Malware Analysis Report

2025-01-19 07:49

Sample ID 240611-w4x44awgmc
Target 9f24fb926bbf5c465c9b4395e6d87cd8_JaffaCakes118
SHA256 48460703163f0af4de03e67f19a6859c43750bc4203e95b195fe8a2e43f0e27d
Tags
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

48460703163f0af4de03e67f19a6859c43750bc4203e95b195fe8a2e43f0e27d

Threat Level: Shows suspicious behavior

The file 9f24fb926bbf5c465c9b4395e6d87cd8_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary


Requests dangerous framework permissions

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 18:29

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 18:29

Reported

2024-06-11 18:35

Platform

android-x86-arm-20240611-en

Max time kernel

2s

Max time network

130s

Command Line

com.busll.xiangyangtravel

Signatures

N/A

Processes

com.busll.xiangyangtravel

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.42:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp

Files

/data/data/com.busll.xiangyangtravel/.cache/libs18003.so

MD5 fdcb16f24bd6226a6dc3cf947ec703c6
SHA1 a4e1a81a96c85fad7f0986962d3e3f069e675b49
SHA256 ddf068b39c5c38b1dd90ad8a0dfea19fd8bf75fcb0536db9a3bf0f04bce4fe6a
SHA512 eaeba58182e2be6e3b23b15a7999ab7c74b4236f55a3096b7de23c2eaf53e0c2d9bdcf4a52cc6da528ef87880053100ea68b7ca4a0be8e789c2ba95618da35f2

/data/data/com.busll.xiangyangtravel/.cache/libs18001.so

MD5 3271840716d9ba315733d9ae03edc757
SHA1 74f5c471b01eab4e06b2dfb42ee4bb05138ae09d
SHA256 66d2f323a5293a2e9d7dab059e8e7efdaccdb721aa75b899f30c393aa15a90fc
SHA512 3edecd9b106a26b6772b247985457c48e04ccc6f4727cc6e245b8c7399b067679577fb1aea16102c09992080257c8534f1db21bf3b0b5f8e52a4f0622b8bf6ac

/data/data/com.busll.xiangyangtravel/.cache/libs18002.so

MD5 b9334bf5eeedd79bd1f0d550c31af883
SHA1 93893477971377fa8b96be1040f4b7b977577139
SHA256 7583d5c5fce4dedc0b7066eea5141a2a1edb03de58ff39123cf0d0fad7c513bb
SHA512 111b0925ac273599d714f8198c6f1beb890f5ff3c8738f0c2430ec53685c1a9bbfb961d6f63c4776ddc9b42689bd1a487303817199a0b49f4ea0d1b1d404c2a7

/data/data/com.busll.xiangyangtravel/.cache/libs18004.so

MD5 2f85b00b1076103319d5fe98f071aba1
SHA1 73ff2c97d6d0aeac154453f6c31d10f568904272
SHA256 697a010662d19d3d367996ca01a182cad98afd0d793edbc3b538c570f19e715e
SHA512 0169799729119972844691ce9d75cb3e806bff1b7107f30b693fb8820ab9d6f11353fd091a99ebdab0951e2ce916704a71b699fadbd1b6b76c534b88d34ab70a

/data/data/com.busll.xiangyangtravel/.cache/libs18005.so

MD5 5986a18242ec24b7bc7fafd50f5c28a5
SHA1 fbbde2112ea2f1511f201a2b756fcc4bb1e3f561
SHA256 3a6b4e50e2aabb8f6d5321e7edaad40fcbc062aba7ad436600a1bac4046d5edd
SHA512 83536a469aa3b27458612e8365cad4defb18294089ee1b724c0da21aca8a2d422ce945916487ffeee3b85b3daa8402dfccd73d28a4b83befecccf9ac28a1fbe6

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 18:29

Reported

2024-06-11 18:34

Platform

android-x64-arm64-20240611-en

Max time kernel

2s

Max time network

153s

Command Line

com.busll.xiangyangtravel

Signatures

N/A

Processes

com.busll.xiangyangtravel

Network

Country Destination Domain Proto
GB 216.58.204.78:443 tcp
GB 216.58.204.78:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
GB 216.58.212.227:443 tcp

Files

N/A