Malware Analysis Report

2025-01-19 08:06

Sample ID 240606-czj7wseh6s
Target 99d118ce604bb11558304f97993be031_JaffaCakes118
SHA256 3750b4bce7eba6348ad2fe5af561945b6f767cc6c721452b2a95bff8f6179b85
Tags
impact
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

3750b4bce7eba6348ad2fe5af561945b6f767cc6c721452b2a95bff8f6179b85

Threat Level: Shows suspicious behavior

The file 99d118ce604bb11558304f97993be031_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

impact

Requests dangerous framework permissions

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-06 02:30

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to collect component usage statistics. android.permission.PACKAGE_USAGE_STATS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-06 02:30

Reported

2024-06-06 02:34

Platform

android-x64-20240603-en

Max time kernel

2s

Max time network

133s

Command Line

com.amex.dotavideostation

Signatures

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.amex.dotavideostation

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
GB 142.250.200.46:443 tcp
GB 172.217.169.66:443 tcp
GB 142.250.187.228:443 tcp
GB 142.250.187.228:443 tcp

Files

/data/data/com.amex.dotavideostation/cache/dataservice.db-journal

MD5 ba613c64f352271b372cf1494710be2d
SHA1 be12a68eb1e1db7b77f1feb036361dfdb40537ba
SHA256 5e7868b5252e00e3291ead10515613ed5ddd6807bf4cf8187be6db9cbaa6265f
SHA512 a1de4524d2ba6fdb2591650d2b0cd30b0355b4de0f38ab3484d46300667a9387d94e28e4b466cdfcfb893c11e8cd8ce6d045462ef79a1d44551571ca9b0c46bb

/data/data/com.amex.dotavideostation/cache/dataservice.db

MD5 d1e1dd60e90e8b72373af5e5b412d54e
SHA1 341f39a7817cacbaf2746866dea9bc7352446e1f
SHA256 022b95e07cfb4ebbb61b71a16348e5f41efbc0c011708224a0c461434f9595ff
SHA512 a1b31281b057a610e8d700c65f85036aa2c29646452e397151f9c3b4f46c25ce352b1f27c44cc83a4e230b7c9c5a01c670d3c5ec9af17ae28c4c208ea8979346

/data/data/com.amex.dotavideostation/cache/dataservice.db-journal

MD5 9dd3e64e4386eee2183964357c7f38c8
SHA1 5d76a8097d96704b6b2fe0aff06809c189cdc0c5
SHA256 72800091bb7739add5555472739c36e2d108dfa644d3e62668333304b17ffb94
SHA512 398cd1827723596c74f03ded4f14101245db3d30d644f8998921df01160a71d50618e8cfdb3745933737a7d671e446250d7a9925ecd02d92858be662d03a152b

/data/data/com.amex.dotavideostation/cache/dataservice.db-journal

MD5 0fa04dda6226d63fc5b71b6cc63f48eb
SHA1 74fd3dbd42eddb657526b1b4b37514f5d1e147dc
SHA256 955842e1f86be79a2ef72f868049cf0a219e69af7bcbc1df4c1a3da75dbfa2a6
SHA512 46a38aedb4c6af78cd3212a01d0e6477f0205ecafdc6b1f932fd6182df82750518cf8e835f61752152af58fd693b25bdc01d07585074a38a39cbc4df3704714d

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-06 02:30

Reported

2024-06-06 02:31

Platform

android-x64-arm64-20240603-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-06 02:30

Reported

2024-06-06 02:31

Platform

android-x86-arm-20240603-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-06 02:30

Reported

2024-06-06 02:31

Platform

android-x64-20240603-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-06 02:30

Reported

2024-06-06 02:31

Platform

android-x64-arm64-20240603-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-06 02:30

Reported

2024-06-06 02:31

Platform

android-x86-arm-20240603-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-06 02:30

Reported

2024-06-06 02:31

Platform

android-x64-20240603-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-06 02:30

Reported

2024-06-06 02:34

Platform

android-x86-arm-20240603-en

Max time kernel

2s

Max time network

151s

Command Line

com.amex.dotavideostation

Signatures

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.amex.dotavideostation

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
GB 216.58.201.110:443 tcp
GB 142.250.187.194:443 tcp

Files

/data/data/com.amex.dotavideostation/cache/dataservice.db-journal

MD5 ef0911f06e3ee779d9c8535157cd1b22
SHA1 93e3361be74c57c3749d5703d3c7ada4f05cf48a
SHA256 28f9034f287c0f812ce8345088d14294261d3e872ce39385f49a9938b8d8fd73
SHA512 57910935b9b03daad23b780205170d299ddb25014e2598df86766506608c69c787b142e1ef99e632da69a74f96041ebc218ee20c4401ee2faec66ace540fa79e

/data/data/com.amex.dotavideostation/cache/dataservice.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.amex.dotavideostation/cache/dataservice.db-wal

MD5 417ad95e52298c7348fafb2edf054e0f
SHA1 ad84e25fdaa4f312819be82eefced05657edc841
SHA256 842393e5bf688c3aaf2533c280a151126d533a427882f5bc3eff7dabc6f819f4
SHA512 14a8907260b774019b052d510f569634b1baf1d37f05e598719cc7907430b6033153884b648626a4ec3981faf2afab17ee2a3705e72007f0d9598789e21821d0