Malware Analysis Report

2024-09-09 16:30

Sample ID 240610-s49w4s1hmh
Target 9b31d8c4a6db51935b355370f2773c83_JaffaCakes118
SHA256 86d70f10fef22a96a9cf3fb1d09770f6441fe74892fc374b531cb2494c3c1c03
Tags
discovery persistence banker impact collection credential_access
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

86d70f10fef22a96a9cf3fb1d09770f6441fe74892fc374b531cb2494c3c1c03

Threat Level: Shows suspicious behavior

The file 9b31d8c4a6db51935b355370f2773c83_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery persistence banker impact collection credential_access

Obtains sensitive information copied to the device clipboard

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries the mobile country code (MCC)

Queries information about active data network

Queries information about the current Wi-Fi connection

Queries the unique device ID (IMEI, MEID, IMSI)

Reads information about phone network operator.

Requests dangerous framework permissions

Uses Crypto APIs (Might try to encrypt user data)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-10 15:42

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-10 15:41

Reported

2024-06-10 15:45

Platform

android-x86-arm-20240603-en

Max time kernel

8s

Max time network

132s

Command Line

com.letang

Signatures

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.letang

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
GB 172.217.169.74:443 tcp
GB 172.217.169.74:443 tcp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-10 15:41

Reported

2024-06-10 15:45

Platform

android-x86-arm-20240603-en

Max time network

132s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-10 15:41

Reported

2024-06-10 15:45

Platform

android-x64-20240603-en

Max time network

184s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
GB 142.250.187.234:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 142.250.200.14:443 tcp
BE 64.233.167.188:5228 tcp
GB 172.217.169.14:443 tcp
GB 142.250.187.226:443 tcp
GB 142.250.187.228:443 tcp
GB 142.250.187.195:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
US 1.1.1.1:53 g.tenor.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
GB 216.58.212.238:443 android.apis.google.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.187.202:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 142.250.180.14:443 www.youtube.com udp
GB 142.250.180.14:443 www.youtube.com tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.204.68:443 www.google.com udp
GB 216.58.204.68:443 www.google.com tcp
GB 216.58.204.68:443 www.google.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
BE 64.233.184.84:443 accounts.google.com tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 15:41

Reported

2024-06-10 15:45

Platform

android-x86-arm-20240603-en

Max time kernel

162s

Max time network

155s

Command Line

com.jedgames.cowboyjedgofreetap

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.jedgames.cowboyjedgofreetap

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ws.tapjoyads.com udp
GB 18.244.155.55:443 ws.tapjoyads.com tcp
GB 18.244.155.55:443 ws.tapjoyads.com tcp
US 1.1.1.1:53 data.flurry.com udp
US 1.1.1.1:53 s3.amazonaws.com udp
US 74.6.138.65:80 data.flurry.com tcp
US 54.231.172.248:443 s3.amazonaws.com tcp
US 54.231.172.248:443 s3.amazonaws.com tcp
US 1.1.1.1:53 adconfig.mobappbox.com udp
US 67.229.126.26:80 adconfig.mobappbox.com tcp
US 1.1.1.1:53 interface.mobappbox.com udp
US 67.229.126.26:80 interface.mobappbox.com tcp
US 1.1.1.1:53 ads.heyzap.com udp
US 76.223.54.146:80 ads.heyzap.com tcp
US 1.1.1.1:53 inmobisdk-a.akamaihd.net udp
GB 104.86.110.25:443 inmobisdk-a.akamaihd.net tcp
US 1.1.1.1:53 media.admob.com udp
US 1.1.1.1:53 www.heyzap.com udp
BE 108.177.15.100:80 media.admob.com tcp
US 13.248.169.48:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 67.229.126.26:80 interface.mobappbox.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 1.1.1.1:53 www.chartboost.com udp
GB 18.245.187.92:443 www.chartboost.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 1.1.1.1:53 android.heyzap.com udp
US 13.248.169.48:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 1.1.1.1:53 inmobisdk-a.akamaihd.net udp
GB 2.16.34.25:443 inmobisdk-a.akamaihd.net tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp

Files

/data/data/com.jedgames.cowboyjedgofreetap/files/.flurryagent.-7790fa0b

MD5 732a5f1aa233eb9d50d7feb83612e911
SHA1 6085bbf8c4f74cdc281e6faf9ecc19839a1ac741
SHA256 1d42d1e99b8acbe48ca6c9ee9addab4aafad0a6d52c826fbdb2be883bf32197e
SHA512 f84d5cd9fe6a9cad8d3db4683eb789a37daf1f6ff2eb6ea60e31bad97fe7f7ef621ab4fabc08706aa637dd08f9cfe5b392e5e9388c61a6059176981e94dfadde

/storage/emulated/0/JoyAdUnion/adrecord.rcd

MD5 8c60116012556c0d3ed48d4ca30ac6eb
SHA1 22ab54dbc5f5d111daa0937334384cda86f47be8
SHA256 d43a32c7ee1dc9fecc33432abeee0ca016eb6a9840841913f177ea2354ab6633
SHA512 0dc15c7d25cb450c9bef37365883e85580e1ab352246664b2b5d8c9b19a9481d64576351b64b9d10b2067ff6fc092da8cf88f55ad46fbeed38d259340bb5eaa7

/storage/emulated/0/JoyAdUnion/adrecord.rcd

MD5 b1d827585620895e7ed7eb36fb61a281
SHA1 8e062587d702b7929083e31de198055730a7cc52
SHA256 8402de65fa9149e780cb540b895b8e5fb6de6a9e6e01e00bc59e478d2d123132
SHA512 264b9e0ca52fbd2b8fec71f943a35b08e1d992828ce4ab7fc34ff01d96380f825a2add219a4b13e6c9d633ca2017868cc3c56e5fd08825424fffd463a4a1841f

/storage/emulated/0/JoyAdUnion/adrecord.rcd

MD5 72408e0665c00fe8f1daba267861a44b
SHA1 740e77d487f75c6a7e4f7d5639608daa18ddcfea
SHA256 1ddb6ba1a53c3ef1887a744d7581f2a0884436789e105d08cf3978ad1e9f6fa7
SHA512 1b02a1536df4568f23274f06042c7e1bb3d36d930e9249d97d9dbbb846891019e7807aadb952e55ca9180cdda2c23b7e0820188a26051ac963f2fb42d81fe9c6

/storage/emulated/0/JoyAdUnion/adrecord.rcd

MD5 d9e88cf935e9117fccc835eeec608225
SHA1 18c7b5fb5543bdb4133545a9379af94be3d0415c
SHA256 d2ecc15ffdd27e89e9943a0e82da2ea2b188c07403f8aeac12dc3d6e621a1716
SHA512 02a58cc04d8c9f7b3731b5633556f4450bd606c6fedc2dcd90e99635e1637b51838bfec3421543f1c03dbac3daf2f1d5478e4db39eb4ed7d162c518ca43ecda1

/storage/emulated/0/JoyAdUnion/adrecord.rcd

MD5 3c9f8cb89564d5c8a34fb6bbafacd3ed
SHA1 f6a9eaef72f36624c4e518f4e14010f5291e7e31
SHA256 8d93a5a4fb32985afd722f49dcf6b73dcaf27a6e024f48d6c3005a481947ae70
SHA512 6833a6275001ef30c0b86779f103d57fd10a81bf5ffb145996adbc41d711deeb366ea5576f2ad5bb3a44a6a6b38ec532c42897afe39b034bb6b98efa7caa2e5f

/data/data/com.jedgames.cowboyjedgofreetap/app_sslcache/www.chartboost.com.443

MD5 ab945938441e271a4983fdfcfae3d998
SHA1 def8cd6752caac12b27be1a91b37ed3984e04ab9
SHA256 7fedc6ba6c1449537be3c60337e91fa613b67b39094019459fd93826308fdf21
SHA512 d4545be397ef9ee03b6c1d0e69019740727a703b870e87729e5c4eb6464c0478548aed15cf4e8f3f046c5cdd74af1fc656e6a0ed8600e18b6159ac3ee113c535

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-10 15:41

Reported

2024-06-10 15:45

Platform

android-x64-20240603-en

Max time kernel

52s

Max time network

167s

Command Line

com.jedgames.cowboyjedgofreetap

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.jedgames.cowboyjedgofreetap

