Analysis Overview
SHA256
04150eefbd5b2d68c618041749190ae062e552086b982b0436b4d72d631dd26c
Threat Level: Shows suspicious behavior
The file 9f466970000c1fc326a4fe8b2d388df8_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Acquires the wake lock
Queries information about active data network
Requests dangerous framework permissions
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks CPU information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-11 19:16
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-11 19:16
Reported
2024-06-11 19:19
Platform
android-x86-arm-20240611-en
Max time kernel
14s
Max time network
131s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Processes
com.bedtime.backtobed
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | stats.unity3d.com | udp |
| US | 1.1.1.1:53 | data.flurry.com | udp |
| US | 74.6.138.65:80 | data.flurry.com | tcp |
| US | 1.1.1.1:53 | data.flurry.com | udp |
| US | 74.6.138.67:80 | data.flurry.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
Files
/data/data/com.bedtime.backtobed/files/.flurryagent.-4293ce01
| MD5 | d4d7e9e968616854757b76af93a2e6a4 |
| SHA1 | 87daf08914f21b97c5df527138cdbdf184d8ad38 |
| SHA256 | 98e933053052e1202db408eaac97b74c00d3bc72929b0be546d4ea4eff2c90bc |
| SHA512 | b2c906619faade1de49b1414bb5de13418382e099cb4ed18874b36dc1d6362c329b7ee73fc10c42cd3c3bfb9baf12d5552401047ad11fe2e67e8d6cebc4f4686 |
/data/data/com.bedtime.backtobed/files/.flurrydatasenderblock.63d0088c-84be-4278-b70d-2e9f3baf9825
| MD5 | a8246ca206d4bd0710b9f9e430e2a637 |
| SHA1 | bc3946d9a0a4dd251d24588720d87d2fdcf7efd7 |
| SHA256 | 893dff58ad467c6c864d35778779e8df0d44a88afef878ac93aa91117a5c0f6d |
| SHA512 | 5420b84a989aba0dd81b371c311cbbe2c51f0f7e79b44d8abc7ec8d001b12b573f4599188cf8c935cf388f357c624a8001e5907a54703450310b14df67f3b81f |
/data/data/com.bedtime.backtobed/files/.FlurrySenderIndex.info.AnalyticsData_6JYZHZ22J7YFM3NHJQ7N_158
| MD5 | 8ac3298a1aaf2f1f9e86eb03ff2a06c2 |
| SHA1 | ed61f5af0f7c0548d497e8dc3de1037cb01b3a43 |
| SHA256 | e7e14122daa124f901dfe1eacc32733513251ab18d6b6e8eac56c3ad02916a60 |
| SHA512 | 5cf4b3053a2fa3593533fa73a4a0b5b6616e5640e55e80e27fad8d6dc7f4ac1b862e2e0c0ad392d9d53df2c069d1ec92fb034ff33f61f9a900d25d09de1c5722 |
/data/data/com.bedtime.backtobed/files/.FlurrySenderIndex.info.AnalyticsMain
| MD5 | ca02982365c238f445ab68172fa350c7 |
| SHA1 | 1d3f356ca8e34d9efa05ffe8a3c531fa63b737c9 |
| SHA256 | 4dfd535a2f8b22c4e589d1ec40a7e6f1b100fc9c19cfff65ae6e7c252295d9de |
| SHA512 | 1878baaace3d7fe8c183f9c08ec90a60277f904c20d3c5110fd6e6235512497c20d492a8c1152b8bb66a29b7a0637cac99e1319c57dfcabbc5fe556875ac9ff4 |
/data/data/com.bedtime.backtobed/files/.flurryagent.-4293ce01
| MD5 | 177699468c8149ba0df3783d35beed80 |
| SHA1 | 38374cc53b47d823697e7a894616096c0b3284f5 |
| SHA256 | 4c166b7a3caeb3dd04991843292fc1c7a2d0aba958b3f9f19925b668977c4d7b |
| SHA512 | 465c63f588a984c3f18c5d654102082e0a5b1bd825be8089342a9cf8bb7e1efe72b4f20fce7b1f2db0c8508b53aa8590f821e8c28f036f7e2f7d105ae2107bc5 |
/data/data/com.bedtime.backtobed/files/.flurryagent.-4293ce01
| MD5 | 46f3287d2933f5a9ae60d9c74c45dd11 |
| SHA1 | 5bc31e02da91294b41ea51adfbb7eaa6889cf4d0 |
| SHA256 | d066de05d836bf3eb795e4f38d5c4c24a9ac8223b53e979e3d9c2765f1af09fb |
| SHA512 | 9a911a461c1da430d1f6bf5bc59a908896a66cd67a951677e9302a4a378fb4f725d3150d3122dd08d67152125f54762201050a69a2f50410024414f10b9b249f |
/data/data/com.bedtime.backtobed/files/.flurrydatasenderblock.a89db294-4f43-4611-b4b2-8099a7ec27e0
| MD5 | 56f252074499bd1fea42a846797c68f7 |
| SHA1 | d91a56a43c6979913bc21bf1b80ff4b2276fcd59 |
| SHA256 | 9ba1ff956fa43f92e59600cc5007aa0efca70b81a8fea2bd7d13425cb4c5b27c |
| SHA512 | 8cc519d6d0c0fc06de024efbe1ee8e8f97f7159d3c83831326f770e3b85e8fbd337cd50851cd0a27703492c6d79cdf6a57b3d38951c576b149abb75401ac0115 |
/data/data/com.bedtime.backtobed/files/.FlurrySenderIndex.info.AnalyticsData_6JYZHZ22J7YFM3NHJQ7N_158
| MD5 | 46f9f9856d386d5b1454528ce1c54f2f |
| SHA1 | b5791771f7e7c860a5dcbc0c0fdd99ffc2152c51 |
| SHA256 | 19e80c06afbdbc48ebc7c276e2c01eb87c580949045cc144cb70cdf36b0ed41a |
| SHA512 | efcf89d48b8adc1fbf12aca568aad1eef5283accf1f6145838671886006621f018d3a063282baf8b6c43a8d2bc05ad17475e3eb8bc5b4bd98b328de6e8ed86e0 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-11 19:16
Reported
2024-06-11 19:16
Platform
android-33-x64-arm64-20240611.1-en
Max time network
8s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.169.68:443 | udp | |
| GB | 216.58.204.74:443 | tcp | |
| BE | 142.251.168.188:5228 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.204.74:443 | udp | |
| GB | 142.250.180.10:443 | udp |