Malware Analysis Report

2025-01-19 07:50

Sample ID 240611-y8jhlszhkq
Target 9f70debb445c8420ababf1dccada6a4c_JaffaCakes118
SHA256 3e0051171373bd9ab80a7cf313dd62f3f6aba363df251366f733a9b785f6f9f0
Tags
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

3e0051171373bd9ab80a7cf313dd62f3f6aba363df251366f733a9b785f6f9f0

Threat Level: Shows suspicious behavior

The file 9f70debb445c8420ababf1dccada6a4c_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary


Requests dangerous framework permissions

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 20:27

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 20:27

Reported

2024-06-11 20:30

Platform

android-x86-arm-20240611.1-en

Max time kernel

132s

Max time network

158s

Command Line

de.brettspielwelt.schatzjaeger

Signatures

N/A

Processes

de.brettspielwelt.schatzjaeger

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.74:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
US 1.1.1.1:53 appcallback.brettspielwelt.de udp
DE 88.198.68.222:80 appcallback.brettspielwelt.de tcp

Files

/data/data/de.brettspielwelt.schatzjaeger/files/users

MD5 f180857adee55cc43fa81dbe40b6be19
SHA1 4242ec5cf16900b8b1e948075499545720dd6edc
SHA256 3f1870a40382d6238e89b51dcef282444e3730400d53212821f82aefb9c6df80
SHA512 7d3a6f2b028e617b439fa5f4248999a3352b7413265bec351753311d5048409ba27a422f4125fde4f14469041051bcbfc3fb397de22955eeefafee891b91c89e

/data/data/de.brettspielwelt.schatzjaeger/files/achievements

MD5 caf42dddeab514b8dffff8065bfad7e1
SHA1 db0e00863355b70cac4601031f2e81973cab1f4f
SHA256 0232f6560381ddb7aafb317a4492d8424f35b094e6e3a9772ed0e63d8ef0ab9d
SHA512 1dd3b49b5bdcf3c8b093b6a4f85a82d917166e2eea97dcfa266edf03e9ad413c2adaf6735921de3b08141b9730f40761bf49be7cb9fc108395f9320508707817

/data/data/de.brettspielwelt.schatzjaeger/files/records

MD5 46898d2330b864bc0565d6593a7dedb2
SHA1 6dd95f87aa8e33ec1eee2f4b306cb586c551ad0a
SHA256 1644795c482cb7e0f0ae5e58a4dbd310165d5b5e0c61211d1b5c86ed420ba238
SHA512 50604ef0a3a4f7ac9509de77d1633b7f7d9f08ce380bcbb803cff3772223262ebe89f4a25c7e38c15ee0c50fa2a6df5c3ecce62c005c1f90fe6c9ace5938306b

/data/data/de.brettspielwelt.schatzjaeger/files/advert

MD5 0d6aba7fe20061586314ce975cbac717
SHA1 f04a094f0f7e1e4191597d47efdabb064647c015
SHA256 e849eb32060d136a9bf7d10d8ed064bd5d711baaa817c833f985e2044cc7fb99
SHA512 ed9d305b953c3bfd5632b145b11aa708376b9b1294291a0d3f1eecc0d8990b16a546678f3bade8500400a15579cad2c2b18d2353ac0b312f2542beb3fc467d5a

/data/data/de.brettspielwelt.schatzjaeger/databases/notifications.db-journal

MD5 cc89b0dbbe7b0a0609ac61e3360a6384
SHA1 fb08f7738e0442ed24713e760ade0621289bf82f
SHA256 1751430a5bab9e909616c553f58a1a67a941fd8ef58929bf275727871ce3d0ca
SHA512 c64002f4c52022698320b598a2f447f969f9a054f1b75dfd52068d18a987a44c89b14c0dde4ed3099e8265113519cf1014eb385167beed3202747a30f089da77

/data/data/de.brettspielwelt.schatzjaeger/databases/notifications.db

MD5 3fe30614d7e0d11db870b4624f6c50e0
SHA1 053ff0fc621ab40f2afeddb3e7b4a73ee41ec533
SHA256 67c532f0324228dd33b445cd399c1426e3a0e0cdc7b9358c66b402c5d40a838d
SHA512 c7c09e97a408e88aacaf8099ad4d1fa604d58113393500a384eb3c2eb7c3c105af41314934b86eca2f088045cbab5a20d768bbb295448dc1ae6cb6c3f59821ae

/data/data/de.brettspielwelt.schatzjaeger/databases/notifications.db-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/de.brettspielwelt.schatzjaeger/databases/notifications.db-wal

MD5 145640a6b3695c5a4e1e8a305aefd76b
SHA1 367d2f48a1c0002c059ac06be11ba4ec4987c517
SHA256 05b3f86327f55637e7da4726158ea2b9ac6aea3fcfbf4b6d96dd92c4a7ab38ae
SHA512 8fa55f75c063b38812e1210b8376fa8a31c78bcb8b94312df6b99fd8b0dd6692db1de72c6ca96169c3b6bc224f6b4a07dc87431582680da09c186ffdeb885132

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 20:27

Reported

2024-06-11 20:30

Platform

android-x64-arm64-20240611.1-en

Max time kernel

52s

Max time network

175s

Command Line

de.brettspielwelt.schatzjaeger

Signatures

N/A

Processes

de.brettspielwelt.schatzjaeger

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.40:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 appcallback.brettspielwelt.de udp
DE 88.198.68.222:80 appcallback.brettspielwelt.de tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
GB 142.250.180.3:443 tcp

Files

/data/user/0/de.brettspielwelt.schatzjaeger/files/users

MD5 f180857adee55cc43fa81dbe40b6be19
SHA1 4242ec5cf16900b8b1e948075499545720dd6edc
SHA256 3f1870a40382d6238e89b51dcef282444e3730400d53212821f82aefb9c6df80
SHA512 7d3a6f2b028e617b439fa5f4248999a3352b7413265bec351753311d5048409ba27a422f4125fde4f14469041051bcbfc3fb397de22955eeefafee891b91c89e

/data/user/0/de.brettspielwelt.schatzjaeger/files/achievements

MD5 caf42dddeab514b8dffff8065bfad7e1
SHA1 db0e00863355b70cac4601031f2e81973cab1f4f
SHA256 0232f6560381ddb7aafb317a4492d8424f35b094e6e3a9772ed0e63d8ef0ab9d
SHA512 1dd3b49b5bdcf3c8b093b6a4f85a82d917166e2eea97dcfa266edf03e9ad413c2adaf6735921de3b08141b9730f40761bf49be7cb9fc108395f9320508707817

/data/user/0/de.brettspielwelt.schatzjaeger/files/records

MD5 46898d2330b864bc0565d6593a7dedb2
SHA1 6dd95f87aa8e33ec1eee2f4b306cb586c551ad0a
SHA256 1644795c482cb7e0f0ae5e58a4dbd310165d5b5e0c61211d1b5c86ed420ba238
SHA512 50604ef0a3a4f7ac9509de77d1633b7f7d9f08ce380bcbb803cff3772223262ebe89f4a25c7e38c15ee0c50fa2a6df5c3ecce62c005c1f90fe6c9ace5938306b

/data/user/0/de.brettspielwelt.schatzjaeger/files/advert

MD5 bc48feda2f0c9a465e286ebf712b21de
SHA1 733e4a8436f9c058402b700f87b3d51aef7333c3
SHA256 2f2b456d1f38b2b23da6d14c28cfd38a0db5c1fca86528f91199ccb085543a47
SHA512 5ecb6c6b75ac11a3cb75c35fbc602389eb5134e892dc8f9d138407bb57de1bfb1de56ddd13690651c4a9feed21034432de15c4212692d4258acddb02f1ed278d

/data/user/0/de.brettspielwelt.schatzjaeger/databases/notifications.db-journal

MD5 96a897390fb5dbc3c6f848460130b8bc
SHA1 6530b50aee0ef99f60d6dd963ed61d88ec12a6a8
SHA256 f299bcc058b372ed31a62d9af54da60b834ff5ed35bd90be1f00d4312dd2a192
SHA512 575a9720c44223a53060557db8329578da2f42095cda30691827429e92d43ad5f1879cf88aa25ffb29149a7beaa84f6d0bc3c9fd99e21d85b8e8f6e2a2f3aa79

/data/user/0/de.brettspielwelt.schatzjaeger/databases/notifications.db

MD5 171aedf968e17a2744d2585715606cb9
SHA1 bbeddeb3b89fcf809619c35b4a318a80e7d5b029
SHA256 d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e
SHA512 78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b

/data/user/0/de.brettspielwelt.schatzjaeger/databases/notifications.db-journal

MD5 775736ef55efad51c204b2580fc34dd3
SHA1 e5b7fffd88028f87eb51dfe117281f93dd2af290
SHA256 7f05d52a817970e1c6893caa3f1da1b399f785e310a4d229cf1047bf97128531
SHA512 6caa290112f51c504c5a53251e9a8e84ea79f01c0ab8c7ecfa508b754ef862bfe834a89e97f3739a54c3aa701abe34463e1226892e55c33af07f3a9e27807b07