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.234:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 ws.tapjoyads.com udp
GB 18.244.155.28:443 ws.tapjoyads.com tcp
GB 18.244.155.28:443 ws.tapjoyads.com tcp
US 1.1.1.1:53 s3.amazonaws.com udp
US 52.217.130.0:443 s3.amazonaws.com tcp
US 1.1.1.1:53 adconfig.mobappbox.com udp
US 52.217.130.0:443 s3.amazonaws.com tcp
US 1.1.1.1:53 data.flurry.com udp
US 67.229.126.26:80 adconfig.mobappbox.com tcp
US 74.6.138.67:80 data.flurry.com tcp
US 1.1.1.1:53 interface.mobappbox.com udp
GB 142.250.200.46:443 tcp
GB 172.217.169.66:443 tcp
GB 172.217.16.227:443 tcp
BE 142.251.168.188:5228 tcp
GB 142.250.187.228:443 tcp
US 1.1.1.1:53 android.heyzap.com udp
US 13.248.169.48:80 android.heyzap.com tcp
US 67.229.126.26:80 interface.mobappbox.com tcp
US 1.1.1.1:53 ads.heyzap.com udp
US 13.248.169.48:80 ads.heyzap.com tcp
US 1.1.1.1:53 inmobisdk-a.akamaihd.net udp
GB 2.19.117.34:443 inmobisdk-a.akamaihd.net tcp
US 1.1.1.1:53 www.heyzap.com udp
US 1.1.1.1:53 media.admob.com udp
BE 64.233.166.101:80 media.admob.com tcp
US 13.248.169.48:80 www.heyzap.com tcp
US 13.248.169.48:80 www.heyzap.com tcp
US 13.248.169.48:80 www.heyzap.com tcp
GB 142.250.187.206:443 android.apis.google.com tcp
US 13.248.169.48:80 www.heyzap.com tcp
US 13.248.169.48:80 www.heyzap.com tcp
US 1.1.1.1:53 g.tenor.com udp
GB 216.58.212.202:443 g.tenor.com tcp
US 1.1.1.1:53 www.chartboost.com udp
GB 18.245.187.112:443 www.chartboost.com tcp
US 13.248.169.48:80 www.heyzap.com tcp
US 13.248.169.48:80 www.heyzap.com tcp
US 13.248.169.48:80 www.heyzap.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
GB 216.58.204.74:443 mdh-pa.googleapis.com tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
GB 142.250.187.202:443 safebrowsing.googleapis.com tcp
US 13.248.169.48:80 www.heyzap.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 142.250.187.206:443 www.youtube.com udp
GB 142.250.187.206:443 www.youtube.com tcp
US 13.248.169.48:80 www.heyzap.com tcp
US 13.248.169.48:80 www.heyzap.com tcp
US 13.248.169.48:80 www.heyzap.com tcp
US 13.248.169.48:80 www.heyzap.com tcp
US 13.248.169.48:80 www.heyzap.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 13.248.169.48:80 www.heyzap.com tcp
US 13.248.169.48:80 www.heyzap.com tcp
US 13.248.169.48:80 www.heyzap.com tcp
US 13.248.169.48:80 www.heyzap.com tcp
US 13.248.169.48:80 www.heyzap.com tcp
US 13.248.169.48:80 www.heyzap.com tcp
US 13.248.169.48:80 www.heyzap.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 216.58.212.202:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 www.youtube.com udp
GB 142.250.187.206:443 www.youtube.com tcp
GB 172.217.169.14:443 www.youtube.com udp
GB 172.217.169.14:443 www.youtube.com tcp
US 1.1.1.1:53 growth-pa.googleapis.com udp
GB 142.250.187.206:443 www.youtube.com tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.201.100:443 www.google.com udp
GB 216.58.201.100:443 www.google.com tcp
GB 216.58.201.100:443 www.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
BE 66.102.1.84:443 accounts.google.com tcp

Files

/data/data/com.jedgames.cowboyjedgofreetap/files/.flurryagent.-7790fa0b

MD5 e4d632c5a40f1179b0894324656dae1c
SHA1 9d0b0e14c4400fd5a11501c8f2dd2e39620a28b1
SHA256 ca6a529430302d662d19d5aa66dd28adf3f07c3db76094691972228f4dbccde0
SHA512 014aedb3fda80a37ac48187d98f96984d0846a39cf61629b749c677e722c64d274e917cff3b8aea2d296f924afae478c4d98aafdef8dfee127aae93a5ec69ba2

/storage/emulated/0/JoyAdUnion/adrecord.rcd

MD5 7191c60a7624b7de54199b9a11611fe0
SHA1 d231fdbbce4f35b778845d190edb43af9ff4bba0
SHA256 7dc0aeb116e78a0138eb155b979a83a7f84b583c258539ea4713be2ed67ede5d
SHA512 c98079c9f003b0b348850f272e11daeb10319245ba6e0d3d0d3a4930756b18404174761063c4c28d34985ce46dab7d1434e7b397458f33ee20d6b041c58dd06c

/storage/emulated/0/JoyAdUnion/adrecord.rcd

MD5 e9496a725b132e8f5231ce2256aee6cf
SHA1 ff701449ab7ad9eb2d526809b9d9096acf0e811e
SHA256 31d55415fb87a52ee09f5923e8f6830f60e01d9b9a6c02fb446eef48bbe4e843
SHA512 e8eb93da496974aa40d6dcd1587ea164af9d770a2039bfb3b2bebf84b883ee1c7f9450d49b3a940cf453b84e8e587130050616708a483a441dad9a7bda3f1234

/storage/emulated/0/JoyAdUnion/adrecord.rcd

MD5 5ca636b29d9dacde87ab8d901f5c200a
SHA1 559a7708fe2dc6867ce0d61e5d72f303cfa15d3c
SHA256 526f15cb139dd65645d262ca9520970864370a30c0615e2af3e4ca13be4e8472
SHA512 d7866240c9a330cb47558123803ec26636b81c0b1dd0e2b3ee91ff857458cb73266041bed210a8642917057b4c0c3f6967fd3cc0c02a4a51663aa44866e95651

/storage/emulated/0/JoyAdUnion/adrecord.rcd

MD5 2d89d816561ad67f912b4ee8826962b5
SHA1 17b0c037b28039f9272a066190d07762b7142189
SHA256 ea13a5b449908ebcead592d60801d5b906c91f319b2a66f1476bc5484c3c4184
SHA512 91733417e7108ab8fd07e1013c7f282815d57666a8fce3af87a00f86be373ea4b5e8a6b43b78588934790ddf0c86dc0f35ec0cd95a94d469f2beab0c253be903

/storage/emulated/0/JoyAdUnion/adrecord.rcd

MD5 fd647274b43f31f358c5e42830b65af2
SHA1 a71336c75e402fb3c467ad24ce337b3843bc28d8
SHA256 1666ef9397140b4f89f5e07bc2670718dd63301759d81311b37615fa7b6d0b27
SHA512 85452a0750c199960f8a90b474745d5b551961147f18a7dfbff3eee1137681fd99578aad6257cfde89bca64e9b741e87454d8aa6587c2f53e3ac0b6d0ac261ae

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-10 15:41

Reported

2024-06-10 15:45

Platform

android-x64-arm64-20240603-en

Max time kernel

167s

Max time network

161s

Command Line

com.jedgames.cowboyjedgofreetap

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.jedgames.cowboyjedgofreetap

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.179.238:443 tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 ws.tapjoyads.com udp
GB 18.244.155.3:443 ws.tapjoyads.com tcp
GB 18.244.155.3:443 ws.tapjoyads.com tcp
US 1.1.1.1:53 s3.amazonaws.com udp
US 52.217.33.110:443 s3.amazonaws.com tcp
US 52.217.33.110:443 s3.amazonaws.com tcp
US 1.1.1.1:53 adconfig.mobappbox.com udp
US 67.229.126.26:80 adconfig.mobappbox.com tcp
US 1.1.1.1:53 data.flurry.com udp
US 74.6.138.65:80 data.flurry.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 interface.mobappbox.com udp
US 67.229.126.26:80 interface.mobappbox.com tcp
US 1.1.1.1:53 ads.heyzap.com udp
US 76.223.54.146:80 ads.heyzap.com tcp
US 1.1.1.1:53 media.admob.com udp
US 1.1.1.1:53 www.heyzap.com udp
BE 74.125.71.102:80 media.admob.com tcp
US 13.248.169.48:80 www.heyzap.com tcp
US 1.1.1.1:53 inmobisdk-a.akamaihd.net udp
GB 104.86.110.25:443 inmobisdk-a.akamaihd.net tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 1.1.1.1:53 www.chartboost.com udp
GB 18.245.187.112:443 www.chartboost.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 76.223.54.146:80 www.heyzap.com tcp
US 1.1.1.1:53 android.heyzap.com udp
US 13.248.169.48:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 1.1.1.1:53 inmobisdk-a.akamaihd.net udp
GB 2.19.117.34:443 inmobisdk-a.akamaihd.net tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp
US 76.223.54.146:80 android.heyzap.com tcp

