Analysis Overview
SHA256
439ac63258d9a4a10cd9ab57f051b4be9713c7f1c938248abe7cbaef164ae5d5
Threat Level: Shows suspicious behavior
The file 9b014c9e6c0a47e78ccf8a908672f421_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped Dex/Jar
Queries information about active data network
Requests dangerous framework permissions
Registers a broadcast receiver at runtime (usually for listening for system events)
Uses Crypto APIs (Might try to encrypt user data)
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-10 14:33
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-10 14:33
Reported
2024-06-10 14:37
Platform
android-x86-arm-20240603-en
Max time kernel
4s
Max time network
130s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.dressupone.fashionsnailsalon/files/mteeep.jar | N/A | N/A |
| N/A | /data/user/0/com.dressupone.fashionsnailsalon/files/mteeep.jar | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.dressupone.fashionsnailsalon
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.dressupone.fashionsnailsalon/files/mteeep.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.dressupone.fashionsnailsalon/files/oat/x86/mteeep.odex --compiler-filter=quicken --class-loader-context=&
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
Files
/data/data/com.dressupone.fashionsnailsalon/files/mteeep.jar
| MD5 | d8eba2943035a442c7c12ea00577bc22 |
| SHA1 | 021eb8065a07deb34627ffbdb733c741d9cafeff |
| SHA256 | f691f4586df7f2ad334e12730324a0c498315c2e47afe31bd148f920e98e73fa |
| SHA512 | b34c7fb8c4854abe5da33d3df7eea10a8129aa1c160e838e1244755d914503320c7fb073cd4f1cbd0c939905d62314bdaba4f88b3ada0492697bb51f310a333e |
/data/data/com.dressupone.fashionsnailsalon/files/mteeep.jar
| MD5 | 8a2f6d828c6a5ac1d4cef764ddbb08cf |
| SHA1 | e658662015d8321f20227793541e04161bba2a4d |
| SHA256 | 8dcce07e0a82ae44b9b492a4ba0e98f9045ba1ec2b486fcc067b100eb00f8899 |
| SHA512 | cebf2fe5a5061edb023ce6381701c87e8678490337104172e793895d643e11b49f61b313fb5cfa5cd7f6c46c6225d7ed56f8c1d54f3dc06729430e3019bc92cf |
/data/user/0/com.dressupone.fashionsnailsalon/files/mteeep.jar
| MD5 | 59f180435a89e5b10e83abe8cc1fd8a0 |
| SHA1 | 0c97895fb1a41210c129c11d6f6bcfdabafc18b3 |
| SHA256 | 113f9aa7e0b40671468d64c61d11f841848e8e968fe013b5d299fa1f474e83b6 |
| SHA512 | 0718b35b0a2178962c553425123eaee153a22ed79d55cf635d1cb21450d50ac524ec18a2b1b6591e5e3c4008bdcb29b9fdf3f7c130536d02a67a18fd79e213d2 |
/data/user/0/com.dressupone.fashionsnailsalon/files/mteeep.jar
| MD5 | a245dfae88e5e64b5fd86216a66faed3 |
| SHA1 | 5f4e7d846107e484a4a95888b9ee5c142c608fea |
| SHA256 | b9b440dbea74e740c1ae63cba3750d8c77fc771acaec0e63dcb74fcc48d5d3a3 |
| SHA512 | b1886792fc29354d74925fbd461a903445a4a2655d6a1afa1242b2c6a1e68405363f26d4a15883989807815de31479295225edb0cc9f8ef928a06a59f09c6c51 |
/data/data/com.dressupone.fashionsnailsalon/files/mylo_tmp
| MD5 | aed470e6c3d142b552e6292b88dadead |
| SHA1 | 3181b4f439d443a1b3338fc8182832c96002690b |
| SHA256 | 9cec0fdae91b5af8ec105ddfa90b3b05c05bd5054bf3fa1866dafd95bd7f64b9 |
| SHA512 | adf4856b9a98bac7e1b4eb4f7ae05d38f11bef7ed48c884ae30041bfd5a00c1d5656484a07e257774e96075cce83ef4038fa7d454126ef6a5221536399627869 |
/data/data/com.dressupone.fashionsnailsalon/files/nor_img_tmp
| MD5 | 22ecf886d336c4741e849040ddc10ae8 |
| SHA1 | 638b9125dd59dfbe92302192bbb35182a87c30e2 |
| SHA256 | 03e7520247f7faebaf9cf0a731126b722888fecf2a3a1a3bdfaa2c52906114bd |
| SHA512 | 93e8448112dde72da710edceccda21d51fdd8c240f39800552d91eda8b2fb78cdb23dd067143dea93e994b211d50f31cba6fcffaac33e3452024960f3b73655e |
/data/data/com.dressupone.fashionsnailsalon/files/sel_img_tmp
| MD5 | c1687c12296c0ed023a6c26778a97e35 |
| SHA1 | fbf22464d06ed8f5a7a659a4adfed913cd3cf8b0 |
| SHA256 | 17d68383ad6b2ea90f084f6380ede21eed397e34ecf4b5c41eba7520730d33cf |
| SHA512 | 04ff81e4410127c2bc478ea171cbf027365e48e818d4e35b90ff4974b584303fdc6ccf8c400e0d55574214eeb064e715c71f9d67dea2b17c5b4920ad02485c00 |
/data/data/com.dressupone.fashionsnailsalon/files/yhsgd_tmp
| MD5 | 2ca146c64991f51abcab73ab0fbf30ad |
| SHA1 | cbba553e1307646bd6418d6f0a7dd1a0782c1982 |
| SHA256 | 08ef7448454d27c183f1a309d4f75f9df8bbe6647ca5b9ea7b9b825f3ace0fd2 |
| SHA512 | 1b1b79b6a37dcc45b63f9f2336dfd69bb25948461ad02404a7d9dcb516df0d36b7bf30ce79b1be7f3c72907c73b9e21aba26e68f48ab57b6e3655f57c3a802de |