Analysis Overview
SHA256
c3e0574357cae98f015906046a1963f9710b435718156109fd19b75b76abbfb1
Threat Level: Likely malicious
The file 9f365ad3118a7a24df772a7efe714262_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Checks if the Android device is rooted.
Queries information about active data network
Requests dangerous framework permissions
Checks the presence of a debugger
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks memory information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-11 18:54
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-11 18:54
Reported
2024-06-11 18:57
Platform
android-x86-arm-20240611-en
Max time kernel
15s
Max time network
130s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/app/Superuser.apk | N/A | N/A |
| N/A | /system/xbin/su | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Checks the presence of a debugger
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.camerasideas.trimmer
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | www.myinstashot.com | udp |
| US | 34.36.132.17:80 | www.myinstashot.com | tcp |
| US | 1.1.1.1:53 | ads.mopub.com | udp |
| US | 34.111.158.155:443 | ads.mopub.com | tcp |
| US | 34.111.158.155:443 | ads.mopub.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.178.8:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
Files
/data/data/com.camerasideas.trimmer/databases/google_analytics_v4.db-journal
| MD5 | 0890ab0179f0614b7e681de22cb99180 |
| SHA1 | cce3b737885de61e2581933b8f5546f714e27897 |
| SHA256 | fbc9c32e994e550ca787d6f6893a6607dbdec79ab9866697560a80c5e904d7d4 |
| SHA512 | e74f6c3e6ae7a6fce226867cb6d452096e6f2ad1109e26fcb2c075e551883d7fe7084c192511d4c0bd504ea440c90fd3250ac49f28b47a1217a11eaa266fb390 |
/data/data/com.camerasideas.trimmer/databases/google_analytics_v4.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.camerasideas.trimmer/databases/google_analytics_v4.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.camerasideas.trimmer/databases/google_analytics_v4.db-wal
| MD5 | 64bccee49ef6f58134d63bec7c759e69 |
| SHA1 | 3f31797b7eba42e25e964800bc88a767f9fef0dd |
| SHA256 | fbacf006ae905959014e3b742e3f387152e567b88119e156ca5a9bba70e90b78 |
| SHA512 | 4f8ea17074fad27765d303349c8715f6a0d1524aa5dfc88309d522444364125227bf6ec507edf4867d422918bf5ee83e3f347637976b642bccf6ac13e2cc46fc |
/data/data/com.camerasideas.trimmer/files/gaClientId
| MD5 | 04b7125095d23aacb360f12ad4786809 |
| SHA1 | e77ace96b996164c3dfcca77e328b25fc0515c53 |
| SHA256 | d3faa0882ea897926ec74e7fb1975ac28a156c04ecb687401ffbd6d877c824df |
| SHA512 | 6085ba9665f2cdfda9fbbde874ebc5707bb72ecd9d92e471e760dbed4fa52ba93ffb4a0034186e22744976a708ed1c0030c6061a21d2cb058b1ad81cf5fdc9ab |
/data/data/com.camerasideas.trimmer/databases/tray.db-journal
| MD5 | 32c79b8d21ab15dbed123643c27b15b6 |
| SHA1 | 694215e49721c4899553e29fb0a04e5cf2bafaa6 |
| SHA256 | 37dccb8864f844630f8fef3857e897bdbe494e79b795efa5ebe8b405168e6853 |
| SHA512 | 9c2a198d2a0149924c15eafc3e4857fbdb5f9b34fd2dd091e021207d85cb9db5cc60aef2f572417bc143170045a81d13243c702ab57dea535c55212e474b4c3e |
/data/data/com.camerasideas.trimmer/databases/tray.db-wal
| MD5 | ed60dce44377b244311b625ae7d7e10b |
| SHA1 | 965953dfcb66d8c66592e9a8a9886190d55ffb58 |
| SHA256 | 0e0b416f84294c26f4b450b17bb782fa0bc9af0f4667a8adbc2f64ee34946993 |
