Malware Analysis Report

2024-11-13 13:30

Sample ID 240604-bstmbahb25
Target 934527f8ebb5c1088009cc9329dc3de6_JaffaCakes118
SHA256 585526be5f878ec6bc2967e8ed58f40207b5500d797b5af4bf5f16cef511cb4b
Tags
discovery evasion
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

585526be5f878ec6bc2967e8ed58f40207b5500d797b5af4bf5f16cef511cb4b

Threat Level: Likely malicious

The file 934527f8ebb5c1088009cc9329dc3de6_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion

Checks if the Android device is rooted.

Requests dangerous framework permissions

Checks if the internet connection is available

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-04 01:24

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-04 01:24

Reported

2024-06-04 01:28

Platform

android-x86-arm-20240603-en

Max time kernel

47s

Max time network

131s

Command Line

com.example.androiddefender2

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/xbin/su N/A N/A

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.example.androiddefender2

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
CN 219.235.1.127:80 tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp

Files

/data/data/com.example.androiddefender2/databases/AndroidDefender.sqlite-journal

MD5 04bf545873784b7e0f63e2e5216cd63c
SHA1 f9f48c205a0e069d90f865308a4b1436fae97576
SHA256 6f091a515a4b0fded997b9275fdd6f17aff14ba04c43158871c2f08310f8462c
SHA512 c2d01e0ef525a040f247aea4c8eaeae926f9133ae3f1acf234a82baac37da0da79e4aecaee33687f5465b5a13ad19abf238449714e33374d332e287b71cb6e56

/data/data/com.example.androiddefender2/databases/AndroidDefender.sqlite

MD5 8b2a0dd2e8288406bcb89e4acdcb8a13
SHA1 ac6e4943c333c5242717829c82f404c41b98c018
SHA256 b94501926027393a9d2cf91e76e9b66c0f6814674bf88d0474034c507ed19973
SHA512 40073bc373d2d2d1a8285b5dab24f34eb14aa88e03d8fad7f75fde8755d015d9d4a19a23eb507c7151e6765ef9c507e34ec7187040fb62a3268231b3a5cfffa3

/data/data/com.example.androiddefender2/databases/AndroidDefender.sqlite-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.example.androiddefender2/databases/AndroidDefender.sqlite-wal

MD5 b6c826cb064cbf96e8b9ea2c288d999a
SHA1 797526ba369070a904cc5e0ca52aa6a46fce8469
SHA256 2868b8af85930139acdc2860a69f040dfa2d6b2363a9a9147c1bd31d56e20c4e
SHA512 297c1b590c4ad4e112521f7b259f162fd2ebeb43a79b5318203bce8fa70831d03194e4e02d5653c41f75320d370f53dfcc436b8a186f68300badbcbe46b57453

/data/data/com.example.androiddefender2/databases/AndroidDefender.db-journal

MD5 ae27f29a1245fc8662e03c643dc17418
SHA1 581322f72a254ed4de5d36453456d629c0a2b417
SHA256 ea71e557ee2a50400819604b4e27aac6353d8679f67aa0299bf8c3d6a9f98c34
SHA512 371a29ff68fd66741d32fd7dedafc59e09ad87aa55449754767db57aa44b7e2dc5885d9ef3f3c88c6622b2b473dcdcb2dc5ced1f2df339097b95ac388d585e5f

/data/data/com.example.androiddefender2/databases/AndroidDefender.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.example.androiddefender2/databases/AndroidDefender.db-wal

MD5 f02fc41a7c9f96237df2415f910ea84c
SHA1 74fc06eeafefae452d05fe6e2032cb173048b8ea
SHA256 739aba52ad6a9390eafd7158724d4ba9957b58dff991a8b0d917240b6ed4d588
SHA512 6b737545f9afcdc75426bd3de424f70b19726e791e4a9a630963ee3fdd3e8af94cfd6336e51c8f97d95bb7cc4470216b0f0f9e4e2c980477d0c9d765329012e3

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-04 01:24

Reported

2024-06-04 01:28

Platform

android-x64-20240603-en

Max time kernel

27s

Max time network

131s

Command Line

com.example.androiddefender2

Signatures

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.example.androiddefender2

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.228:443 tcp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp

Files

/data/data/com.example.androiddefender2/databases/AndroidDefender.sqlite-journal

MD5 3d7d044298ae9a1ffadd7f47d408c9d9
SHA1 66fa55ae5f03cee8f03ec7aada1665fbedf7eb00
SHA256 6d527d0df86873709385a1af7bad7e4cb9ddf03ad584c6c04fca250aa81e3976
SHA512 2d182564a98a0660c60ae0c905ff0a23a4c45bd3df3ee6d6531df7fead7bbf3f3ae650e6fb8199851d9a05e79132aa79786b7e2843b9dbcae6e9499ca187f2ca

/data/data/com.example.androiddefender2/databases/AndroidDefender.sqlite

MD5 8b2a0dd2e8288406bcb89e4acdcb8a13
SHA1 ac6e4943c333c5242717829c82f404c41b98c018
SHA256 b94501926027393a9d2cf91e76e9b66c0f6814674bf88d0474034c507ed19973
SHA512 40073bc373d2d2d1a8285b5dab24f34eb14aa88e03d8fad7f75fde8755d015d9d4a19a23eb507c7151e6765ef9c507e34ec7187040fb62a3268231b3a5cfffa3

/data/data/com.example.androiddefender2/databases/AndroidDefender.sqlite-journal

MD5 6a59bee792d5c2cf3a3ee861b33c0ad2
SHA1 d4de595c2f37d492e77f0d1f32bb40aa9acd5a3a
SHA256 cbdac0906827252ca1879cf7462bf9f569a1646337a8bf2245aaac244ba60b52
SHA512 b378ee90d06e27fa8ab0ccdcbc4149127fd921d189ae2723a50a12050e033faa41212daf357ce1c76f78b95660a2f740f0d2f2f4851f88e5dc2be51fdfc3d440

/data/data/com.example.androiddefender2/databases/AndroidDefender.sqlite-journal

MD5 0a9471b5969dacf5623d67f54f2f80c3
SHA1 60fb4e179a6dcb920bd2199bf3dd2679d8857bfa
SHA256 0accc62694d1be3ca2e44a646df19a9b870b740fbd95b25af0f6de10a110f44e
SHA512 c9eda4daf17b5f3fad74e33be4861026645cd4cf9056a1e9573b41624b289c0704228edddef602b9deadfe1cdac516947caf2bed81ee8acbd1d74bce478fd98d

/data/data/com.example.androiddefender2/databases/AndroidDefender.db-journal

MD5 bc963400bba2b9dca5b940ae086bedb9
SHA1 48365c5d41ed42ee94868520fd921324c82058f5
SHA256 8f6becb74546df5efc96c0c846e69894c4be3c412fa3b309f958330134aae7bb
SHA512 a3266ec423ae23bc51940602ab0d571f46485048dccdd8cc7ee7ce38d442b90c46989483f6fded4209509aa72eee9026379ebdf5c968395c55ed25322feadf1d

/data/data/com.example.androiddefender2/databases/AndroidDefender.db

MD5 f27e5603404d6189276495dba972017e
SHA1 c596e5651bfde1ab4c2f8b048f0648bc68acd33d
SHA256 e3b903b8b5c5f48784621bac417f8d0d5c8c2cf43931d4e70ec11be95802cef9
SHA512 21418d1344a98b484ac755de6d4486840c6bac645b354e6ee2b4004a5fcef95967ea21edac767fda1658a673ff254803133a05f86954ac1436f388daeb9db8ba

/data/data/com.example.androiddefender2/databases/AndroidDefender.db-journal

MD5 14bd91e85358fd02d4622c5bc8459c65
SHA1 8928e69b28c80fc8a4b3d095aca6036508646f58
SHA256 2f8121cf320449aead2bf1368a596f7db03048b787dbe0a6ecb904c1155000db
SHA512 e150507d3dd6d8f2cf12f39a8da07694d87d9091f1fdfa50aee85a686044bf00d1665a334e260e7d7ebc7b1d7298c006c4d127233cf09d9f6c49d5c307589492

/data/data/com.example.androiddefender2/databases/AndroidDefender.db-journal

MD5 6e428b64eed4b95073e62d1586180ff6
SHA1 86ddb56a036047eb2fa9c38e816a25ca072d4831
SHA256 f89f944bb34a2c011900bc16f9bc3428fee1b05e1a00c23a18727004997cbce6
SHA512 485cb21a429f9ecba8a284d8d1e87e50ae5d9e21fb8e7fb521caac5b7c907a852637564f36822373e64f92b9b926521852a76cb922bb32cb1817c846625e05e3

