Malware Analysis Report

2025-01-19 07:49

Sample ID 240611-vxlbaavbrg
Target 9ef6dd9f8ca17b424e4fa6f0b9eb8b1f_JaffaCakes118
SHA256 30394f5a9f356d0023058a5fc2b9dd3d4a37e78a46ec2abd4cbad74727c8e2a5
Tags
discovery persistence
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

30394f5a9f356d0023058a5fc2b9dd3d4a37e78a46ec2abd4cbad74727c8e2a5

Threat Level: Shows suspicious behavior

The file 9ef6dd9f8ca17b424e4fa6f0b9eb8b1f_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery persistence

Requests dangerous framework permissions

Queries information about active data network

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-11 17:22

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to receive WAP push messages. android.permission.RECEIVE_WAP_PUSH N/A N/A
Allows an application to monitor incoming MMS messages. android.permission.RECEIVE_MMS N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 17:22

Reported

2024-06-11 17:25

Platform

android-x86-arm-20240611-en

Max time kernel

18s

Max time network

133s

Command Line

com.mcxy666.h5.xydjb

Signatures

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.mcxy666.h5.xydjb

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 usera.519537.com udp
US 1.1.1.1:53 syad.jiehunmishu.com udp
US 163.181.154.233:80 usera.519537.com tcp
N/A 169.254.254.254:80 syad.jiehunmishu.com tcp
US 1.1.1.1:53 user.519537.com udp
US 163.181.154.231:80 user.519537.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

/storage/emulated/0/Android/data/com.mcxy666.h5.xydjb/files/tbslog/tbslog.txt

MD5 3d12af938b29c532a073f30dd57d5641
SHA1 276aad6e9312814c9e72cf59a886d5c87f2ec8f5
SHA256 88c26dacf414f4613a469b51ab312e702a59a4a5eb844be9b57ba293e8aa9f40
SHA512 daba5afa58330e69dde5d5a898c585245326a427c333b13593159806b9968e665d41c2f75c1dda9c18cdf95f52f128c546ab6cdb5120721f5d264ba0e6115d9a

/storage/emulated/0/com.mcxy666.h5.xydjb/tanwanGamePlace.ini

MD5 892408bb6b8ce3b0e4f3033b2962ad14
SHA1 4cfe5635a1e425d9a40ecca7bb82c8ddf9eb12eb
SHA256 6635d545f653eebba56477f794dd99f606374d3ec4be5ae98edbfa2912a8fc76
SHA512 5135d08247e53ebb9de03ff6b19c5ee656f57d50a944e40ba9c9939bb5d5ca85250df7c85d69699f032b92df9240864858f4414797d72f5db0bf6777f62c7d3e

/storage/emulated/0/com.mcxy666.h5.xydjb/tanwanGameConfig.ini

MD5 fc82c89d70e617206bb6864a2e3886db
SHA1 18e55d3c05612ab02a0a6c26e2764e8739f43765
SHA256 a78899554c647cddc1f741c419543d6b40491e1a392697b754270f0b94147770
SHA512 8bf99ac70278b72ef210628a82a12851d9580a266593231e4e0f33f546414157ec40e00b6f47d78ba2418417fc80471f721ae3352534aeabb16bb2af3a993e82