Malware Analysis Report

2025-01-19 07:50

Sample ID 240611-xq2qssxfqb
Target 9f3bb20cd52ff1a6dd417529d76d55f5_JaffaCakes118
SHA256 1bb428c9349f32e0990e8e411e0b4b20ecb96b31a44dd29629ffb8e807125509
Tags
discovery
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

1bb428c9349f32e0990e8e411e0b4b20ecb96b31a44dd29629ffb8e807125509

Threat Level: Shows suspicious behavior

The file 9f3bb20cd52ff1a6dd417529d76d55f5_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Requests dangerous framework permissions

Queries information about active data network

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-11 19:04

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 19:04

Reported

2024-06-11 19:11

Platform

android-x86-arm-20240611-en

Max time kernel

3s

Max time network

136s

Command Line

net.deerlet.ssc

Signatures

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

net.deerlet.ssc

chmod 755 /data/user/0/net.deerlet.ssc/.jiagu/libjiagu.so

/system/bin/dex2oat --instruction-set=x86 --dex-file=/data/data/net.deerlet.ssc/.jiagu/classes.dex --dex-file=/data/data/net.deerlet.ssc/.jiagu/classes.dex!classes2.dex --oat-file=/data/data/net.deerlet.ssc/.jiagu/oat/x86/classes.odex --inline-max-code-units=0 --compiler-filter=speed

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.212.202:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

/data/data/net.deerlet.ssc/.jiagu/libjiagu.so

MD5 f07c10fa1727a4d7395f07d20d77892d
SHA1 a7c2f367daea205bda6035a739bff81003554b4f
SHA256 b33b45d44e01f762b2678eb5fda5a804650b74cced4ea7362e3a19b37049e2b3
SHA512 83411cbcf78a99fed70dbebc46d626c85f61ba729ea0b3c93d2e109c63bbe6a739eae09d61af7fa0ff127502f3a13034d45a130f581e8ed3f66db892712736f1

/data/data/net.deerlet.ssc/.jiagu/classes.dex

MD5 f8813388196dc150159294bff99622b5
SHA1 5c214241868032c495015c0ff0220d37e40b0233
SHA256 f23445671d90f465a5a47842142679b58da75f727cef81aeef77b37ebd924f55
SHA512 57c2a424a7616652da4d15a0487da031100082f58349cfefa89f27f06d3715e2804fbec2c6fc07f78c4bee634ceecb536be23103ff47e260ecf922c309acfe2f

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 19:04

Reported

2024-06-11 19:08

Platform

android-x64-20240611-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A