Malware Analysis Report

2025-01-19 08:04

Sample ID 240610-v6qmcsvcqn
Target 9b7b5fa6f7c66f9c7d3b079d396917d9_JaffaCakes118
SHA256 075631e332e58b5e1ac4de06da3329a554620cf2332f83719e3c973c35793568
Tags
discovery impact persistence
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

075631e332e58b5e1ac4de06da3329a554620cf2332f83719e3c973c35793568

Threat Level: Shows suspicious behavior

The file 9b7b5fa6f7c66f9c7d3b079d396917d9_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery impact persistence

Requests dangerous framework permissions

Queries information about active data network

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-10 17:36

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 17:36

Reported

2024-06-10 17:39

Platform

android-x86-arm-20240603-en

Max time kernel

179s

Max time network

187s

Command Line

com.example.administrator.projectManage

Signatures

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.example.administrator.projectManage

com.example.administrator.projectManage:pushservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
US 1.1.1.1:53 sdk.open.talk.getui.net udp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.76:5224 sdk.open.talk.getui.net tcp
CN 183.134.98.102:5224 sdk.open.talk.getui.net tcp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.76:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp

Files

/data/data/com.example.administrator.projectManage/files/init_c1.pid

MD5 917a6773191dc2961c33ffdbd41f6ad5
SHA1 fb84bfcc070aced0cc3a83589dc7292ae3d8e9e6
SHA256 4ed916d2e9a3ecb53c22f758a90bd2e6372c5b3bd365dc4bcb754f4882816fa6
SHA512 b30eb9accde43ba6e05b4fdc415538ff9acfc3aa5ee6573b2ff105eb09c303e8480c1c13d57d90af0a0ea6b7655cef667e0ffe9e1bdeb8ab414deb0e363ea520

/data/data/com.example.administrator.projectManage/files/init_c1.pid

MD5 aec570499f35645c232a4a5fb558dcf5
SHA1 916ef1f509a3b120e8e336f33a2c43260ab0a004
SHA256 0fac3e955594db8c6d99b33ec073880b1e9ac7695d9843d3f86eb04d903819fc
SHA512 d0c386bfd5f280e1c440a0ab2cb1e908ddfede4ebf036f178b5d81f97902f289bc3d4b9ff882081161704ec60a5cb098e756a51123f1096e7894e27d8e9ef489

/data/data/com.example.administrator.projectManage/databases/pushsdk.db-journal

MD5 0c7aefdc819553ae082c27e3b769f50d
SHA1 9f07cde79e5f8d5517a0111a4d9d0c2e26dfcb9d
SHA256 f947166fa4a40a00e2e678fd538948bff22c154f14553d4609075e1fb4d6f164
SHA512 bfe92f890f9b0c5553293495be38a337172c6655e4488264e44bdb236f3f74135ea3008a9c6143882bb858000debb18e1ef6e5b74b09d4afbd847af416e5cf5c

/data/data/com.example.administrator.projectManage/databases/pushsdk.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.example.administrator.projectManage/databases/pushsdk.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.example.administrator.projectManage/databases/pushsdk.db-wal

MD5 f31c31bc2c0ab57d6d783d6b2c4c278f
SHA1 bfde8395be842bff0227302f275bafcf0bea6a3c
SHA256 73d5b6ba74c6dbb37c8d8e405f6ab24884568631986651fd9ecd855e6ae16024
SHA512 948ad558a9847ed6fd851cb05323e7c06bef7d6a14d84bb0abc2ef6d2f76361cdd7460318ee7dbe4e4033486c96c510c046380296c6bf9206eadf5e8cb7c3f7b

/storage/emulated/0/libs/com.example.administrator.projectManage.bin

MD5 69157ba5a373197b16f565accc108d39
SHA1 b74da63ffe5181783872e4080641bd3a7f497c68
SHA256 1751257c6f34d97033c90131a602443a57bfef39ccc28063468b025e422747b3
SHA512 b155bb063dc1c6edbcbdf36c6229d7751e5ed6fbdeb9d2beb575176ad80c5f4cff5db2a791bcc8c944b28dfe016549569723f081800cd90d4ba3082226bac674

