Analysis Overview
SHA256
2ab3b383b73d33518abc0df3ac9b977dc32797bbe6441883db4c267c209799cf
Threat Level: Likely malicious
The file 9eeb9c24686e8edef23c78096a93c6e8_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Removes its main activity from the application launcher
Loads dropped Dex/Jar
Declares broadcast receivers with permission to handle system events
Queries information about active data network
Tries to add a device administrator.
Requests dangerous framework permissions
Queries the mobile country code (MCC)
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks CPU information
Checks memory information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-11 17:06
Signatures
Declares broadcast receivers with permission to handle system events
| Description | Indicator | Process | Target |
| Required by device admin receivers to bind with the system. Allows apps to manage device administration features. | android.permission.BIND_DEVICE_ADMIN | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-11 17:06
Reported
2024-06-11 17:09
Platform
android-x86-arm-20240611-en
Max time kernel
179s
Max time network
131s
Command Line
Signatures
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.kwo.aequalizerandbassboosterprokmh.bxiks.aequalizerandbassboosterpro/app_app_apk/aequalizerandbassboosterpro.dat.jar | N/A | N/A |
| N/A | /data/user/0/com.kwo.aequalizerandbassboosterprokmh.bxiks.aequalizerandbassboosterpro/app_app_apk/aequalizerandbassboosterpro.dat.jar | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Tries to add a device administrator.
| Description | Indicator | Process | Target |
| Intent action | android.app.action.ADD_DEVICE_ADMIN | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.kwo.aequalizerandbassboosterprokmh.bxiks.aequalizerandbassboosterpro
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.kwo.aequalizerandbassboosterprokmh.bxiks.aequalizerandbassboosterpro/app_app_apk/aequalizerandbassboosterpro.dat.jar --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.kwo.aequalizerandbassboosterprokmh.bxiks.aequalizerandbassboosterpro/app_app_apk/oat/x86/aequalizerandbassboosterpro.dat.odex --compiler-filter=quicken --class-loader-context=&
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | zzwx.ru | udp |
| DE | 185.53.178.7:80 | zzwx.ru | tcp |
| US | 1.1.1.1:53 | api.tridrongo.info | udp |
| US | 104.21.66.157:443 | api.tridrongo.info | tcp |
| US | 1.1.1.1:53 | data.flurry.com | udp |
| US | 74.6.138.66:443 | data.flurry.com | tcp |
| US | 1.1.1.1:53 | c.parkingcrew.net | udp |
| US | 1.1.1.1:53 | d38psrni17bvxu.cloudfront.net | udp |
| DE | 185.53.178.30:80 | c.parkingcrew.net | tcp |
| GB | 99.86.249.97:80 | d38psrni17bvxu.cloudfront.net | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.169.68:80 | www.google.com | tcp |
| US | 1.1.1.1:53 | partner.googleadservices.com | udp |
| GB | 172.217.169.34:443 | partner.googleadservices.com | tcp |
| US | 1.1.1.1:53 | syndicatedsearch.goog | udp |
| GB | 172.217.169.78:443 | syndicatedsearch.goog | tcp |
| US | 1.1.1.1:53 | afs.googleusercontent.com | udp |
| GB | 216.58.213.1:443 | afs.googleusercontent.com | tcp |
| GB | 216.58.213.1:443 | afs.googleusercontent.com | tcp |
| US | 104.21.66.157:443 | api.tridrongo.info | tcp |
| US | 104.21.66.157:443 | api.tridrongo.info | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
Files
/data/data/com.kwo.aequalizerandbassboosterprokmh.bxiks.aequalizerandbassboosterpro/app_app_apk/aequalizerandbassboosterpro.dat.jar
| MD5 | 974bf8a334d966e80aeb6ce0ac8cb3ba |
| SHA1 | 0ea8fc8ac2967936e1142d8c978690ed38837d6e |
| SHA256 | 545b020b611f52d280549f2be22a04b95098fcd90c96e93c41a54e020a61f39c |
