Malware Analysis Report

2025-01-19 07:54

Sample ID 240610-m62evsge3x
Target 9a7b45ed2ac4cd449e86a250565f29d2_JaffaCakes118
SHA256 9152d7562be30a66c7b53839eda91267e8a8551d457a678660a2873ca86d0d3a
Tags
persistence
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

9152d7562be30a66c7b53839eda91267e8a8551d457a678660a2873ca86d0d3a

Threat Level: Shows suspicious behavior

The file 9a7b45ed2ac4cd449e86a250565f29d2_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

persistence

Requests dangerous framework permissions

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-10 11:06

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 11:05

Reported

2024-06-10 11:19

Platform

android-x86-arm-20240603-en

Max time kernel

4s

Max time network

134s

Command Line

com.acravity.shenghuoyinli

Signatures

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.acravity.shenghuoyinli

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

/data/data/com.acravity.shenghuoyinli/databases/bugly_db_legu-journal

MD5 9617b55bf9eaa0c557397558eae2b403
SHA1 ac955f05db93b01c9665763fe7d0c3e20e5c329a
SHA256 2a34a50ea4538f0a211b6f7bd3f5d3d1f215bd46382e2c095ec13a7109b97ed2
SHA512 56d602ab7f0e6cf6a1cb13c7a4c5fdfd8294ba88f4fd457a74146044d158a2ee84ef32cb2b9ddbbd3a91ae69244300a481d47dec706ab89879b3b1cca0e2b75a

/data/data/com.acravity.shenghuoyinli/databases/bugly_db_legu

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.acravity.shenghuoyinli/databases/bugly_db_legu-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/com.acravity.shenghuoyinli/databases/bugly_db_legu-wal

MD5 a725d7c76ccf2c6bd25020a6933ac28d
SHA1 99884925a24d4f224ca4ea836677e46bff5fc1ff
SHA256 90537bfb32f318e0caf64a0b155f993357f43f69909735967e5051cf28f8930c
SHA512 ecd96f7c6399f8d2b9a612741425257949581ec66209a8736745bb19ee636d1b42b15e558b4c1eed14a572651a1da4b6466a927bcc342de0d3d9608e097524d2