SHA1 | 22ae9f931263a0fbd36bc5323b52cbcea6a32279 |
| SHA256 | 6e9637d86fb8c13af0b7542b9bfb20d6fcf462bb2584b34f625bf3f48e0dd424 |
| SHA512 | 1fb156c3bb9e3fb761a1c83d35a0b29a08c9c69714d75e1897e60f9eb6bbeea8dcf147a7316bfe30ab437df03bb3e138e462cee87cddf089abac04377c52fea2 |
/data/user/0/com.example.androiddefender2/databases/AndroidDefender.sqlite
| MD5 | 8b2a0dd2e8288406bcb89e4acdcb8a13 |
| SHA1 | ac6e4943c333c5242717829c82f404c41b98c018 |
| SHA256 | b94501926027393a9d2cf91e76e9b66c0f6814674bf88d0474034c507ed19973 |
| SHA512 | 40073bc373d2d2d1a8285b5dab24f34eb14aa88e03d8fad7f75fde8755d015d9d4a19a23eb507c7151e6765ef9c507e34ec7187040fb62a3268231b3a5cfffa3 |
/data/user/0/com.example.androiddefender2/databases/AndroidDefender.sqlite-journal
| MD5 | 69077e6395cd16c5eb9b3458775fea4a |
| SHA1 | 2f285f613fba294402857d32fa5fcaef59bb56e5 |
| SHA256 | 2e53ffcb3f80750e3f8ca5bf5bcb19a270df20adca4c1fb39921753de7da86fa |
| SHA512 | 1327e75a814ac3665b5652ed4f93d06f2bd2e619db6b63ca625c38bb1fb2238c9a9c19e4eac918a6c8d9fbe90b32e0ebda7b6865eb3d0a6505ae54a8efd24d14 |
/data/user/0/com.example.androiddefender2/databases/AndroidDefender.sqlite-journal
| MD5 | 59f0461baa105e4a37beeb7163e6a248 |
| SHA1 | 76b5bb439c9da9aeded1c0be8d51b59eff7b5350 |
| SHA256 | 1064490523b85526f010d51189ec36e3b0ffc1c8ed95726e6101a63b904f87a5 |
| SHA512 | fd3770a523f0e95e87132e870d381c8d5d1cd3ba573388bac2d7723a6067503812f1d02f4c344060c6de9648821217fe818b80dc4a3cd86060ac14f6275cd250 |
/data/user/0/com.example.androiddefender2/databases/AndroidDefender.db-journal
| MD5 | dfaa5e4981637a405e627d87df6b8bb9 |
| SHA1 | be993e06848ecdaac5f9bf58c9db601f8ec3b4ee |
| SHA256 | c0cb4d92dbf51dc42787e2a6997df226ff50b9d83213f64cb94c701549f17df7 |
| SHA512 | 132b870ff3c832c1dcc775942bbcba55417cbf81b17c695bce82b808732b861f8d213e46515aff5c6a71da2b71f46e129a305166ff066cd8ea2a3365cd67b35e |
/data/user/0/com.example.androiddefender2/databases/AndroidDefender.db
| MD5 | 6f57dc5c7f74641fe16553cb17af50c8 |
| SHA1 | c4308a3b86f2df9a59c9257b3abf0fbb80594a12 |
| SHA256 | 99c795f6289277934c32a333d2130d36509007eefb77a80575b121cbcec06fa0 |
| SHA512 | a0902ff3eb3748d0534e75e2ee1367f5227814c9204bf741adde640d0b88dd3751dcc312d1a0735bba3c5e95a71cdcafa4f9c4adda23bd43724da4b248e3c58e |
/data/user/0/com.example.androiddefender2/databases/AndroidDefender.db-journal
| MD5 | bce52b366eb16b8eaac7e8e41ddfa5a6 |
| SHA1 | c6179487228ef0586eee7f42f18e1dc8ff6235d0 |
| SHA256 | 07ab2cbaeb4b755d886d60c238f6b7c8f1b3c74981e092a0ea978f7250506c6c |
| SHA512 | d5c4d68efd0828ce466a0616b79aacedaeafbddb79b940feec4a810e5fb1adb59a1b5eaeb607997a510e4a1d2202303e4ae478943bae16d436f23f0fffe7d6b7 |
/data/user/0/com.example.androiddefender2/databases/AndroidDefender.db-journal
| MD5 | c8d6332c3f2d23e43ae32964f3c20317 |
| SHA1 | 5c811de75e822f7c80c7cee4786b1dcad4ed2cc8 |
| SHA256 | abc25a9730b0baae0f2d5f661279f25717319d9daa1be1953a51d4c67c02a1f4 |
| SHA512 | c7cc1dbe086c4d937a16d29d45d2ff103cde497aea964487943b0f6877f3f3aad479565a50231feef76723c13f8bbf778a3d495d8702c4ed6d6601c6ce2d0429 |
/data/user/0/com.example.androiddefender2/databases/AndroidDefender.db-journal
| MD5 | 26147f3cdfc5a0d69d23d2db1c1b809e |
| SHA1 | 794979eb2c7d5953c7ff1de49d9e790769775225 |
| SHA256 | cb64347be455b6f78b4518dc0c2a294bdbe53eb27240d8b53d37dfe5be94892d |
| SHA512 | fbc7d6d057d2da0b928c8f0967e6105ae032a64db9b38116056e40f85dfff85378ded84eb12448d506c034059beeb5b54727e2b27851d3ea0f8c83cee2bda5a9 |
/data/user/0/com.example.androiddefender2/databases/AndroidDefender.db-journal
| MD5 | 8f9b8b1933f7374b2b7149480a4a27de |
| SHA1 | 4c3562634c1a115a82e5405bcac82258e6a562df |
| SHA256 | 199d3d0eb4790decd54e6a07432afe3ccb8fc7af4ebda40ed02006226710a8be |
| SHA512 | bb437522c9ed2d19c5e5a70313e28aa641bee5c72dafa71c1a1bbe008deb1a5231d78d2a89ffa766627aa58e50ca58a109704302a5e5f10d8f945e37b3004aa5 |
/data/user/0/com.example.androiddefender2/databases/AndroidDefender.db-journal
| MD5 | 1ead9424bb69bb33b7b5205f05c8478d |
| SHA1 | cd046fefb72f375cde81bfec1d5f4950a86cb4d4 |
| SHA256 | 14af3c350193ed91039df5f6a0623f561a65867f312d2c1ea39410e990c67597 |
| SHA512 | 8e4d5450fa87064fc4497fcd3709b0f8e121456a48b56f3834cf9ef4beecb09e3bb42b732af7243101e32c05c5414b1ad962623d4c69f839d8f014c7218b03d0 |