Analysis Overview
SHA256
810377aec8c8a795b8338736aeecdf3e681f0fbf3b9755d213c7a03dcb87d9eb
Threat Level: Shows suspicious behavior
The file 99cb54c8251809a995e1ebe8ae984bc6_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped Dex/Jar
Requests dangerous framework permissions
Registers a broadcast receiver at runtime (usually for listening for system events)
Uses Crypto APIs (Might try to encrypt user data)
Checks memory information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-06 02:19
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an application to collect component usage statistics. | android.permission.PACKAGE_USAGE_STATS | N/A | N/A |
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-06 02:19
Reported
2024-06-06 02:33
Platform
android-x64-arm64-20240603-en
Max time network
7s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.238:443 | tcp | |
| GB | 172.217.16.238:443 | tcp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-06 02:19
Reported
2024-06-06 02:42
Platform
android-x86-arm-20240603-en
Max time network
6s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-06-06 02:19
Reported
2024-06-06 02:32
Platform
android-x64-20240603-en
Max time network
9s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-06-06 02:19
Reported
2024-06-06 02:42
Platform
android-x86-arm-20240603-en
Max time network
7s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-06 02:19
Reported
2024-06-06 02:46
Platform
android-x86-arm-20240603-en
Max time kernel
7s
Max time network
131s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /storage/emulated/0/Android/data/com.sakai.imikowa2.pj/cache/pujia/patch.apk | N/A | N/A |
| N/A | /storage/emulated/0/Android/data/com.sakai.imikowa2.pj/cache/pujia/patch.apk | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.sakai.imikowa2.pj
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Android/data/com.sakai.imikowa2.pj/cache/pujia/patch.apk --output-vdex-fd=48 --oat-fd=105 --oat-location=/storage/emulated/0/Android/data/com.sakai.imikowa2.pj/cache/pujia/oat/x86/patch.odex --compiler-filter=quicken --class-loader-context=&
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.234:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | setting.adzcore.com | udp |
| US | 1.1.1.1:53 | setting.adzcore.com | udp |
| US | 1.1.1.1:53 | setting.adzcore.com | udp |
| US | 1.1.1.1:53 | setting.adzcore.com | udp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
Files
/data/data/com.sakai.imikowa2.pj/cache/1582435991586.jar
| MD5 | e8e0527a01aefdb89afd2c508f131da1 |
| SHA1 | f1103e6b260c657ceb3d95f1b023af3fda8b133a |
| SHA256 | f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce |
| SHA512 | fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34 |
/data/data/com.sakai.imikowa2.pj/databases/partytrack-journal
| MD5 | 539f03a6f21bbc3210ab4a02fe577143 |
| SHA1 | e4439dcdee30e9c87e7c92d43d2bde5f5af81ab5 |
| SHA256 | 6d4dfed2d2d11e3dc991e0aabac380ea8e20b0640b90a6b12359b30f2f02caa7 |
| SHA512 | 9246c66c4653884ac4fa93950894007197e8ccde8a6bf5a204be5e8557b274481c0a6192e3c54bfcd679ac7c157d6d434c72880c938289b130b4bc199910e243 |
/data/data/com.sakai.imikowa2.pj/databases/partytrack
| MD5 | 3fabf09ddda0c5c50006154a5101223b |
| SHA1 | 4ba5de973e1edf5b0259cd617808fc45e3c320e4 |
| SHA256 | cd16181d54b4b2fb2a46c517648bc09c59650144de19ef7164c26c4f4100cd69 |
| SHA512 | 91c868e590803eec6d572d19a0f836587aa2ee174877b524763cda8509293e458174184fab61509c956ad51d641d31ddc4c40f86a3ad044c22067c42f576e1b4 |
/data/data/com.sakai.imikowa2.pj/databases/partytrack-shm
| MD5 | cf845a781c107ec1346e849c9dd1b7e8 |
| SHA1 | b44ccc7f7d519352422e59ee8b0bdbac881768a7 |
| SHA256 | 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7 |
| SHA512 | 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612 |
/data/data/com.sakai.imikowa2.pj/databases/partytrack-wal
| MD5 | cf60f2fd6e4b79fe471c7bb32b23ae5c |
| SHA1 | 1d7c4306109d83717b252802e501a2e950942bd4 |
| SHA256 | f46cfe1c260a0b235a2442f7fdca90211a0a30f1b111b194522711ff6ed022b1 |
| SHA512 | af9537790a80da9d0f8c0c5abaf5db01edf13593d03bbec89adea09c6aa5c6ac637c31a2694d624bbc929b2f77812a122c4bc4813e3531bda2e482087953f686 |
/storage/emulated/0/Android/data/com.sakai.imikowa2.pj/cache/pujia/patch.apk
| MD5 | 4fbbfb5f86156ed67af4d6c6a4f3bb99 |
| SHA1 | cd0912603a759b9e74899ada8b18aa418c278b28 |
| SHA256 | 4fef18a19ac2625a353e3d9ccecbce3fedb5a71925b7419a5752dc8c02aafd4b |
| SHA512 | e14edf5a79f479c5c69fb3593d16ed64dec7b8f2c6ebbd8bbdd8927ff06ab9447d7c9e8ff6759b3e569dd414702a7396cc2f37dfb8845293754cd0ee01c28736 |
/storage/emulated/0/Android/data/com.sakai.imikowa2.pj/cache/pujia/patch.apk
| MD5 | 2b53405cabedd6139a945b097d292072 |
| SHA1 | fe01d81e66a5ad1539c51343e31acd7b684b4823 |
| SHA256 | 4d55b97d362af2cd13957e0f79a1f8a070f7644d337e7f57c628230247a3f0cd |
| SHA512 | d224c03104f75e2b8335158efc160b7dc125d389fd2a85ede2676375ec03a155306145cd53ea0ee3a3d1f34d201bf350d3b035e1cd17e24163662c83df74a63f |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-06 02:19
Reported
2024-06-06 02:33
Platform
android-x64-20240603-en
Max time network
5s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-06-06 02:19
Reported
2024-06-06 02:32
Platform
android-x64-arm64-20240603-en
Max time network
8s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-06-06 02:19
Reported
2024-06-06 02:43
Platform
android-x86-arm-20240603-en
Max time network
3s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-06-06 02:19
Reported
2024-06-06 02:43
Platform
android-x64-arm64-20240603-en
Max time network
5s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-06 02:19
Reported
2024-06-06 02:42
Platform
android-x86-arm-20240603-en
Max time network
6s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-06-06 02:19
Reported
2024-06-06 02:32
Platform
android-x64-arm64-20240603-en
Max time network
10s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.238:443 | tcp | |
| GB | 172.217.16.238:443 | tcp |
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-06-06 02:19
Reported
2024-06-06 02:42
Platform
android-x64-20240603-en
Max time network
7s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-06 02:19
Reported
2024-06-06 02:42
Platform
android-x86-arm-20240603-en
Max time network
6s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-06-06 02:19
Reported
2024-06-06 02:32
Platform
android-x64-20240603-en
Max time network
8s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |