Analysis Overview
SHA256
1d8772aab9c43e235e1d5931da2e0d5a69d834f0bd2aa1c1681aeb81b4cecc9f
Threat Level: Shows suspicious behavior
The file 9a9d2b345a65b67f738c1cc754122443_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Requests dangerous framework permissions
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks CPU information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-10 12:09
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-10 12:08
Reported
2024-06-10 12:09
Platform
android-x64-arm64-20240603-en
Max time network
7s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-10 12:08
Reported
2024-06-10 12:09
Platform
android-x86-arm-20240603-en
Max time network
6s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-10 12:08
Reported
2024-06-10 12:12
Platform
android-x86-arm-20240603-en
Max time kernel
88s
Max time network
170s
Command Line
Signatures
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Processes
com.xingjie.shengdong
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.16.234:443 | tcp | |
| GB | 172.217.169.35:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | config.uca.cloud.unity3d.com | udp |
| US | 34.111.113.40:443 | config.uca.cloud.unity3d.com | tcp |
| US | 1.1.1.1:53 | api.uca.cloud.unity3d.com | udp |
| US | 34.107.172.168:443 | api.uca.cloud.unity3d.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
Files
/storage/emulated/0/Android/data/com.xingjie.shengdong/files/Save/GameData.json.tmp
| MD5 | 355eb73ced94c62e0de0c85f8a2d0369 |
| SHA1 | 5bd74b61ed790677429925caa0882c9771a78f58 |
| SHA256 | de2db390fb7b18682cdad3aa9a7551b4c7abbbdbb5d360bf8fcaf06be45313a4 |
| SHA512 | 915adaf6cb1c0ea75cd4bbe6c87150ce45ce0fee79677ec071884d818a502a96c17025482b67f685dd33cc95bd2ac0ca58b7698f7411f05104602a33c9f433bc |
/storage/emulated/0/Android/data/com.xingjie.shengdong/files/Save/GameData.json.tmp
| MD5 | eec98e49ba987390ddf75b69a79cb06f |
| SHA1 | d9460199674747bb33e154652d27a9f8ca18c012 |
| SHA256 | 04d1d80628cfb4074698d6f6dfaff920abc513d43dccea46ba56f4887086fa5c |
| SHA512 | 024f574033ead63c320f6835557cfeb30198274dfaf1a532b88c7e52fe6e884dcbf086a3a8249f4001d96a2037f1a6e32d0177cb7d4b85cd21737907e1a13585 |
/storage/emulated/0/Android/data/com.xingjie.shengdong/files/Unity/local.07a83721014ed4446a4831b4797bdded/Analytics/config
| MD5 | 8673a8ac0b06a9d056d08d62f857ba4b |
| SHA1 | a351bea1932270bafbe468584058fef20dcfc31e |
| SHA256 | 83b3f90c4edf1f122c8faf9784ca0aee4dd017c65493ac181c1814211703db96 |
| SHA512 | edf28eb7fcef654f139285d308f817ee230d6f064a4c865109d6dfe6f73c11f8f35737c8159c8a302118237ab980899ba5773f547cc9da4028643a53b08e324f |
/storage/emulated/0/Android/data/com.xingjie.shengdong/files/Unity/local.07a83721014ed4446a4831b4797bdded/Analytics/ArchivedEvents/171802137500000.171df4fd/s
| MD5 | 82c6a2419305947b347f668b9c5273ab |
| SHA1 | 2bd1ff8f2229d4f28b0ad26a7afcdfd20f849c83 |
| SHA256 | c0b828673b87813a1cf920bfac40decdd00d3c5a756791de55befc13ffa4e158 |
| SHA512 | d27497171d804f98655442928ae635bc4100ab5125def2106f4f1600d4546a5ad6bc6099a24e3db6db76ebf0443935e989a187136bb13c17b52ce942f6201755 |
/storage/emulated/0/Android/data/com.xingjie.shengdong/files/Unity/local.07a83721014ed4446a4831b4797bdded/Analytics/ArchivedEvents/171802137500000.171df4fd/e
| MD5 | 3eb44a982d9487f4b49ac7f9bec39505 |
| SHA1 | 0ac459c8e4c22e86c83f25a1b5aa87d8150752ae |
| SHA256 | 8432cbd5b397563dabe5128a11a6db7b04f3b4b4a1d1c8b46aa2eab484721e60 |
| SHA512 | 1fc62d2c2cbced020fde7b25178b6b8a9aa0132330398ba92873751ad1e6d28d13d3c19bb554946d1e4738d2fe14d7221873331f2ee54b7b484f73cbad8ce1e0 |
/storage/emulated/0/Android/data/com.xingjie.shengdong/files/Unity/local.07a83721014ed4446a4831b4797bdded/Analytics/ArchivedEvents/171802137600001.171df4fd/e
| MD5 | d877ae33495fb23808ae83cfd08d0202 |
| SHA1 | 558dfd9053e4a70e747ee95f31d1861ddc83fdb1 |
| SHA256 | 17d8fbfb0eec75e7a20de8a4b33b4d5673457955db575dea0ba4a36e802684de |
| SHA512 | 285638ab6c7bb7958447fb8b8be9a85e0315520794435c0a0ca36691eeecdd5d2d8634fef6d8f2a712dad7fa91a0478e39ee1ff6f23bd6928cfc7b67cf101dcf |
/storage/emulated/0/Android/data/com.xingjie.shengdong/files/Unity/local.07a83721014ed4446a4831b4797bdded/Analytics/values
| MD5 | 0c3381e6856f4fdd7294ff0053619ff6 |
| SHA1 | 04088fedd4bc6092b65d54ffd25b08690da0d60a |
| SHA256 | 9ad9b4d3924fd6378e3a11d28029931349342b77d0653ef9e4131ff4eebbd6f1 |
| SHA512 | bf32c5b030c2125628b344f741e198b23eb48f2677dd14081bdb0b2c1be2a6fda9d3b08e0553fa976c8e3f2a457eee61ef6c55bf1314566b372ae202e9085a46 |
/storage/emulated/0/Android/data/com.xingjie.shengdong/files/Unity/local.07a83721014ed4446a4831b4797bdded/Analytics/ArchivedEvents/171802137600002.171df4fd/e
| MD5 | b9703208bed09fb8b450a1ba1b512db7 |
| SHA1 | 5a68dbb53d770856c00a5932cda737797d081601 |
| SHA256 | 740ff7b34f0c7a2efcb06db7f6fcac1320944445eef726a5a168ecd3f0a79838 |
| SHA512 | 622c4e097fd3384e0f598b5e19ea98f27e1c66303e867defc6df800d26e146f7cfda4ea6babb7cc77a74cb26177316f7584bca4cb9b903b8e081e6acbf7bb112 |
/storage/emulated/0/Android/data/com.xingjie.shengdong/files/Unity/local.07a83721014ed4446a4831b4797bdded/Analytics/ArchivedEvents/171802137600002.171df4fd/e
| MD5 | e8fbbe37aae22fc8e8cf74299e06fd2d |
| SHA1 | ea9e21f728d9adf634ef10bea2463ad746fbe92d |
| SHA256 | 8df3beab2b0f5bd038f4c69a9a6308b96e59ee60dbf8378cbc151ab986859648 |
| SHA512 | dbe8c41cfd0d338a880ed479ac4cb48f7f265afb9fcb662f4ad7c54cd2649340d65b873afaf4f6262ff4b0a06be2cd9c5d5ceeffa5fee2391c358c0d723ad1ff |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-10 12:08
Reported
2024-06-10 12:12
Platform
android-x64-20240603-en
Max time kernel
47s
Max time network
151s
Command Line
Signatures
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Processes
com.xingjie.shengdong
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.180.8:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.179.234:443 | tcp | |
| US | 1.1.1.1:53 | config.uca.cloud.unity3d.com | udp |
| US | 34.111.113.40:443 | config.uca.cloud.unity3d.com | tcp |
| US | 1.1.1.1:53 | api.uca.cloud.unity3d.com | udp |
| US | 34.107.172.168:443 | api.uca.cloud.unity3d.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| GB | 142.250.200.46:443 | tcp | |
| GB | 172.217.169.46:443 | tcp | |
| GB | 216.58.201.98:443 | tcp |
Files
/storage/emulated/0/Android/data/com.xingjie.shengdong/files/Save/GameData.json.tmp
| MD5 | 355eb73ced94c62e0de0c85f8a2d0369 |
| SHA1 | 5bd74b61ed790677429925caa0882c9771a78f58 |
| SHA256 | de2db390fb7b18682cdad3aa9a7551b4c7abbbdbb5d360bf8fcaf06be45313a4 |
| SHA512 | 915adaf6cb1c0ea75cd4bbe6c87150ce45ce0fee79677ec071884d818a502a96c17025482b67f685dd33cc95bd2ac0ca58b7698f7411f05104602a33c9f433bc |
/storage/emulated/0/Android/data/com.xingjie.shengdong/files/Save/GameData.json.tmp
| MD5 | eec98e49ba987390ddf75b69a79cb06f |
| SHA1 | d9460199674747bb33e154652d27a9f8ca18c012 |
| SHA256 | 04d1d80628cfb4074698d6f6dfaff920abc513d43dccea46ba56f4887086fa5c |
| SHA512 | 024f574033ead63c320f6835557cfeb30198274dfaf1a532b88c7e52fe6e884dcbf086a3a8249f4001d96a2037f1a6e32d0177cb7d4b85cd21737907e1a13585 |
