Analysis Overview
SHA256
ad220404b36b08a34cfa6cad004b954578df042357022caeef6839cf7a5ecb63
Threat Level: Shows suspicious behavior
The file 9b263dcb43b0c7aeae2a1b006639484e_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped Dex/Jar
Declares broadcast receivers with permission to handle system events
Declares services with permission to bind to the system
Requests dangerous framework permissions
Tries to add a device administrator.
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-10 15:25
Signatures
Declares broadcast receivers with permission to handle system events
| Description | Indicator | Process | Target |
| Required by device admin receivers to bind with the system. Allows apps to manage device administration features. | android.permission.BIND_DEVICE_ADMIN | N/A | N/A |
Declares services with permission to bind to the system
| Description | Indicator | Process | Target |
| Required by accessibility services to bind with the system. Allows apps to access accessibility features. | android.permission.BIND_ACCESSIBILITY_SERVICE | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to read the user's call log. | android.permission.READ_CALL_LOG | N/A | N/A |
| Allows an application to collect component usage statistics. | android.permission.PACKAGE_USAGE_STATS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to monitor incoming MMS messages. | android.permission.RECEIVE_MMS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-10 15:25
Reported
2024-06-10 15:28
Platform
android-x86-arm-20240603-en
Max time network
167s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.36:443 | tcp | |
| GB | 216.58.201.99:80 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.14:443 | tcp | |
| GB | 216.58.204.78:443 | tcp | |
| GB | 216.58.212.202:443 | tcp | |
| GB | 172.217.169.42:443 | tcp | |
| GB | 172.217.169.42:443 | tcp | |
| GB | 172.217.169.42:443 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| GB | 216.58.212.202:443 | tcp | |
| BE | 66.102.1.188:5228 | tcp | |
| GB | 216.58.212.202:443 | tcp | |
| GB | 216.58.212.202:443 | tcp | |
| GB | 142.250.187.194:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 172.217.16.234:443 | semanticlocation-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| GB | 216.58.213.14:443 | www.youtube.com | udp |
| GB | 216.58.213.14:443 | www.youtube.com | tcp |
| US | 1.1.1.1:53 | mdh-pa.googleapis.com | udp |
| GB | 142.250.179.234:443 | mdh-pa.googleapis.com | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-10 15:25
Reported
2024-06-10 15:28
Platform
android-x64-20240603-en
Max time kernel
12s
Max time network
150s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.nztjowxy.fijftne/app_files/vcbflbcyqitn.jar | N/A | N/A |
Processes
com.nztjowxy.fijftne
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.169.8:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.179.234:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 142.250.200.46:443 | tcp | |
| GB | 172.217.169.46:443 | tcp | |
| GB | 216.58.201.98:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp |
Files
/data/data/com.nztjowxy.fijftne/app_files/vcbflbcyqitn.jar
| MD5 | 1beb148639b3569f8c35d41a49ac61db |
| SHA1 | 06ed034671ea39c0af1c35ba5c319847d30ec6c8 |
| SHA256 | 0dab39ef9c28948f474c9a0b3d494fed1280d644bfc2a4088cc19bdf5fc8c0a1 |
| SHA512 | a71b45138a5346bd0549ac27eb605eeae5a34d51a5060b375ecf9662550f5119c95ec57859941583bd55476226e867e6ff9abf2f80a5e49b047b1dc294548c39 |
/data/user/0/com.nztjowxy.fijftne/app_files/vcbflbcyqitn.jar
| MD5 | e6d1f4a9c948ff5918e519a2b42da979 |
| SHA1 | cc6b13811a492838245736df2ad49abdcc2540e3 |
| SHA256 | f0ede6fc795e4c501383fc126e6f8a544bd42b5000d081163d28ef910e42ebd2 |
| SHA512 | 951a6cb69da5355417423eec404066a2223372433aa508060222faf17259224f343f4c79e915738730c7bbc85e6ad720293002b9f13e61c007c1f2694f09e84e |
/data/data/com.nztjowxy.fijftne/databases/iDataBase.db-journal
| MD5 | 8be5430389ff36cc7901d7d818f4683c |
| SHA1 | 270f4f0685ad6010191d6fb2dde482c3b77855b7 |
| SHA256 | b481803fc1016074a0cb11abb5dbf899892b36c66bcec1953051113d37ac35ac |
| SHA512 | 79ecde4fc17ffc4826afcb1f6cbe0f687d4d228f7cb382608ef0d124f1cf4825d0e676c4f8c3bd06775cd1d9228519e96ee5fe122ad8d01be3891114455a2b4f |
/data/data/com.nztjowxy.fijftne/databases/iDataBase.db
| MD5 | 9ab353b103ef46f38ac9df8179389e8a |
| SHA1 | a080adb730a62e7bd2e142208058ef61b2bdeaa8 |
| SHA256 | a46615aed73cdbc8030dddfbc851f15feb0af69ee27655455887240d803885a6 |
| SHA512 | 992e5fd5309d6bda84c949202dd5d689b50055c2f4b20f53e6d6f33662061c16597bfaff094793094cf4e11dc2ebed30efbbedcabfb27804931bdf47410e48db |
/data/data/com.nztjowxy.fijftne/databases/iDataBase.db-journal
| MD5 | e9a0e7126d8f77e86dd76e21d596bde3 |
| SHA1 | 576e991f4d18c7ef2ed5fc72147b57f379d6dd79 |
| SHA256 | 71dbc79b14d947d0a324bf5e2aac3008a529f68547417acbca14a277e20d75d8 |
| SHA512 | 3b6650daa7d004a707ae732a05cec9649f59e53670eb997f41cedf4b5faea194a6d172a28003efd625e44e00ef6d46addf54c42880d3f0e9fc056af0f17fa5e9 |
/data/data/com.nztjowxy.fijftne/databases/iDataBase.db-journal
| MD5 | 4868467450cf81a36c6ddd0689a088d5 |
| SHA1 | 4b08421981a95b5f8362652f1b12beda7fb828cc |
| SHA256 | a78015a6e47eb6e8bffaec26c65e535ca74eb91c1ed2ce5942fa59fc7467f493 |
| SHA512 | 7ade95a03f2e3362b84d810aa6a7e7e427d5d371a72e769af6317eb8fc56e0970bc598ed99031782b9bf6a24dea0a5565671594e37912117de5fba36cda254fd |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-10 15:25
Reported
2024-06-10 15:28
Platform
android-x64-arm64-20240603-en
Max time kernel
13s
Max time network
132s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.nztjowxy.fijftne/app_files/vcbflbcyqitn.jar | N/A | N/A |
Tries to add a device administrator.