| SHA512 | 45efc9b2647359a2abdb1da195e621ba2c63bd9a29bbb769e048e9997fc43065ef9397cb183cfb2a0bd95f326b518fe08836add7eae13a75d19954392509c096 |
/storage/emulated/0/youcut/.log/youcut0.log
| MD5 | ba22f7e3207b947a27294fd3448076a1 |
| SHA1 | 1b326294e496bfa3346c48066b7c2c87b6e50553 |
| SHA256 | 59dc785dbb84dcabc97f21d27c867d06b49ef36869efa5fc0f4ec35532d496b8 |
| SHA512 | c32cea65d3178cac17c63c295d3a21a8b188be6b78246fa259355518db6c1df2999faedc783678e2201d8592e8a31bf4d494e6752c57b73aa4243a6683719ab4 |
/data/data/com.camerasideas.trimmer/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66689D790101-0001-10AE-A22C708A7611BeginSession.cls_temp
| MD5 | 7e6fd1d622eeaada62c7120548fc302c |
| SHA1 | b83ee1aa841841d0268a32e68fac9e22a63f65cc |
| SHA256 | cdbe8f42f202a0fa3e42a88f405c89cdeb4416ae522ddb4b2c03006f8ec1cacb |
| SHA512 | 93bb7218cf0638fbfea0aa1e117b875bc4ddec93d904aa17acf4a71cae8bda2cd733ee331b3001698a322c6ad64b64de307022d3088dc5ea9580bfd08c288b39 |
/data/data/com.camerasideas.trimmer/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66689D790101-0001-10AE-A22C708A7611BeginSession.json
| MD5 | 26da7f984e591054346030294cc1a0ec |
| SHA1 | 129280c0a900ed744914d089ab358e7103df092b |
| SHA256 | b3b47e45063e1301894b695d6fd2bf3be6c0af41b8bcfe536e5cb34260d23fea |
| SHA512 | c9b1dff5a9a6b517e5044a4680eff19249e8874a7f1c865db106c141da64f335deab82ba066bcd16a1b1ddbc1459b4b53f5d93fc3976d5a74a786ae0ae2e297c |
/data/data/com.camerasideas.trimmer/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp
| MD5 | c33583fae4e0b61cde1c5b9227963237 |
| SHA1 | fe2ebe4d27469af1460f7e852031a04208ef629b |
| SHA256 | 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc |
| SHA512 | fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e |
/data/data/com.camerasideas.trimmer/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
| MD5 | edd0e14d15895b9f4f6618a7e9e9a520 |
| SHA1 | cbded8aa79d017ce537ad18d0481766ce8e07ea0 |
| SHA256 | 68130160f17eac1855175d7a11a9bbfef36bdfb9327fd97434ffcfad5f5c6ff6 |
| SHA512 | 1f8679823c8277b8ccb42e81a66891c112210db9ba425a9e867b4185ba84a668a6ea4c791743cb055fb54bcfd5156888ced1f6253700850502fbac5c0605555a |
/data/data/com.camerasideas.trimmer/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_1f54637e-0aa5-4451-abc4-4d114acacb46_1718132092147.tap
| MD5 | efdc29cbdc973ca54c24d3560f44bbfb |
| SHA1 | 0598dacb3f936860988703dd950cad862412ed5b |
| SHA256 | 4d1857250c54e362e6dad5e9a257cf7f956875b545a1a8c62357a5770a4e6bc1 |
| SHA512 | 6c7845d14150ad6df051f0df3076a2e4b4edc29beea72fb6068bfe9f55a9b5262b1723488e0506c22b4519d404f82a403e373475ec9d8d6e27bb9a336948758a |
/data/data/com.camerasideas.trimmer/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
| MD5 | bb9e8e8d898660176e4ca67120612e01 |
| SHA1 | 7ac32854b5d3018b1c279b0c50e7d4286778435b |
| SHA256 | 15452dcb4a006865812dae187d0a7e5a46463474b7665022f6227991bbda14b6 |
| SHA512 | 8409b5d2d33838b34a4b7458bac24657535300ca47b337c1d586882ff0d615fd46b5456260814878717c343c430f5ca0bea1ce9c1ad3d80c390ef18b33e44c71 |
/data/data/com.camerasideas.trimmer/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66689D790101-0001-10AE-A22C708A7611SessionApp.cls_temp
| MD5 | e22988b31c469dfb7bb05b7c916ee22f |
| SHA1 | ed5d2e5688d64016321ce034e75d2cf4121361b9 |
| SHA256 | c98c54002d3ca26d08db3086c6ae5b1f7db38ad2ce84e8e2efe252091e8893a0 |
