Malware Analysis Report

2025-01-19 07:56

Sample ID 240610-pk96zsvclf
Target 9aa8e2e385af15aa50dd88441890f4d5_JaffaCakes118
SHA256 e9feafa0a95e94c1bf1009c90e72070a13b7db76a0be6a792d7d2b0c5a78a9eb
Tags
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

e9feafa0a95e94c1bf1009c90e72070a13b7db76a0be6a792d7d2b0c5a78a9eb

Threat Level: Shows suspicious behavior

The file 9aa8e2e385af15aa50dd88441890f4d5_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary


Requests dangerous framework permissions

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-10 12:24

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 12:24

Reported

2024-06-10 12:27

Platform

android-x86-arm-20240603-en

Max time kernel

2s

Max time network

130s

Command Line

com.youle.texasPoker

Signatures

N/A

Processes

com.youle.texasPoker

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
GB 172.217.169.10:443 tcp

Files

/data/data/com.youle.texasPoker/.jiagu/libjiagu.so

MD5 350725f563f224eafc5105c95e122ae0
SHA1 39bfbebc17cc2e68de75858f3e6a7e591de5c587
SHA256 2f23bbae04cb5c6dea52e9c02762a5872c3999796a2fd127a7b77374cc37e936
SHA512 592cf1b26694b1da203e27496ffb5da498c025b4c9bc174bc6c2dd17aa65bd63bc2ed76952237cfad4c60c527bb285631d1988fcb2a0aa179c7bf2c5dd68f852