Analysis Overview
SHA256
f4ea7bd7bbc2799fb936fb803d0387beb1a532f79110d63ea91fcdc212122d58
Threat Level: Shows suspicious behavior
The file 93470fd1b1d2f189c93bf622437088ed_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks memory information
Requests dangerous framework permissions
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-04 01:28
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-04 01:28
Reported
2024-06-04 01:31
Platform
android-x86-arm-20240603-en
Max time kernel
4s
Max time network
156s
Command Line
Signatures
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Processes
cn.gov.longquan.govmobile
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.169.10:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 142.250.178.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
Files
/data/data/cn.gov.longquan.govmobile/databases/bugly_db_legu-journal
| MD5 | f2a12d9c3dcf72c3350930a8e96c9f77 |
| SHA1 | c6ed54031e80b55e4cc07add04a1d0a78c76ee9e |
| SHA256 | e678076b386fc3743ca1e64d569c9255ad54dbe69822d523e769f0e67a7d043c |
| SHA512 | bc2c737399d1ea74916041d59f46e65adeecf26b22d04cd35dcb7f88585a49f00d0118c7ed59c767eab1f2cc7e8dd7ef7bdcbfc6b92507ea50c6a1857731ae16 |
/data/data/cn.gov.longquan.govmobile/databases/bugly_db_legu
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/cn.gov.longquan.govmobile/databases/bugly_db_legu-shm
| MD5 | cf845a781c107ec1346e849c9dd1b7e8 |
| SHA1 | b44ccc7f7d519352422e59ee8b0bdbac881768a7 |
| SHA256 | 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7 |
| SHA512 | 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612 |
/data/data/cn.gov.longquan.govmobile/databases/bugly_db_legu-wal
| MD5 | d354789a3542ecdf06575966dc0be144 |
| SHA1 | 2eac80c7d4d93b8154140129574e4f8b63de3ec9 |
| SHA256 | 4fd5c17c00170456771ce6a6e3c9355ebebcfa6ecf42d3377c5f9c81bd6e9717 |
| SHA512 | 53ca8a5bec625a05502d12ae2fa4337893d9c99d2a51385a36c07b805d052a4ee13d48a99c383ff5d9e82802268753f200f077d499f31e54a60528162328c482 |
/data/data/cn.gov.longquan.govmobile/app_bugly/tomb_1717464518170.txt
| MD5 | 79d110469c45c00de80f5bc8447ca039 |
| SHA1 | 46f9079aa546a73693cd56096a8f91fd068b3d97 |
| SHA256 | 78a7b93bf300b260a5aece85da8eb9ecff292464c90049f217ab6554fc76d7d0 |
| SHA512 | 1050b156653207eef3ef5e9b09800b4986c6cc682fdba99a13d764075f2ccc82cf159252c6bb9a8d57622d5d61e9fbebfe9112067b310122f824ba9546643793 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-04 01:28
Reported
2024-06-04 01:31
Platform
android-33-x64-arm64-20240603-en
Max time kernel
9s
Max time network
178s
Command Line
Signatures
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
cn.gov.longquan.govmobile
Network
| Country | Destination | Domain | Proto |
| GB | 216.58.213.4:443 | udp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.213.4:443 | udp | |
| GB | 216.58.204.67:443 | tcp | |
| GB | 216.58.213.4:443 | udp | |
| US | 172.64.41.3:443 | udp | |
| US | 172.64.41.3:443 | tcp | |
| US | 172.64.41.3:443 | tcp | |
| GB | 216.58.212.227:443 | tcp | |
| GB | 216.58.212.227:443 | udp | |
| US | 1.1.1.1:53 | mobiledataplan-pa.googleapis.com | udp |
| US | 216.239.38.133:443 | mobiledataplan-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | nwp.t-mobile.com | udp |
| US | 45.60.1.206:80 | nwp.t-mobile.com | tcp |
| GB | 142.250.179.228:443 | tcp |
Files
/data/user/0/cn.gov.longquan.govmobile/databases/bugly_db_legu-journal
| MD5 | e411772e5ac67273f08f2208cbcd61ff |
| SHA1 | 376860fc6925c414183e108555fecc2a8fca8a6f |
| SHA256 | 4de035443c9a4d5795906838a6ed40cafce37a85f84e5d5f313d5084722fd7b9 |
