Analysis Overview
SHA256
9152d7562be30a66c7b53839eda91267e8a8551d457a678660a2873ca86d0d3a
Threat Level: Shows suspicious behavior
The file 9a7b45ed2ac4cd449e86a250565f29d2_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Requests dangerous framework permissions
Registers a broadcast receiver at runtime (usually for listening for system events)
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-10 11:06
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-10 11:05
Reported
2024-06-10 11:19
Platform
android-x86-arm-20240603-en
Max time kernel
4s
Max time network
134s
Command Line
Signatures
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Processes
com.acravity.shenghuoyinli
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
Files
/data/data/com.acravity.shenghuoyinli/databases/bugly_db_legu-journal
| MD5 | 9617b55bf9eaa0c557397558eae2b403 |
| SHA1 | ac955f05db93b01c9665763fe7d0c3e20e5c329a |
| SHA256 | 2a34a50ea4538f0a211b6f7bd3f5d3d1f215bd46382e2c095ec13a7109b97ed2 |
| SHA512 | 56d602ab7f0e6cf6a1cb13c7a4c5fdfd8294ba88f4fd457a74146044d158a2ee84ef32cb2b9ddbbd3a91ae69244300a481d47dec706ab89879b3b1cca0e2b75a |
/data/data/com.acravity.shenghuoyinli/databases/bugly_db_legu
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.acravity.shenghuoyinli/databases/bugly_db_legu-shm
| MD5 | cf845a781c107ec1346e849c9dd1b7e8 |
| SHA1 | b44ccc7f7d519352422e59ee8b0bdbac881768a7 |
| SHA256 | 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7 |
| SHA512 | 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612 |
/data/data/com.acravity.shenghuoyinli/databases/bugly_db_legu-wal
| MD5 | a725d7c76ccf2c6bd25020a6933ac28d |
| SHA1 | 99884925a24d4f224ca4ea836677e46bff5fc1ff |
| SHA256 | 90537bfb32f318e0caf64a0b155f993357f43f69909735967e5051cf28f8930c |
| SHA512 | ecd96f7c6399f8d2b9a612741425257949581ec66209a8736745bb19ee636d1b42b15e558b4c1eed14a572651a1da4b6466a927bcc342de0d3d9608e097524d2 |