Analysis Overview
SHA256
48460703163f0af4de03e67f19a6859c43750bc4203e95b195fe8a2e43f0e27d
Threat Level: Shows suspicious behavior
The file 9f24fb926bbf5c465c9b4395e6d87cd8_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Requests dangerous framework permissions
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-11 18:29
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to request installing packages. | android.permission.REQUEST_INSTALL_PACKAGES | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-11 18:29
Reported
2024-06-11 18:35
Platform
android-x86-arm-20240611-en
Max time kernel
2s
Max time network
130s
Command Line
Signatures
Processes
com.busll.xiangyangtravel
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.169.42:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 216.58.201.110:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
Files
/data/data/com.busll.xiangyangtravel/.cache/libs18003.so
| MD5 | fdcb16f24bd6226a6dc3cf947ec703c6 |
| SHA1 | a4e1a81a96c85fad7f0986962d3e3f069e675b49 |
| SHA256 | ddf068b39c5c38b1dd90ad8a0dfea19fd8bf75fcb0536db9a3bf0f04bce4fe6a |
| SHA512 | eaeba58182e2be6e3b23b15a7999ab7c74b4236f55a3096b7de23c2eaf53e0c2d9bdcf4a52cc6da528ef87880053100ea68b7ca4a0be8e789c2ba95618da35f2 |
/data/data/com.busll.xiangyangtravel/.cache/libs18001.so
| MD5 | 3271840716d9ba315733d9ae03edc757 |
| SHA1 | 74f5c471b01eab4e06b2dfb42ee4bb05138ae09d |
| SHA256 | 66d2f323a5293a2e9d7dab059e8e7efdaccdb721aa75b899f30c393aa15a90fc |
| SHA512 | 3edecd9b106a26b6772b247985457c48e04ccc6f4727cc6e245b8c7399b067679577fb1aea16102c09992080257c8534f1db21bf3b0b5f8e52a4f0622b8bf6ac |
/data/data/com.busll.xiangyangtravel/.cache/libs18002.so
| MD5 | b9334bf5eeedd79bd1f0d550c31af883 |
| SHA1 | 93893477971377fa8b96be1040f4b7b977577139 |
| SHA256 | 7583d5c5fce4dedc0b7066eea5141a2a1edb03de58ff39123cf0d0fad7c513bb |
| SHA512 | 111b0925ac273599d714f8198c6f1beb890f5ff3c8738f0c2430ec53685c1a9bbfb961d6f63c4776ddc9b42689bd1a487303817199a0b49f4ea0d1b1d404c2a7 |
/data/data/com.busll.xiangyangtravel/.cache/libs18004.so
| MD5 | 2f85b00b1076103319d5fe98f071aba1 |
| SHA1 | 73ff2c97d6d0aeac154453f6c31d10f568904272 |
| SHA256 | 697a010662d19d3d367996ca01a182cad98afd0d793edbc3b538c570f19e715e |
| SHA512 | 0169799729119972844691ce9d75cb3e806bff1b7107f30b693fb8820ab9d6f11353fd091a99ebdab0951e2ce916704a71b699fadbd1b6b76c534b88d34ab70a |
/data/data/com.busll.xiangyangtravel/.cache/libs18005.so
| MD5 | 5986a18242ec24b7bc7fafd50f5c28a5 |
| SHA1 | fbbde2112ea2f1511f201a2b756fcc4bb1e3f561 |
| SHA256 | 3a6b4e50e2aabb8f6d5321e7edaad40fcbc062aba7ad436600a1bac4046d5edd |
| SHA512 | 83536a469aa3b27458612e8365cad4defb18294089ee1b724c0da21aca8a2d422ce945916487ffeee3b85b3daa8402dfccd73d28a4b83befecccf9ac28a1fbe6 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-11 18:29
Reported
2024-06-11 18:34
Platform
android-x64-arm64-20240611-en
Max time kernel
2s
Max time network
153s
Command Line
Signatures
Processes
com.busll.xiangyangtravel
Network
| Country | Destination | Domain | Proto |
| GB | 216.58.204.78:443 | tcp | |
| GB | 216.58.204.78:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.212.227:443 | tcp |