Malware Analysis Report

2025-01-19 05:04

Sample ID 240605-t9t9aada97
Target 98aa61a5b59578abd81137682043976f_JaffaCakes118
SHA256 e2c0ddd7d67e3869638917cb3665e810a1811d26e646eef2efbb3efb6a0cf252
Tags
collection
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

e2c0ddd7d67e3869638917cb3665e810a1811d26e646eef2efbb3efb6a0cf252

Threat Level: Shows suspicious behavior

The file 98aa61a5b59578abd81137682043976f_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

collection

Queries account information for other applications stored on the device

Requests dangerous framework permissions

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-05 16:45

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-05 16:45

Reported

2024-06-05 16:49

Platform

android-x86-arm-20240603-en

Max time kernel

7s

Max time network

131s

Command Line

xtvapps.musictrans.lite

Signatures

Queries account information for other applications stored on the device

collection
Description Indicator Process Target
Framework service call android.accounts.IAccountManager.getAccounts N/A N/A
Framework service call android.accounts.IAccountManager.getAccountsAsUser N/A N/A

Processes

xtvapps.musictrans.lite

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 172.217.169.74:443 tcp
GB 172.217.169.74:443 tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-05 16:45

Reported

2024-06-05 16:49

Platform

android-x64-arm64-20240603-en

Max time kernel

7s

Max time network

132s

Command Line

xtvapps.musictrans.lite

Signatures

Queries account information for other applications stored on the device

collection
Description Indicator Process Target
Framework service call android.accounts.IAccountManager.getAccountsAsUser N/A N/A

Processes

xtvapps.musictrans.lite

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.234:443 tcp
GB 142.250.187.234:443 tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp

Files

N/A