/storage/emulated/0/Android/data/com.xingjie.shengdong/files/Unity/local.07a83721014ed4446a4831b4797bdded/Analytics/config
| MD5 | 8673a8ac0b06a9d056d08d62f857ba4b |
| SHA1 | a351bea1932270bafbe468584058fef20dcfc31e |
| SHA256 | 83b3f90c4edf1f122c8faf9784ca0aee4dd017c65493ac181c1814211703db96 |
| SHA512 | edf28eb7fcef654f139285d308f817ee230d6f064a4c865109d6dfe6f73c11f8f35737c8159c8a302118237ab980899ba5773f547cc9da4028643a53b08e324f |
/storage/emulated/0/Android/data/com.xingjie.shengdong/files/Unity/local.07a83721014ed4446a4831b4797bdded/Analytics/ArchivedEvents/171802137200000.66d905c3/s
| MD5 | 6e0542ff96aa4f637cfe49fc45d8629b |
| SHA1 | f2e631ac00e8d0576aa1d6d3c816bc1bf8f12451 |
| SHA256 | 5d96da49386304956ce508c1582e3e4ad2cb079b1a5f9c733ed91b879a7ad8bf |
| SHA512 | 1d2e9c30fbcc0d2c1e46baf052e8dd482839f6bd03348841515ec4a04cc4426b52978e4a985db8d4a1a3a495e29bae3ab330ea5cddb3a59bf899267f2b3aec6f |
/storage/emulated/0/Android/data/com.xingjie.shengdong/files/Unity/local.07a83721014ed4446a4831b4797bdded/Analytics/ArchivedEvents/171802137200000.66d905c3/e
| MD5 | 37ca6438f2ea15a7291ac77130339267 |
| SHA1 | b85112be025512ec102ef48716294e8ffc4f3666 |
| SHA256 | f6461c0bd395a39a265a7f1655eb69188b9c7d304ec6ece550903bfd641c715a |
| SHA512 | 2f7a0d1bf4d334e82a1d5ca4a58fc39baf4e710acf57dd4a4167739530dd8fa4dbcb0d82f823165865dc505b639085d40024995c680fffd1b32f4c7aca2c8530 |
/storage/emulated/0/Android/data/com.xingjie.shengdong/files/Unity/local.07a83721014ed4446a4831b4797bdded/Analytics/ArchivedEvents/171802137200001.66d905c3/e
| MD5 | ff66f4366c02d02539c6ab71402f7d4f |
| SHA1 | 61310029b3eff98b16add6452bc630112bbb2c2f |
| SHA256 | 6c756c167b0fd925dc4b554b064152d509b4f77328aff45f0fb70f8143fed3e2 |
| SHA512 | 5e8ca3e493bb5fd0eb3b4a077815872a3bd5435bb5691cddab40cb63159d34405db51b880c193e71834528a1e8b4aa54ae517f0e957d53a3a5d50fbc44f4286a |
/storage/emulated/0/Android/data/com.xingjie.shengdong/files/Unity/local.07a83721014ed4446a4831b4797bdded/Analytics/values
| MD5 | ba58e00d1cccebc4965690cbd23da07c |
| SHA1 | 01d8907b730604b1004f23bcbd9a2b0532b5cb78 |
| SHA256 | c85527ff8f88ed85ca5a3cb73d9ea34e893cf7917c628bd726f18f30f2587be6 |
| SHA512 | 3b170fc36ac49bb3222f86a35ee6d6da6cf2dd424b76bf88fa381cd4a446c7ac9b785b966133a2e8349511da0a0ebde3bfb976b899657592c99c41b055193b79 |
/storage/emulated/0/Android/data/com.xingjie.shengdong/files/Unity/local.07a83721014ed4446a4831b4797bdded/Analytics/ArchivedEvents/171802137200002.66d905c3/e
| MD5 | 0c7ff86bbbb4cf7ceb73eb907af36265 |
| SHA1 | 47c47f113c956e0650be607d6e8791ca1d8087e5 |
| SHA256 | 62882b4ab32495494f201bf2fc038504d6823d27e913765194cdab800ead11cb |
| SHA512 | becb41afda19c7fd78f61fb1e8b96819995d92876e478181611aa3b1147e4df58bf8b3b4ac859a43562847d951e9736338c38b001ea290a04fcb91e638019689 |
/storage/emulated/0/Android/data/com.xingjie.shengdong/files/Unity/local.07a83721014ed4446a4831b4797bdded/Analytics/ArchivedEvents/171802137200002.66d905c3/e
| MD5 | 5f9528bec625652b96da82677381f9a8 |
| SHA1 | 5d13d5ba44412755921bcdc44f7344f5ab9a7a05 |
| SHA256 | 098006bca9beae9441d69f1d7ebfdfebbb8e2da23296048bda9b4744687c66e9 |
| SHA512 | 0ca7b82c4f80ff47a95db42bc5a4e17e07dfd52f59c611ab4152cd987f3cc24da45d5ceeb6d7d15eb0285f86e3791e66600b1348bd35a4464aeb6bf80b9905bd |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-10 12:08
Reported
2024-06-10 12:09
Platform
android-x86-arm-20240603-en
Max time network
6s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-10 12:08
Reported
2024-06-10 12:09
Platform
android-x64-20240603-en
Max time network
8s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |