Analysis Overview
SHA256
a738ab4d58c5b56868e4c2566869f0421c1ca85aa7b65ff453e42cb57cdaeb36
Threat Level: Shows suspicious behavior
The file 9f7b17753a7948fcd9e614919c8e4cd3_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Requests dangerous framework permissions
Acquires the wake lock
Queries information about active data network
Queries information about the current Wi-Fi connection
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks CPU information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-11 20:52
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-11 20:52
Reported
2024-06-11 20:56
Platform
android-x86-arm-20240611.1-en
Max time kernel
179s
Max time network
164s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Processes
net.kairosoft.android.animestudio_en
net.kairosoft.android.animestudio_en:ngds
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | pushnode.gameservice.com | udp |
| US | 13.248.169.48:6225 | pushnode.gameservice.com | tcp |
| US | 1.1.1.1:53 | stats.unity3d.com | udp |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
| US | 13.248.169.48:6225 | pushnode.gameservice.com | tcp |
| US | 13.248.169.48:6225 | pushnode.gameservice.com | tcp |
Files
/storage/emulated/0/.ngdslog/net.kairosoft.android.animestudio_en/pushv2_part_one.log
| MD5 | 0ea1faad3d2f96cf1ab0f3cb7ce1bf8d |
| SHA1 | 264efc174958e523ddb25ee2065c127bdefd07c1 |
| SHA256 | 543a94ff2ddd5f4f23218310f31086c29a7b950de6edb5ab5688ecadd230dea2 |
| SHA512 | ce555054a84d3d198c06e79b8eebc140999b858ac05360b673da7de58fc782299b2b8a1a541503615c7caf852ddcd4a45cf8a943fec9376a52908755f358482b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-11 20:52
Reported
2024-06-11 20:56
Platform
android-x64-20240611.1-en
Max time kernel
127s
Max time network
169s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Processes
net.kairosoft.android.animestudio_en
net.kairosoft.android.animestudio_en:ngds
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.16.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | pushnode.gameservice.com | udp |
| US | 76.223.54.146:6225 | pushnode.gameservice.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| GB | 142.250.179.226:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| US | 76.223.54.146:6225 | pushnode.gameservice.com | tcp |
| US | 76.223.54.146:6225 | pushnode.gameservice.com | tcp |
Files
/storage/emulated/0/.ngdslog/net.kairosoft.android.animestudio_en/pushv2_part_one.log
| MD5 | 4faddcee20bc3c3a0d3c75f93fbf0cfa |
| SHA1 | 3d214e5bb63d7fc60be97b849f81d9866a764c40 |
| SHA256 | 0eaac52930eac9ad07068588da7b1a09911b3badb712c18adb6fc4c6c0cb0a13 |
| SHA512 | 3d6d8d088fab8f42badafcc88af773336dd71ac0bc101f4f7df1f95fda77b0119f5f6675e2225d5572c923570fa510c49245c2e7c3cab836c09cc4efaca6d8d4 |