Malware Analysis Report

2024-11-13 13:30

Sample ID 240604-bvvmdsgd9x
Target 93470fd1b1d2f189c93bf622437088ed_JaffaCakes118
SHA256 f4ea7bd7bbc2799fb936fb803d0387beb1a532f79110d63ea91fcdc212122d58
Tags
persistence discovery evasion
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

f4ea7bd7bbc2799fb936fb803d0387beb1a532f79110d63ea91fcdc212122d58

Threat Level: Shows suspicious behavior

The file 93470fd1b1d2f189c93bf622437088ed_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

persistence discovery evasion

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

Requests dangerous framework permissions

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-04 01:28

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-04 01:28

Reported

2024-06-04 01:31

Platform

android-x86-arm-20240603-en

Max time kernel

4s

Max time network

156s

Command Line

cn.gov.longquan.govmobile

Signatures

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

cn.gov.longquan.govmobile

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.10:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp

Files

/data/data/cn.gov.longquan.govmobile/databases/bugly_db_legu-journal

MD5 f2a12d9c3dcf72c3350930a8e96c9f77
SHA1 c6ed54031e80b55e4cc07add04a1d0a78c76ee9e
SHA256 e678076b386fc3743ca1e64d569c9255ad54dbe69822d523e769f0e67a7d043c
SHA512 bc2c737399d1ea74916041d59f46e65adeecf26b22d04cd35dcb7f88585a49f00d0118c7ed59c767eab1f2cc7e8dd7ef7bdcbfc6b92507ea50c6a1857731ae16

/data/data/cn.gov.longquan.govmobile/databases/bugly_db_legu

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/cn.gov.longquan.govmobile/databases/bugly_db_legu-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/cn.gov.longquan.govmobile/databases/bugly_db_legu-wal

MD5 d354789a3542ecdf06575966dc0be144
SHA1 2eac80c7d4d93b8154140129574e4f8b63de3ec9
SHA256 4fd5c17c00170456771ce6a6e3c9355ebebcfa6ecf42d3377c5f9c81bd6e9717
SHA512 53ca8a5bec625a05502d12ae2fa4337893d9c99d2a51385a36c07b805d052a4ee13d48a99c383ff5d9e82802268753f200f077d499f31e54a60528162328c482

/data/data/cn.gov.longquan.govmobile/app_bugly/tomb_1717464518170.txt

MD5 79d110469c45c00de80f5bc8447ca039
SHA1 46f9079aa546a73693cd56096a8f91fd068b3d97
SHA256 78a7b93bf300b260a5aece85da8eb9ecff292464c90049f217ab6554fc76d7d0
SHA512 1050b156653207eef3ef5e9b09800b4986c6cc682fdba99a13d764075f2ccc82cf159252c6bb9a8d57622d5d61e9fbebfe9112067b310122f824ba9546643793

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-04 01:28

Reported

2024-06-04 01:31

Platform

android-33-x64-arm64-20240603-en

Max time kernel

9s

Max time network

178s

Command Line

cn.gov.longquan.govmobile

Signatures

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

cn.gov.longquan.govmobile

Network

Country Destination Domain Proto
GB 216.58.213.4:443 udp
N/A 224.0.0.251:5353 udp
GB 216.58.213.4:443 udp
GB 216.58.204.67:443 tcp
GB 216.58.213.4:443 udp
US 172.64.41.3:443 udp
US 172.64.41.3:443 tcp
US 172.64.41.3:443 tcp
GB 216.58.212.227:443 tcp
GB 216.58.212.227:443 udp
US 1.1.1.1:53 mobiledataplan-pa.googleapis.com udp
US 216.239.38.133:443 mobiledataplan-pa.googleapis.com tcp
US 1.1.1.1:53 nwp.t-mobile.com udp
US 45.60.1.206:80 nwp.t-mobile.com tcp
GB 142.250.179.228:443 tcp

Files

/data/user/0/cn.gov.longquan.govmobile/databases/bugly_db_legu-journal

MD5 e411772e5ac67273f08f2208cbcd61ff
SHA1 376860fc6925c414183e108555fecc2a8fca8a6f
SHA256 4de035443c9a4d5795906838a6ed40cafce37a85f84e5d5f313d5084722fd7b9
SHA512 76ff6e4d69c350a673565f0cd0a03def31778e0273055d2fe87363f8628e1825979edbd8a5863f085babaac074b0f9344539750993b8b4d287efc64e6fdbfa8f

/data/user/0/cn.gov.longquan.govmobile/databases/bugly_db_legu

MD5 c4864a6085223c7e99f925f55394d440
SHA1 efb9c7c10bdcd321fa7b09fa9f278cb492799135
SHA256 06427a6645ae8443d33bf2691cc703df4b9a0239d18bdac08dffe290f4687462
SHA512 40425fafa223015b9063018658e4e209135774825200a90a6af52bef97556a853e4524c5d7ce5a4d5626f6cae3a601fc09bede5f286c0b4501c00a0a39144c69

