Analysis Overview
SHA256
63c6ebf5738ee01e70653ffbf3e5444dae5d2438db95a125fca373e184e4ebb7
Threat Level: Shows suspicious behavior
The file 9f9cfe1fb36f7f5a52991c567016fcb8_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Requests dangerous framework permissions
Queries information about active data network
Listens for changes in the sensor environment (might be used to detect emulation)
Registers a broadcast receiver at runtime (usually for listening for system events)
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-11 21:37
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-11 21:37
Reported
2024-06-11 21:41
Platform
android-x86-arm-20240611.1-en
Max time kernel
132s
Max time network
170s
Command Line
Signatures
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Listens for changes in the sensor environment (might be used to detect emulation)
| Description | Indicator | Process | Target |
| Framework API call | android.hardware.SensorManager.registerListener | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Processes
com.gtsoft.KidsPuzzleSantaFree
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | www.greentreesoft.cn | udp |
| CN | 39.105.210.20:80 | www.greentreesoft.cn | tcp |
| GB | 142.250.187.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| CN | 39.105.210.20:80 | www.greentreesoft.cn | tcp |
Files
/data/data/com.gtsoft.KidsPuzzleSantaFree/files/kids_puzzle_xmas.ini
| MD5 | 6c7df1cdaa91ee216c4bfe9529ed086a |
| SHA1 | 63ae8c350ac214b09cba0c24c91c54eefbd0720a |
| SHA256 | 6c26ed1b75a3eb3f418a9e32f4b3b230060d610df46ab43f2f6103259a15a8e4 |
| SHA512 | 8e11a918ef34dde07d1d99ff764a2043576a764eeb71e8dbfde99082f812d05db9e08705ebbfb586f5ad025c990de53417beb09759b80eba62424d34ff26026c |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-11 21:37
Reported
2024-06-11 21:38
Platform
android-33-x64-arm64-20240611.1-en
Max time network
7s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.169.68:443 | udp | |
| GB | 172.217.169.68:443 | tcp | |
| BE | 142.250.110.188:5228 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.212.234:443 | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-11 21:37
Reported
2024-06-11 21:37
Platform
android-x86-arm-20240611.1-en
Max time network
4s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-11 21:37
Reported
2024-06-11 21:37
Platform
android-x64-20240611.1-en
Max time network
5s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-11 21:37
Reported
2024-06-11 21:37
Platform
android-x64-arm64-20240611.1-en
Max time network
6s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp |