Malware Analysis Report

2025-01-19 05:03

Sample ID 240605-n9tpvsfg67
Target 981ccbe53a8e3b931afc5947b48a2c77_JaffaCakes118
SHA256 9f6ee454dbde3638c640c90da164ac806d02a380cb4f463ef128704e918272ce
Tags
collection discovery impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

9f6ee454dbde3638c640c90da164ac806d02a380cb4f463ef128704e918272ce

Threat Level: Shows suspicious behavior

The file 981ccbe53a8e3b931afc5947b48a2c77_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

collection discovery impact persistence

Queries account information for other applications stored on the device

Requests dangerous framework permissions

Queries information about active data network

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-05 12:06

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-05 12:06

Reported

2024-06-05 12:09

Platform

android-x86-arm-20240603-en

Max time kernel

7s

Max time network

138s

Command Line

com.gameloft.android.ANMP.GloftICHM

Signatures

Queries account information for other applications stored on the device

collection
Description Indicator Process Target
Framework service call android.accounts.IAccountManager.getAccountsAsUser N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.gameloft.android.ANMP.GloftICHM

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

N/A