Malware Analysis Report

2025-01-19 08:04

Sample ID 240610-rw77wazanb
Target 9b014c9e6c0a47e78ccf8a908672f421_JaffaCakes118
SHA256 439ac63258d9a4a10cd9ab57f051b4be9713c7f1c938248abe7cbaef164ae5d5
Tags
discovery evasion impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

439ac63258d9a4a10cd9ab57f051b4be9713c7f1c938248abe7cbaef164ae5d5

Threat Level: Shows suspicious behavior

The file 9b014c9e6c0a47e78ccf8a908672f421_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion impact persistence

Loads dropped Dex/Jar

Queries information about active data network

Requests dangerous framework permissions

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-10 14:33

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 14:33

Reported

2024-06-10 14:37

Platform

android-x86-arm-20240603-en

Max time kernel

4s

Max time network

130s

Command Line

com.dressupone.fashionsnailsalon

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.dressupone.fashionsnailsalon/files/mteeep.jar N/A N/A
N/A /data/user/0/com.dressupone.fashionsnailsalon/files/mteeep.jar N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.dressupone.fashionsnailsalon

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.dressupone.fashionsnailsalon/files/mteeep.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.dressupone.fashionsnailsalon/files/oat/x86/mteeep.odex --compiler-filter=quicken --class-loader-context=&

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp

Files

/data/data/com.dressupone.fashionsnailsalon/files/mteeep.jar

MD5 d8eba2943035a442c7c12ea00577bc22
SHA1 021eb8065a07deb34627ffbdb733c741d9cafeff
SHA256 f691f4586df7f2ad334e12730324a0c498315c2e47afe31bd148f920e98e73fa
SHA512 b34c7fb8c4854abe5da33d3df7eea10a8129aa1c160e838e1244755d914503320c7fb073cd4f1cbd0c939905d62314bdaba4f88b3ada0492697bb51f310a333e

/data/data/com.dressupone.fashionsnailsalon/files/mteeep.jar

MD5 8a2f6d828c6a5ac1d4cef764ddbb08cf
SHA1 e658662015d8321f20227793541e04161bba2a4d
SHA256 8dcce07e0a82ae44b9b492a4ba0e98f9045ba1ec2b486fcc067b100eb00f8899
SHA512 cebf2fe5a5061edb023ce6381701c87e8678490337104172e793895d643e11b49f61b313fb5cfa5cd7f6c46c6225d7ed56f8c1d54f3dc06729430e3019bc92cf

/data/user/0/com.dressupone.fashionsnailsalon/files/mteeep.jar

MD5 59f180435a89e5b10e83abe8cc1fd8a0
SHA1 0c97895fb1a41210c129c11d6f6bcfdabafc18b3
SHA256 113f9aa7e0b40671468d64c61d11f841848e8e968fe013b5d299fa1f474e83b6
SHA512 0718b35b0a2178962c553425123eaee153a22ed79d55cf635d1cb21450d50ac524ec18a2b1b6591e5e3c4008bdcb29b9fdf3f7c130536d02a67a18fd79e213d2

/data/user/0/com.dressupone.fashionsnailsalon/files/mteeep.jar

MD5 a245dfae88e5e64b5fd86216a66faed3
SHA1 5f4e7d846107e484a4a95888b9ee5c142c608fea
SHA256 b9b440dbea74e740c1ae63cba3750d8c77fc771acaec0e63dcb74fcc48d5d3a3
SHA512 b1886792fc29354d74925fbd461a903445a4a2655d6a1afa1242b2c6a1e68405363f26d4a15883989807815de31479295225edb0cc9f8ef928a06a59f09c6c51

/data/data/com.dressupone.fashionsnailsalon/files/mylo_tmp

MD5 aed470e6c3d142b552e6292b88dadead
SHA1 3181b4f439d443a1b3338fc8182832c96002690b
SHA256 9cec0fdae91b5af8ec105ddfa90b3b05c05bd5054bf3fa1866dafd95bd7f64b9
SHA512 adf4856b9a98bac7e1b4eb4f7ae05d38f11bef7ed48c884ae30041bfd5a00c1d5656484a07e257774e96075cce83ef4038fa7d454126ef6a5221536399627869

/data/data/com.dressupone.fashionsnailsalon/files/nor_img_tmp

MD5 22ecf886d336c4741e849040ddc10ae8
SHA1 638b9125dd59dfbe92302192bbb35182a87c30e2
SHA256 03e7520247f7faebaf9cf0a731126b722888fecf2a3a1a3bdfaa2c52906114bd
SHA512 93e8448112dde72da710edceccda21d51fdd8c240f39800552d91eda8b2fb78cdb23dd067143dea93e994b211d50f31cba6fcffaac33e3452024960f3b73655e

/data/data/com.dressupone.fashionsnailsalon/files/sel_img_tmp

MD5 c1687c12296c0ed023a6c26778a97e35
SHA1 fbf22464d06ed8f5a7a659a4adfed913cd3cf8b0
SHA256 17d68383ad6b2ea90f084f6380ede21eed397e34ecf4b5c41eba7520730d33cf
SHA512 04ff81e4410127c2bc478ea171cbf027365e48e818d4e35b90ff4974b584303fdc6ccf8c400e0d55574214eeb064e715c71f9d67dea2b17c5b4920ad02485c00

/data/data/com.dressupone.fashionsnailsalon/files/yhsgd_tmp

MD5 2ca146c64991f51abcab73ab0fbf30ad
SHA1 cbba553e1307646bd6418d6f0a7dd1a0782c1982
SHA256 08ef7448454d27c183f1a309d4f75f9df8bbe6647ca5b9ea7b9b825f3ace0fd2
SHA512 1b1b79b6a37dcc45b63f9f2336dfd69bb25948461ad02404a7d9dcb516df0d36b7bf30ce79b1be7f3c72907c73b9e21aba26e68f48ab57b6e3655f57c3a802de