Malware Analysis Report

2024-09-09 13:36

Sample ID 240611-bnx4yaybrf
Target 9c8d7f1b106804b81f2ac9f4299541a2_JaffaCakes118
SHA256 e839085fd6b075132f9f84123cd77f1c7afd3728e88826ee53e83f3f4fdfff08
Tags
collection credential_access discovery evasion execution impact persistence stealth trojan
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

e839085fd6b075132f9f84123cd77f1c7afd3728e88826ee53e83f3f4fdfff08

Threat Level: Likely malicious

The file 9c8d7f1b106804b81f2ac9f4299541a2_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

collection credential_access discovery evasion execution impact persistence stealth trojan

Checks if the Android device is rooted.

Removes its main activity from the application launcher

Obtains sensitive information copied to the device clipboard

Queries information about running processes on the device

Requests dangerous framework permissions

Acquires the wake lock

Queries information about active data network

Queries the mobile country code (MCC)

Reads information about phone network operator.

Registers a broadcast receiver at runtime (usually for listening for system events)

Schedules tasks to execute at a specified time

Checks memory information

Checks CPU information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 01:18

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-11 01:18

Reported

2024-06-11 01:21

Platform

android-x64-arm64-20240603-en

Max time kernel

43s

Max time network

159s

Command Line

com.explodingkittens.projectbombsquad.hack

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /data/local/xbin/su N/A N/A
N/A /sbin/su N/A N/A
N/A /system/bin/su N/A N/A
N/A /data/local/su N/A N/A
N/A /data/local/bin/su N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Reads information about phone network operator.

discovery

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.explodingkittens.projectbombsquad.hack

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 onesignal.com udp
US 104.17.111.223:443 onesignal.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
US 1.1.1.1:53 lp.androidapk.world udp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 onesignal.com udp
US 1.1.1.1:53 accounts.google.com udp
BE 108.177.15.84:443 accounts.google.com tcp
US 1.1.1.1:53 onesignal.com udp
US 104.16.160.145:443 onesignal.com tcp
US 104.16.160.145:443 onesignal.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.187.195:443 update.googleapis.com tcp

Files

/data/user/0/com.explodingkittens.projectbombsquad.hack/databases/evernote_jobs.db-journal

MD5 72f17634e98077915f218a74efa64b92
SHA1 a82b047378a0218a6a1898542a024517cc459f9a
SHA256 247a63f274f8edda3f96fe8742dc09a6f7c8c8a8ceae6b08eff6b58537db5702
SHA512 0c211e294d50efaa95eb4c1d825a2133a44b37fe4253066695e9ecb54e03a4e9b375b105d09c3b3230ee73d62d960a359cc4c1c12be51328e3ff1a48c5cdf8e3

/data/user/0/com.explodingkittens.projectbombsquad.hack/databases/evernote_jobs.db

MD5 e0e5e36897f039cea03365d04a78f2b7
SHA1 501b030c64b42c9fe1b76160da7153c0e224bf26
SHA256 a98ea3d5d99739bc6d6eb7704c5c8eb488c65d98bc493d5c8f58e9b6a0e487a6
SHA512 020bca70be77dedc8583e93609660d753198f45e37460bd4f401775ae1bacde40f3299ee697b918143f7a6c9b6255ea997517b854dd269b3996cd6a74402cf54

/data/user/0/com.explodingkittens.projectbombsquad.hack/databases/evernote_jobs.db-journal

MD5 6aac555e5587b1fff6e5ac08e7e14902
SHA1 eb4712293b1416be49ecf1ccc1c0782a89f7c2e9
SHA256 d5e370d638804ab12b39ce0f8b5fdda78ffcd3835d56532f69a152749af7ad0a
SHA512 dd7a2002c962e1816c24ac7b565e139be736a34e296c2d0f002fbc4848bd18c86e3d9436dfbe00378725f552c56d3c6e0c4a0e8dc80bcf6fd5071d6b37fb2bdd

/data/user/0/com.explodingkittens.projectbombsquad.hack/databases/evernote_jobs.db-journal

MD5 9bc8b7b1da016821f64e44553d9bc155
SHA1 fd253fb507e3f2905b2e773fb15c493effbad53b
SHA256 c6008d1d89d18ea5d0b65d516ab6b5a45adce442086f36de4a3710a4cd516764
SHA512 461f4f69b605c70f34e1f65834a68e2221b85f0370cccfc3e1e0aa2179418b73f46aa45d94571aee6907407d8c264fa814b1c3b4a7a2525aa42ee346bb3c178c

/data/user/0/com.explodingkittens.projectbombsquad.hack/no_backup/com.google.InstanceId.properties

MD5 be2b043897bfdebb3d6fec3c1bbfb11d
SHA1 e77295d87a4376fd820e4af43c4a7d0bdc4b414f
SHA256 3caef765eafe344306c89dd52ebdef05492f6b0882c9d343ab9f5ad10b44071c
SHA512 6b4acb43c21ba1f2d7092b9a2dd8e8711f93dedc68d4fd1489824868ead362d2a3b34e7ad8c6b5b6544d52606cc2744b88505b3eacbf05d4aed8af28000eafe6

