Malware Analysis Report

2025-01-19 08:03

Sample ID 240610-tlrs9atall
Target 9b41a6ebcd10b0c5e1d494e9fcf97a4e_JaffaCakes118
SHA256 8a834f18859d28e101b28e109a2bc6b84a1f4edd202768e338557f2c67b833fa
Tags
discovery evasion impact persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

8a834f18859d28e101b28e109a2bc6b84a1f4edd202768e338557f2c67b833fa

Threat Level: Likely malicious

The file 9b41a6ebcd10b0c5e1d494e9fcf97a4e_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion impact persistence

Checks if the Android device is rooted.

Loads dropped Dex/Jar

Queries information about running processes on the device

Queries information about active data network

Queries the mobile country code (MCC)

Listens for changes in the sensor environment (might be used to detect emulation)

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks memory information

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-10 16:09

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 16:09

Reported

2024-06-10 16:12

Platform

android-x86-arm-20240603-en

Max time kernel

179s

Max time network

148s

Command Line

com.lt.latte.brick

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.lt.latte.brick/cache/1582435991586.jar N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.lt.latte.brick

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 api.vungle.com udp
US 18.209.125.252:443 api.vungle.com tcp
US 1.1.1.1:53 graph.facebook.com udp
GB 163.70.147.22:443 graph.facebook.com tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
US 18.209.125.252:443 api.vungle.com tcp
US 18.209.125.252:443 api.vungle.com tcp
US 18.209.125.252:443 api.vungle.com tcp
US 1.1.1.1:53 www.googletagservices.com udp
US 1.1.1.1:53 tpc.googlesyndication.com udp
GB 216.58.213.2:443 www.googletagservices.com tcp
GB 142.250.200.1:443 tpc.googlesyndication.com tcp
GB 142.250.200.1:443 tpc.googlesyndication.com tcp
GB 142.250.200.1:443 tpc.googlesyndication.com tcp
US 1.1.1.1:53 androidads21.adcolony.com udp
US 35.186.210.75:443 androidads21.adcolony.com tcp
US 1.1.1.1:53 cm.g.doubleclick.net udp
US 1.1.1.1:53 sync.teads.tv udp
US 1.1.1.1:53 sync.search.spotxchange.com udp
GB 2.18.109.35:443 sync.teads.tv tcp
GB 142.250.179.226:443 cm.g.doubleclick.net tcp
GB 142.250.179.226:443 cm.g.doubleclick.net tcp
GB 142.250.179.226:443 cm.g.doubleclick.net tcp
GB 142.250.179.226:443 cm.g.doubleclick.net tcp
US 1.1.1.1:53 us-u.openx.net udp
US 34.98.64.218:443 us-u.openx.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 2.18.109.35:443 sync.teads.tv tcp
US 34.98.64.218:443 us-u.openx.net tcp
US 1.1.1.1:53 partners.tremorhub.com udp
US 50.16.108.25:443 partners.tremorhub.com tcp
US 50.16.108.25:443 partners.tremorhub.com tcp
US 1.1.1.1:53 s0.2mdn.net udp
GB 216.58.201.102:443 s0.2mdn.net tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.104:443 ssl.google-analytics.com tcp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 216.58.201.102:443 s0.2mdn.net tcp
US 1.1.1.1:53 googleads4.g.doubleclick.net udp
GB 216.58.212.194:443 googleads4.g.doubleclick.net tcp
GB 216.58.212.194:443 googleads4.g.doubleclick.net tcp
US 1.1.1.1:53 gameboost.cafe24.com udp
KR 183.111.182.210:80 gameboost.cafe24.com tcp
US 18.209.125.252:443 api.vungle.com tcp
US 1.1.1.1:53 ade.googlesyndication.com udp
GB 172.217.16.226:443 ade.googlesyndication.com tcp
GB 172.217.16.226:443 ade.googlesyndication.com tcp
US 18.209.125.252:443 api.vungle.com tcp
US 18.209.125.252:443 api.vungle.com tcp
US 18.209.125.252:443 api.vungle.com tcp
US 1.1.1.1:53 api.vungle.com udp
US 3.213.17.16:443 api.vungle.com tcp
US 1.1.1.1:53 api.vungle.com udp
US 3.212.210.16:443 api.vungle.com tcp

