Malware Analysis Report

2025-01-19 07:49

Sample ID 240611-wlq8tswckq
Target 9f11c5649cf938ff1c16a55d465a284b_JaffaCakes118
SHA256 eb438a21ac42a810adb16902c2b4d7069799f6667fb73e8910c8c625471a0b1c
Tags
discovery evasion persistence
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

eb438a21ac42a810adb16902c2b4d7069799f6667fb73e8910c8c625471a0b1c

Threat Level: Shows suspicious behavior

The file 9f11c5649cf938ff1c16a55d465a284b_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion persistence

Requests dangerous framework permissions

Makes use of the framework's foreground persistence service

Queries information about active data network

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-11 18:00

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 18:00

Reported

2024-06-11 18:04

Platform

android-x86-arm-20240611-en

Max time kernel

47s

Max time network

188s

Command Line

idm.internet.download.manager.plus

Signatures

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

idm.internet.download.manager.plus

idm.internet.download.manager.plus:DownloadService

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 dht.libtorrent.org udp
US 1.1.1.1:53 router.bittorrent.com udp
US 1.1.1.1:53 dht.transmissionbt.com udp
N/A 10.127.0.1:5351 udp
US 1.1.1.1:53 outer.silotis.us udp
US 1.1.1.1:53 www.apps2sd.info udp
US 67.215.246.10:6881 router.bittorrent.com udp
FR 87.98.162.88:6881 dht.transmissionbt.com udp
SE 185.157.221.247:25401 dht.libtorrent.org udp
FR 212.129.33.59:6881 dht.transmissionbt.com udp
US 104.192.169.122:443 www.apps2sd.info tcp
KR 222.112.73.121:32659 udp
RU 95.53.79.240:6881 udp
DE 94.134.97.242:22007 udp
PT 148.63.123.158:6881 udp
KZ 185.113.36.140:1453 udp
BG 78.154.15.101:54722 udp
RU 5.228.138.9:6881 udp
UA 195.244.4.28:7881 udp
GB 176.24.199.176:15299 udp
US 73.22.81.113:54915 udp
BR 186.225.213.115:22881 udp
RU 46.44.6.33:15416 udp
DZ 197.203.235.197:39290 udp
RU 109.61.132.222:6882 udp
US 73.22.81.113:42028 udp
US 73.22.81.113:54511 udp
US 73.22.81.113:3 udp
US 73.22.81.113:53234 udp
US 73.22.81.113:41931 udp
US 73.22.81.113:41428 udp
US 73.22.81.113:22578 udp
US 73.22.81.113:17757 udp
US 73.22.81.113:40787 udp
NA 41.182.195.129:49089 udp
DE 87.144.230.212:6881 udp
RU 46.160.56.93:6881 udp
FI 95.216.115.17:6881 udp
BR 179.250.87.211:6881 udp
GT 190.104.126.81:18547 udp
KR 211.206.143.94:41064 udp
RU 92.248.167.111:6881 udp
ES 81.44.121.79:25507 udp
BR 177.51.163.241:39035 udp
RU 77.238.134.143:1036 udp
TW 36.225.10.17:16762 udp
RU 95.67.211.161:61570 udp
RU 212.164.38.15:16267 udp
EE 84.50.130.80:54008 udp
BR 191.223.193.206:50886 udp
CA 172.98.80.76:48361 udp
AR 190.55.10.39:59233 udp
NL 84.104.10.89:45641 udp
KR 1.238.55.174:6881 udp
US 18.206.111.200:60369 udp
RU 37.22.59.24:41995 udp
UA 213.231.52.75:33219 udp
RU 188.187.129.102:49677 udp
KR 211.49.59.19:8100 udp
RU 85.117.82.74:19405 udp
BR 138.204.210.246:36264 udp
ES 81.184.204.220:59698 udp
KR 220.86.175.85:40712 udp
BR 167.249.67.48:8696 udp
CZ 86.49.253.96:52605 udp
KR 49.143.184.133:33064 udp
KR 123.199.104.134:33080 udp
RU 89.232.131.202:6881 udp
FR 37.187.3.51:51413 udp
KR 121.179.99.181:45079 udp
MZ 197.249.58.131:6881 udp
BR 187.19.230.233:63476 udp
TW 218.173.36.10:6881 udp
RU 176.59.120.1:42558 udp
NL 46.232.210.115:64113 udp
RU 5.130.76.10:55008 udp
EC 200.55.226.210:6881 udp
KR 14.37.153.193:40808 udp
RU 77.40.14.49:42348 udp
DE 78.46.48.177:57997 udp
BR 191.183.36.100:6716 udp
MY 60.53.34.225:2379 udp
RU 188.243.183.7:6663 udp
RU 46.172.127.245:3841 udp
BR 200.100.37.154:6881 udp
CA 23.233.89.207:22407 udp
US 102.165.16.25:64134 udp
NL 193.32.16.79:54058 udp
KR 1.234.179.234:7800 udp
NL 178.162.174.7:28006 udp
BR 38.41.196.211:7761 udp
RU 79.137.228.253:6881 udp
RU 91.186.118.114:6882 udp
RU 188.186.33.72:6881 udp
US 45.77.109.133:51413 udp
LT 78.63.94.44:6881 udp
US 96.245.53.8:52869 udp
US 72.21.17.74:6881 udp
US 71.233.222.116:6881 udp
RU 85.172.95.237:4318 udp
CN 183.159.68.110:33801 udp
RU 95.68.205.131:6883 udp
BR 189.78.80.51:47802 udp
KR 58.125.8.121:40662 udp
RU 178.34.150.196:15669 udp
CA 140.228.21.100:60306 udp
CN 218.91.170.21:6886 udp
ET 196.189.127.226:23249 udp
KR 120.50.71.97:63618 udp
KR 118.37.11.99:12797 udp
KR 211.199.185.246:51321 udp
KR 112.146.143.28:40793 udp
IN 117.204.207.70:34174 udp
IN 117.213.255.210:8083 udp
IN 117.199.76.142:8000 udp
CN 42.225.203.97:45784 udp
CN 175.11.89.214:4000 udp
CN 125.41.138.217:40234 udp
CN 182.121.203.156:5353 udp
ES 149.74.224.50:6889 udp
RU 62.76.24.236:32918 udp
RU 95.220.98.35:59121 udp
IQ 151.236.162.35:42136 udp
AU 163.53.145.39:58627 udp
BR 45.163.151.240:51792 udp
RS 79.101.209.39:6881 udp
FR 188.165.192.107:16939 udp
FR 94.23.249.222:37464 udp
IN 152.58.196.170:21212 udp
MX 189.203.99.177:4646 udp
US 54.209.131.199:6992 udp
US 13.58.27.33:6881 udp
RU 5.18.208.181:1850 udp
DE 79.253.237.220:6889 udp
US 69.164.207.171:6881 udp
RU 5.18.178.180:2891 udp
LB 185.76.177.47:49883 udp
IT 109.52.5.110:15490 udp
NL 178.162.173.134:28008 udp
FR 5.39.86.236:51413 udp
BD 103.173.101.102:29271 udp
PL 89.72.42.126:23474 udp
RU 176.195.40.18:6881 udp
GB 157.125.54.106:40041 udp

