Analysis Overview
SHA256
1f46f3096343c54f47dc417b8434a072248ffcd33913d73586e2103849434a25
Threat Level: Shows suspicious behavior
The file 9f5eaa891b0e5baadd2107b6326b8269_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped Dex/Jar
Requests dangerous framework permissions
Queries information about active data network
Queries the unique device ID (IMEI, MEID, IMSI)
Registers a broadcast receiver at runtime (usually for listening for system events)
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-11 20:00
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-11 20:00
Reported
2024-06-11 20:03
Platform
android-x86-arm-20240611.1-en
Max time kernel
175s
Max time network
137s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 | N/A | N/A |
| N/A | /data/user/0/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709!classes2.dex | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Processes
com.myapp
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | api.jetrohe.pw | udp |
| IE | 34.246.200.160:443 | api.jetrohe.pw | tcp |
| GB | 216.58.212.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
Files
/data/data/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
| MD5 | ec4d46c643c29ee1367bf791e701ada2 |
| SHA1 | 820d491b682ef5ea4634a73fef5987d00c276150 |
| SHA256 | a1874afbe0441c906eaaebc03f9a7a647729c6e9e75a7cdb34bef7742438e0b4 |
| SHA512 | 4d351ab5365bbfcb01abebf9176d6ceb21f6cb56532412485d90524ea3f39207635bae8e4382bdd37959532b672ca249b2084529c8641109a6ff1c4f5a8f36a7 |
/data/user/0/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
| MD5 | 6eef034d5ac3da6c619cddfb20df2e81 |
| SHA1 | 1529d69d265f50717c1bf9ae7546b2a80831588a |
| SHA256 | 930ec1fe7ff09ef6c66fda123e868d5e7989689fa17d1833e5a04716d296a6cc |
| SHA512 | ffe20e767be04cde31942228b939788edf0c0c89138b43703b983ffd05ad32350a762bc78410aa1e9e7a59cf0b3f05112001c1254e9ac0544cd9a4d9fe641d76 |
/data/user/0/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709!classes2.dex
| MD5 | f2bdd37bca225c125cb8cdf59e8b70d3 |
| SHA1 | 8744919e45d714b2ba75ef286eb3f20795e4bb78 |
| SHA256 | 9cab997e28849d98c628e9fc572ca29036b166c77d3e935ee492d565a303f5ae |
| SHA512 | 67fdc6a1466ed8953c5ed409a2b810904d8351a3279043bc48fd6cb5290ba77bb732af7cc854b73948c26241a25f7de6acd6c90a1554d18e01aa91667e089768 |
/storage/emulated/0/Google/google.id
| MD5 | aca5d8a0ec2d9cdbcc8a7af3e08cf9a7 |
| SHA1 | c423f27c0e53f3737f9df7f0ea862349d40275e8 |
| SHA256 | 5dea8707f0ed1522528e12929d219f11048bbe5b5a0fba5d664c72d28b509374 |
| SHA512 | 3dca9b28d650ead9729f97a25e6a4eaaec4fa91980ee44ab9a643d04bc971ad3012e548d5326f241db64160cfc717c17496cae5bfb990b73a51457f8f94a3700 |
/data/data/com.myapp/cache/oat/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709.cur.prof
| MD5 | 10a6e9cde5408df3ad9d9b00dbb0130e |
| SHA1 | 1e2841498615897153d37accc8cc31e1f68e10b4 |
| SHA256 | c1916c7260bae47c9cd3a927b61f1f4a9c0bda64e42c517cbef6cfb052ac6793 |
| SHA512 | 7798ba3ded135bb271da6985969a9935fa9b6a21ac5ef4910d538ab57f247c6a1b3a6450a453ac822953c3d11e9bf4e69f31a53f00ea818d551b2a80eef7f583 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-11 20:00
Reported
2024-06-11 20:03
Platform
android-x64-20240611.1-en
Max time kernel
176s
Max time network
146s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 | N/A | N/A |
| N/A | /data/user/0/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709!classes2.dex | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries the unique device ID (IMEI, MEID, IMSI)
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Processes
com.myapp
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.169.42:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | api.jetrohe.pw | udp |