Files

/data/data/com.lt.latte.brick/files/gaClientId

MD5 03eb7348da4c359c20923fc9faa3a7db
SHA1 f88f309687c16f82b15a54c85008a8bfc8bf7e5a
SHA256 5b114a40b9f6662115790424351ab6b7aa9f182c3147ea145b0b5b10ca227f98
SHA512 4ac17c707be44f6eeb9a5d9352f917e27d7be6c3c0175797886316e40468910c0ad3314071bf3dfd9e788b866c97e53cf0b67e59c0755827d82fbf425f01d8a4

/data/data/com.lt.latte.brick/cache/1582435991586.jar

MD5 e8e0527a01aefdb89afd2c508f131da1
SHA1 f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256 f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512 fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34

/data/user/0/com.lt.latte.brick/cache/1582435991586.jar

MD5 fde2ee00cbd121cfab5290b078aa3ceb
SHA1 e2b77d5320e155e413d040a8c20020962065b2f8
SHA256 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512 a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56

/data/data/com.lt.latte.brick/databases/vungle-journal

MD5 801e72a898401d8ff6f25b26cdbbd132
SHA1 191420c013212451b7af7bbaf8a7e1545e0a02eb
SHA256 ed01e621d08086080c60102527ae3468e1f65977167da61c7dd7da4e3719cec5
SHA512 4d943eaa3f94ac62b7571ddb14a6d8839fb1521f29ab9345792b36ef9b970d6164a148183570cc9edec601e9c9aa3e5f7ecca958ffbab8cdeeff114514a47652

/data/data/com.lt.latte.brick/databases/vungle

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.lt.latte.brick/databases/vungle-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.lt.latte.brick/databases/vungle-wal

MD5 6e277da92f4668dad3ee95dd60fc8804
SHA1 8f6303df1d874eb02edd55cd939de260c27471e0
SHA256 e2a6cc50d3529737853b1aedbb0c755e16eb8e2fd4c7d40829d366c14524fac2
SHA512 e5caf4c3749b9af8c5b4a7351dfb9329b8d833b2cfabd69749018e50a0f6046032c0d74403ccc941a6de29b3de49b4903ef8d8c88cfbd1bd588ce2f8ec7a47cd

/data/data/com.lt.latte.brick/files/gaClientIdData

MD5 aa273a04d8904a0adbb044571810bc9b
SHA1 202655fe1bc84e9300a45812c6484f07734f0114
SHA256 eeec2fd8a2904bac0c9d2b264bb7ee5e5bc39eb0935fdecb8cf57215d385df88
SHA512 7be5fd2a0adceebdef148377635cc88b8a81b36796018f1f91e0c4f6256ab312f40beacdf10407b485e2283f0eaf37534a58d8789225010b787898c09bdfce6f

/data/data/com.lt.latte.brick/files/INSTALLATION

MD5 874c09e2af95459cb50be656413df74f
SHA1 01f7460ff2c2f18375213b85d8158e652e9297bc
SHA256 78ecfeabff56bfe7f46fe66a1a9555533daed0e53a2b1c1a3d939b267a4f58a5
SHA512 2b0aa4dff33004cc049870209849971418f09efb7390e4c5a99b33a5c8052c73bba045d873382e8e9d3c24fd4c04c450674dfd96f16e4f7c6955aaef43ef6b1c

/data/data/com.lt.latte.brick/files/adc/data/iap_cache.txt

MD5 1707b1bf51214dc5971885f13d87058f
SHA1 dd60af9dee6f8961978a28213120da9ba4ae8fad
SHA256 24c87ba6f294bf74f363ba790b7ff17a3e989ab4fd93706ab3965d2bba382f43
SHA512 bec7aa568dcceea362e7eb563ce68c84a3ed5372882765137b2d1b8e083da226c65bc96ae754abdbcf646d57c3fc79e0b52e28258268f8e04c29465e29fac6d5

