Malware Analysis Report

2025-01-19 07:54

Sample ID 240610-np8chshc5y
Target 9a868c13ca6f47fb6b234547ee2357f9_JaffaCakes118
SHA256 5ac6161e21943feafe24ef1d17f0b6fc9cdc3ca733ad754cb0c56b68d7a9713d
Tags
discovery persistence
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

5ac6161e21943feafe24ef1d17f0b6fc9cdc3ca733ad754cb0c56b68d7a9713d

Threat Level: Shows suspicious behavior

The file 9a868c13ca6f47fb6b234547ee2357f9_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery persistence

Queries the mobile country code (MCC)

Requests dangerous framework permissions

Queries information about active data network

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-10 11:35

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 11:35

Reported

2024-06-10 11:38

Platform

android-x86-arm-20240603-en

Max time kernel

26s

Max time network

138s

Command Line

com.MyFusApp.yihaorenqiwang

Signatures

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.MyFusApp.yihaorenqiwang

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 yihao.dswang.cn udp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp

Files

/data/data/com.MyFusApp.yihaorenqiwang/files/AdBlocker.lua

MD5 b3dd91cb780ae5107d2169e4bd1a95d6
SHA1 e72ef4c408940e9f46c39c1505d20421193925f7
SHA256 e0e8d0b8fc69c370c062e75c78cea5a97db29484a4c6be66e14777f5db72816c
SHA512 e88f497cdab055fa0cbcf66fe0a90bf63c91be6e987f91dc036c31f7ff3d9732959c972488795797bdc20d6ec7eed2e5cedd149a5709084bead599d79dbd08bc

/data/data/com.MyFusApp.yihaorenqiwang/files/BaseFunlib.lua

MD5 5b914564e81b2a5ffab882ab0ec9b9a0
SHA1 343c0b9c7d5594283b830011bd6529ef96be1f8f
SHA256 8375a6a543f2d032bd60b5fd9cfcbbc553585f4b71c5dc8c88d3474ae4d71308
SHA512 5526f667f84c0fbc8a4dad70fe06d80c111ebcdab72cc5a6964c7e8bd74268db8b3653a9f9f320819688c546b108146c030d6064512007ac63ccab3b0d18633e

/data/data/com.MyFusApp.yihaorenqiwang/files/Util.lua

MD5 5a8ff165c1311abe780b092ed79f684a
SHA1 353cd2b240f7ebb7ad51dee8ce10ee85676a88e0
SHA256 142269a62435d8d372c301d99096c4e2edb79921a8960291350d3c323343232a
SHA512 1a4e4c777540741482c7da01ece6cfb19cb167298cf052178eecee5b8a5f4510cd89d60ab22950c1258382701f5dd22ba5917003aaf22d2fb0e668baf310d0c3

/data/data/com.MyFusApp.yihaorenqiwang/files/config.lua

MD5 a90831731abcd60918b7a02ded48154e
SHA1 33ae35899cc37a17c8f963686de14161d9e18374
SHA256 7d48a6435cdd427b7e014e5d445d8f2949d68970ab21636b01beeeeaa54a1d11
SHA512 ed57909f03f4300a56a62e6062f4450839deb4ff517d75c078683d74a6740d9a195b031603b3567ec51355d89786f7d87d7e0c717a2f2ac2f1f563d06721b23d

/data/data/com.MyFusApp.yihaorenqiwang/files/icon.png

MD5 2e2d4d12a5649b92ebf87619fd9e81e0
SHA1 e277d4fd8122625e99bcb0606c419d2fe0329bae
SHA256 3a87360e5b4635023120868d268ea22e35d849ca8bb4a8bc6014d4da7b403375
SHA512 5334ed59b2aba2b409c46b3ec271806fa56eac207150e58c5e6b48d4b48bc81360b73d603590dee15ca8147375c9e0d9dc558149f84597e7010b028f5535fab1

/data/data/com.MyFusApp.yihaorenqiwang/files/init.lua

MD5 0678f73db43b02879d0baf264106057f
SHA1 ad2d4648f08c086fb9df68ed2cd815b42b7a2886
SHA256 2df675ebe6ddfac2f581624e25e9be23a3e4334fa988cc327f0a1cbd7edc8262
SHA512 809f7d625a465525fbc08eaba5a6cec16fa859f8c1bdc9838cfcc21e9d1b2fddf1126120452f9d7716623adc90ae9912bc3518828c939fa62e1b02455f2eae0b

/data/data/com.MyFusApp.yihaorenqiwang/files/main.lua

MD5 0c6625fed8c0dd21ec821ab150b40692
SHA1 0c90934bac177f48851c2b245d04381e5d0d033f
SHA256 494377f857f7fc69ff0e14b48b443843342699b570a615a8e3d6821858d46bb4
SHA512 3267b8999f7a26d113205eee31532c98dbc62bd6de426288c043860151e58709730f89e2b8d31738570c8a5a1fb08ffa416d74ebf7e5ae18e80b024f5dd0da47

