Malware Analysis Report

2025-01-19 07:48

Sample ID 240611-xkbx7axdnh
Target 9f365ad3118a7a24df772a7efe714262_JaffaCakes118
SHA256 c3e0574357cae98f015906046a1963f9710b435718156109fd19b75b76abbfb1
Tags
discovery evasion persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

c3e0574357cae98f015906046a1963f9710b435718156109fd19b75b76abbfb1

Threat Level: Likely malicious

The file 9f365ad3118a7a24df772a7efe714262_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion persistence

Checks if the Android device is rooted.

Queries information about active data network

Requests dangerous framework permissions

Checks the presence of a debugger

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-11 18:54

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 18:54

Reported

2024-06-11 18:57

Platform

android-x86-arm-20240611-en

Max time kernel

15s

Max time network

130s

Command Line

com.camerasideas.trimmer

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Checks the presence of a debugger

evasion

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.camerasideas.trimmer

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 www.myinstashot.com udp
US 34.36.132.17:80 www.myinstashot.com tcp
US 1.1.1.1:53 ads.mopub.com udp
US 34.111.158.155:443 ads.mopub.com tcp
US 34.111.158.155:443 ads.mopub.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp

Files

/data/data/com.camerasideas.trimmer/databases/google_analytics_v4.db-journal

MD5 0890ab0179f0614b7e681de22cb99180
SHA1 cce3b737885de61e2581933b8f5546f714e27897
SHA256 fbc9c32e994e550ca787d6f6893a6607dbdec79ab9866697560a80c5e904d7d4
SHA512 e74f6c3e6ae7a6fce226867cb6d452096e6f2ad1109e26fcb2c075e551883d7fe7084c192511d4c0bd504ea440c90fd3250ac49f28b47a1217a11eaa266fb390

/data/data/com.camerasideas.trimmer/databases/google_analytics_v4.db

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.camerasideas.trimmer/databases/google_analytics_v4.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.camerasideas.trimmer/databases/google_analytics_v4.db-wal

MD5 64bccee49ef6f58134d63bec7c759e69
SHA1 3f31797b7eba42e25e964800bc88a767f9fef0dd
SHA256 fbacf006ae905959014e3b742e3f387152e567b88119e156ca5a9bba70e90b78
SHA512 4f8ea17074fad27765d303349c8715f6a0d1524aa5dfc88309d522444364125227bf6ec507edf4867d422918bf5ee83e3f347637976b642bccf6ac13e2cc46fc

/data/data/com.camerasideas.trimmer/files/gaClientId

MD5 04b7125095d23aacb360f12ad4786809
SHA1 e77ace96b996164c3dfcca77e328b25fc0515c53
SHA256 d3faa0882ea897926ec74e7fb1975ac28a156c04ecb687401ffbd6d877c824df
SHA512 6085ba9665f2cdfda9fbbde874ebc5707bb72ecd9d92e471e760dbed4fa52ba93ffb4a0034186e22744976a708ed1c0030c6061a21d2cb058b1ad81cf5fdc9ab

/data/data/com.camerasideas.trimmer/databases/tray.db-journal

MD5 32c79b8d21ab15dbed123643c27b15b6
SHA1 694215e49721c4899553e29fb0a04e5cf2bafaa6
SHA256 37dccb8864f844630f8fef3857e897bdbe494e79b795efa5ebe8b405168e6853
SHA512 9c2a198d2a0149924c15eafc3e4857fbdb5f9b34fd2dd091e021207d85cb9db5cc60aef2f572417bc143170045a81d13243c702ab57dea535c55212e474b4c3e

/data/data/com.camerasideas.trimmer/databases/tray.db-wal

MD5 ed60dce44377b244311b625ae7d7e10b
SHA1 965953dfcb66d8c66592e9a8a9886190d55ffb58
SHA256 0e0b416f84294c26f4b450b17bb782fa0bc9af0f4667a8adbc2f64ee34946993
SHA512 45efc9b2647359a2abdb1da195e621ba2c63bd9a29bbb769e048e9997fc43065ef9397cb183cfb2a0bd95f326b518fe08836add7eae13a75d19954392509c096