/storage/emulated/0/libs/com.example.administrator.projectManage.bin

MD5 26f9f8afc387e88f29b996a28bedf410
SHA1 53108f489070930ede59c4a3884f681f06141869
SHA256 d9028d6ac19b0b94d57eb406951da23d944fd03ece087155f63da7d7ae577d81
SHA512 fd93d10fffd5c270efb949a1c64cb142f1a36b58712f05d13391a11d45d7c31bef3b83bb3b012a0517f660ea1f2bd76e567d7f8c1aaeeec0bda298d0a23cd700

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-10 17:36

Reported

2024-06-10 17:39

Platform

android-33-x64-arm64-20240603-en

Max time kernel

178s

Max time network

184s

Command Line

com.example.administrator.projectManage

Signatures

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.example.administrator.projectManage

com.example.administrator.projectManage:pushservice

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.36:443 udp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
GB 142.250.187.227:443 tcp
US 1.1.1.1:53 sdk.open.talk.getui.net udp
US 1.1.1.1:53 sdk.open.talk.igexin.com udp
US 1.1.1.1:53 sdk.open.talk.gepush.com udp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
US 1.1.1.1:53 remoteprovisioning.googleapis.com udp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
US 172.64.41.3:443 tcp
US 172.64.41.3:443 tcp
GB 142.250.179.227:443 tcp
US 172.64.41.3:443 udp
GB 142.250.179.227:443 udp
GB 142.250.200.36:443 udp
GB 216.58.212.196:443 udp
GB 216.58.212.196:443 tcp
GB 216.58.212.196:443 tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.178.10:80 play.googleapis.com tcp
GB 142.250.178.4:443 www.google.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.112:5224 sdk.open.talk.gepush.com tcp
CN 183.134.98.102:5224 sdk.open.talk.gepush.com tcp

Files

/data/user/0/com.example.administrator.projectManage/files/init_c1.pid

MD5 256bba49b6799443e118d57804f59374
SHA1 4df6e8d04e9fe33255304353de7928672c0c4bf1
SHA256 08d8087ba75ad1022eec8412b37227ab3220d0ad7d951b45ca051cf1887d023a
SHA512 96ecb96758109f6052eb173fcc7728fc33cd63defdc4b3edc1e991877ec9a9b62fb664a7dc7047fa9483efb736245d44cc328dbab5990c41533cac7cee388fda

/data/user/0/com.example.administrator.projectManage/files/init_c1.pid

MD5 46265a6e3a34c024198199456b4db289
SHA1 d2082061dd63443617655f513fdbaa22d4166a17
SHA256 f28acc7d10069f24ec2b4d71004ce2a0ad2af198d3d5dffde806567cb9160577
SHA512 184b78400491f8b56b32fa0efa73ec5e31234f19c7454ef29b27300fc7ac9d7ce88256cbc935c7b37b13362e1f2aa722d60cbab61ecff8f736fdc74cb17ed0d3

/data/user/0/com.example.administrator.projectManage/databases/pushsdk.db-journal

MD5 6ad0fc1b2e759a2e84ab4602e42fc9eb
SHA1 084a02115b8895d5a78ab5fbae8879529902f2fa
SHA256 8a3a5bc7ff313d6de79fd5e43b3702aa900300fbdee607d16a9625d99a5842df
SHA512 43493868122928a5f4f53f6dc692b5bbb21a321b55d62cf044d0201de7e5db2f3045bad600fe1bcbf2b763bb1103929ad3ef3876372253819ad3bdfa1dc3d517

/data/user/0/com.example.administrator.projectManage/databases/pushsdk.db

MD5 94c874fa5cccefffd9d1040048e32682
SHA1 35d8992dc22cf5c1e93b7198528b0aa6bc5af981
SHA256 de11bbd60f833af7ef6a4f6a21220dc0920cdf43987aba5695c6a66a2278650d
SHA512 7df237fe034ce984038eb72978f51cf78aea3cfc26672ee460f9435e5c91bc6e7b43ca70b429281d2a7eabfb831547ce36d2b7ea675fd10e47e39626d8eda309

/data/user/0/com.example.administrator.projectManage/databases/pushsdk.db-journal

MD5 423d67db6a1f5db82b05d8f4f4053769
SHA1 0778a6ea748789e6102773ff1177e3a3aaa6cadc
SHA256 9bf636aed2a09dec290de6be686763b6e92be3bea2b4b4ee2149885197903670
SHA512 a6d138a842401eb6ed26e07a4c6d4a1c8b9d50d7c9a05b67466bc2a4e356293140ff27d422443dd8143966676492139b8769afeab9fb165c63da0183cfa39a8c

/data/user/0/com.example.administrator.projectManage/databases/pushsdk.db-journal

MD5 813d746808d1337a04f6cb1b07f56f73
SHA1 03b67c65374ff6d37a844e3f0a5d43df6350380e
SHA256 1b233cf6c2a39a585a30e43d150a4189af906338c1020e4eda3ad59d34270c71
SHA512 7dd284325399d0e32693a210311a893da9ec068f33121407b0892e8475ffa05bcc2fd51d5fcdb12057ac6c30e72fac15d7d368e98f910c76eba79688cbcdacb0

/data/user/0/com.example.administrator.projectManage/databases/pushsdk.db-journal

MD5 1b37b744f93ed4df13e84c855a0eb237
SHA1 83bad7bd209d93bd92485516170ecda838d4aa52
SHA256 1eacb9e2650f801ea48118047f8a369055b40d473f3d887b922626c3b57509b3
SHA512 87eb9f92f2595a4f3ccac9ec7d12b08b151fa0ef1afbeb964aa7daa85543c40fc2092146261b3d24fbcbe8cc453951b9678c8b16282fe537ca63681e9ddd73ad

/data/user/0/com.example.administrator.projectManage/databases/pushsdk.db-journal

MD5 6e9906958c8ffe101340759c09accb9b
SHA1 0c778ad3e8ce09b0a278ab08882f1190d8829088
SHA256 fd4fd622a51926e79fd12685615d926d6fa1aaeed85543a7759cfe637e9c735f
SHA512 aaa05dd2d483a241a0218d7938b6679d0d3633cd21ee48966984c4c0b40e1dda8df87125359c36581ddaf8b4d2949e225b8394f829dca7263864ed874f658d21

/data/user/0/com.example.administrator.projectManage/databases/pushsdk.db-journal

MD5 31b1f6f7d9965ca66d6ce90990b357f9
SHA1 c8feaa70222340a97a0b270001c4880fc7a0542e
SHA256 830c7f41c880e285e800ee16c57ccfcb130932504f483f15ea22623908b61b56
SHA512 9e4ae822273ed6cac360d8e2cf10c836a676a9a7c7706dc4e44a3ebdbc509b8f3f32c93407873ef5a6b6ba708433f10c3291302c411afb2b14fe5d22c4780bcb

/storage/emulated/0/libs/com.example.administrator.projectManage.bin

MD5 f79bfc26a66f6121495027a55cb518f7
SHA1 fe312d23d39848999b26873b721c4c567f076edf
SHA256 a41206b98bbd1c20ced6ac2f28ec42199647879c3b1ba4c51c5942e50c97fba8
SHA512 0dd7f60b50fa991682536b17df0e0bdee8467529273808b3e92616f0d137570c66dacd93dd28abc829936dfa9490d5d79b3ed81d7be70fec1eea8638cd4ab6c1

/storage/emulated/0/libs/com.example.administrator.projectManage.bin

MD5 f399bb42758598a69f728d89cd0328cc
SHA1 f49bbfaefa0a88461b5018d890943f6977e4aeff
SHA256 5ce7fab72e6824c40a1412ac5f93fa8974706c421d4d8791bf3cd93cb42bd548
SHA512 64867e6d531e281449b79147449f342f6dcae6f1943a6ee2554b89562141578eb9cc54b66d32b057c33bef32d24123b2fa9570bc2a4fdf21b6be8ef8249a38e2