Malware Analysis Report

2025-01-19 07:47

Sample ID 240611-1gr2sasfqf
Target 9f9cfe1fb36f7f5a52991c567016fcb8_JaffaCakes118
SHA256 63c6ebf5738ee01e70653ffbf3e5444dae5d2438db95a125fca373e184e4ebb7
Tags
discovery evasion persistence
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

63c6ebf5738ee01e70653ffbf3e5444dae5d2438db95a125fca373e184e4ebb7

Threat Level: Shows suspicious behavior

The file 9f9cfe1fb36f7f5a52991c567016fcb8_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion persistence

Requests dangerous framework permissions

Queries information about active data network

Listens for changes in the sensor environment (might be used to detect emulation)

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-11 21:37

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 21:37

Reported

2024-06-11 21:41

Platform

android-x86-arm-20240611.1-en

Max time kernel

132s

Max time network

170s

Command Line

com.gtsoft.KidsPuzzleSantaFree

Signatures

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Listens for changes in the sensor environment (might be used to detect emulation)

evasion
Description Indicator Process Target
Framework API call android.hardware.SensorManager.registerListener N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.gtsoft.KidsPuzzleSantaFree

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 www.greentreesoft.cn udp
CN 39.105.210.20:80 www.greentreesoft.cn tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
CN 39.105.210.20:80 www.greentreesoft.cn tcp

Files

/data/data/com.gtsoft.KidsPuzzleSantaFree/files/kids_puzzle_xmas.ini

MD5 6c7df1cdaa91ee216c4bfe9529ed086a
SHA1 63ae8c350ac214b09cba0c24c91c54eefbd0720a
SHA256 6c26ed1b75a3eb3f418a9e32f4b3b230060d610df46ab43f2f6103259a15a8e4
SHA512 8e11a918ef34dde07d1d99ff764a2043576a764eeb71e8dbfde99082f812d05db9e08705ebbfb586f5ad025c990de53417beb09759b80eba62424d34ff26026c

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 21:37

Reported

2024-06-11 21:38

Platform

android-33-x64-arm64-20240611.1-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 172.217.169.68:443 udp
GB 172.217.169.68:443 tcp
BE 142.250.110.188:5228 tcp
GB 172.217.16.228:443 tcp
N/A 224.0.0.251:5353 udp
GB 216.58.212.234:443 udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-11 21:37

Reported

2024-06-11 21:37

Platform

android-x86-arm-20240611.1-en

Max time network

4s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-11 21:37

Reported

2024-06-11 21:37

Platform

android-x64-20240611.1-en

Max time network

5s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-11 21:37

Reported

2024-06-11 21:37

Platform

android-x64-arm64-20240611.1-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A