/storage/emulated/0/youcut/.log/youcut0.log

MD5 ba22f7e3207b947a27294fd3448076a1
SHA1 1b326294e496bfa3346c48066b7c2c87b6e50553
SHA256 59dc785dbb84dcabc97f21d27c867d06b49ef36869efa5fc0f4ec35532d496b8
SHA512 c32cea65d3178cac17c63c295d3a21a8b188be6b78246fa259355518db6c1df2999faedc783678e2201d8592e8a31bf4d494e6752c57b73aa4243a6683719ab4

/data/data/com.camerasideas.trimmer/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66689D790101-0001-10AE-A22C708A7611BeginSession.cls_temp

MD5 7e6fd1d622eeaada62c7120548fc302c
SHA1 b83ee1aa841841d0268a32e68fac9e22a63f65cc
SHA256 cdbe8f42f202a0fa3e42a88f405c89cdeb4416ae522ddb4b2c03006f8ec1cacb
SHA512 93bb7218cf0638fbfea0aa1e117b875bc4ddec93d904aa17acf4a71cae8bda2cd733ee331b3001698a322c6ad64b64de307022d3088dc5ea9580bfd08c288b39

/data/data/com.camerasideas.trimmer/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66689D790101-0001-10AE-A22C708A7611BeginSession.json

MD5 26da7f984e591054346030294cc1a0ec
SHA1 129280c0a900ed744914d089ab358e7103df092b
SHA256 b3b47e45063e1301894b695d6fd2bf3be6c0af41b8bcfe536e5cb34260d23fea
SHA512 c9b1dff5a9a6b517e5044a4680eff19249e8874a7f1c865db106c141da64f335deab82ba066bcd16a1b1ddbc1459b4b53f5d93fc3976d5a74a786ae0ae2e297c

/data/data/com.camerasideas.trimmer/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp

MD5 c33583fae4e0b61cde1c5b9227963237
SHA1 fe2ebe4d27469af1460f7e852031a04208ef629b
SHA256 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512 fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

/data/data/com.camerasideas.trimmer/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 edd0e14d15895b9f4f6618a7e9e9a520
SHA1 cbded8aa79d017ce537ad18d0481766ce8e07ea0
SHA256 68130160f17eac1855175d7a11a9bbfef36bdfb9327fd97434ffcfad5f5c6ff6
SHA512 1f8679823c8277b8ccb42e81a66891c112210db9ba425a9e867b4185ba84a668a6ea4c791743cb055fb54bcfd5156888ced1f6253700850502fbac5c0605555a

/data/data/com.camerasideas.trimmer/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_1f54637e-0aa5-4451-abc4-4d114acacb46_1718132092147.tap

MD5 efdc29cbdc973ca54c24d3560f44bbfb
SHA1 0598dacb3f936860988703dd950cad862412ed5b
SHA256 4d1857250c54e362e6dad5e9a257cf7f956875b545a1a8c62357a5770a4e6bc1
SHA512 6c7845d14150ad6df051f0df3076a2e4b4edc29beea72fb6068bfe9f55a9b5262b1723488e0506c22b4519d404f82a403e373475ec9d8d6e27bb9a336948758a

/data/data/com.camerasideas.trimmer/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap

MD5 bb9e8e8d898660176e4ca67120612e01
SHA1 7ac32854b5d3018b1c279b0c50e7d4286778435b
SHA256 15452dcb4a006865812dae187d0a7e5a46463474b7665022f6227991bbda14b6
SHA512 8409b5d2d33838b34a4b7458bac24657535300ca47b337c1d586882ff0d615fd46b5456260814878717c343c430f5ca0bea1ce9c1ad3d80c390ef18b33e44c71

/data/data/com.camerasideas.trimmer/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66689D790101-0001-10AE-A22C708A7611SessionApp.cls_temp

MD5 e22988b31c469dfb7bb05b7c916ee22f
SHA1 ed5d2e5688d64016321ce034e75d2cf4121361b9
SHA256 c98c54002d3ca26d08db3086c6ae5b1f7db38ad2ce84e8e2efe252091e8893a0
SHA512 28ecb7d55c1d70132f9bb900543ee2726a8e1898881f9076d7861b820f4532d01f1116d6c433dbac7fcbf841bc02ea15be09fe32b930bc33dccbc965149a7277

