Malware Analysis Report

2025-01-19 08:08

Sample ID 240605-1wttxsac9v
Target 995b023af9ed2f6e4ee0aa5432dfb4d3_JaffaCakes118
SHA256 d05833df0b521c7d90c5d05f16ed5e7863a5458e2cdf6d9746e75f72555c97b5
Tags
discovery evasion impact
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

d05833df0b521c7d90c5d05f16ed5e7863a5458e2cdf6d9746e75f72555c97b5

Threat Level: Shows suspicious behavior

The file 995b023af9ed2f6e4ee0aa5432dfb4d3_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion impact

Loads dropped Dex/Jar

Requests dangerous framework permissions

Queries information about active data network

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-05 22:00

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-05 22:00

Reported

2024-06-05 22:03

Platform

android-x86-arm-20240603-en

Max time kernel

7s

Max time network

149s

Command Line

com.puc.lernar

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.puc.lernar/files/less/AlJstKleze.jar N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.puc.lernar

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
CN 116.62.181.149:8080 tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 216.58.201.110:443 tcp
GB 142.250.187.194:443 tcp

Files

/data/data/com.puc.lernar/files/less/AlJstKleze.jar

MD5 ae1f3cd62b1bb0009ee68ae304b747f3
SHA1 790921e23d6d5cfb97c8a24a21ff6470c46ead59
SHA256 df39e347fd527aa0c634ef255722bdce1221f15c6e33e49c4f27d9db5fdda098
SHA512 b67d58046e00456a6d259b4d4e623b7b399670398ae8c5221c693e8e2c0e21f6ce2f35724be145d25fe05df457bb0cd73f4fdcfe1e81ecfe89a80f225fca117e

/data/user/0/com.puc.lernar/files/less/AlJstKleze.jar

MD5 5d9aa2b3757c19de41687e710bf75da9
SHA1 898004702420c5ee65e81360997bfd361ab5682e
SHA256 a99f45c2732a7c907586f35745bf9ab1211b227c1d81b0a17b4ee8b3593426fd
SHA512 44530d5d1fd229566f01ff933871f3ae7fd254d92f81b8df4b9312743df42bd1fa4daa61e6e082f16a0a808d56ee04949c210e8ce10c6dd0e206c05018346e10