Analysis Overview
SHA256
30394f5a9f356d0023058a5fc2b9dd3d4a37e78a46ec2abd4cbad74727c8e2a5
Threat Level: Shows suspicious behavior
The file 9ef6dd9f8ca17b424e4fa6f0b9eb8b1f_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Requests dangerous framework permissions
Queries information about active data network
Queries the mobile country code (MCC)
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks memory information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-11 17:22
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to receive WAP push messages. | android.permission.RECEIVE_WAP_PUSH | N/A | N/A |
| Allows an application to monitor incoming MMS messages. | android.permission.RECEIVE_MMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-11 17:22
Reported
2024-06-11 17:25
Platform
android-x86-arm-20240611-en
Max time kernel
18s
Max time network
133s
Command Line
Signatures
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.mcxy666.h5.xydjb
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | usera.519537.com | udp |
| US | 1.1.1.1:53 | syad.jiehunmishu.com | udp |
| US | 163.181.154.233:80 | usera.519537.com | tcp |
| N/A | 169.254.254.254:80 | syad.jiehunmishu.com | tcp |
| US | 1.1.1.1:53 | user.519537.com | udp |
| US | 163.181.154.231:80 | user.519537.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
Files
/storage/emulated/0/Android/data/com.mcxy666.h5.xydjb/files/tbslog/tbslog.txt
| MD5 | 3d12af938b29c532a073f30dd57d5641 |
| SHA1 | 276aad6e9312814c9e72cf59a886d5c87f2ec8f5 |
| SHA256 | 88c26dacf414f4613a469b51ab312e702a59a4a5eb844be9b57ba293e8aa9f40 |
| SHA512 | daba5afa58330e69dde5d5a898c585245326a427c333b13593159806b9968e665d41c2f75c1dda9c18cdf95f52f128c546ab6cdb5120721f5d264ba0e6115d9a |
/storage/emulated/0/com.mcxy666.h5.xydjb/tanwanGamePlace.ini
| MD5 | 892408bb6b8ce3b0e4f3033b2962ad14 |
| SHA1 | 4cfe5635a1e425d9a40ecca7bb82c8ddf9eb12eb |
| SHA256 | 6635d545f653eebba56477f794dd99f606374d3ec4be5ae98edbfa2912a8fc76 |
| SHA512 | 5135d08247e53ebb9de03ff6b19c5ee656f57d50a944e40ba9c9939bb5d5ca85250df7c85d69699f032b92df9240864858f4414797d72f5db0bf6777f62c7d3e |
/storage/emulated/0/com.mcxy666.h5.xydjb/tanwanGameConfig.ini
| MD5 | fc82c89d70e617206bb6864a2e3886db |
| SHA1 | 18e55d3c05612ab02a0a6c26e2764e8739f43765 |
| SHA256 | a78899554c647cddc1f741c419543d6b40491e1a392697b754270f0b94147770 |
| SHA512 | 8bf99ac70278b72ef210628a82a12851d9580a266593231e4e0f33f546414157ec40e00b6f47d78ba2418417fc80471f721ae3352534aeabb16bb2af3a993e82 |