Malware Analysis Report

2025-01-19 07:48

Sample ID 240611-yq5ccszbqh
Target 9f5eaa891b0e5baadd2107b6326b8269_JaffaCakes118
SHA256 1f46f3096343c54f47dc417b8434a072248ffcd33913d73586e2103849434a25
Tags
discovery evasion persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

1f46f3096343c54f47dc417b8434a072248ffcd33913d73586e2103849434a25

Threat Level: Shows suspicious behavior

The file 9f5eaa891b0e5baadd2107b6326b8269_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion persistence

Loads dropped Dex/Jar

Requests dangerous framework permissions

Queries information about active data network

Queries the unique device ID (IMEI, MEID, IMSI)

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-11 20:00

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 20:00

Reported

2024-06-11 20:03

Platform

android-x86-arm-20240611.1-en

Max time kernel

175s

Max time network

137s

Command Line

com.myapp

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 N/A N/A
N/A /data/user/0/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709!classes2.dex N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.myapp

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 api.jetrohe.pw udp
IE 34.246.200.160:443 api.jetrohe.pw tcp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

/data/data/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709

MD5 ec4d46c643c29ee1367bf791e701ada2
SHA1 820d491b682ef5ea4634a73fef5987d00c276150
SHA256 a1874afbe0441c906eaaebc03f9a7a647729c6e9e75a7cdb34bef7742438e0b4
SHA512 4d351ab5365bbfcb01abebf9176d6ceb21f6cb56532412485d90524ea3f39207635bae8e4382bdd37959532b672ca249b2084529c8641109a6ff1c4f5a8f36a7

/data/user/0/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709

MD5 6eef034d5ac3da6c619cddfb20df2e81
SHA1 1529d69d265f50717c1bf9ae7546b2a80831588a
SHA256 930ec1fe7ff09ef6c66fda123e868d5e7989689fa17d1833e5a04716d296a6cc
SHA512 ffe20e767be04cde31942228b939788edf0c0c89138b43703b983ffd05ad32350a762bc78410aa1e9e7a59cf0b3f05112001c1254e9ac0544cd9a4d9fe641d76

/data/user/0/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709!classes2.dex

MD5 f2bdd37bca225c125cb8cdf59e8b70d3
SHA1 8744919e45d714b2ba75ef286eb3f20795e4bb78
SHA256 9cab997e28849d98c628e9fc572ca29036b166c77d3e935ee492d565a303f5ae
SHA512 67fdc6a1466ed8953c5ed409a2b810904d8351a3279043bc48fd6cb5290ba77bb732af7cc854b73948c26241a25f7de6acd6c90a1554d18e01aa91667e089768

/storage/emulated/0/Google/google.id

MD5 aca5d8a0ec2d9cdbcc8a7af3e08cf9a7
SHA1 c423f27c0e53f3737f9df7f0ea862349d40275e8
SHA256 5dea8707f0ed1522528e12929d219f11048bbe5b5a0fba5d664c72d28b509374
SHA512 3dca9b28d650ead9729f97a25e6a4eaaec4fa91980ee44ab9a643d04bc971ad3012e548d5326f241db64160cfc717c17496cae5bfb990b73a51457f8f94a3700

/data/data/com.myapp/cache/oat/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709.cur.prof

MD5 10a6e9cde5408df3ad9d9b00dbb0130e
SHA1 1e2841498615897153d37accc8cc31e1f68e10b4
SHA256 c1916c7260bae47c9cd3a927b61f1f4a9c0bda64e42c517cbef6cfb052ac6793
SHA512 7798ba3ded135bb271da6985969a9935fa9b6a21ac5ef4910d538ab57f247c6a1b3a6450a453ac822953c3d11e9bf4e69f31a53f00ea818d551b2a80eef7f583

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 20:00

Reported

2024-06-11 20:03

Platform

android-x64-20240611.1-en

Max time kernel

176s

Max time network

146s

Command Line

com.myapp

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 N/A N/A
N/A /data/user/0/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709!classes2.dex N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

com.myapp

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.169.42:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 api.jetrohe.pw udp
IE 34.246.200.160:443 api.jetrohe.pw tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 172.217.169.42:443 tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp
GB 142.250.179.238:443 tcp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.187.194:443 tcp