/data/data/com.camerasideas.trimmer/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66689D790101-0001-10AE-A22C708A7611SessionApp.json

MD5 94b053545d68e362369c651e7a813f0d
SHA1 a755eb509ea4f5fbd90b54c1009f244a4a830e02
SHA256 bddcc61dc937b5768821539e86641e90ac3636c9a9c9a867375974930f89d29b
SHA512 7a2d976c61f6a6780347c020eb9b99e4a827de8efae0643c87613ecb0f99355de11aac36e177255336eeaeab68873c079dd7eb6c71423d5017e701255096baea

/data/data/com.camerasideas.trimmer/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66689D790101-0001-10AE-A22C708A7611SessionOS.cls_temp

MD5 9b3d4522944ce6396563812bfdb92fa9
SHA1 6d2a6133c8f01938a48ccc77ef86ad8ca335c020
SHA256 d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9
SHA512 091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

/data/data/com.camerasideas.trimmer/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66689D790101-0001-10AE-A22C708A7611SessionOS.json

MD5 93023624eb8dff5c20050da136aaae0a
SHA1 acfd1ffed752c28fb135ba83c0c6345ddf2f6995
SHA256 968bcd7c4f1abed89a09cc0e6dadd238a81e8655e64196b39a86be49ceecd39c
SHA512 bb25dfa144d3f0e17203936c503c5fedec5f9ca710e177f99e273010ba4a682199d4bda5684151d65f3cb1549f4611b3a645ce39646d3db9a1b2c17d6b160579

/data/data/com.camerasideas.trimmer/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66689D790101-0001-10AE-A22C708A7611SessionDevice.cls_temp

MD5 2c2e28fc63a6ae18c36d6d2193cc7564
SHA1 61f893eece8b5048c5acbe4e9ce19fe4bb7c6172
SHA256 02c7b4a0d6dd806cd46029b2d30212c60d5037d4daf52f5e761e14d3ec2f5bb8
SHA512 f46ae9ad290f4f46f6a31ae19cb7843008135176e9ef9dde3a28ef889332bcf51678fa052951a1c0c2f4c435be0436b95af0160c100771600fa8d75829fc8494

/data/data/com.camerasideas.trimmer/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66689D790101-0001-10AE-A22C708A7611SessionDevice.json

MD5 25699ac10bd08b0e46408f508c50dbb9
SHA1 71137bf48ca0d35ccfa241bb0f19a9c4ccf699f5
SHA256 8c202152ab20aa812f73b3f3862cace69b7e84bf4bacf79d51a792b4aac2f5c4
SHA512 e394518f880030f959b93e65d149b80ddaf6308c7d80eb9cc16c05c9edb082bc5b23af7aeac8bbf8bad8cb440e2f49793acf4124fdea06b70de0a0fd649a4f24

/data/data/com.camerasideas.trimmer/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/log-files/crashlytics-userlog-66689D790101-0001-10AE-A22C708A7611.temp

MD5 9b3f9ec6ad2b48d6ae182dddde1fe7b9
SHA1 2e54678a4202c85ada1aa981456e57bff90e0be7
SHA256 f021a197e46e17f113d18ebe6642684ff02f6b617e5ea62aef9501c75f921154
SHA512 dd0e3fc2fa41feba621d6859a29f2f26aa73062feb27caedcf03cd762f309eb97738e034bb8e6d857ab9ef448ef1ac8371e010e5f73a6fe8768dab0f5ef77daf

/data/data/com.camerasideas.trimmer/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/66689D790101-0001-10AE-A22C708A7611user.meta

MD5 4dce7fbf008a42ebd2094064a6f1573d
SHA1 973d2ab7753c7ee93f5c24b5b0901ef24ca1a5ae
SHA256 4af4704efe56d95657cb20e3bdc0e60fded32f66d1cb72cab8687336338f9d02
SHA512 cab530fb7be6a382fd014319dd5ecbd0c8efc46e5d1d59c9414fab17ba675ab125d820ecdff507a55d0dce7ff5bb88095eb66c6e2ee45f06fde1779d98566f0d