| SHA512 | d443bd6872498f2843da4e26c2457187327cf80e9852ef67faba6ab3fdb913be8e0ab57f4695436e1e7f7f6970a7b65ce65151e1c35a957752c59c0327e1268d |
/data/user/0/com.kwo.aequalizerandbassboosterprokmh.bxiks.aequalizerandbassboosterpro/app_app_apk/aequalizerandbassboosterpro.dat.jar
| MD5 | ec44515b700d5861920fd1246d30de4e |
| SHA1 | ea5c226719548b4b31590db6892a06a16bd0966a |
| SHA256 | ef7830eda10eb66b99849ca1d367bca8bb21fbd30286b6b0a663018a6d843f00 |
| SHA512 | 09548a565826ca7a31ff608be3d8b65cd722d111ccfd2199ff591cff5bd256bd0e87f95f7d973167b04b78f819b6655d87289c64ffd885df3b813cbf15b66045 |
/data/user/0/com.kwo.aequalizerandbassboosterprokmh.bxiks.aequalizerandbassboosterpro/app_app_apk/aequalizerandbassboosterpro.dat.jar
| MD5 | bc64aa3edf416cab5a71f3e16d1dbb04 |
| SHA1 | 0df33395df646ee86c54e8fdf9996e281e1301fe |
| SHA256 | d998e049de28c99c38d2d8a4f5c0bc91f204b11b69742846ece1c6e9767b64e3 |
| SHA512 | 7dc0e8daa2b0ff0bd27620f51a3653c454e2df540223ed720a51ba0080eaa5ad41463a3de51f6b84fb8d86ebd4b3256a5dc5edc4f847a974535842cae4e3b207 |
/data/data/com.kwo.aequalizerandbassboosterprokmh.bxiks.aequalizerandbassboosterpro/files/.yflurrydatasenderblock.d6e14216-57e3-4562-bb91-7ec5246bdde4
| MD5 | 499831f54c570f5cdd85e9d394728c01 |
| SHA1 | 89f578d86b395e28a6258dc0006673865c71d4c3 |
| SHA256 | 2619024ed7612e6e677150d18602bda3cc3eadc24227e4061f7e90041acb9ff7 |
| SHA512 | 71cc43a87c9b6bdd38101ba3212f728c3355536f7609bd39023db38183e4e7933f66b9518c68e2f76a09b2f9ea3092eee567932ede0161d06e1b907006445240 |
/data/data/com.kwo.aequalizerandbassboosterprokmh.bxiks.aequalizerandbassboosterpro/files/.YFlurrySenderIndex.info.AnalyticsData_K69G95JC7T5MMWGF62XJ_228
| MD5 | 676fbc53859d51bc4209b828a11706ba |
| SHA1 | 31fcb787c6d474e68155b8ea42e12a3223ffe41b |
| SHA256 | 52c7fc4d88ad93df8f1f38370c44748014e2a82616dfd2471b6dcdd062994f82 |
| SHA512 | 3f8eb8133fe62d19df5e787b6c9bc766e4fb6c94ca57259ccf0cf50f5710066a844671e99021d27c19239950b8c11159c0b7f4575c92b9e5c6e232e79161df23 |
/data/data/com.kwo.aequalizerandbassboosterprokmh.bxiks.aequalizerandbassboosterpro/files/.YFlurrySenderIndex.info.AnalyticsMain
| MD5 | c83cb890fa8acf1042b3ebfd4c1431d7 |
| SHA1 | cd7bf7c86064e2194e70bf4432d3153fc2e3bf08 |
| SHA256 | 2ecf1acfd0cfe851ddb3cfdb529d7b2bceebe3296401bfa76c5e124e84134f10 |
| SHA512 | 65317c818c7a4b0546a2be2368b8aa2d6703cc183cab62e40537991606aa548636c88fe5598fd72ac7aa670c92792a303f47daa9723fe5a18fb651c547a7da68 |
/data/data/com.kwo.aequalizerandbassboosterprokmh.bxiks.aequalizerandbassboosterpro/files/.yflurryreport.731bb495fc32489f
| MD5 | 8001749b7bd51de44999cc68b285dd72 |
| SHA1 | ee71f03e3caf7ce4a3d5b75d2873c8467e90cca3 |
| SHA256 | 846ed3f026e4eb668abb912b7716b89fc27282e2946fdf29ee656bb9216674ea |
| SHA512 | 765da6c7d08f31e18b45583aff77a7d1982af8f5b01b04eb7383aec1b7fd05faa121285af644afcbc19ded68bee23e6c6e6faea9fbc3adb821e167de823fc7d5 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-11 17:06
Reported
2024-06-11 17:06
Platform
android-x64-20240611-en
Max time network
20s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.234:443 | tcp | |
| GB | 172.217.16.234:443 | tcp | |
| GB | 216.58.212.234:443 | tcp | |
| GB | 216.58.212.234:443 | tcp | |
| GB | 172.217.169.68:443 | tcp | |
| GB | 172.217.16.234:443 | tcp | |
| GB | 142.250.187.195:443 | tcp | |
| GB | 142.250.187.195:443 | tcp | |
| GB | 172.217.169.78:443 | tcp | |
| GB | 142.250.187.194:443 | tcp | |
| GB | 142.250.179.234:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.180.10:443 | tcp | |
| BE | 74.125.71.188:5228 | tcp | |
| GB | 172.217.16.234:443 | tcp | |
| GB | 172.217.16.234:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 172.217.169.42:443 | semanticlocation-pa.googleapis.com | tcp |