Malware Analysis Report

2024-09-09 16:25

Sample ID 240611-j2sqdazejb
Target 9d8593debd31071f1b5a12a411547be0_JaffaCakes118
SHA256 58ee7c865084e0714ae76b31e96b2d2ed7ec885646230f63649a504804ec5a1b
Tags
collection credential_access discovery impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

58ee7c865084e0714ae76b31e96b2d2ed7ec885646230f63649a504804ec5a1b

Threat Level: Shows suspicious behavior

The file 9d8593debd31071f1b5a12a411547be0_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

collection credential_access discovery impact persistence

Obtains sensitive information copied to the device clipboard

Queries the mobile country code (MCC)

Requests dangerous framework permissions

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 08:10

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 08:10

Reported

2024-06-11 08:13

Platform

android-x64-20240603-en

Max time kernel

49s

Max time network

177s

Command Line

com.itbd2.itforbd

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.itbd2.itforbd

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 www.itforbd.com udp
US 66.85.143.2:80 www.itforbd.com tcp
US 66.85.143.2:80 www.itforbd.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 itforbd.com udp
US 66.85.143.2:80 itforbd.com tcp
GB 142.250.179.234:443 tcp
US 66.85.143.2:80 itforbd.com tcp
US 66.85.143.2:80 itforbd.com tcp
US 66.85.143.2:80 itforbd.com tcp
US 66.85.143.2:80 itforbd.com tcp
US 66.85.143.2:80 itforbd.com tcp
US 1.1.1.1:53 cdnjs.cloudflare.com udp
US 1.1.1.1:53 platform-api.sharethis.com udp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
GB 108.138.217.87:80 platform-api.sharethis.com tcp
GB 108.138.217.87:443 platform-api.sharethis.com tcp
US 1.1.1.1:53 js.stripe.com udp
US 151.101.64.176:443 js.stripe.com tcp
US 1.1.1.1:53 l.sharethis.com udp
US 1.1.1.1:53 buttons-config.sharethis.com udp
US 1.1.1.1:53 connect.facebook.net udp
US 1.1.1.1:53 embed.tawk.to udp
DE 18.156.64.193:443 l.sharethis.com tcp
GB 18.245.143.68:443 buttons-config.sharethis.com tcp
GB 163.70.147.23:80 connect.facebook.net tcp
DE 18.156.64.193:443 l.sharethis.com tcp
GB 18.245.143.68:443 buttons-config.sharethis.com tcp
GB 163.70.147.23:80 connect.facebook.net tcp
GB 163.70.147.23:443 connect.facebook.net tcp
US 1.1.1.1:53 count-server.sharethis.com udp
US 1.1.1.1:53 platform-cdn.sharethis.com udp
GB 163.70.147.23:443 connect.facebook.net tcp
GB 18.154.84.3:443 count-server.sharethis.com tcp
GB 18.165.201.26:443 platform-cdn.sharethis.com tcp
GB 18.165.201.26:443 platform-cdn.sharethis.com tcp
GB 18.165.201.26:443 platform-cdn.sharethis.com tcp
GB 18.165.201.26:443 platform-cdn.sharethis.com tcp
GB 18.165.201.26:443 platform-cdn.sharethis.com tcp
US 172.67.130.30:443 embed.tawk.to tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 m.stripe.network udp
US 1.1.1.1:53 m.stripe.com udp
US 35.82.1.136:443 m.stripe.com tcp
US 1.1.1.1:53 va.tawk.to udp
US 172.67.130.30:443 va.tawk.to tcp
US 1.1.1.1:53 vsa48.tawk.to udp
US 104.21.7.106:443 vsa48.tawk.to tcp
US 1.1.1.1:53 cdn.jsdelivr.net udp
US 104.18.186.31:443 cdn.jsdelivr.net tcp
GB 172.217.169.46:443 tcp
GB 216.58.201.98:443 tcp
GB 172.217.169.10:443 tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
GB 142.250.200.46:443 tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-11 08:10