/data/user/0/com.explodingkittens.projectbombsquad.hack/databases/google_app_measurement_local.db-journal

MD5 811287d8b420407f7d707cb1b457093b
SHA1 856fbdb42648da10725abd22a02ae7d03f99ebc8
SHA256 a0dd444cf3d5b3d0ff77136d5ee0319b97041ba65bb0244f180c77109e99f144
SHA512 fd19d1509440579d530272a298c8c8e301aac6d82e3ee0ecef35eaf3af5d2c83982d824c4d81b77dc025a8e444d3b0d81b6c04ee7f91af17b6b420a42337adc9

/data/user/0/com.explodingkittens.projectbombsquad.hack/databases/google_app_measurement_local.db

MD5 d9cf75fdd1c2292d986f6c3d5d60f2c8
SHA1 07ecb1d3a26d952ae5fecf54f36699ab498510b1
SHA256 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a
SHA512 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb

/data/user/0/com.explodingkittens.projectbombsquad.hack/databases/google_app_measurement_local.db-journal

MD5 dc3ef54881a2caeca44be8a844101d06
SHA1 d282dce0d2ff6cc603e18be9f9960ac8692bb1ea
SHA256 78c20377ca0beeb83e56a5c57565a974570f3b8e43f319baede57d179bcff9d3
SHA512 f15177bef926fbb5757b4bcb180e54276d78175eefcd6a41e9694139ec24caac0088d0edeedf11dbe893fb89721674850dbfe86a01ff85a99b05b44381407e0f

/data/user/0/com.explodingkittens.projectbombsquad.hack/databases/google_app_measurement_local.db-journal

MD5 b8e5be64b23c0f4f4f1080bd3cf35975
SHA1 6f5fbed1db95f612349920de3c38e9f17e1d28d9
SHA256 b842f9282766481e8d2c25fc8fa22a6cc3e969ab90433f54447af03852cc8662
SHA512 68fb78f0a426471daecced3f0d715f6b1ff43047404eaae2906a3dec83bdf92555acba5912877350d8ecefba223d3207b05a86d23e6bccb3dbf3a74be2ff5569

/data/user/0/com.explodingkittens.projectbombsquad.hack/databases/google_app_measurement_local.db-journal

MD5 a237a6ac3b1231409f47b8b17225a26c
SHA1 38646d0e8b5be2301c885573374bcabb874c812d
SHA256 42238b9f7968d231344911b4112ef9c83793da6933e022ef2718323ab7659154
SHA512 763a14635b6038ccc2af1db73bc0296779fb7735089c18bf7262e29a4fdbc5af9d565598040fc9c70a1374aeecd8b6ca550a2be03489d4c650287815903d774d

/data/user/0/com.explodingkittens.projectbombsquad.hack/databases/evernote_jobs.db-journal

MD5 beadba3549bba75ba9f4b3c6cb3a31b3
SHA1 c5599eb7fec89053df3c1c21ec34c63e198f2c41
SHA256 ad84ba4850cd3022948d93ad40d4c4fec7437581f1b328b56f7896debefaa835
SHA512 bb84ea9d915b96ebd8ecaeef3c07c609502c84c2c5083ffbecdf5334ad7e810d48d5a3bbc4ed7608e57843ec8723103ba60ca5ae902f87e394d217f0c56f7394

/data/user/0/com.explodingkittens.projectbombsquad.hack/databases/google_app_measurement_local.db-journal

MD5 ba2e4b477c8ed84664baf8d2de3a6485
SHA1 912094416fa6a9b536b0605ece812fd0eed33931
SHA256 c879595c450be4be8ed6cd18a865a02109c5e73a47648da40a4f26716b0d96ed
SHA512 f941a7809712bd771cbdf306e420d1c5d5dc5f433f23ab3786612ec1aeb71b72932f8c297ae87bca0c02d3b309d84a597c5c315a1b41acaba00cfae7e5b660c3

/data/user/0/com.explodingkittens.projectbombsquad.hack/databases/google_app_measurement_local.db-journal

MD5 3e5617a1e9b384910d5914826b411e2c
SHA1 dc14d828e926456447122848373daa0c96ab27d0
SHA256 0e4ca9ed0bc4df089fa8ca54a6e42862303fa72090a788831c1ac2da33fe3f98
SHA512 1d6ceef84fe28d0ce9fe1cd160d4003b0241a6dc02a316af052cc84268fe84461017f2068b086e2bc5086138f6720594ec7019bf39a2259d6789aa64ec2e9570

/data/user/0/com.explodingkittens.projectbombsquad.hack/databases/google_app_measurement_local.db

MD5 2b566aa6ddacc79497cfce0893f595a1
SHA1 2675d1a35b45e0056a34dc9d774c240c2cdaae07
SHA256 86987ff7298bfe7a9f20333cd86ce7bdb3335e9fb012313cf31c3243dd3d4b88
SHA512 a552a770181b9302acb53b99fff99048a17335739cd8e11be1050c6d6045a4d31e4fa3a1ab751c3b15f316cc4385965342f16f0a1347d951d86b78dbd18da389

/data/user/0/com.explodingkittens.projectbombsquad.hack/databases/google_app_measurement_local.db

MD5 89544a79e968619902ef4ab919b9eeb5
SHA1 9ca4b6cc12ae2823adff9a6b992885dfef8b7483
SHA256 17c4bb2a3839b43c0adb329c3749ca3c431b70e98e30d78f25a9cb861ecd330e
SHA512 91f6d0605371e5497d3d56602381407491f613ea476ae9e7e810049f17a63a6d784c35c106a85d15bba852ec07ecfd6f0e6487c25baf3c7b26d029f064ac6570

/data/user/0/com.explodingkittens.projectbombsquad.hack/databases/OneSignal.db-journal

MD5 93362fec690a0c0db34d1872ad125230
SHA1 d157ade3b7b24ae4b9a51046386fe12b71bd2d14
SHA256 c84de15cf9985e7ec571b9ffb0d9dd2f599d7680666d4ff37dd3af564f4ddee3
SHA512 3bbb8a1aeb963fc2aa0e8a151dfe76d91fd07ddf1d336f207b7fba1a7f434d1890b8632e1ff1d94f992a1155c8d1e6a17160df94cecc2f914562b48a67db84fc

/data/user/0/com.explodingkittens.projectbombsquad.hack/databases/OneSignal.db

MD5 2479ff01e32c1445266304f37e9e7b35
SHA1 63a2b50d03eff98a4b5e684f1f95996b78219e6c
SHA256 c276033016c0ae04c4e1a7128d443a01aab24d99c434696ee1b01fef2d3acf15
SHA512 14b24f8be6f9a88e31a2d74f3f13cf9e84817bfe445b8b8a873c1678f274714237b3f1a2fc9c5821c300fc72418e3229439107c2a2ff307007409dee6fdf16d3

/data/user/0/com.explodingkittens.projectbombsquad.hack/databases/OneSignal.db-journal

MD5 667ae2cfe065f51cd32b077f1c3d5d77
SHA1 edaf2324bdca077e22977d4f4bba26ca6fb5291e
SHA256 2f0a510380465c119ad8e7bef072778b14614deb9a3e3b03a068ab9abd5662e8
SHA512 9fc5f00c383e042e07bf702a3c7acda0e68031b72e603e3ec6c4826624b108bd12f4cf7f85124697f64792abfce0cc9d4e0ff353fb379c32dfa9599ace16f333

/data/user/0/com.explodingkittens.projectbombsquad.hack/databases/OneSignal.db-journal

MD5 5d1a3540c0724d9b478156baeed9c001
SHA1 1739355d30026c324f870cef8a00ce656c0e0834
SHA256 038abd31f37ae9c3f3b2752156b1f77299432b8645211f125bde379d90be9a0b
SHA512 9587715ec885e4077fea1d83734a3b90e564c001885e5d04617008085d119741966219a78c164d80ad056fcf2ab1d4e18cc1ded82b1158c9908a5708558294b3

/data/user/0/com.explodingkittens.projectbombsquad.hack/databases/google_app_measurement_local.db

MD5 eda733c1ee0cb0711eb4d04c4e193912
SHA1 770a2cf4cc092fdf62af39ccf16b037452daf48d
SHA256 cbe990e559bc8d0e2a619fba456924e7be28a9f4eddb0360622c6655d9557713
SHA512 8a1032d325e3a58fcf41f4b134e10e54415e117cd9b791810e38b3ecb8eca010cef38ae3493a8a93d65279bfa2dff7e6f9ed3214f9055acf38332dce299f2071

/data/user/0/com.explodingkittens.projectbombsquad.hack/databases/google_app_measurement_local.db

MD5 4f0dd84f61acad89683879098fbfc301
SHA1 5160d861a7f7071de6a9325d9c5b1bdf7157e067
SHA256 811110723cc3a0d057aea22fd6d7cf5e52480040b6acc1f7cd4fd4ec474e26a2
SHA512 eabe2c7990c4a7a45ff33500df59a2619a3d8289d7989aba1198c0fafec5bb6fe2857865eebe67680be5718055c7eb01af10ea80e4a6b3b72767a8436ca829ab

/data/user/0/com.explodingkittens.projectbombsquad.hack/databases/google_app_measurement_local.db

MD5 818548be1885386cc995f564f36a8e8e
SHA1 008b0c602ed55b1122dadfb3a20db517d55c10b3
SHA256 b4765a86f69c122307448d0c6e81cebd52ffbc59b0d19da42971e2857f773e6d
SHA512 47840561a1eded73600b656576a7a9195bd1beddb79b08090b9e6bd9ab610de6cfb0a334310bfefe0b33ef157d420aaa17c6315fa2e689398da3328c4460a02f