/data/user/0/cn.gov.longquan.govmobile/databases/bugly_db_legu-journal

MD5 51a72d55a2d61110785c7c076a22a318
SHA1 8184d2ea2cee705fc33c063c022c0d3486cb3423
SHA256 b982cd68f803df2a1009139249e341e82ca3ab0e14557158f0005e34a0490653
SHA512 f192a7d6b5c1dcc4c7d4dafc446476c3d0a8d7c8b70c0f97208ee669e34ffd58c0701c6808abbd77dd4371048909a4ca0cc1b1ede3306b9785bf100f5cde448c

/data/user/0/cn.gov.longquan.govmobile/databases/bugly_db_legu-journal

MD5 de0470f11a5a0f994f34b191d4d49838
SHA1 557f774c554262b75c1134ad5e2b126637c7f2b9
SHA256 fc9127d5b9b0f231431c973e6664378d9f94d4f76c5ad6524e276cc4e0e1a4ed
SHA512 5487004bd2e7b60d5d72f631380d9afff75d40eea0b86911eb515448560b0cdacbcdb8cfffbea9943c4354b68b4284e8dffbf1b691041058bef27e1e5e6c45c9

/data/user/0/cn.gov.longquan.govmobile/databases/bugly_db_legu-journal

MD5 bdb8706312a22fd9dde62e6dfc4de8a9
SHA1 3d1c787c95b1bdee69342b9d0cbb6de05411f343
SHA256 cbfcc6a82d92b9b8376cbe5c671d53dd7215f307f0c6369e84e358a342ca46a7
SHA512 8e14d3b645656453324b0b9425f19cd08c7aa0cf5af13e8a247e60e24b09e674cd48c49d19631981fbf659b4c031d956be6c6eb411cba9b3483f270db893463e

/data/user/0/cn.gov.longquan.govmobile/databases/bugly_db_legu-journal

MD5 4580c15dbb6cecc20ddaac67515860d0
SHA1 e91d52ec1b2b020f047a72fe3ee3eab4aed6e3ac
SHA256 9fe31a58b9d9fde9b5c3a7fa298443b2ce673c5c3f404f964f82424c4fb0d7b8
SHA512 5a22a2b391720df1b89578113b5453ce5cf58b18b245c4af1f3dcc4232fb6d600ffec4eb45f7da907eb907199f12eff807ff9f1c011b646dd2bc6dd9fba67ef7

/data/user/0/cn.gov.longquan.govmobile/databases/bugly_db_legu-journal

MD5 ec66bbf226c03ccb7aae1ae62ac1849a
SHA1 58b26ec4eae5da7190c3016ffae95cfd1ac45288
SHA256 da6ccca7d24204b8564d162c82f8c4129aabf8396f358e8ed75a513d56f3b275
SHA512 6b0f289d633f327aefaa48a8a89be793bded91173cc9837719afc87bc74a28bc5cea8f8c7642c2caa5cb229b1e57b9cda835066f955f0310438ea7553c2deea9

/data/user/0/cn.gov.longquan.govmobile/app_bugly/tomb_1717464519517.txt

MD5 bd0f8f8f3ad93fa07623422ec6e72003
SHA1 c3589295e7a4ddcf35bcd7a2c13bfd381783821a
SHA256 7fe875398dea7537a57a77c5275cbc8647aaf63ab6fd9148443b65df2e1d0647
SHA512 2ec3e073321262b667afbf98fe4e9f51e4c0c58baaad506b120239031f10699d699b94470bef13007bd6199df3d3b03f1eaf147c0cba5178aee7e267072b1c0b

/data/user/0/cn.gov.longquan.govmobile/app_bugly/rqd_record.eup

MD5 1666c74d00dff200cc8fbb8245ad5542
SHA1 5b777ef10afac11882dcfc0825babcb42e12c5f3
SHA256 9a03f42cbbf181c2d2dd213a0499c81eb7b7470708d2d2d9669e367b736d698a
SHA512 1fc392599b48c57d7b3ed3026c8b7b6d6eaa484e09506106261361d673cf19762d273eddbe118f60361422a0e3ccac4ac5b3b31f159b19effefde15af2758b28

/data/user/0/cn.gov.longquan.govmobile/app_bugly/rqd_record.eup

MD5 e0d15e614175fccc6044c1ded528813f
SHA1 b22ecd27814d42c7a06976416f708a57b988359d
SHA256 dc88d331badc1d2571ac0915f831830846977c7d5bb0c1e150c7e4490269d56e
SHA512 1224f52c95d12bf0a5968af972bfb8fca43d185fc78bb886a889cea4f238baded4120adc05b59e3455cdea7c92e646f84861db9b82cc4557f587071722e82c6a