| SHA512 | 28ecb7d55c1d70132f9bb900543ee2726a8e1898881f9076d7861b820f4532d01f1116d6c433dbac7fcbf841bc02ea15be09fe32b930bc33dccbc965149a7277 |
/data/data/com.camerasideas.trimmer/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66689D790101-0001-10AE-A22C708A7611SessionApp.json
| MD5 | 94b053545d68e362369c651e7a813f0d |
| SHA1 | a755eb509ea4f5fbd90b54c1009f244a4a830e02 |
| SHA256 | bddcc61dc937b5768821539e86641e90ac3636c9a9c9a867375974930f89d29b |
| SHA512 | 7a2d976c61f6a6780347c020eb9b99e4a827de8efae0643c87613ecb0f99355de11aac36e177255336eeaeab68873c079dd7eb6c71423d5017e701255096baea |
/data/data/com.camerasideas.trimmer/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66689D790101-0001-10AE-A22C708A7611SessionOS.cls_temp
| MD5 | 9b3d4522944ce6396563812bfdb92fa9 |
| SHA1 | 6d2a6133c8f01938a48ccc77ef86ad8ca335c020 |
| SHA256 | d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9 |
| SHA512 | 091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727 |
/data/data/com.camerasideas.trimmer/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66689D790101-0001-10AE-A22C708A7611SessionOS.json
| MD5 | 93023624eb8dff5c20050da136aaae0a |
| SHA1 | acfd1ffed752c28fb135ba83c0c6345ddf2f6995 |
| SHA256 | 968bcd7c4f1abed89a09cc0e6dadd238a81e8655e64196b39a86be49ceecd39c |
| SHA512 | bb25dfa144d3f0e17203936c503c5fedec5f9ca710e177f99e273010ba4a682199d4bda5684151d65f3cb1549f4611b3a645ce39646d3db9a1b2c17d6b160579 |
/data/data/com.camerasideas.trimmer/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66689D790101-0001-10AE-A22C708A7611SessionDevice.cls_temp
| MD5 | 2c2e28fc63a6ae18c36d6d2193cc7564 |
| SHA1 | 61f893eece8b5048c5acbe4e9ce19fe4bb7c6172 |
| SHA256 | 02c7b4a0d6dd806cd46029b2d30212c60d5037d4daf52f5e761e14d3ec2f5bb8 |
| SHA512 | f46ae9ad290f4f46f6a31ae19cb7843008135176e9ef9dde3a28ef889332bcf51678fa052951a1c0c2f4c435be0436b95af0160c100771600fa8d75829fc8494 |
/data/data/com.camerasideas.trimmer/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66689D790101-0001-10AE-A22C708A7611SessionDevice.json
| MD5 | 25699ac10bd08b0e46408f508c50dbb9 |
| SHA1 | 71137bf48ca0d35ccfa241bb0f19a9c4ccf699f5 |
| SHA256 | 8c202152ab20aa812f73b3f3862cace69b7e84bf4bacf79d51a792b4aac2f5c4 |
| SHA512 | e394518f880030f959b93e65d149b80ddaf6308c7d80eb9cc16c05c9edb082bc5b23af7aeac8bbf8bad8cb440e2f49793acf4124fdea06b70de0a0fd649a4f24 |
/data/data/com.camerasideas.trimmer/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/log-files/crashlytics-userlog-66689D790101-0001-10AE-A22C708A7611.temp
| MD5 | 9b3f9ec6ad2b48d6ae182dddde1fe7b9 |
| SHA1 | 2e54678a4202c85ada1aa981456e57bff90e0be7 |
| SHA256 | f021a197e46e17f113d18ebe6642684ff02f6b617e5ea62aef9501c75f921154 |
| SHA512 | dd0e3fc2fa41feba621d6859a29f2f26aa73062feb27caedcf03cd762f309eb97738e034bb8e6d857ab9ef448ef1ac8371e010e5f73a6fe8768dab0f5ef77daf |
/data/data/com.camerasideas.trimmer/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66689D790101-0001-10AE-A22C708A7611user.meta
| MD5 | 4dce7fbf008a42ebd2094064a6f1573d |
| SHA1 | 973d2ab7753c7ee93f5c24b5b0901ef24ca1a5ae |
| SHA256 | 4af4704efe56d95657cb20e3bdc0e60fded32f66d1cb72cab8687336338f9d02 |
| SHA512 | cab530fb7be6a382fd014319dd5ecbd0c8efc46e5d1d59c9414fab17ba675ab125d820ecdff507a55d0dce7ff5bb88095eb66c6e2ee45f06fde1779d98566f0d |