| IE | 34.246.200.160:443 | api.jetrohe.pw | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 172.217.169.42:443 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| GB | 142.250.179.238:443 | tcp | |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 142.250.187.194:443 | tcp |
Files
/data/data/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
| MD5 | ec4d46c643c29ee1367bf791e701ada2 |
| SHA1 | 820d491b682ef5ea4634a73fef5987d00c276150 |
| SHA256 | a1874afbe0441c906eaaebc03f9a7a647729c6e9e75a7cdb34bef7742438e0b4 |
| SHA512 | 4d351ab5365bbfcb01abebf9176d6ceb21f6cb56532412485d90524ea3f39207635bae8e4382bdd37959532b672ca249b2084529c8641109a6ff1c4f5a8f36a7 |
/data/user/0/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
| MD5 | 6eef034d5ac3da6c619cddfb20df2e81 |
| SHA1 | 1529d69d265f50717c1bf9ae7546b2a80831588a |
| SHA256 | 930ec1fe7ff09ef6c66fda123e868d5e7989689fa17d1833e5a04716d296a6cc |
| SHA512 | ffe20e767be04cde31942228b939788edf0c0c89138b43703b983ffd05ad32350a762bc78410aa1e9e7a59cf0b3f05112001c1254e9ac0544cd9a4d9fe641d76 |
/data/user/0/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709!classes2.dex
| MD5 | f2bdd37bca225c125cb8cdf59e8b70d3 |
| SHA1 | 8744919e45d714b2ba75ef286eb3f20795e4bb78 |
| SHA256 | 9cab997e28849d98c628e9fc572ca29036b166c77d3e935ee492d565a303f5ae |
| SHA512 | 67fdc6a1466ed8953c5ed409a2b810904d8351a3279043bc48fd6cb5290ba77bb732af7cc854b73948c26241a25f7de6acd6c90a1554d18e01aa91667e089768 |
/storage/emulated/0/Google/google.id
| MD5 | c61be66e126ca4fbcf9876dc2ca7e0da |
| SHA1 | 44c94b7aad3ed0ded6cc127af2c3d6050ffaa375 |
| SHA256 | d02d830c08a4cf6b42766485d8c113bbc38efc2e3a7d874760597c44a3092266 |
| SHA512 | 840610a44db1015571c291ce6382aaac797c05eb7f10fddafce50f0ca25f144d6d3c686ca710d234db236bbeb09a7e8516167e2177917450aaeccd86c5892043 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-11 20:00
Reported
2024-06-11 20:03
Platform
android-x64-arm64-20240611.1-en
Max time kernel
175s
Max time network
167s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 | N/A | N/A |
| N/A | /data/user/0/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709!classes2.dex | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Processes
com.myapp
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | api.jetrohe.pw | udp |
| IE | 34.246.200.160:443 | api.jetrohe.pw | tcp |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 216.58.201.99:443 | tcp |
Files
/data/user/0/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
| MD5 | ec4d46c643c29ee1367bf791e701ada2 |
| SHA1 | 820d491b682ef5ea4634a73fef5987d00c276150 |
| SHA256 | a1874afbe0441c906eaaebc03f9a7a647729c6e9e75a7cdb34bef7742438e0b4 |
| SHA512 | 4d351ab5365bbfcb01abebf9176d6ceb21f6cb56532412485d90524ea3f39207635bae8e4382bdd37959532b672ca249b2084529c8641109a6ff1c4f5a8f36a7 |
/data/user/0/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
| MD5 | 6eef034d5ac3da6c619cddfb20df2e81 |
| SHA1 | 1529d69d265f50717c1bf9ae7546b2a80831588a |
| SHA256 | 930ec1fe7ff09ef6c66fda123e868d5e7989689fa17d1833e5a04716d296a6cc |
| SHA512 | ffe20e767be04cde31942228b939788edf0c0c89138b43703b983ffd05ad32350a762bc78410aa1e9e7a59cf0b3f05112001c1254e9ac0544cd9a4d9fe641d76 |
/data/user/0/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709!classes2.dex
| MD5 | f2bdd37bca225c125cb8cdf59e8b70d3 |
| SHA1 | 8744919e45d714b2ba75ef286eb3f20795e4bb78 |
| SHA256 | 9cab997e28849d98c628e9fc572ca29036b166c77d3e935ee492d565a303f5ae |
| SHA512 | 67fdc6a1466ed8953c5ed409a2b810904d8351a3279043bc48fd6cb5290ba77bb732af7cc854b73948c26241a25f7de6acd6c90a1554d18e01aa91667e089768 |
/storage/emulated/0/Google/google.id
| MD5 | c179da8dd1e51cbecb8f536275dfb07b |
| SHA1 | b81c61e61ffdd59f3d6dc6e71379d6d8716fd34f |
| SHA256 | 8016e74f5fbe2a594b369087d3902d7a06a91b8c58f51af9b4fc06da89befbbb |
| SHA512 | 11ac60b6a5ba864266f269c44e3f56cad47719832a54e7cd10903a126e9ee6bc026a24256e769ee7e91b5f181597edc86896305d95357063dcc6907aa834db91 |