Malware Analysis Report

2025-01-19 07:50

Sample ID 240611-zn5e1s1ejm
Target 9f7b17753a7948fcd9e614919c8e4cd3_JaffaCakes118
SHA256 a738ab4d58c5b56868e4c2566869f0421c1ca85aa7b65ff453e42cb57cdaeb36
Tags
discovery persistence
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

a738ab4d58c5b56868e4c2566869f0421c1ca85aa7b65ff453e42cb57cdaeb36

Threat Level: Shows suspicious behavior

The file 9f7b17753a7948fcd9e614919c8e4cd3_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery persistence

Requests dangerous framework permissions

Acquires the wake lock

Queries information about active data network

Queries information about the current Wi-Fi connection

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-11 20:52

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 20:52

Reported

2024-06-11 20:56

Platform

android-x86-arm-20240611.1-en

Max time kernel

179s

Max time network

164s

Command Line

net.kairosoft.android.animestudio_en

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

net.kairosoft.android.animestudio_en

net.kairosoft.android.animestudio_en:ngds

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 pushnode.gameservice.com udp
US 13.248.169.48:6225 pushnode.gameservice.com tcp
US 1.1.1.1:53 stats.unity3d.com udp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
US 13.248.169.48:6225 pushnode.gameservice.com tcp
US 13.248.169.48:6225 pushnode.gameservice.com tcp

Files

/storage/emulated/0/.ngdslog/net.kairosoft.android.animestudio_en/pushv2_part_one.log

MD5 0ea1faad3d2f96cf1ab0f3cb7ce1bf8d
SHA1 264efc174958e523ddb25ee2065c127bdefd07c1
SHA256 543a94ff2ddd5f4f23218310f31086c29a7b950de6edb5ab5688ecadd230dea2
SHA512 ce555054a84d3d198c06e79b8eebc140999b858ac05360b673da7de58fc782299b2b8a1a541503615c7caf852ddcd4a45cf8a943fec9376a52908755f358482b

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 20:52

Reported

2024-06-11 20:56

Platform

android-x64-20240611.1-en

Max time kernel

127s

Max time network

169s

Command Line

net.kairosoft.android.animestudio_en

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

net.kairosoft.android.animestudio_en

net.kairosoft.android.animestudio_en:ngds

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 pushnode.gameservice.com udp
US 76.223.54.146:6225 pushnode.gameservice.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 142.250.179.226:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
US 76.223.54.146:6225 pushnode.gameservice.com tcp
US 76.223.54.146:6225 pushnode.gameservice.com tcp

Files

/storage/emulated/0/.ngdslog/net.kairosoft.android.animestudio_en/pushv2_part_one.log

MD5 4faddcee20bc3c3a0d3c75f93fbf0cfa
SHA1 3d214e5bb63d7fc60be97b849f81d9866a764c40
SHA256 0eaac52930eac9ad07068588da7b1a09911b3badb712c18adb6fc4c6c0cb0a13
SHA512 3d6d8d088fab8f42badafcc88af773336dd71ac0bc101f4f7df1f95fda77b0119f5f6675e2225d5572c923570fa510c49245c2e7c3cab836c09cc4efaca6d8d4