/data/data/com.lt.latte.brick/files/adc/data/zone_state.txt

MD5 09b54a714fa607fba7e1df31720c2b09
SHA1 e60cec9211ae572bac7872afcbf75359bdc9cf31
SHA256 277e27508395d8bc1af040875df5e112fcc756c5523c9f3440aa86deb7ac5f67
SHA512 4139c8c634512bb7be7d9957afc5c644174d923e8c47a7fd229b5b67939a75f6c41ad2dc208c9b91722daf10284b275130102f4aab60f02029b7c930bb1496a0

/data/data/com.lt.latte.brick/databases/jsb.sqlite-journal

MD5 35b2e2bbac09cfd3e7a443080f23f23b
SHA1 2120d6a4ea38b424199bba8dba1d9daf5db17e11
SHA256 d0933dc4ab58ff7fd81356fb0f139da9287d956b27674d3ac099d15be49129fd
SHA512 27ba34d9939e9dedc8b98c703a3631ee60694c0756bc1d7539b508ef278e02b1438985795f982130e7b6701c6b31f41b240a6c5b44b07457cbacad9f9a5c5449

/data/data/com.lt.latte.brick/databases/jsb.sqlite-wal

MD5 65f4ee3b39bfee594c877a16e843a892
SHA1 c6699e85c942b9f4ac6fc337353dcae39c7cf774
SHA256 c6bcaabb1ed38585f5ec473a5afe6d28907943a2dc4de178d3e406049488653c
SHA512 843a75ba97b7326502389192952337cc881ec01c1261f4eb0ca0d89eb80970a20cdb1135fd4eed2342eba7cb22b662fcc051941a696eddf0043172e6bafbc30c

/data/data/com.lt.latte.brick/files/lt_brick_game.db-journal

MD5 bf619eac0cdf3f68d496ea9344137e8b
SHA1 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
SHA256 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
SHA512 df40d4a774e0b453a5b87c00d6f0ef5d753143454e88ee5f7b607134598294c7905ccbcf94bbc46e474db6eb44e56a6dbb6d9a1be9d4fb5d1b5f2d0c6ed34bfe

/data/data/com.lt.latte.brick/files/lt_brick_game.db

MD5 d22730dc388840db8360e620738aa303
SHA1 a1325e78fa33cb2c4407a520e3dc4d12caa18da5
SHA256 de50c5df8581de4ea20cdfb45bd65b1e1366a9abbee1920b549dcff6c71d7be6
SHA512 bf63531d62f95156b523936cc27598def1522a3022ad8e2b186825fef5f0ec7a3ca4bcb6dc9de31f85d79d6f0a7c20d52c10e006cc82fd1f77e82296b2662eea

/data/data/com.lt.latte.brick/cache/volley/-139605349995085421

MD5 b8fd5bc70ccbfd3b9f01d56049058534
SHA1 314bce3a683063cc69720c591444fd2173f06340
SHA256 44b71b28604adf57d8192779f99c4f70279f597bb6c967e0999f52a76bd35dae
SHA512 20ea491c59277aa5235acf7a84e3c0e34dd745070131e7d817b7e0fb9db492fb5ddd5c989da13f2d5aef4471b56c83d5b984cc9c12f2bf762a2ee740f485c83b

/data/data/com.lt.latte.brick/cache/volley/-1661412709-2019316947

MD5 194be371ff97e83b80d9284cf9eec679
SHA1 db5c55daec178fb6b82d139038d7eba6aa481329
SHA256 b600445b5bb6984cb5e6a38539a52e719f7586466e5b70a6d4dd1be043759dcc
SHA512 d91ec965e20cbea1b3e944cfe2710b9b91e12e8f88c7819c297dbe409e31c7f64395f9bdb70473bf6274bbb43caf3c672b6404b2abb47a5cb54241a92d774d46

/data/data/com.lt.latte.brick/files/lt_brick_game.db-journal

MD5 fa5bdbf32b0e05d8cff253bac39f5e33
SHA1 c14753a951e931f60cbd0ecf4739c066a80ff88d
SHA256 fe7e64a39cf43e3d997cce17c3fe3228ada4936a7a8dbffea25a8950fd3d7571
SHA512 af40f5e26bf3222c81cedf766ccb16767075c7409235453fbf575fcfd0b9dda7fd4cfcc05ae67335436f96ba259fbf1fc944e637da0de7df49ce000f4b9a11e8