| SHA512 | 76ff6e4d69c350a673565f0cd0a03def31778e0273055d2fe87363f8628e1825979edbd8a5863f085babaac074b0f9344539750993b8b4d287efc64e6fdbfa8f |
/data/user/0/cn.gov.longquan.govmobile/databases/bugly_db_legu
| MD5 | c4864a6085223c7e99f925f55394d440 |
| SHA1 | efb9c7c10bdcd321fa7b09fa9f278cb492799135 |
| SHA256 | 06427a6645ae8443d33bf2691cc703df4b9a0239d18bdac08dffe290f4687462 |
| SHA512 | 40425fafa223015b9063018658e4e209135774825200a90a6af52bef97556a853e4524c5d7ce5a4d5626f6cae3a601fc09bede5f286c0b4501c00a0a39144c69 |
/data/user/0/cn.gov.longquan.govmobile/databases/bugly_db_legu-journal
| MD5 | 51a72d55a2d61110785c7c076a22a318 |
| SHA1 | 8184d2ea2cee705fc33c063c022c0d3486cb3423 |
| SHA256 | b982cd68f803df2a1009139249e341e82ca3ab0e14557158f0005e34a0490653 |
| SHA512 | f192a7d6b5c1dcc4c7d4dafc446476c3d0a8d7c8b70c0f97208ee669e34ffd58c0701c6808abbd77dd4371048909a4ca0cc1b1ede3306b9785bf100f5cde448c |
/data/user/0/cn.gov.longquan.govmobile/databases/bugly_db_legu-journal
| MD5 | de0470f11a5a0f994f34b191d4d49838 |
| SHA1 | 557f774c554262b75c1134ad5e2b126637c7f2b9 |
| SHA256 | fc9127d5b9b0f231431c973e6664378d9f94d4f76c5ad6524e276cc4e0e1a4ed |
| SHA512 | 5487004bd2e7b60d5d72f631380d9afff75d40eea0b86911eb515448560b0cdacbcdb8cfffbea9943c4354b68b4284e8dffbf1b691041058bef27e1e5e6c45c9 |
/data/user/0/cn.gov.longquan.govmobile/databases/bugly_db_legu-journal
| MD5 | bdb8706312a22fd9dde62e6dfc4de8a9 |
| SHA1 | 3d1c787c95b1bdee69342b9d0cbb6de05411f343 |
| SHA256 | cbfcc6a82d92b9b8376cbe5c671d53dd7215f307f0c6369e84e358a342ca46a7 |
| SHA512 | 8e14d3b645656453324b0b9425f19cd08c7aa0cf5af13e8a247e60e24b09e674cd48c49d19631981fbf659b4c031d956be6c6eb411cba9b3483f270db893463e |
/data/user/0/cn.gov.longquan.govmobile/databases/bugly_db_legu-journal
| MD5 | 4580c15dbb6cecc20ddaac67515860d0 |
| SHA1 | e91d52ec1b2b020f047a72fe3ee3eab4aed6e3ac |
| SHA256 | 9fe31a58b9d9fde9b5c3a7fa298443b2ce673c5c3f404f964f82424c4fb0d7b8 |
| SHA512 | 5a22a2b391720df1b89578113b5453ce5cf58b18b245c4af1f3dcc4232fb6d600ffec4eb45f7da907eb907199f12eff807ff9f1c011b646dd2bc6dd9fba67ef7 |
/data/user/0/cn.gov.longquan.govmobile/databases/bugly_db_legu-journal
| MD5 | ec66bbf226c03ccb7aae1ae62ac1849a |
| SHA1 | 58b26ec4eae5da7190c3016ffae95cfd1ac45288 |
| SHA256 | da6ccca7d24204b8564d162c82f8c4129aabf8396f358e8ed75a513d56f3b275 |
| SHA512 | 6b0f289d633f327aefaa48a8a89be793bded91173cc9837719afc87bc74a28bc5cea8f8c7642c2caa5cb229b1e57b9cda835066f955f0310438ea7553c2deea9 |
/data/user/0/cn.gov.longquan.govmobile/app_bugly/tomb_1717464519517.txt
| MD5 | bd0f8f8f3ad93fa07623422ec6e72003 |
| SHA1 | c3589295e7a4ddcf35bcd7a2c13bfd381783821a |
| SHA256 | 7fe875398dea7537a57a77c5275cbc8647aaf63ab6fd9148443b65df2e1d0647 |
| SHA512 | 2ec3e073321262b667afbf98fe4e9f51e4c0c58baaad506b120239031f10699d699b94470bef13007bd6199df3d3b03f1eaf147c0cba5178aee7e267072b1c0b |
/data/user/0/cn.gov.longquan.govmobile/app_bugly/rqd_record.eup
| MD5 | 1666c74d00dff200cc8fbb8245ad5542 |
| SHA1 | 5b777ef10afac11882dcfc0825babcb42e12c5f3 |
| SHA256 | 9a03f42cbbf181c2d2dd213a0499c81eb7b7470708d2d2d9669e367b736d698a |
| SHA512 | 1fc392599b48c57d7b3ed3026c8b7b6d6eaa484e09506106261361d673cf19762d273eddbe118f60361422a0e3ccac4ac5b3b31f159b19effefde15af2758b28 |
/data/user/0/cn.gov.longquan.govmobile/app_bugly/rqd_record.eup
| MD5 | e0d15e614175fccc6044c1ded528813f |
| SHA1 | b22ecd27814d42c7a06976416f708a57b988359d |
| SHA256 | dc88d331badc1d2571ac0915f831830846977c7d5bb0c1e150c7e4490269d56e |
| SHA512 | 1224f52c95d12bf0a5968af972bfb8fca43d185fc78bb886a889cea4f238baded4120adc05b59e3455cdea7c92e646f84861db9b82cc4557f587071722e82c6a |