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 01:18

Reported

2024-06-11 01:21

Platform

android-x86-arm-20240603-en

Max time kernel

25s

Max time network

131s

Command Line

com.explodingkittens.projectbombsquad.hack

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /data/local/su N/A N/A
N/A /data/local/bin/su N/A N/A
N/A /data/local/xbin/su N/A N/A
N/A /sbin/su N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.explodingkittens.projectbombsquad.hack

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.42:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.187.202:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 onesignal.com udp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
US 1.1.1.1:53 lp.androidapk.world udp
GB 172.217.16.234:443 semanticlocation-pa.googleapis.com tcp
US 104.17.111.223:443 onesignal.com tcp

Files

/data/data/com.explodingkittens.projectbombsquad.hack/databases/evernote_jobs.db-journal

MD5 434154205802a4f87ca4a8210a9aaf97
SHA1 d0640f7d1b47e8ad0cfba7bbe80c5efb9a3b0b8d
SHA256 17e19eb435bec83a4a1490dd18c3faa66619cc3d0df11f4e339b70d1c9e9adca
SHA512 a6e151e6bf938dcaafbf03224b21c0bd04b65bfb8ede134f5427073f652523b0bbbe93d6bc05dad0ad49e182a525f94c1b169aca5a8a504e62ab2cbdd67bcfbb

/data/data/com.explodingkittens.projectbombsquad.hack/databases/evernote_jobs.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.explodingkittens.projectbombsquad.hack/databases/evernote_jobs.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.explodingkittens.projectbombsquad.hack/databases/evernote_jobs.db-wal

MD5 e8bed6bc178917d9626b82d165b225e2
SHA1 a50a46ffcbf2f3d658926a3c9d48a794aa9bd9d7
SHA256 eed86e0ad0c05ece80cc35360e3af6fed434aef5a1d3a771335f0c2b667860da
SHA512 321abe229d551b60b8f44a68ce51915c926c5a3915978106e6c68a7a7368f2641f459353cde52429b39bf12226820026e9e7d40405ddbc5c9692f8df08463a1d

/data/data/com.explodingkittens.projectbombsquad.hack/no_backup/com.google.InstanceId.properties

MD5 9ae25e0d8d1ce10d10f0e60c5b165c77
SHA1 7ea86b6da63a7fa451cec70fc72c2ba12277f28f
SHA256 8b11ad60ec7ec1c196e754652924a128732679ff9689947af38101343d7f4024
SHA512 1aea4231b0c9acc9492c667f5fbc855ecea0c86ee0e3bdee724a71fc6d685ac37be425938cb3bc2285ddf3be7f0049c0110729f996aa1677e1018c9ca6237c87

/data/data/com.explodingkittens.projectbombsquad.hack/databases/google_app_measurement_local.db-journal

MD5 e2a321329f89a9be790e4c3ac6b2b5f7
SHA1 ad35d4fd46ee12a0ef389ed23255a4162f580b3e
SHA256 80b506e5acf01fc4e10e53e1ee34fcfd54d419821db6a02d19c1edf42d2aa0d9
SHA512 f34969e09d6f1a050e16d3c82eadd8eb1edca975bb2bf80ab67fe84d887994ff4dc72b6084ba0d3be6550de84d5a2a4682987478493b286ec644c1528331b5f0

/data/data/com.explodingkittens.projectbombsquad.hack/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.explodingkittens.projectbombsquad.hack/databases/google_app_measurement_local.db-wal

MD5 f11d77c9c2d77512cf44941b7df0d3e4
SHA1 3b005be4666f3c4980ad0c19d01ece47c68ce916
SHA256 d7f8076f5ea4a579fb92c5db9a79dbde5dd34574b0599d8ed18f861ecd0ad60d
SHA512 a43fa1bcdd2917ecbc08c817fc5614ab46a9a9ab498df549060b5b49ef164f65798cc75ded26c9a8cbf59ac0ee808f4f55fffad12fb52e123103abd9307a75eb

/data/data/com.explodingkittens.projectbombsquad.hack/databases/google_app_measurement_local.db-wal

MD5 b6e34c52e346cabfb556f67057e61c5d
SHA1 cca682643a8c9c5e3e3299aa2ec628ff2a8ecf46
SHA256 d80e5087523d0bbef0124b5eddf7186ac6df24892e53facd61b72a70165e7835
SHA512 b1335170f9f0a2e31aaf790208ca01cce5cbd304ec08a34e13ba21ad7286fe80fcd6fd1402d459480e4772b46265a8fa3d4826ff31cc5c1d5e545c336e0cc30c

/data/data/com.explodingkittens.projectbombsquad.hack/databases/google_app_measurement_local.db