/data/data/com.example.androiddefender2/databases/AndroidDefender.db-journal

MD5 fca55fc9793336310231dbafb5eefd4a
SHA1 56cba684686fedaed653d62fc788438050835f57
SHA256 186ff4efc39087cd88703321acc2215f07599ab511e859a1df3ab6d98cb82c7b
SHA512 f4f5357d7d19b6a5fb9862cf7a6683a733b9865fcbb1a2c5e077ef7d980b43535d07d50d12a995af929ff78242992817ec2686bccef941af9363dd9bd591b94c

/data/data/com.example.androiddefender2/databases/AndroidDefender.db-journal

MD5 394db3feb9427ac547fbb45ae922648e
SHA1 aaf39a8237806d6ac9490a17788c11a9b46c6964
SHA256 a38558a20dedd113a599acca6b3f05d7245f0890477e560005ef50839113557e
SHA512 986d174617bb5de4c88009db9b2a35c44aad4c425923f62f9c38de90b5066a54bdb88d500e89932e9f2768a049cf0d5249d8d1ad7643c3aacad0c4884a49366e

/data/data/com.example.androiddefender2/databases/AndroidDefender.db-journal

MD5 476bdd5145a3c7b24154a4341a963879
SHA1 5f222a4c811e9e576cc4bc40bfb20a344e4b28e6
SHA256 d442bc7b6f5d4a4f139a3e901643d969b05c5f2878993a76c8aa40a48d412749
SHA512 a47a99b32f58725c82cc8098d1dfdad931aa4d1d4351b9c653fe215acc40c02240307d81dc522e49baf639715d2f188ceec911b1fcceb4edc2e725ac53782cae

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-04 01:24

Reported

2024-06-04 01:28

Platform

android-x64-arm64-20240603-en

Max time kernel

16s

Max time network

132s

Command Line

com.example.androiddefender2

Signatures

Checks if the internet connection is available

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.example.androiddefender2

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
CN 219.235.1.127:80 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp

Files

/data/user/0/com.example.androiddefender2/databases/AndroidDefender.sqlite-journal

MD5 496c9ee820969bda3def43599e142f25
SHA1 22ae9f931263a0fbd36bc5323b52cbcea6a32279
SHA256 6e9637d86fb8c13af0b7542b9bfb20d6fcf462bb2584b34f625bf3f48e0dd424
SHA512 1fb156c3bb9e3fb761a1c83d35a0b29a08c9c69714d75e1897e60f9eb6bbeea8dcf147a7316bfe30ab437df03bb3e138e462cee87cddf089abac04377c52fea2

/data/user/0/com.example.androiddefender2/databases/AndroidDefender.sqlite

MD5 8b2a0dd2e8288406bcb89e4acdcb8a13
SHA1 ac6e4943c333c5242717829c82f404c41b98c018
SHA256 b94501926027393a9d2cf91e76e9b66c0f6814674bf88d0474034c507ed19973
SHA512 40073bc373d2d2d1a8285b5dab24f34eb14aa88e03d8fad7f75fde8755d015d9d4a19a23eb507c7151e6765ef9c507e34ec7187040fb62a3268231b3a5cfffa3

/data/user/0/com.example.androiddefender2/databases/AndroidDefender.sqlite-journal

MD5 69077e6395cd16c5eb9b3458775fea4a
SHA1 2f285f613fba294402857d32fa5fcaef59bb56e5
SHA256 2e53ffcb3f80750e3f8ca5bf5bcb19a270df20adca4c1fb39921753de7da86fa
SHA512 1327e75a814ac3665b5652ed4f93d06f2bd2e619db6b63ca625c38bb1fb2238c9a9c19e4eac918a6c8d9fbe90b32e0ebda7b6865eb3d0a6505ae54a8efd24d14

/data/user/0/com.example.androiddefender2/databases/AndroidDefender.sqlite-journal

MD5 59f0461baa105e4a37beeb7163e6a248
SHA1 76b5bb439c9da9aeded1c0be8d51b59eff7b5350
SHA256 1064490523b85526f010d51189ec36e3b0ffc1c8ed95726e6101a63b904f87a5
SHA512 fd3770a523f0e95e87132e870d381c8d5d1cd3ba573388bac2d7723a6067503812f1d02f4c344060c6de9648821217fe818b80dc4a3cd86060ac14f6275cd250