Reported

2024-06-11 08:13

Platform

android-x64-arm64-20240603-en

Max time kernel

47s

Max time network

177s

Command Line

com.itbd2.itforbd

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.itbd2.itforbd

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 www.itforbd.com udp
US 66.85.143.2:80 www.itforbd.com tcp
US 1.1.1.1:53 itforbd.com udp
US 66.85.143.2:80 itforbd.com tcp
US 66.85.143.2:80 itforbd.com tcp
US 66.85.143.2:80 itforbd.com tcp
US 66.85.143.2:80 itforbd.com tcp
US 66.85.143.2:80 itforbd.com tcp
US 66.85.143.2:80 itforbd.com tcp
US 66.85.143.2:80 itforbd.com tcp
US 1.1.1.1:53 platform-api.sharethis.com udp
US 1.1.1.1:53 cdnjs.cloudflare.com udp
GB 108.138.217.119:80 platform-api.sharethis.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
GB 108.138.217.119:443 platform-api.sharethis.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 l.sharethis.com udp
US 1.1.1.1:53 js.stripe.com udp
IE 52.210.176.11:443 l.sharethis.com tcp
US 151.101.0.176:443 js.stripe.com tcp
US 1.1.1.1:53 buttons-config.sharethis.com udp
US 1.1.1.1:53 connect.facebook.net udp
GB 18.245.143.68:443 buttons-config.sharethis.com tcp
GB 157.240.214.11:80 connect.facebook.net tcp
GB 157.240.214.11:443 connect.facebook.net tcp
GB 157.240.214.11:443 connect.facebook.net tcp
US 1.1.1.1:53 embed.tawk.to udp
US 104.21.7.106:443 embed.tawk.to tcp
US 1.1.1.1:53 count-server.sharethis.com udp
US 1.1.1.1:53 platform-cdn.sharethis.com udp
GB 18.154.84.92:443 count-server.sharethis.com tcp
GB 18.165.201.52:443 platform-cdn.sharethis.com tcp
GB 18.165.201.52:443 platform-cdn.sharethis.com tcp
GB 18.154.84.92:443 count-server.sharethis.com tcp
US 1.1.1.1:53 m.stripe.network udp
US 1.1.1.1:53 m.stripe.com udp
US 52.10.134.229:443 m.stripe.com tcp
US 1.1.1.1:53 va.tawk.to udp
US 172.67.130.30:443 va.tawk.to tcp
US 1.1.1.1:53 vsa73.tawk.to udp
US 172.67.130.30:443 vsa73.tawk.to tcp
US 1.1.1.1:53 cdn.jsdelivr.net udp
US 104.18.186.31:443 cdn.jsdelivr.net tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 08:10

Reported

2024-06-11 08:13

Platform

android-x86-arm-20240603-en

Max time kernel

47s

Max time network

170s

Command Line

com.itbd2.itforbd

Signatures

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.itbd2.itforbd

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 www.itforbd.com udp
US 66.85.143.2:80 www.itforbd.com tcp
US 66.85.143.2:80 www.itforbd.com tcp
US 1.1.1.1:53 itforbd.com udp
US 66.85.143.2:80 itforbd.com tcp
US 66.85.143.2:80 itforbd.com tcp
US 66.85.143.2:80 itforbd.com tcp
US 66.85.143.2:80 itforbd.com tcp
US 66.85.143.2:80 itforbd.com tcp
US 66.85.143.2:80 itforbd.com tcp
US 1.1.1.1:53 cdnjs.cloudflare.com udp
US 1.1.1.1:53 platform-api.sharethis.com udp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
GB 108.138.217.59:80 platform-api.sharethis.com tcp
GB 108.138.217.59:443 platform-api.sharethis.com tcp
US 1.1.1.1:53 l.sharethis.com udp
US 1.1.1.1:53 js.stripe.com udp
US 1.1.1.1:53 buttons-config.sharethis.com udp
IE 54.74.6.207:443 l.sharethis.com tcp
US 1.1.1.1:53 connect.facebook.net udp
US 151.101.128.176:443 js.stripe.com tcp
GB 18.245.143.28:443 buttons-config.sharethis.com tcp
GB 157.240.214.11:80 connect.facebook.net tcp
GB 157.240.214.11:443 connect.facebook.net tcp
GB 157.240.214.11:443 connect.facebook.net tcp
US 1.1.1.1:53 embed.tawk.to udp
US 172.67.130.30:443 embed.tawk.to tcp
US 1.1.1.1:53 count-server.sharethis.com udp
US 1.1.1.1:53 platform-cdn.sharethis.com udp
GB 18.154.84.104:443 count-server.sharethis.com tcp
GB 18.165.201.52:443 platform-cdn.sharethis.com tcp
GB 18.165.201.52:443 platform-cdn.sharethis.com tcp
US 1.1.1.1:53 m.stripe.network udp
GB 13.224.132.58:443 m.stripe.network tcp
GB 13.224.132.58:443 m.stripe.network tcp
US 1.1.1.1:53 va.tawk.to udp
US 104.21.7.106:443 va.tawk.to tcp
US 172.67.130.30:443 va.tawk.to tcp
US 1.1.1.1:53 vsa39.tawk.to udp
US 172.67.130.30:443 vsa39.tawk.to tcp
US 1.1.1.1:53 m.stripe.com udp
US 34.210.211.196:443 m.stripe.com tcp
US 1.1.1.1:53 cdn.jsdelivr.net udp
US 151.101.193.229:443 cdn.jsdelivr.net tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.206:443 android.apis.google.com tcp

Files

N/A