Files

/data/data/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709

MD5 ec4d46c643c29ee1367bf791e701ada2
SHA1 820d491b682ef5ea4634a73fef5987d00c276150
SHA256 a1874afbe0441c906eaaebc03f9a7a647729c6e9e75a7cdb34bef7742438e0b4
SHA512 4d351ab5365bbfcb01abebf9176d6ceb21f6cb56532412485d90524ea3f39207635bae8e4382bdd37959532b672ca249b2084529c8641109a6ff1c4f5a8f36a7

/data/user/0/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709

MD5 6eef034d5ac3da6c619cddfb20df2e81
SHA1 1529d69d265f50717c1bf9ae7546b2a80831588a
SHA256 930ec1fe7ff09ef6c66fda123e868d5e7989689fa17d1833e5a04716d296a6cc
SHA512 ffe20e767be04cde31942228b939788edf0c0c89138b43703b983ffd05ad32350a762bc78410aa1e9e7a59cf0b3f05112001c1254e9ac0544cd9a4d9fe641d76

/data/user/0/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709!classes2.dex

MD5 f2bdd37bca225c125cb8cdf59e8b70d3
SHA1 8744919e45d714b2ba75ef286eb3f20795e4bb78
SHA256 9cab997e28849d98c628e9fc572ca29036b166c77d3e935ee492d565a303f5ae
SHA512 67fdc6a1466ed8953c5ed409a2b810904d8351a3279043bc48fd6cb5290ba77bb732af7cc854b73948c26241a25f7de6acd6c90a1554d18e01aa91667e089768

/storage/emulated/0/Google/google.id

MD5 c61be66e126ca4fbcf9876dc2ca7e0da
SHA1 44c94b7aad3ed0ded6cc127af2c3d6050ffaa375
SHA256 d02d830c08a4cf6b42766485d8c113bbc38efc2e3a7d874760597c44a3092266
SHA512 840610a44db1015571c291ce6382aaac797c05eb7f10fddafce50f0ca25f144d6d3c686ca710d234db236bbeb09a7e8516167e2177917450aaeccd86c5892043

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-11 20:00

Reported

2024-06-11 20:03

Platform

android-x64-arm64-20240611.1-en

Max time kernel

175s

Max time network

167s

Command Line

com.myapp

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /data/user/0/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 N/A N/A
N/A /data/user/0/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709!classes2.dex N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Processes

com.myapp

Network

Country Destination Domain Proto
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 api.jetrohe.pw udp
IE 34.246.200.160:443 api.jetrohe.pw tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 216.58.201.99:443 tcp

Files

/data/user/0/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709

MD5 ec4d46c643c29ee1367bf791e701ada2
SHA1 820d491b682ef5ea4634a73fef5987d00c276150
SHA256 a1874afbe0441c906eaaebc03f9a7a647729c6e9e75a7cdb34bef7742438e0b4
SHA512 4d351ab5365bbfcb01abebf9176d6ceb21f6cb56532412485d90524ea3f39207635bae8e4382bdd37959532b672ca249b2084529c8641109a6ff1c4f5a8f36a7

/data/user/0/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709

MD5 6eef034d5ac3da6c619cddfb20df2e81
SHA1 1529d69d265f50717c1bf9ae7546b2a80831588a
SHA256 930ec1fe7ff09ef6c66fda123e868d5e7989689fa17d1833e5a04716d296a6cc
SHA512 ffe20e767be04cde31942228b939788edf0c0c89138b43703b983ffd05ad32350a762bc78410aa1e9e7a59cf0b3f05112001c1254e9ac0544cd9a4d9fe641d76

/data/user/0/com.myapp/cache/DA39A3EE5E6B4B0D3255BFEF95601890AFD80709!classes2.dex

MD5 f2bdd37bca225c125cb8cdf59e8b70d3
SHA1 8744919e45d714b2ba75ef286eb3f20795e4bb78
SHA256 9cab997e28849d98c628e9fc572ca29036b166c77d3e935ee492d565a303f5ae
SHA512 67fdc6a1466ed8953c5ed409a2b810904d8351a3279043bc48fd6cb5290ba77bb732af7cc854b73948c26241a25f7de6acd6c90a1554d18e01aa91667e089768

/storage/emulated/0/Google/google.id

MD5 c179da8dd1e51cbecb8f536275dfb07b
SHA1 b81c61e61ffdd59f3d6dc6e71379d6d8716fd34f
SHA256 8016e74f5fbe2a594b369087d3902d7a06a91b8c58f51af9b4fc06da89befbbb
SHA512 11ac60b6a5ba864266f269c44e3f56cad47719832a54e7cd10903a126e9ee6bc026a24256e769ee7e91b5f181597edc86896305d95357063dcc6907aa834db91