MD5 1ed654013dc50a797fa02b57f0b054d5
SHA1 b918ed0d4ce9c545d0ce91247a21a32108b78f1e
SHA256 dbdf01fb560d1b14c9b67434f5ef001b5f3a7fb42f28e7cb8a86286b51d2fafe
SHA512 d733edc25392f5e705d8b8127ecb1d7817b9f698ec0272ddefef13590e88d430d5ab9f4a5a77d495372e2cace650f8aa82e035c5a54a3dcd36ed43a3c50c3beb

/data/data/com.explodingkittens.projectbombsquad.hack/databases/google_app_measurement_local.db-wal

MD5 a6f98a87cbb592ad2ab78e2bbc9f6dab
SHA1 fd0b75873e05ede699e26468b7cddbd7cb06fce0
SHA256 d42abd10762bd2215e9c0ad7d335bfb170076713e5a35f6893bad1ebac9192a4
SHA512 053f9564c81996f2c2fab0d0c72bd58086f7c5a1745600a21d22eaa8f9620edc6b580ebf19a6ad46784bce698cb87e733b3aee7d7f613834ebb04dc282225f8c

/data/data/com.explodingkittens.projectbombsquad.hack/databases/google_app_measurement_local.db

MD5 44ff6ce70aad0411b1038ad8eb163bf5
SHA1 af4da01e3d47be9b1ab742e1f81c90b4dd69b9f0
SHA256 e58f4ada81de7a30c39c1200d9bf46551307ae6f518c95ee0e9cc248df918143
SHA512 5da69bc81bea2f876209c36859820b8734f9d1bb9b0972f7e327e6f59a271a42ca663b0af7b3e84a079372981358b89ceea63290a25c62d88e038678607eb328

/data/data/com.explodingkittens.projectbombsquad.hack/databases/OneSignal.db-journal

MD5 669dbb00b5bf9218b5af3ae83420f097
SHA1 a4a31282396e2a64aa4bca64911b9cfbd509ea90
SHA256 df5d40737f5907daac33c8e7a4d7e9b77cfd33fe7f1f52805abcf1d4824d079a
SHA512 45e9a9a852c618d5066681aaa167f0ddeae9db95d91aa3ec2a99a4bc64e77d89976fb418ac8fffa9f30be577784b69910335f1254c86ff429aeba33d9eae4974

/data/data/com.explodingkittens.projectbombsquad.hack/databases/OneSignal.db-wal

MD5 869b774fbbf8ff2311ea126fc847b207
SHA1 b285f7869ebdfbd652a2e7843c686cae1b446772
SHA256 b8fb71aa4e52a5ece7e9deabe55fe24ff2edf85f1a067e44e913f62d219a4dd0
SHA512 e46dcae65f80ca0a66e7a318814790a8634180e6a36ef03dc43aac564e82e83571892c1d2088f8ca6e63e5d5277cef72f7137d56ea30f6c9da774c7a69f0a8b5

/data/data/com.explodingkittens.projectbombsquad.hack/databases/google_app_measurement_local.db-wal

MD5 4570a5896e9d97eddecc4858b74463bf
SHA1 4c314b94583a42cd6f7a96fb196b6f0e24f108d2
SHA256 da3ee05fb1fa9f3b12f09d58d584c7e085fb93aa097a415c79cc74c7dc7eca9c
SHA512 8b7af82f5662cfc48831d27c1ee582df79199f180662109a3d3d285668b5b1fce9940b9bd553e0288efc0d7a89e6fa88d1e3a59e9edba31635a7d4df897e401b

/data/data/com.explodingkittens.projectbombsquad.hack/databases/google_app_measurement_local.db

MD5 75a5cd0f4e245bc9589bbf0ad2de5419
SHA1 61f46fac09646f52b2f44af41a3d134c7010b31d
SHA256 00b63c4e5aeec41894f2a77cd35a035896ea10f5017738a74b08c85163a15795
SHA512 f7c26e3463d9a80944ed5157eb48134ecd68e2d5661b6b39856a33a6969e2d5385e5a4c04ed4b01f9fe223be21930fc6732118c95b1f2453e9401da1a6abfe24

/data/data/com.explodingkittens.projectbombsquad.hack/databases/google_app_measurement_local.db-wal

MD5 3d30df1c69b8d90a033d2f4dbb6ea642
SHA1 c85b8e76697b04b2f07f94fcb108dcd8e33c219d
SHA256 63b6ce24ba5e0d4c06021851269ddc727b2a7b9d00346be2bca4892d252b1771
SHA512 7a5ece7a57dee7590606a730da34b10031373cd6ac7199b5a78e495f32acfd42131e9772df9a69325a92d9488613d1dfba93c3e86dfd8e77f31c7e7837b1b83d

/data/data/com.explodingkittens.projectbombsquad.hack/databases/google_app_measurement_local.db

MD5 d39ae9697bd2f245fdc822f744c2cfd6
SHA1 796d0ca1007dd444918762b8f4ed1da487555098
SHA256 32919aa43ad5c92ba44d3c0075177bfd34a9184cbbf578043889be8c4b6a3bc9
SHA512 eb2766e0f4499e460d17996ea44420aa509d2e53eda143c6216c2421711436ac809892917bef32eaa111fbcbb37fe50bd7f5b4f69c3578f9c90f704edc3be4a8

/data/data/com.explodingkittens.projectbombsquad.hack/databases/google_app_measurement_local.db-wal

MD5 29bf34a6c789493255c3ffdfa6305082
SHA1 a3c0f1933a8feceff67f3c6f130a9330bdd71434
SHA256 0e2c77201cb1a58cdeab5f13392faa4b00ce0743438e2fc286a2463af17cf28e
SHA512 8568cdee8387888d03bfb2319a6a6b3596ee43b988753dd9f65dbdae9878570200379f89ee352060ba2594871a30ab4a6cdbbcb867ec07a363bf8b5e576e1936

/data/data/com.explodingkittens.projectbombsquad.hack/databases/google_app_measurement_local.db

MD5 44693692da738db6eb133cf0e4cde91b
SHA1 e6bda56494c325d8d37ad89552263ae85d9b0550
SHA256 8fe0ac9db76d4a2dcd3b3d54c0efedcd223e25aabf716506493d50e243a7a2d4
SHA512 b34ddfe1ae343b1b12f7029ae476a0ba8e1b4043ccb520afb412b3f71335ef679bf29723c9a5c00af7e922e9982d5b3af54b2ed779da8cb601f378e5b9d26be5

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 01:18

Reported

2024-06-11 01:21

Platform

android-x64-20240603-en

Max time kernel

49s

Max time network

149s

Command Line

com.explodingkittens.projectbombsquad.hack

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /data/local/bin/su N/A N/A
N/A /data/local/xbin/su N/A N/A
N/A /sbin/su N/A N/A
N/A /data/local/su N/A N/A

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.explodingkittens.projectbombsquad.hack

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.40:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 onesignal.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 lp.androidapk.world udp
US 104.16.160.145:443 onesignal.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
BE 64.233.184.84:443 accounts.google.com tcp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 172.217.169.46:443 tcp
GB 216.58.201.98:443 tcp

Files

/data/data/com.explodingkittens.projectbombsquad.hack/databases/evernote_jobs.db-journal

MD5 3a76dc1fccfd01fc67ac9f7cd40ac401
SHA1 128873b3c7a6197d6e8614b0b132a10ce5768be3
SHA256 b498776351d942698f6cbaf1246182657fae5cc5cfacc0ebbc05d6604f6599f6
SHA512 24631cc75a00d72130127767db9b3b76d0619f0f82acebbbe24efdcf9e888fdf5f3fd7e7a3f2c1cfb6efab0fcedf7984f7cd30e659408fda0d08023c35c7aee7

/data/data/com.explodingkittens.projectbombsquad.hack/databases/evernote_jobs.db

MD5 77525fa4b1f68b33936832b8d102450b
SHA1 efa4204bf6210c4de347f80ded010712d7faee4f
SHA256 8011356a09681f7fa444b5b55f4534f90b260823898f3e046690fe87755ba096
SHA512 82ed05d55f2961edbfcdd339aea263e6f3ee5b44d61564798032719d2d9fef8b3d46aee427d7e8ef22cd6c645bfe3d8a0f03ab50458fd9e69950f3322180be6b

/data/data/com.explodingkittens.projectbombsquad.hack/databases/evernote_jobs.db-journal

MD5 71a2be483714a8400d9bf48b5c7bfc1c
SHA1 dd6983936290fe1ecd111f2b87f618d7b47decca
SHA256 6b322e0d1751f45f317ad322ea0c0d4283c061a03ee29ab8703211bcf4eb48c7
SHA512 d12a7ed816e7771dcee70a834de253138a028f15eda3e10192cea9137cdb6ff18619c75a961873afc12ace03f62c0fa1a50011578c5024002bbade9b0e09c0e5

/data/data/com.explodingkittens.projectbombsquad.hack/databases/evernote_jobs.db-journal

MD5 24edcc5e2ed2854cecd03a1d74bc3a87
SHA1 51453c56aa55f605247931cbfdcf93d6bc95d5cf
SHA256 e6dc909061cf4d3ad8841fda06be6408cd6dc575f9834dfa193ec5d865585181
SHA512 6ab80ad37c277470ec460a39a29727f80073ffc727fbc602c5537a5e22a6e63666e413aab5202bdf659bca92f69d16c89128cd7d109d652fc6dda1b8b0d054be

/data/data/com.explodingkittens.projectbombsquad.hack/no_backup/com.google.InstanceId.properties

MD5 86a78e47527e21ffe9131621c16497a4
SHA1 9efe8d3c2725c6687e7ee1b60d7f866ba14912cc
SHA256 b34a1000e7681daaca93be74f83e8c17212e42e5f8f164ae49ceb5f7c4ce5a1d
SHA512 43b358e64eb32cc88f957b6236ecbc22358e6070d7025580a236845ac69e70a0b40d03df957c5d05f0275da6a4cb30f9ded69e0570b703e55c1e5dd04ee377d8

/data/data/com.explodingkittens.projectbombsquad.hack/databases/evernote_jobs.db-journal

MD5 ddb4e68fc794a8197c08323ac6d82352
SHA1 3506df29cfb8be87dd1abc091e36b2e5f955d22b
SHA256 934eea3a2b92ff684794bb830dd8ea462ef9dc453baa48199219aef518a13dbe
SHA512 3671274f80d071aa74353ada0454f6aedc32ab18077b1e42d218b64fde96789f4186b9b7cc277437b02009afbfe14efe98bc2eb1aacafbea2b205f0ff34d8a4a

/data/data/com.explodingkittens.projectbombsquad.hack/databases/google_app_measurement_local.db-journal

MD5 092e9df1c1c550efce40afab130f213c
SHA1 f328ade7ef4eb3abe856085269a5eb65547546d1
SHA256 06a4d172c630a4b7f9fb1f7d41e2b563dcf6b44d3c1c25e9443e87eac7cedb56
SHA512 993279733367500b4a04a1e4eb9a9d6fb5aeffe45f880aa117fabd3709c0a7e641f301de4b5022dcdace029fc8cecbd4774590416d5aedb8801c354eb0e2d9f2

/data/data/com.explodingkittens.projectbombsquad.hack/databases/google_app_measurement_local.db

MD5 eb52a90bb70b76e946b62f50b6f7fb85
SHA1 42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA256 48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512 b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

/data/data/com.explodingkittens.projectbombsquad.hack/databases/google_app_measurement_local.db-journal

MD5 b99e97cef203dc63b39e8112de9e16db
SHA1 b95982f4f22ce352e9b3d06c3bcf16ed7b60388b
SHA256 e35c57badf9a27692e68aea9583b0ca2705698d6f0694b519d6d77731b7506b0
SHA512 32f4998171b59a83ec97a3f02bd2c1aa180468ca5f41e98131a31a755bc1516576e003604665a62358814c73ef6b86e96b1376157ebdbffac3a87100b2c704d6

/data/data/com.explodingkittens.projectbombsquad.hack/databases/google_app_measurement_local.db-journal

MD5 ee6fc09cc74a0771257286cab1f77af1
SHA1 68120608580613337b24450d1be9c6f4735abf0f
SHA256 8797b36e31c13e2f446e22ce8b028d63786d168e971238ec07333c88a48a81ef
SHA512 f7ed4f95a075ad2d08c2440e2dd5bdc87224666a1ef8eb414ef8bc882e3a745c871968b98b82568d6f1ef3430beac43597d3f2fcd609dbaee45fdfa52ccc9607

/data/data/com.explodingkittens.projectbombsquad.hack/databases/google_app_measurement_local.db-journal

MD5 7b75bb7c19b230d93a4d5dba843b616a
SHA1 9a5d3a682698a3b059a243eb5790e131046b0dfa
SHA256 be828d8935440b8a28da4935500cafea09e7d772c8bf300ec23c50ca35c67e4a
SHA512 009dd0b3a8606730ab398f45bd1c6d9af9983ef567e354e90ceab4676f67d3fbb05bf9732c49cb685f39c1a07b63dc98e01c8d07ecd1771379fc6733caaa5b53

/data/data/com.explodingkittens.projectbombsquad.hack/databases/google_app_measurement_local.db-journal

MD5 f13b9761fd418b4db27ef826abefca81
SHA1 65d7af0921d6b9ff912e2db5a7fc983ec6faed19
SHA256 4bb1bd3b20a28d8ce35001178c4ed45a3cf03955f8b77fafda5ae83c56411298
SHA512 7bf3e8265272ef3dceecfe01bd6ea83f40fd87a205935bb8d1e62ac5aec31da1e01ee639a92664533e851ff87838b79d74e1f60feb82330a425471d773ca49b4

/data/data/com.explodingkittens.projectbombsquad.hack/databases/google_app_measurement_local.db-journal

MD5 2539dca4e0ad5cab69eacc882cbc9532
SHA1 ff820073c40cf791810561f80eed79b837387a7e
SHA256 76959d50dae79a7367aac0386c5e5ce9d3cd2aadb8097ada12e0582aae6da874
SHA512 d3c444dfbab686d5226c26fa71810375c0b8bccfdae2ddc74f0acf610c91cdfc2bc2025ec09de4376d2772955db69da6dd8e09862a0ec05ff04f0bf96a4a57c6

/data/data/com.explodingkittens.projectbombsquad.hack/databases/google_app_measurement_local.db

MD5 1c8d5958a8734d9cd318afbb8606cf89
SHA1 f9688066440924477d5ba73b99ba731d08a5435e
SHA256 44a505426590e96ae505a422f827bdacc8c5f68a975d50b3716e4b37778c9068
SHA512 3f48de0fdcee94d22d66a549f044bd0c79976d60081f97842c9c9bd88e7353f9677183b15b082636b5f80d7cac924494be680a3ce1eddba1d1c7e1c15687fce3

/data/data/com.explodingkittens.projectbombsquad.hack/databases/google_app_measurement_local.db

MD5 a418da33c9cdce0118cb74c3cf7baf29
SHA1 ff47ab2cec71caa785fc37f28a4d44dcd866e521
SHA256 baa32a3124efb8f0da34dc21fce604e26d83eb2d0639ec14a19b6be9000abe3a
SHA512 c8a6ec98c9f1b56834a1892cffef8e1a72bbffd919e77b6b2ae7c6aee1cab4ad35ab46b92e046d2d78b3058b4b9aa29cb23e868cb59926ab5c25690dec2c7f6e

/data/data/com.explodingkittens.projectbombsquad.hack/databases/OneSignal.db-journal

MD5 27009b295a62e38b4683ed0077c8353e
SHA1 5e81eeb96e33744a4f99c753c32115f09085258f
SHA256 be1235a7dd3aa7c0f7e22e1d687920714895347b84343a889e5db9b42247d250
SHA512 21921e445ca9604db85d780eea04de200d51597a2311463059a89286bde33dd02c449f6fe92363c9196685984ff7d4bdb8e370d1344a25745e732c3dd8aefee9

/data/data/com.explodingkittens.projectbombsquad.hack/databases/OneSignal.db

MD5 6ea5817dfb71687d648b0e4763152545
SHA1 b5a1a2a1fb579520ddeb9861c0eba5f7109d0d74
SHA256 be512b097518bdaba39e6106c143a267f56e98d8f980ed6295773c4082149824
SHA512 cafff4c86b710428753e528aed212096fef264a36cd6d6ff48af487ce1d5cf90065b4be0ad6460e4e7631040f7a28657f31811be1a5cb417c4b2725c51fb5186

/data/data/com.explodingkittens.projectbombsquad.hack/databases/OneSignal.db-journal

MD5 3248fa046250489deb7640c1b2a3502a
SHA1 95b6ee93f57e6a46e960ee850f88f7a83dae1533
SHA256 03d40e0c0c626e84e77afe9c740a637766c80084af88c7270467207d386df3e5
SHA512 58c361723f6e43bdd93568f8757f16f4796ae31390c586a9efef028cebf22a8dd0bae79105c9f22fc2d64b3958cf88fa88eb1ebb0be761643f109df3d2941024

/data/data/com.explodingkittens.projectbombsquad.hack/databases/OneSignal.db-journal

MD5 93ce55319bfcc411242022e2cba3ab29
SHA1 b8c177bd5df644922ff57e0a9ce0bb7009366691
SHA256 2bdacf64a828057b712ca231387aa7a99699839a3411d46b8e78891d1a16eaa5
SHA512 63fbd326a569bc6a2b97b320b66ee66695f4522d78bf63b270c6b8dd64fe657870a4364660c84c3961d360642b238482f07b09d7c982b9e70e82933ba23d445f

/data/data/com.explodingkittens.projectbombsquad.hack/databases/google_app_measurement_local.db

MD5 8fac9b8598ec6a14464eab875bbe03ef
SHA1 6e6e7a8074df6c73d6cc175663b84ca040f69ddc
SHA256 d4e4cd008d9a2fefb90c713071b8246bf31976301de298186e198730b6304cc2
SHA512 e667593d043b87668e3f887194a5bd012fc4fa17a4d12ac021c0c912a956558e7dae73e447a567dd6532ab3d1655323cb9dabda2e459b2bc0fcc30255e41ea5e

/data/data/com.explodingkittens.projectbombsquad.hack/databases/google_app_measurement_local.db

MD5 ed0d80436bab30c5f633895f7a5dcfbe
SHA1 962b25419aed402554420b9c722d8d104379ff6c
SHA256 22c8e36e03b1bbc30ec0822306179f97a7cde4180fa12bde4c86d28bddf8ff2a
SHA512 76e352af0d9b24fd4b292d248cc80015a3902fc8d03e0512c15317d8134c29d403c8bb847b59aeef260cc31842a184a440d15cae699b5c30de71d487c3c61054

/data/data/com.explodingkittens.projectbombsquad.hack/databases/google_app_measurement_local.db

MD5 2f1eeee3602c828b8e9f81f6fbd20d41
SHA1 d240b568bb6929702815b9a5edd05ad635671caa
SHA256 458aa953a9e0adbf5b8765ebcf6b51bc5b5a48b7664e85d25c7a8ce9781a2d5c
SHA512 a8642cc12cb9af0cd9d3fdc4bb1fe3b246d02af6b36714d80cdd2809def699b0b93eb585187c17f0a8e19801879e2e9edef7963ee416ae9e8cc35fd9cede2859