Files

/data/user/0/com.jedgames.cowboyjedgofreetap/files/.flurryagent.-7790fa0b

MD5 fbf67d4b922e9fef1cb12bddb88ddd02
SHA1 33afe130d3e565c9eb74b4829c66bf628a854f18
SHA256 296b88542360ef5ea6b568e059ed8bd2d150f7fbb7ed5810fe6937170b9dfe52
SHA512 dfd373dfcb6644fb00de79aa61a99b82552eec9299df989a39adcf397e27493c18903afc3775fda3cb2b8d4273f92163280f532b88e3bc284d8d4cf6c06a7edd

/storage/emulated/0/JoyAdUnion/adrecord.rcd

MD5 13b2c2fa129cd6a1895bfefc5be897a4
SHA1 b86ac8350391fc6c0f94c7f14e829d03556756ff
SHA256 fbba0f0b3c6a9b4c39924e7feec05671f12de99bdf8cbfb359390080d4d054cd
SHA512 982534ead748b818552c1eb4f98652b01d0b999cb92671a1d29bcbc9dbd51e83833c6ba66503a32b2dcde5572efb7117e18e2dd18c8605a1daa3743ffa0f2c6b

/storage/emulated/0/JoyAdUnion/adrecord.rcd

MD5 76b5310bcf9ac4c81c3b88a7548007cf
SHA1 634871e57e470bc187caab6a16f95dcb15161306
SHA256 1860d0eb16c5f8e770718181ad154a85dc27bc02aa387688505af2706a7d2554
SHA512 99fb6139a192137c3368aee1b1355dcc7d531909c9835779325992f8ebb4144acd0d63850877c2057fc1ece30eeaa5581b83be733a3fb30865818d3d10ad2d0b

/storage/emulated/0/JoyAdUnion/adrecord.rcd

MD5 96b02ff93d4eb39ac8d88450342b7ea9
SHA1 6bb4a961222ce9dc97aaef66f1a522d0b809e4b6
SHA256 21401aa47b409223f7709cc2fa3496d5bfabf9b61ea3a26fb9a3e0c5f75343f0
SHA512 9804d316c3d13f72952f6c0ef80eee2ace31715c9d329b024c82805765b13c7bd95ca6227e34f7ac50f9f1c36068fabd13c8e4016e85acce5ef79e239d4583b9

/storage/emulated/0/JoyAdUnion/adrecord.rcd

MD5 5adc708600bc82a5216ce4323235ca8d
SHA1 827018d41fb27b944b868979e1f45d3b1f5c53e2
SHA256 b6969dd13ac0d14527090506274ca7584d1fb9cfd91b460586edea0c73fb7064
SHA512 ffd2088e4c6f9ec136b21d46ea307c16ee022c82ea0dc0a498b6e16c7bab7b35325c55e7b6181245261e7a62512ce97a384b353e34de9783362d3dd7c809dc82

/storage/emulated/0/JoyAdUnion/adrecord.rcd

MD5 a7df814789555596084613a1535848a5
SHA1 6a3ab091953ffa4150a92338ba5f879b2b19a030
SHA256 549171ace4dfeeeb71195c13826a44413417fd979d84a7346b9f59700779da39
SHA512 0cc0a1ce53e501de597be390959801fb7dcd18ad9702f70078b4bd94d7ef2103fff95ff8ff7ee418e81497f2969c6430fb183ced077f0dd66a4ec6cac9ab1622

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-10 15:41

Reported

2024-06-10 15:45

Platform

android-x64-20240603-en

Max time kernel

8s

Max time network

148s

Command Line

com.letang

Signatures

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.letang

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.201.106:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
GB 172.217.169.14:443 tcp
GB 142.250.200.34:443 tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp
GB 172.217.169.46:443 tcp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-10 15:41

Reported

2024-06-10 15:45

Platform

android-x64-arm64-20240603-en

Max time kernel

9s

Max time network

133s

Command Line

com.letang

Signatures

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.letang

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-06-10 15:41

Reported

2024-06-10 15:45

Platform

android-x64-arm64-20240603-en

Max time network

133s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp

Files

N/A