/data/data/com.MyFusApp.yihaorenqiwang/files/popMenuFunc.lua

MD5 e383e05957ce8fe9aa10f239b105327b
SHA1 7a264a0889d6510e6a0f02b9aaa4d68667bfb735
SHA256 df9a884e57cf43f76784bbc0bfa26178952a3315049daa0efdc05e237f9c4d54
SHA512 b647875a868801ca1ee6689f7961cb7bb0b96278a99ec1a9b918db5e378bfa725cb4a1d1fa6cf95c8ef4d1eb59bdae00e0c86a4ca240b472ee443da897edc6c4

/data/data/com.MyFusApp.yihaorenqiwang/files/sub/1581745213/config.table

MD5 a14274d861ca73731e64d0180243c960
SHA1 4346e227112caa44ea1cfd8a0c6de303863fbb59
SHA256 03a58c1255483381e1e00b09bf8689c16e7674d20ece0b7286cc126b2ff2707b
SHA512 7be94effefb863ac983fea78e626461b17ae97f9cd4347262505e6c4a5a71dee98cd2156a5e62ac64beda20af297dbe7412413252c2ff9a89c7ea4a5a8673d69

/data/data/com.MyFusApp.yihaorenqiwang/files/sub/1581745213/init.lua

MD5 c341cfc744d876b923b2985de354afe4
SHA1 57fb3e583ea8e65e01ac12bfc71b8ffca11da598
SHA256 30e6241ea3b109dba62d45b844e22254b7d231e3402cdb03c29f2ba062031990
SHA512 221046025282d529041c97a0ebe078d833fc002b051ac2386e36e2b14a1bc46c4f74e4308846f137a7c2936a1c7a801d01418165a542d3e5cbbe3d2935efc4cd

/data/data/com.MyFusApp.yihaorenqiwang/files/sub/1581745213/utils.lua

MD5 58b3c48daf9316e4318a8ab2dcb86c29
SHA1 330129216d31e7d4bc754fefd05745b97969070c
SHA256 17e75345a9a93cc6f5bd8c85c9d3851b124e81d451313a09b5f4ea2fa3e569b6
SHA512 50c496bb4a5471513f4c5c39b80ced80353ffaba010b38cc75313518b9087dc2a0d8f80c4eb1a4eed229ae880d770589e9c3185a2f8947577ceafd2cae1f0e3d

/data/data/com.MyFusApp.yihaorenqiwang/files/welcome.png

MD5 1fc46aac9c575fe7be1011757833b6d6
SHA1 a744e2387ed58c82bf2e87e39055676287fba58c
SHA256 f330536bbbde1b7b72f64dc528c46cac4dfa098e1a6a149d271883deb739e925
SHA512 4a2717e85c577cbd1193ecf1ee324615fbec086ab97d94d704e8285eb84e5ca7bce7c720bb6369044748a5b989420825674266294faa8d8e657636afa9dd60f0

/data/data/com.MyFusApp.yihaorenqiwang/app_lua/import.lua

MD5 35f2594998b871efe01feb631eedcaa8
SHA1 c8f0737859fb9b2afee46c16c1681860297cc212
SHA256 3259dceb0a7dbb4117f62b5ff2c24fd54def478658fdb81728af3356c4cd41b3
SHA512 d447b95dda0e43929f8446f243df7a3c9cf94ebfc15491d703d8bb365e3efce25b8ad1043693c4acfd958ab2f455a650cd6e8125045890822169927ab10003f1

/data/data/com.MyFusApp.yihaorenqiwang/app_lua/loadbitmap.lua

MD5 5cee84e76661f218683a84d8bc94c235
SHA1 95c21eafd2d614b29e94bf883258c93cc1e7870c
SHA256 76280590358396730600471c6a06d7c1547d617c3cfbc91f2dc545a574bed2fc
SHA512 94169c7f30506a3e7f928ee4ce8a3b43a7f4ce821bb24596d477be34ab8186992837efc9152a53a31c0441a44a895d09a3b68407beeab7ea77b3e526aac3ac66

/data/data/com.MyFusApp.yihaorenqiwang/app_lua/loadlayout.lua

MD5 db9b960c8c43da10a87812029ee7f5f4
SHA1 b5ca83f694c5ff51d405dc679a518baecdc45b2a
SHA256 436ce1d2ffb72829d7e2b00186ae4dd8f44f99d8e7cb67e359c37e260fb96efb
SHA512 2b48a4d223ec8d145c7167bbc1c32c66225b3075b2fd03ce00346bc5b0c62c6073065f93303b4981be8cc87ae26a310d209ed46ccaff3ae097e116e45e5a7cc5

/data/data/com.MyFusApp.yihaorenqiwang/app_lua/loadmenu.lua

MD5 439087f12946e6a37f25d5d12a20cdd1
SHA1 1770574e5bfc5053d1fca62dc671d6efe077be38
SHA256 ff21bfad844982e7d3019113f3a014f099c7daa63bded998d51c7b6dba033989
SHA512 7bff6c5a5c3635187c62fe5dd5d9d6cd46e1a60c74a6143627847a039c0da7278a8915d51c0e4257840f1e507f95e2175891f2e72abd7895879971364f1a7c87