/data/data/com.lt.latte.brick/files/lt_brick_game.db-journal

MD5 8a7f6cada2367777f4d6ed139ba5c51e
SHA1 b4520141b61283ddc9394ebf8cf0c0d252a41fb0
SHA256 ac3008e27f3bf2ae3859d4b22c4ff5e77959ebc1b1bb8c1995971772bbf399de
SHA512 4dd59136f481a61752ddcb7e2692687a3e6ef7cebb13d8426ff96301482cc84ba35c0ea0ad10fd251de7a87a8c9204302f74e9722533c929b4dd9c8dc5b51f9e

/data/data/com.lt.latte.brick/files/lt_brick_game.db-journal

MD5 10b89b302915a2cb7dc9295a78b48ec4
SHA1 ea72268e195cb619ae2eea848ff0f8fb7b1a2e89
SHA256 3328b7a37ce6c4ffafce52e31c9b897119888d2852f14700c64fc5670d32e52b
SHA512 11b29a02e6831458a6bf4372d04dd57aa7c6e7ee45e6069b55e95f7b5734ee8d747d9711e6429e75690546d8346c261ad764871bd342f0cd3b2f398b47c4f4ae

/data/data/com.lt.latte.brick/files/lt_brick_game.db-journal

MD5 d205a4af1dd0f9b8d72f14c90b921a75
SHA1 f9c000ec5d990263a64560e7a8e97939534cb379
SHA256 4465dc7ee8cf9db08426815ca9c0b97cb86fc035295cad4113665f0d27b63d82
SHA512 0610e43d775c97ffe459c04ad3029ccf626360e85b1b809ef4a352f400bf429f1119e24fbec076addd615e3fa0261f5bd201f7c74eca3b82b27d94e6cfd10f0f

/data/data/com.lt.latte.brick/files/lt_brick_game.db-journal

MD5 8f2e39f022da4c4ddc58c754d6d8c2ab
SHA1 9f4fc46276c6f4daa63663be93a7ac73b6150034
SHA256 03bf79bdab1912b8c1e9ea96d6b3a6bf98c810a52f6ba3d4f6e91aff1838f434
SHA512 e92600e4a2fcc0bc4d9527c0f9d79248e03a7fe3dbe774c1ca740fc25f85e44055b17f96f125810a4a7ca416ad1bb16063fd3bf2ffa32371b47048e9545061a8

/data/data/com.lt.latte.brick/files/brick_gb.cfg

MD5 7769a753d366caf445364fca2d6963b5
SHA1 5e1d92250aef451da16959d8ffa58ba1e2d72004
SHA256 b6b90f4e5fa9d8fd1a8c2adfe56ddfe5a4df0af255370688f4b22d75c64a90cd
SHA512 4d9e272a6bb2fc0cba1a7bbae1aaca9738715f836a0f7600e7161bdf05deda877fe371f3409b4ab8dc1dddbe693293e8de5e6d836a470dc610001f800885b445

/data/data/com.lt.latte.brick/files/adc/data/session_info.txt

MD5 13cb872737a62e1d02b85aba6bc743c5
SHA1 4e16dbde22ed304f0bc27b3f7f91ddab168bb393
SHA256 0ddd230646843876a7cf8eef88d4f5d4fc153f128b85dede7c135e1dc209c178
SHA512 c5761fef363cfb8876d8ec048e906aa63951f98d8c6019474633b0787cbd99d10b88a4160a72ea6e4fc646c0706199ca3092f38f8638315ab5f29ab5466acbfe

/data/data/com.lt.latte.brick/cache/oat/1582435991586.jar.cur.prof

MD5 a3b78d197d786c13687c3f0f89703bd8
SHA1 9967f0726b6b1ed3f198904547b81920f8329621
SHA256 c5e6754556dbe01b055066f23c28ddaaf5fe67cee4baed00d59dc993335b3d97
SHA512 9a47c9bb977edec9d29d22f280e0078ca931a722eaecc2b085c6b5aaf6246d17a6ad07c9faca45070bb5b89a3ee6cf896f5e2c7e73fb033e3ac57471df70a8b1