Malware Analysis Report

2025-01-19 07:57

Sample ID 240610-p1aq3awerp
Target 9ab737fa6af42a76a8216791b6e77609_JaffaCakes118
SHA256 cf0dcacb466ca807a8a5d0789d5ea20e4d0f9baf418116fb1b3c9447b9f5485d
Tags
persistence
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

cf0dcacb466ca807a8a5d0789d5ea20e4d0f9baf418116fb1b3c9447b9f5485d

Threat Level: Shows suspicious behavior

The file 9ab737fa6af42a76a8216791b6e77609_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

persistence

Requests dangerous framework permissions

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-10 12:47

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 12:47

Reported

2024-06-10 12:50

Platform

android-x86-arm-20240603-en

Max time kernel

179s

Max time network

131s

Command Line

com.orange.android.xswswS.kuan

Signatures

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.orange.android.xswswS.kuan

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 stats.unity3d.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

/data/data/com.orange.android.xswswS.kuan/rs/0000

MD5 6190561108f6394ef0547427960f270c
SHA1 afa4818e03ce07bb0c9fa978d42c8b07bf3a55a4
SHA256 8830029f8354758a306248f9b5472e7dff3b8619c5b71d5349ca4ea6489b781a
SHA512 595f257273eb0ffaf01f567afd0adf717fa9ee7cb14248137bec6190391a465697c266894030af9ed007650428f92ebd5240c40aad47b992f7a637dad159afad

/data/data/com.orange.android.xswswS.kuan/rs/0000

MD5 1a0185a4508f03b4e27814217a878e99
SHA1 f0cdd4934fc2a578f8375750f76ecf41a126a768
SHA256 8c187612d6ffc5fb44f7e92c61585e0d56b66f14e2a17f3b46024119507eb2e3
SHA512 80becb4f59e363ffedf9daa4f5ccf599ee646431702318c60c32197f29b976811bc25eef442472959746905dcdd859de175daa1c93da4769650dfc68a7838fc1

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-10 12:47

Reported

2024-06-10 12:47

Platform

android-33-x64-arm64-20240603-en

Max time network

9s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 216.58.213.4:443 udp
GB 216.58.213.4:443 udp
N/A 224.0.0.251:5353 udp
GB 142.250.180.10:443 udp

Files

N/A