Analysis Overview
SHA256
0703556253925e5cf699523d4cb5c9f1586f15f078e7c2271b9ecab41a4ec418
Threat Level: Likely malicious
The file 9cebe08988bd976bbc4bd5e2dd2881ec_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Removes its main activity from the application launcher
Requests dangerous framework permissions
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-11 03:58
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-11 03:58
Reported
2024-06-11 04:01
Platform
android-x64-arm64-20240603-en
Max time kernel
14s
Max time network
133s
Command Line
Signatures
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Processes
com.zoka.android.posaobl
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.169.68:443 | tcp | |
| GB | 172.217.169.68:443 | tcp |
Files
/data/user/0/com.zoka.android.posaobl/files/ZVxwSBkPs
| MD5 | a1182e743de579df31f5bbca8d376977 |
| SHA1 | 07618a06f77ea73dcfdea107ff22b0c2d8a9abb0 |
| SHA256 | 5633795d78d0e24a5e8fc1e87afeb7a0d5d1c3146e38932c0a3091f6dd6632a7 |
| SHA512 | aa2a730ecfd4deb12e232c291b44f97c6f5c70a52da79885b5cb6adcbfc7ab476c9f897b757b9b44b03ffec11936ff120222bd4ddbe9f11d07c207f7f389c8c7 |
/data/user/0/com.zoka.android.posaobl/files/ZVxwSBkPs
| MD5 | c93cc31e8bcf6c0be716493e1f528d6c |
| SHA1 | 319eb8ed68acafaeb39c5927b9250724dacd1313 |
| SHA256 | 41e97d56f5d9c96d79d008f66e00e64176ba3c94f135734c325a66ab7202fd32 |
| SHA512 | 5289d8b562ec3a676a354f7c3cafeb55d26d28768f8fae3954d9b19a498f40beebd4c9da4ea30ccbac075c7d35e181b41f0cb8646142047352dee568b57525b7 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-11 03:58
Reported
2024-06-11 04:01
Platform
android-x86-arm-20240603-en
Max time kernel
14s
Max time network
171s
Command Line
Signatures
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Processes
com.zoka.android.posaobl
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
Files
/data/data/com.zoka.android.posaobl/files/ZVxwSBkPs
| MD5 | a1182e743de579df31f5bbca8d376977 |
| SHA1 | 07618a06f77ea73dcfdea107ff22b0c2d8a9abb0 |
| SHA256 | 5633795d78d0e24a5e8fc1e87afeb7a0d5d1c3146e38932c0a3091f6dd6632a7 |
| SHA512 | aa2a730ecfd4deb12e232c291b44f97c6f5c70a52da79885b5cb6adcbfc7ab476c9f897b757b9b44b03ffec11936ff120222bd4ddbe9f11d07c207f7f389c8c7 |
/data/data/com.zoka.android.posaobl/files/ZVxwSBkPs
| MD5 | c93cc31e8bcf6c0be716493e1f528d6c |
| SHA1 | 319eb8ed68acafaeb39c5927b9250724dacd1313 |
| SHA256 | 41e97d56f5d9c96d79d008f66e00e64176ba3c94f135734c325a66ab7202fd32 |
| SHA512 | 5289d8b562ec3a676a354f7c3cafeb55d26d28768f8fae3954d9b19a498f40beebd4c9da4ea30ccbac075c7d35e181b41f0cb8646142047352dee568b57525b7 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-11 03:58
Reported
2024-06-11 04:01
Platform
android-x64-20240603-en
Max time kernel
15s
Max time network
153s
Command Line
Signatures
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Processes
com.zoka.android.posaobl
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.40:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 216.58.212.202:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.200.2:443 | tcp | |
| GB | 172.217.169.78:443 | tcp | |
| GB | 142.250.200.10:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 172.217.16.228:443 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| GB | 216.58.204.78:443 | tcp |
Files
/data/data/com.zoka.android.posaobl/files/ZVxwSBkPs
| MD5 | a1182e743de579df31f5bbca8d376977 |
| SHA1 | 07618a06f77ea73dcfdea107ff22b0c2d8a9abb0 |
| SHA256 | 5633795d78d0e24a5e8fc1e87afeb7a0d5d1c3146e38932c0a3091f6dd6632a7 |
| SHA512 | aa2a730ecfd4deb12e232c291b44f97c6f5c70a52da79885b5cb6adcbfc7ab476c9f897b757b9b44b03ffec11936ff120222bd4ddbe9f11d07c207f7f389c8c7 |
/data/data/com.zoka.android.posaobl/files/ZVxwSBkPs
| MD5 | c93cc31e8bcf6c0be716493e1f528d6c |
| SHA1 | 319eb8ed68acafaeb39c5927b9250724dacd1313 |
| SHA256 | 41e97d56f5d9c96d79d008f66e00e64176ba3c94f135734c325a66ab7202fd32 |
| SHA512 | 5289d8b562ec3a676a354f7c3cafeb55d26d28768f8fae3954d9b19a498f40beebd4c9da4ea30ccbac075c7d35e181b41f0cb8646142047352dee568b57525b7 |