| Description | Indicator | Process | Target |
| Intent action | android.app.action.ADD_DEVICE_ADMIN | N/A | N/A |
Processes
com.nztjowxy.fijftne
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.179.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.180.8:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.180.4:443 | tcp | |
| GB | 142.250.180.4:443 | tcp |
Files
/data/user/0/com.nztjowxy.fijftne/app_files/vcbflbcyqitn.jar
| MD5 | 1beb148639b3569f8c35d41a49ac61db |
| SHA1 | 06ed034671ea39c0af1c35ba5c319847d30ec6c8 |
| SHA256 | 0dab39ef9c28948f474c9a0b3d494fed1280d644bfc2a4088cc19bdf5fc8c0a1 |
| SHA512 | a71b45138a5346bd0549ac27eb605eeae5a34d51a5060b375ecf9662550f5119c95ec57859941583bd55476226e867e6ff9abf2f80a5e49b047b1dc294548c39 |
/data/user/0/com.nztjowxy.fijftne/app_files/vcbflbcyqitn.jar
| MD5 | e6d1f4a9c948ff5918e519a2b42da979 |
| SHA1 | cc6b13811a492838245736df2ad49abdcc2540e3 |
| SHA256 | f0ede6fc795e4c501383fc126e6f8a544bd42b5000d081163d28ef910e42ebd2 |
| SHA512 | 951a6cb69da5355417423eec404066a2223372433aa508060222faf17259224f343f4c79e915738730c7bbc85e6ad720293002b9f13e61c007c1f2694f09e84e |
/data/user/0/com.nztjowxy.fijftne/databases/iDataBase.db-journal
| MD5 | 3991e124b719cf2b1e96c361f3b341a8 |
| SHA1 | ae7df74451c61d0e63f0339ea3d4212091c05c46 |
| SHA256 | 7829398c92dbf6885b510b28cb7cedae72737cb7900d85b9c8cc0c6a016ce320 |
| SHA512 | 7348a3bd682c8c3cbf9c2dfbb023905e95a9389836f8337ef336a1fc903f914e87c1ac3d5905d59d39136e85e58fb87235b00678acd7a359ea336e3d6437dff3 |
/data/user/0/com.nztjowxy.fijftne/databases/iDataBase.db
| MD5 | 8486fb02340612bca95365e89624fb8f |
| SHA1 | 5b34a0a0cfe46edb3b6069ad505c229a2ee1f0f7 |
| SHA256 | 7d274d1579e9b62db8c8416938178a06ee05bb9f63fca715f73bc8c60c3ee96e |
| SHA512 | 99128a95c967a8c81d04c28addd2537b2ac5b776bd67254b0e5d895847b65c3db2e834fdaffc32ccf5754a2f4f4a5743d4b0c45bb7bf58fa888f4698deb9bfee |
/data/user/0/com.nztjowxy.fijftne/databases/iDataBase.db-journal
| MD5 | 5f1cc7eb7a7482636afc37464d513c0f |
| SHA1 | 6fa921e47a96274ebfee463755a77f8b8286fde9 |
| SHA256 | aba5ab2c740faaf743aae7525160230d2c25b40454014df12d8a0f6c99d34bf0 |
| SHA512 | 21658cc412dca0d0f4a27e5e18cc61e40115c6bf00e9c236635944ba313036837a1423628518709ad56c7f747e0bba4d0d2ff625006b33e73fe2ab89b82e9bb5 |
/data/user/0/com.nztjowxy.fijftne/databases/iDataBase.db-journal
| MD5 | ace2fece8e0a1190154cb2a0ccf26523 |
| SHA1 | fd0c8d88efbec25dc600c66c63a951a5564ae3a3 |
| SHA256 | abb2e57b5c40174419c0e1fbca9fc0896da2f57a896f865694cfb1dfd0d9e506 |
| SHA512 | 896f129ef3d3e4016cbcb0806cbfe5ffd71199c5f9b16e047fbc6c9ca2ce7d17b1d4a0be57cb3433892f4208c2a9647cbc806190788840ae7e4392e9300dd3f9 |