Malware Analysis Report

2025-01-19 08:09

Sample ID 240605-y7jf8agf6x
Target 9928a625fc65d42fdc29b82280b27df5_JaffaCakes118
SHA256 9272b8b9a16d6ef82194502d4a3ac01d939c9382fadf5972844ba59f12c59784
Tags
banker discovery evasion impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

9272b8b9a16d6ef82194502d4a3ac01d939c9382fadf5972844ba59f12c59784

Threat Level: Shows suspicious behavior

The file 9928a625fc65d42fdc29b82280b27df5_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

banker discovery evasion impact persistence

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Checks Android system properties for emulator presence.

Queries the mobile country code (MCC)

Requests dangerous framework permissions

Queries information about active data network

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-05 20:25

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-05 20:25

Reported

2024-06-05 20:28

Platform

android-x86-arm-20240603-en

Max time kernel

175s

Max time network

130s

Command Line

com.egret.launcher.xw

Signatures

Checks Android system properties for emulator presence.

evasion
Description Indicator Process Target
Accessed system property key: ro.product.model N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.egret.launcher.xw

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 www.85sy.com udp
US 1.1.1.1:53 cbcscv-sever.7pa.com udp
SG 119.29.29.29:80 119.29.29.29 tcp
SG 119.29.29.29:80 119.29.29.29 tcp
CN 121.36.11.191:80 tcp
CN 121.36.11.191:80 tcp
US 1.1.1.1:53 cbcscv-sever.7pa.com udp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp

Files

/data/data/com.egret.launcher.xw/files/GameDataCache

MD5 750e9c689fab5fb3e4af9bc44c4ecf7b
SHA1 c2e223ac6c293681ff72310a4dd8cf338be6eacb
SHA256 0e2cca2216ed51fd1c7e0a10eed1ea248992f09f05d91b578da48973117ea540
SHA512 b20567510e708432c19582d145c915db0ff5b34ee3237999ef702921134519325fecb81c271971b5e80a7a07fb67986dff788ca85d4d9a6b105b283b4c6219ad

/data/data/com.egret.launcher.xw/files/GameDataCache

MD5 253d868825c1756a69082a845f64732d
SHA1 0573acd45f0060b18b5dbd98df452fdd621273d2
SHA256 3a21c5f287cb316c953ce2c4452042f0adfa078f275140263b832d9ffbe6b169
SHA512 1f0995e83070a01f9adcff003546a359f2d937b5da07e3c3d134015371292c55dd2a58dce7a9a6d8745a1f2f76e4d48d538fce645da6104cd2d5a91f16faecb2

/data/data/com.egret.launcher.xw/files/GameDataCache

MD5 77dabea21e23cdd000387662db527439
SHA1 71db1543318a98c6b68225f3b4c44285ce0fc8e1
SHA256 e0441c24bfa16ee735779db237022df79fb5064842ff91a95e86c2810ef2e09f
SHA512 625b99ba28854adf2edd08dbe15aba262514cd6fee589a1236349e4fe177622fbefe6934d32aef1d10df6e2d3f79fe9c8c2eeb6137b798b428f4edc86603e54c

/data/data/com.egret.launcher.xw/files/GameDataCache

MD5 70d003d9fba570690934bdacadb5de28
SHA1 465177a48c4e046553fc984f6b5dbe956ac8c1fb
SHA256 3f5dbf2906b61b89adf7b4d68881a9ff3d02006e4d3295187bfd582e0ac5bb70
SHA512 d3a2fc04425475fe8f50719eda3a115183d29d924f3c854dda43f257d84723206411aba8953928116f3b316c4ca70b36dd8e559e14dc4214c62b9bcb5a38178c

/data/data/com.egret.launcher.xw/files/GameDataCache

MD5 4f5649961a196ff2c24a025531129ad2
SHA1 d7e34fa7012f39812f52eaaed9eb305d7aa87870
SHA256 1a7f500342fbc31507b7e15492770a39330f2ae20b723bc11aeecd79b120e49c
SHA512 d3a32b42a0203ebb55dda718195cc0a86fab37387ddd361b8d1443f3254cd05356fa91af0ec76403f0f496cbde1b32118eca83d911c4c3349fff3d83fbe87831

/data/data/com.egret.launcher.xw/files/GameDataCache

MD5 7261dfb96925b27569d32bc9e0b66384
SHA1 c4b3a1b69e257db6aa0845aaad9f508b17050898
SHA256 9d1619c267d412fe38cc2d5068d67abb3c873a9b51900376268bdd26ccc3d007
SHA512 4b93e063b89993d0d1d7691539bd9b44d31cb1d8dfbc792045e9b1f0d283fe2b082aa80de193370a30a3fb451a1b3b9bcfdd68ecbb29914df34219ed296f6a0a