Files

/data/data/idm.internet.download.manager.plus/databases/download.db-journal

MD5 efb24b05e27efa50a3fa755fae9cf35b
SHA1 038822df0b3df96382a577958c0b41cea2bbbed5
SHA256 e2296dc7a640a050407c9dc16e7e7cf72bbad3a26283da2ebc29e632c192adc2
SHA512 ff15038fc258c75d6745153ed15426ec82857649f87ba8dab0484945b1d78cd294cf89d414dd8a925b89aba0afd64e4d071592d78ef197e4587ac4e1a891b6dd

/data/data/idm.internet.download.manager.plus/databases/download.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/idm.internet.download.manager.plus/databases/download.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/idm.internet.download.manager.plus/databases/download.db-wal

MD5 7f385606e062e61cae64c86f28767bd7
SHA1 8309b17dc25f7f207fc525e4c304d0e30072ca0b
SHA256 c295a6b10dc2decc5c1fed1a09695213d369f0410b837daafd97f12408a77c31
SHA512 85fa9168008fd2bc4e2b78cef90cb2d80cda36466629c2b0cca56e3102330850a11356e84ef93f74b0e75ab8155c96f4d5f7c11f4d298dedcbaacdde0012a2ac

/data/data/idm.internet.download.manager.plus/databases/tray.db-journal

MD5 50f5ca1020fd70a5bf0ba9d3dfe2e5d7
SHA1 ff9d7bef08b7c85858972623c5c68f68b23b2b18
SHA256 d9f28c32c2cf84ea7cf1fea282a64c618382eed430c7eab1ac09c39fac4cc82b
SHA512 6db91d83b294d55828eb1c25c540413ae8b1e0e1ae3860f2d641a0807767c485b280eb9172320d0141c361e06059a16d09f3b5988b258606dd6ac4f1939349bc

/data/data/idm.internet.download.manager.plus/databases/tray.db-wal

MD5 bab85c5439df046b6ad21ac19447ebf5
SHA1 75392c2a032d2a1a93ce73bf4f14e8de52a48538
SHA256 a0749cf6819c3b2ee68d44b1a53eec4ca56886c03a7492cf183a3876f21b1d0b
SHA512 e8f666166ce72b207c72bdfb120053704179574010ab2cb6c0d56fb619fb4bd7e1ad7273487cdf55db4c680447f8270e5a2f28a5abe432143aba3f29334074e4

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 18:00

Reported

2024-06-11 18:04

Platform

android-x64-arm64-20240611-en

Max time kernel

47s

Max time network

185s

Command Line

idm.internet.download.manager.plus

Signatures

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

idm.internet.download.manager.plus

idm.internet.download.manager.plus:DownloadService

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.212.232:443 ssl.google-analytics.com tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 dht.libtorrent.org udp
US 1.1.1.1:53 router.bittorrent.com udp
US 1.1.1.1:53 dht.transmissionbt.com udp
US 1.1.1.1:53 outer.silotis.us udp
US 1.1.1.1:53 www.apps2sd.info udp
US 67.215.246.10:6881 router.bittorrent.com udp
FR 87.98.162.88:6881 dht.transmissionbt.com udp
SE 185.157.221.247:25401 dht.libtorrent.org udp
FR 212.129.33.59:6881 dht.transmissionbt.com udp
RU 95.26.32.204:17235 udp
US 104.192.169.122:443 www.apps2sd.info tcp
BR 177.79.88.193:31062 udp
DZ 154.255.206.6:40418 udp
TR 78.172.212.218:15630 udp
RU 176.59.64.118:33315 udp
RU 95.221.9.118:1024 udp
KR 112.172.55.69:41137 udp
RU 79.139.138.140:3429 udp
US 172.56.55.211:34981 udp
RU 178.214.248.137:41534 udp
BY 37.214.79.36:36103 udp
BR 200.71.120.244:54852 udp
UA 185.153.132.88:6360 udp
KR 121.162.65.187:6193 udp
KR 1.234.114.22:32879 udp
GH 154.160.67.146:4679 udp
JP 59.138.122.200:17736 udp
KR 211.204.236.37:59598 udp
KR 222.233.98.26:32898 udp
KR 115.139.194.218:32652 udp
RU 188.186.1.92:9746 udp
KR 221.140.0.68:32517 udp
RU 77.50.180.122:47336 udp
GB 142.250.187.228:443 tcp
GB 142.250.187.228:443 tcp
KR 222.117.131.110:8000 udp
RU 109.202.56.228:2079 udp
RU 90.188.243.158:3861 udp
KR 221.147.89.108:40961 udp
CN 114.92.2.80:21614 udp
SK 149.102.232.10:55168 udp
RU 92.37.191.62:37521 udp
RU 188.242.168.50:1768 udp
US 15.204.8.27:58046 udp
RU 95.181.113.112:51008 udp
KR 211.105.202.201:7926 udp
KR 211.179.99.84:40463 udp
KR 119.195.210.63:7740 udp
RU 5.18.85.186:8482 udp
KR 1.242.176.85:6881 udp
CN 112.87.107.99:30896 udp
KR 125.178.95.12:12774 udp
FR 94.23.10.20:51413 udp
CN 125.119.64.184:51413 udp
FR 90.107.117.86:24943 udp
KR 175.193.171.239:8116 udp
KR 220.80.169.209:33120 udp
US 157.131.128.253:37582 udp
KR 14.43.56.116:40558 udp
KR 175.198.107.213:40844 udp
KR 61.73.230.108:6881 udp
JP 118.110.75.87:4346 udp
KR 183.90.135.114:8023 udp
US 72.21.17.44:61418 udp
KR 175.210.135.19:8119 udp
KR 222.121.162.142:33082 udp
HK 47.91.221.159:60020 udp
KR 14.34.63.222:33209 udp
KR 14.55.154.45:8091 udp
RU 95.26.127.137:9695 udp
CA 142.177.157.231:7177 udp
RU 85.113.214.248:2900 udp
