Analysis Overview
SHA256
3750b4bce7eba6348ad2fe5af561945b6f767cc6c721452b2a95bff8f6179b85
Threat Level: Shows suspicious behavior
The file 99d118ce604bb11558304f97993be031_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Requests dangerous framework permissions
Uses Crypto APIs (Might try to encrypt user data)
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-06 02:30
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to collect component usage statistics. | android.permission.PACKAGE_USAGE_STATS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-06 02:30
Reported
2024-06-06 02:34
Platform
android-x64-20240603-en
Max time kernel
2s
Max time network
133s
Command Line
Signatures
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.amex.dotavideostation
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.16.232:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.200.46:443 | tcp | |
| GB | 172.217.169.66:443 | tcp | |
| GB | 142.250.187.228:443 | tcp | |
| GB | 142.250.187.228:443 | tcp |
Files
/data/data/com.amex.dotavideostation/cache/dataservice.db-journal
| MD5 | ba613c64f352271b372cf1494710be2d |
| SHA1 | be12a68eb1e1db7b77f1feb036361dfdb40537ba |
| SHA256 | 5e7868b5252e00e3291ead10515613ed5ddd6807bf4cf8187be6db9cbaa6265f |
| SHA512 | a1de4524d2ba6fdb2591650d2b0cd30b0355b4de0f38ab3484d46300667a9387d94e28e4b466cdfcfb893c11e8cd8ce6d045462ef79a1d44551571ca9b0c46bb |
/data/data/com.amex.dotavideostation/cache/dataservice.db
| MD5 | d1e1dd60e90e8b72373af5e5b412d54e |
| SHA1 | 341f39a7817cacbaf2746866dea9bc7352446e1f |
| SHA256 | 022b95e07cfb4ebbb61b71a16348e5f41efbc0c011708224a0c461434f9595ff |
| SHA512 | a1b31281b057a610e8d700c65f85036aa2c29646452e397151f9c3b4f46c25ce352b1f27c44cc83a4e230b7c9c5a01c670d3c5ec9af17ae28c4c208ea8979346 |
/data/data/com.amex.dotavideostation/cache/dataservice.db-journal
| MD5 | 9dd3e64e4386eee2183964357c7f38c8 |
| SHA1 | 5d76a8097d96704b6b2fe0aff06809c189cdc0c5 |
| SHA256 | 72800091bb7739add5555472739c36e2d108dfa644d3e62668333304b17ffb94 |
| SHA512 | 398cd1827723596c74f03ded4f14101245db3d30d644f8998921df01160a71d50618e8cfdb3745933737a7d671e446250d7a9925ecd02d92858be662d03a152b |
/data/data/com.amex.dotavideostation/cache/dataservice.db-journal
| MD5 | 0fa04dda6226d63fc5b71b6cc63f48eb |
| SHA1 | 74fd3dbd42eddb657526b1b4b37514f5d1e147dc |
| SHA256 | 955842e1f86be79a2ef72f868049cf0a219e69af7bcbc1df4c1a3da75dbfa2a6 |
| SHA512 | 46a38aedb4c6af78cd3212a01d0e6477f0205ecafdc6b1f932fd6182df82750518cf8e835f61752152af58fd693b25bdc01d07585074a38a39cbc4df3704714d |
Analysis: behavioral8
Detonation Overview
Submitted
2024-06-06 02:30
Reported
2024-06-06 02:31
Platform
android-x64-arm64-20240603-en
Max time network
8s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.238:443 | tcp | |
| GB | 142.250.187.238:443 | tcp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-06 02:30
Reported
2024-06-06 02:31
Platform
android-x86-arm-20240603-en
Max time network
5s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-06 02:30
Reported
2024-06-06 02:31
Platform
android-x64-20240603-en
Max time network
7s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-06 02:30
Reported
2024-06-06 02:31
Platform
android-x64-arm64-20240603-en
Max time network
8s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-06 02:30
Reported
2024-06-06 02:31
Platform
android-x86-arm-20240603-en
Max time network
6s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-06-06 02:30
Reported
2024-06-06 02:31
Platform
android-x64-20240603-en
Max time network
7s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-06 02:30
Reported
2024-06-06 02:34
Platform
android-x86-arm-20240603-en
Max time kernel
2s
Max time network
151s
Command Line
Signatures
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.amex.dotavideostation
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| GB | 216.58.201.110:443 | tcp | |
| GB | 142.250.187.194:443 | tcp |
Files
/data/data/com.amex.dotavideostation/cache/dataservice.db-journal
| MD5 | ef0911f06e3ee779d9c8535157cd1b22 |
| SHA1 | 93e3361be74c57c3749d5703d3c7ada4f05cf48a |
| SHA256 | 28f9034f287c0f812ce8345088d14294261d3e872ce39385f49a9938b8d8fd73 |
| SHA512 | 57910935b9b03daad23b780205170d299ddb25014e2598df86766506608c69c787b142e1ef99e632da69a74f96041ebc218ee20c4401ee2faec66ace540fa79e |
/data/data/com.amex.dotavideostation/cache/dataservice.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.amex.dotavideostation/cache/dataservice.db-wal
| MD5 | 417ad95e52298c7348fafb2edf054e0f |
| SHA1 | ad84e25fdaa4f312819be82eefced05657edc841 |
| SHA256 | 842393e5bf688c3aaf2533c280a151126d533a427882f5bc3eff7dabc6f819f4 |
| SHA512 | 14a8907260b774019b052d510f569634b1baf1d37f05e598719cc7907430b6033153884b648626a4ec3981faf2afab17ee2a3705e72007f0d9598789e21821d0 |