Malware Analysis Report

2025-01-19 07:47

Sample ID 240611-xy2e1ayaje
Target 9f466970000c1fc326a4fe8b2d388df8_JaffaCakes118
SHA256 04150eefbd5b2d68c618041749190ae062e552086b982b0436b4d72d631dd26c
Tags
discovery persistence
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

04150eefbd5b2d68c618041749190ae062e552086b982b0436b4d72d631dd26c

Threat Level: Shows suspicious behavior

The file 9f466970000c1fc326a4fe8b2d388df8_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery persistence

Acquires the wake lock

Queries information about active data network

Requests dangerous framework permissions

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-11 19:16

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 19:16

Reported

2024-06-11 19:19

Platform

android-x86-arm-20240611-en

Max time kernel

14s

Max time network

131s

Command Line

com.bedtime.backtobed

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.bedtime.backtobed

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 stats.unity3d.com udp
US 1.1.1.1:53 data.flurry.com udp
US 74.6.138.65:80 data.flurry.com tcp
US 1.1.1.1:53 data.flurry.com udp
US 74.6.138.67:80 data.flurry.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp

Files

/data/data/com.bedtime.backtobed/files/.flurryagent.-4293ce01

MD5 d4d7e9e968616854757b76af93a2e6a4
SHA1 87daf08914f21b97c5df527138cdbdf184d8ad38
SHA256 98e933053052e1202db408eaac97b74c00d3bc72929b0be546d4ea4eff2c90bc
SHA512 b2c906619faade1de49b1414bb5de13418382e099cb4ed18874b36dc1d6362c329b7ee73fc10c42cd3c3bfb9baf12d5552401047ad11fe2e67e8d6cebc4f4686

/data/data/com.bedtime.backtobed/files/.flurrydatasenderblock.63d0088c-84be-4278-b70d-2e9f3baf9825

MD5 a8246ca206d4bd0710b9f9e430e2a637
SHA1 bc3946d9a0a4dd251d24588720d87d2fdcf7efd7
SHA256 893dff58ad467c6c864d35778779e8df0d44a88afef878ac93aa91117a5c0f6d
SHA512 5420b84a989aba0dd81b371c311cbbe2c51f0f7e79b44d8abc7ec8d001b12b573f4599188cf8c935cf388f357c624a8001e5907a54703450310b14df67f3b81f

/data/data/com.bedtime.backtobed/files/.FlurrySenderIndex.info.AnalyticsData_6JYZHZ22J7YFM3NHJQ7N_158

MD5 8ac3298a1aaf2f1f9e86eb03ff2a06c2
SHA1 ed61f5af0f7c0548d497e8dc3de1037cb01b3a43
SHA256 e7e14122daa124f901dfe1eacc32733513251ab18d6b6e8eac56c3ad02916a60
SHA512 5cf4b3053a2fa3593533fa73a4a0b5b6616e5640e55e80e27fad8d6dc7f4ac1b862e2e0c0ad392d9d53df2c069d1ec92fb034ff33f61f9a900d25d09de1c5722

/data/data/com.bedtime.backtobed/files/.FlurrySenderIndex.info.AnalyticsMain

MD5 ca02982365c238f445ab68172fa350c7
SHA1 1d3f356ca8e34d9efa05ffe8a3c531fa63b737c9
SHA256 4dfd535a2f8b22c4e589d1ec40a7e6f1b100fc9c19cfff65ae6e7c252295d9de
SHA512 1878baaace3d7fe8c183f9c08ec90a60277f904c20d3c5110fd6e6235512497c20d492a8c1152b8bb66a29b7a0637cac99e1319c57dfcabbc5fe556875ac9ff4

/data/data/com.bedtime.backtobed/files/.flurryagent.-4293ce01

MD5 177699468c8149ba0df3783d35beed80
SHA1 38374cc53b47d823697e7a894616096c0b3284f5
SHA256 4c166b7a3caeb3dd04991843292fc1c7a2d0aba958b3f9f19925b668977c4d7b
SHA512 465c63f588a984c3f18c5d654102082e0a5b1bd825be8089342a9cf8bb7e1efe72b4f20fce7b1f2db0c8508b53aa8590f821e8c28f036f7e2f7d105ae2107bc5

/data/data/com.bedtime.backtobed/files/.flurryagent.-4293ce01

MD5 46f3287d2933f5a9ae60d9c74c45dd11
SHA1 5bc31e02da91294b41ea51adfbb7eaa6889cf4d0
SHA256 d066de05d836bf3eb795e4f38d5c4c24a9ac8223b53e979e3d9c2765f1af09fb
SHA512 9a911a461c1da430d1f6bf5bc59a908896a66cd67a951677e9302a4a378fb4f725d3150d3122dd08d67152125f54762201050a69a2f50410024414f10b9b249f

/data/data/com.bedtime.backtobed/files/.flurrydatasenderblock.a89db294-4f43-4611-b4b2-8099a7ec27e0

MD5 56f252074499bd1fea42a846797c68f7
SHA1 d91a56a43c6979913bc21bf1b80ff4b2276fcd59
SHA256 9ba1ff956fa43f92e59600cc5007aa0efca70b81a8fea2bd7d13425cb4c5b27c
SHA512 8cc519d6d0c0fc06de024efbe1ee8e8f97f7159d3c83831326f770e3b85e8fbd337cd50851cd0a27703492c6d79cdf6a57b3d38951c576b149abb75401ac0115

/data/data/com.bedtime.backtobed/files/.FlurrySenderIndex.info.AnalyticsData_6JYZHZ22J7YFM3NHJQ7N_158

MD5 46f9f9856d386d5b1454528ce1c54f2f
SHA1 b5791771f7e7c860a5dcbc0c0fdd99ffc2152c51
SHA256 19e80c06afbdbc48ebc7c276e2c01eb87c580949045cc144cb70cdf36b0ed41a
SHA512 efcf89d48b8adc1fbf12aca568aad1eef5283accf1f6145838671886006621f018d3a063282baf8b6c43a8d2bc05ad17475e3eb8bc5b4bd98b328de6e8ed86e0

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 19:16

Reported

2024-06-11 19:16

Platform

android-33-x64-arm64-20240611.1-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 172.217.169.68:443 udp
GB 216.58.204.74:443 tcp
BE 142.251.168.188:5228 tcp
GB 142.250.179.228:443 tcp
N/A 224.0.0.251:5353 udp
GB 216.58.204.74:443 udp
GB 142.250.180.10:443 udp

Files

N/A