RU 88.87.93.216:40012 udp
KR 210.217.79.93:41201 udp
KR 61.85.45.119:40843 udp
US 76.14.216.145:50321 udp
KR 14.37.207.57:40964 udp
IN 115.96.217.229:3883 udp
RU 193.233.123.14:38276 udp
KR 49.142.185.50:28526 udp
TW 1.170.132.85:8499 udp
KR 211.112.182.133:16336 udp
KR 116.44.174.188:1920 udp
RU 94.190.99.85:40247 udp
UA 141.101.17.42:40166 udp
RU 5.140.162.46:26461 udp
KR 1.232.202.247:6881 udp
KR 112.164.48.20:19583 udp
KR 221.163.238.218:7978 udp
JP 114.188.43.133:41054 udp
KR 175.215.128.104:41026 udp
KR 58.123.196.227:40850 udp
JP 140.83.61.165:64371 udp
CN 112.87.174.47:6887 udp
KR 124.60.47.151:45788 udp
KR 1.241.172.148:7548 udp
UA 62.122.64.5:63283 udp
KR 59.22.21.246:6881 udp
KR 222.103.124.249:41231 udp
RU 37.78.164.81:46180 udp
CA 176.100.43.111:53943 udp
RU 46.164.223.149:1541 udp
KR 219.248.184.184:15049 udp
JP 115.37.5.145:59168 udp
ID 202.152.17.106:39103 udp
US 216.194.166.140:12087 udp
US 69.50.95.167:43511 udp
RU 77.50.121.223:54345 udp
FR 92.157.56.255:6881 udp
UA 178.158.192.105:44438 udp
DE 173.249.44.184:53369 udp
KR 220.87.28.245:18185 udp
UA 37.53.119.191:6881 udp
IT 93.70.86.14:52721 udp
FR 88.181.198.190:51413 udp
KR 121.182.75.228:7386 udp
AU 223.252.34.35:31911 udp
BR 187.181.209.39:29409 udp
RU 178.75.31.215:55343 udp
AM 93.185.45.59:60348 udp
RU 217.28.72.122:63211 udp
RS 89.216.170.126:6881 udp
PL 185.16.39.229:21908 udp
BR 45.170.36.240:54803 udp
UA 159.224.215.14:43413 udp
RU 5.139.227.177:3118 udp
GR 109.242.144.181:45327 udp
BR 45.179.23.240:26310 udp
IE 54.77.218.23:6892 udp
JP 13.114.205.93:6892 udp
US 35.155.156.153:6881 udp
US 54.214.62.31:6881 udp
DE 95.111.226.204:61388 udp
US 35.163.251.58:6881 udp
BG 213.240.222.63:14048 udp
CN 122.231.147.255:25408 udp
LV 109.73.111.182:20419 udp
KR 121.187.111.251:7839 udp
KR 221.156.113.47:50827 udp
GB 165.120.106.126:6881 udp
BR 189.34.144.181:8899 udp

Files

/data/user/0/idm.internet.download.manager.plus/databases/download.db-journal

MD5 3b988110bbae15ae98331f8b06d5b38b
SHA1 34d7c1c1c475dc3257642051075d5f69f1917bf1
SHA256 506110258d80b8243adb527a3f1998151a3af9c74c1d2aa80b393fe2e900cc5d
SHA512 c3a66e5668cc8c85b8fa08ea5749288bdf69ee03ca162b5ef9877f8d6d3d7ff398423a889a75e97ab8a0c51f4aed551522e8eaffe95e69065ebabcab4c474561

/data/user/0/idm.internet.download.manager.plus/databases/download.db

MD5 299e8636418a1d13a093b4dcfd15de85
SHA1 4d76071c9deb103a235a1c2990efeb534f8b6a68
SHA256 67f5f8a99d2b393227db95b9b9951d8d65d451f4e1f82dba894811a462c6529a
SHA512 16d75a0ce83ae30c3808ca96abcf56b37f3b36c7507abddefc3b8d932174458ebeccc0e1b2282131a6736826a608e7491faf3657b374efb100390299c99317b6

/data/user/0/idm.internet.download.manager.plus/databases/download.db-journal

MD5 dc87720c1cb42c6e0ce0e7888df9ef6f
SHA1 dbd15ff4c635a53ef298ee627b7ad363f38bd191
SHA256 3942e96144787ce46a205a13b25c6abe18b134b15899829899984eeb3f986455
SHA512 0d498b71c01e58acfe99db170ac16d9092e9cf277b7dd340239e5e053720096a47ad0b4693ae4e755a6cd466b776e409cc2c68540b06bb41d259d240744b0fbf

/data/user/0/idm.internet.download.manager.plus/databases/download.db-journal

MD5 1b12e33edf843eb4b5c0696fe26a08c8
SHA1 667d2102a02ef9bebd5921d1e2b94feb4aa1ac33
SHA256 e3642cccc3c51749939bf77f73f77e2e1321a6a7774cc8454b9eb382872ce060
SHA512 6f0bb4f33f0c1791eb0c3d3fa43fff290e0d698521865e3b300bc8e8f605d98a347a22dbfbb350e55b7cf89ae13e4e592a8193159d0bac38674fa642c47166ab

/data/user/0/idm.internet.download.manager.plus/databases/tray.db-journal

MD5 6994148cdd5e1945cff097de97095809
SHA1 f26c7ec1ed63cdff082f13da4a2c83f7e03842d9
SHA256 bc1a1fe0eb8dcca4b3f5dadeb03beb5442f36a0eda7af020a58380c4bfee2b7a
SHA512 dc348cc9fa1c77105c804bd528225111d5cb69e24f0e78e7335487bfecfcda9ed40041edce0fdb8a2a013f39cb591251fd3c65043790f6eee989e70af37e26b5

/data/user/0/idm.internet.download.manager.plus/databases/tray.db

MD5 f616bd60c2f35810e1104e6417012fca
SHA1 31a5c6606a3c03344cd27290320b630437b31e3e
SHA256 11e8252491b1298a294c1006ce7e45ed4545963311cff7085d3ae58cd951e598
SHA512 3b2a4db906e3626bced4334e356399673c51c6b888453947ff5e7835a9ccdd7e4ce7f6bb1800260559bbc19e06cf58537bf5f1be49abbbfc6e29685fc4254801

/data/user/0/idm.internet.download.manager.plus/databases/tray.db-journal

MD5 9426d87c0dff01d4a145d5ea2096470a
SHA1 698371769fb7185b5dab3582a26c0b629d9385d7
SHA256 db835fdcedd84a5fbdc85cee4004e404044e8e00bbcc57c5a2e6b1a25f859c04
SHA512 8291a8b89ffffc67db3fee64fa4fdf1b4f5ac32822c9a81b2b4d786a55c4713bd4770a1e5382515e42b9e7e6f54275605c4b9ffb1960289d3c810be2b1d3fdd8

/data/user/0/idm.internet.download.manager.plus/databases/tray.db-journal

MD5 7ca7c96eabf904f9490d54d3518b4f22
SHA1 2ff89d7f6061d8beb6caa1fbca89223cf62be1ef
SHA256 68747c33eeb2b059cd71892b0d8751394d40ff612bbc7f7fe693b58dc7b26aae
SHA512 410da52051310c486ec36d9a1d3820d71d66071e9ad939ebe058e9aa540ef581d58c83a0e8e1ad60495fb678926b7acdc70d564409180d50e155ee6ebd502742

/data/user/0/idm.internet.download.manager.plus/databases/tray.db-journal

MD5 375463b61c4361a682a0b7ac17ecfc5a
SHA1 13b9fd776160c7491598ed589981764009ddba13
SHA256 de4e2b3929611dbbe9f392ab8d701ba2fe9e88225b738b583bc1beeef2134e58
SHA512 177d3a1a12bed7b0cc1532e6bd0c39c9e8d7ab600f927c9ff119bc20f4ff05b76da60b901fba182f06b06b1415bf50d8c77db8f38c6d87c4fc9d1209d235fcfb