/data/user/0/com.example.androiddefender2/databases/AndroidDefender.db-journal

MD5 dfaa5e4981637a405e627d87df6b8bb9
SHA1 be993e06848ecdaac5f9bf58c9db601f8ec3b4ee
SHA256 c0cb4d92dbf51dc42787e2a6997df226ff50b9d83213f64cb94c701549f17df7
SHA512 132b870ff3c832c1dcc775942bbcba55417cbf81b17c695bce82b808732b861f8d213e46515aff5c6a71da2b71f46e129a305166ff066cd8ea2a3365cd67b35e

/data/user/0/com.example.androiddefender2/databases/AndroidDefender.db

MD5 6f57dc5c7f74641fe16553cb17af50c8
SHA1 c4308a3b86f2df9a59c9257b3abf0fbb80594a12
SHA256 99c795f6289277934c32a333d2130d36509007eefb77a80575b121cbcec06fa0
SHA512 a0902ff3eb3748d0534e75e2ee1367f5227814c9204bf741adde640d0b88dd3751dcc312d1a0735bba3c5e95a71cdcafa4f9c4adda23bd43724da4b248e3c58e

/data/user/0/com.example.androiddefender2/databases/AndroidDefender.db-journal

MD5 bce52b366eb16b8eaac7e8e41ddfa5a6
SHA1 c6179487228ef0586eee7f42f18e1dc8ff6235d0
SHA256 07ab2cbaeb4b755d886d60c238f6b7c8f1b3c74981e092a0ea978f7250506c6c
SHA512 d5c4d68efd0828ce466a0616b79aacedaeafbddb79b940feec4a810e5fb1adb59a1b5eaeb607997a510e4a1d2202303e4ae478943bae16d436f23f0fffe7d6b7

/data/user/0/com.example.androiddefender2/databases/AndroidDefender.db-journal

MD5 c8d6332c3f2d23e43ae32964f3c20317
SHA1 5c811de75e822f7c80c7cee4786b1dcad4ed2cc8
SHA256 abc25a9730b0baae0f2d5f661279f25717319d9daa1be1953a51d4c67c02a1f4
SHA512 c7cc1dbe086c4d937a16d29d45d2ff103cde497aea964487943b0f6877f3f3aad479565a50231feef76723c13f8bbf778a3d495d8702c4ed6d6601c6ce2d0429

/data/user/0/com.example.androiddefender2/databases/AndroidDefender.db-journal

MD5 26147f3cdfc5a0d69d23d2db1c1b809e
SHA1 794979eb2c7d5953c7ff1de49d9e790769775225
SHA256 cb64347be455b6f78b4518dc0c2a294bdbe53eb27240d8b53d37dfe5be94892d
SHA512 fbc7d6d057d2da0b928c8f0967e6105ae032a64db9b38116056e40f85dfff85378ded84eb12448d506c034059beeb5b54727e2b27851d3ea0f8c83cee2bda5a9

/data/user/0/com.example.androiddefender2/databases/AndroidDefender.db-journal

MD5 8f9b8b1933f7374b2b7149480a4a27de
SHA1 4c3562634c1a115a82e5405bcac82258e6a562df
SHA256 199d3d0eb4790decd54e6a07432afe3ccb8fc7af4ebda40ed02006226710a8be
SHA512 bb437522c9ed2d19c5e5a70313e28aa641bee5c72dafa71c1a1bbe008deb1a5231d78d2a89ffa766627aa58e50ca58a109704302a5e5f10d8f945e37b3004aa5

/data/user/0/com.example.androiddefender2/databases/AndroidDefender.db-journal

MD5 1ead9424bb69bb33b7b5205f05c8478d
SHA1 cd046fefb72f375cde81bfec1d5f4950a86cb4d4
SHA256 14af3c350193ed91039df5f6a0623f561a65867f312d2c1ea39410e990c67597
SHA512 8e4d5450fa87064fc4497fcd3709b0f8e121456a48b56f3834cf9ef4beecb09e3bb42b732af7243101e32c05c5414b1ad962623d4c69f839d8f014c7218b03d0