Analysis Overview
SHA256
d2577719bd1817b27f5ea0f143ac5a67c238c5e7d93399dc960a4923e60bf45c
Threat Level: Shows suspicious behavior
The file 9a6e0298e290d194e2e92285753daf67_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Queries information about the current nearby Wi-Fi networks
Obtains sensitive information copied to the device clipboard
Requests cell location
Reads information about phone network operator.
Queries the mobile country code (MCC)
Queries information about the current Wi-Fi connection
Queries the unique device ID (IMEI, MEID, IMSI)
Requests dangerous framework permissions
Queries information about active data network
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks CPU information
Checks memory information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-10 07:36
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-10 07:34
Reported
2024-06-10 07:39
Platform
android-x86-arm-20240603-en
Max time kernel
28s
Max time network
131s
Command Line
Signatures
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.msxf.localapp8512
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | hmma.baidu.com | udp |
| HK | 103.235.47.161:80 | hmma.baidu.com | tcp |
| US | 1.1.1.1:53 | www.msxf.net | udp |
| CN | 119.29.168.97:80 | www.msxf.net | tcp |
| US | 1.1.1.1:53 | api.msxf.net | udp |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.206:443 | android.apis.google.com | tcp |
Files
/data/data/com.msxf.localapp8512/files/__local_stat_cache.json
| MD5 | 2d805b13f2f28dc3ca9bbcc000f49bb5 |
| SHA1 | 9eac165b4d81258fd3967cde5cc53b53b1dabcb1 |
| SHA256 | c8a6624f390568f0ddcb9841336aec6a564460fdaf6624e562b32935b8956f19 |
| SHA512 | 5db8c57bab36bcf9db698c1dce70318cbffc156dd1d1c1e09e5b7ba60aff07b598ebbf26c4bd8a2b03bd6e59ef2dde2d944a22a8d8a19ecc8378e83afb7c83b0 |
/data/data/com.msxf.localapp8512/files/__local_last_session.json
| MD5 | caa989b9f9e859533be52f8284f9f03f |
| SHA1 | f258b65d7fd29013d4b7fb4ed7f9e7dfab998224 |
| SHA256 | 61bc5b84f65d14ecf80bace3518e59368e7a15ced56bb7f8e7b4d57f28bcbb6b |
| SHA512 | d741681103063f1463a07b1492e868211f8feede83173de9c058bc37e7e2a5dd2556cf988c26db5f3aa4ccaab7795b6901674a5cebcf2a20ac5f507789344fe9 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-10 07:34
Reported
2024-06-10 07:39
Platform
android-x64-20240603-en
Max time kernel
47s
Max time network
150s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Queries the unique device ID (IMEI, MEID, IMSI)
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.msxf.localapp8512
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | hmma.baidu.com | udp |
| HK | 103.235.47.161:80 | hmma.baidu.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.16.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | www.msxf.net | udp |
| CN | 119.29.168.97:80 | www.msxf.net | tcp |
| US | 1.1.1.1:53 | api.msxf.net | udp |
| GB | 142.250.187.234:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 172.217.169.14:443 | tcp | |
| GB | 142.250.187.226:443 | tcp | |
| GB | 142.250.187.228:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.169.68:443 | www.google.com | tcp |
| GB | 142.250.200.14:443 | tcp |
Files
/data/data/com.msxf.localapp8512/files/__local_stat_cache.json
| MD5 | 2d805b13f2f28dc3ca9bbcc000f49bb5 |
| SHA1 | 9eac165b4d81258fd3967cde5cc53b53b1dabcb1 |
| SHA256 | c8a6624f390568f0ddcb9841336aec6a564460fdaf6624e562b32935b8956f19 |
| SHA512 | 5db8c57bab36bcf9db698c1dce70318cbffc156dd1d1c1e09e5b7ba60aff07b598ebbf26c4bd8a2b03bd6e59ef2dde2d944a22a8d8a19ecc8378e83afb7c83b0 |
/data/data/com.msxf.localapp8512/files/__local_last_session.json
| MD5 | b5f457a26b047044648e82d77f049e40 |
| SHA1 | 8880fd02f10a18bb8ab8c828d6ab4d6879c47e80 |
| SHA256 | 9f15fa818752fa23a548d073a7973d379e284f2537226bbd97773939363074d2 |
| SHA512 | 4cc098cced169811c462edae8268dbbc9557a78eae8b2cad6747f0b9110f5ec87f799568cc4a46fb9110519cf8e63eaa11531ae93c2eaba5a0ab125a8290af42 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-10 07:34
Reported
2024-06-10 07:39
Platform
android-x64-arm64-20240603-en
Max time kernel
28s
Max time network
132s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Reads information about phone network operator.
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.msxf.localapp8512
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.238:443 | tcp | |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | hmma.baidu.com | udp |
| HK | 103.235.47.161:80 | hmma.baidu.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | www.msxf.net | udp |
| CN | 119.29.168.97:80 | www.msxf.net | tcp |
| US | 1.1.1.1:53 | api.msxf.net | udp |
| GB | 172.217.169.68:443 | tcp | |
| GB | 172.217.169.68:443 | tcp |
Files
/data/user/0/com.msxf.localapp8512/files/__local_stat_cache.json
| MD5 | 2d805b13f2f28dc3ca9bbcc000f49bb5 |
| SHA1 | 9eac165b4d81258fd3967cde5cc53b53b1dabcb1 |
| SHA256 | c8a6624f390568f0ddcb9841336aec6a564460fdaf6624e562b32935b8956f19 |
| SHA512 | 5db8c57bab36bcf9db698c1dce70318cbffc156dd1d1c1e09e5b7ba60aff07b598ebbf26c4bd8a2b03bd6e59ef2dde2d944a22a8d8a19ecc8378e83afb7c83b0 |
/data/user/0/com.msxf.localapp8512/files/__local_last_session.json
| MD5 | 7271ef9efda796eaebd8a3ee7b1adc30 |
| SHA1 | 99b706855895006ad03346a930a4490624946e98 |
| SHA256 | 80b47ee9da83725556b0c964d648acbe14b39a8c6811b84e9906afc075673ae7 |
| SHA512 | a4234ca69735614870553b6a2d8f277211bbfa27dd4c72b7b997148740b5cc36113f175ee17920467436cc3bb7894200b8c157c5e776787f7aa6cb5ca048c7d3 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-10 07:34
Reported
2024-06-10 07:39
Platform
android-x86-arm-20240603-en
Max time kernel
3s
Max time network
131s
Command Line
Signatures
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Processes
com.alipay.android.app
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |