Analysis Overview
SHA256
b9a818cd978bf645392d3b01aec56b20140bb95eb77a27b2497ec5c311823a3d
Threat Level: Shows suspicious behavior
The file a0c486b879e20d5ac1774736b48e832b_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped Dex/Jar
Declares broadcast receivers with permission to handle system events
Requests dangerous framework permissions
Tries to add a device administrator.
Queries the unique device ID (IMEI, MEID, IMSI)
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-12 13:04
Signatures
Declares broadcast receivers with permission to handle system events
| Description | Indicator | Process | Target |
| Required by device admin receivers to bind with the system. Allows apps to manage device administration features. | android.permission.BIND_DEVICE_ADMIN | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 13:04
Reported
2024-06-12 13:07
Platform
android-x86-arm-20240611.1-en
Max time kernel
153s
Max time network
179s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.cgdmk.kxeudznxk/app_zsoesh/iyjgvngy.jar | N/A | N/A |
| N/A | /data/user/0/com.cgdmk.kxeudznxk/app_zsoesh/iyjgvngy.jar | N/A | N/A |
Tries to add a device administrator.
| Description | Indicator | Process | Target |
| Intent action | android.app.action.ADD_DEVICE_ADMIN | N/A | N/A |
Processes
com.cgdmk.kxeudznxk
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.cgdmk.kxeudznxk/app_zsoesh/iyjgvngy.jar --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.cgdmk.kxeudznxk/app_zsoesh/oat/x86/iyjgvngy.odex --compiler-filter=quicken --class-loader-context=&
Network
| Country | Destination | Domain | Proto |
| GB | 216.58.204.67:443 | tcp | |
| GB | 142.250.178.10:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 37.1.207.115:80 | 37.1.207.115 | tcp |
| GB | 216.58.212.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| NL | 37.1.207.115:80 | 37.1.207.115 | tcp |
| NL | 37.1.207.115:80 | 37.1.207.115 | tcp |
| NL | 37.1.207.115:80 | 37.1.207.115 | tcp |
Files
/data/data/com.cgdmk.kxeudznxk/app_zsoesh/iyjgvngy.jar
| MD5 | 6fd3349270a9d1113e55cedf6aefb8a5 |
| SHA1 | 8ce746abb11eeb25b5ff3b0b699b6cb7722bc13b |
| SHA256 | 804b5ee3b4d264a93ccee3d137d5a60d14f104bdbe8070527ce739d51f493bbb |
| SHA512 | 5cc5ba5b42a88ba38552919e43b2808556ceb420d7c596e38f32c6175ef845806e862df8593322a2cce40008cbb3eaeb4179cd62d08250950a46dd9017c9b8d4 |
/data/user/0/com.cgdmk.kxeudznxk/app_zsoesh/iyjgvngy.jar
| MD5 | 94c37de82e7859fa59738b8182a7fd68 |
| SHA1 | f779b8278ca7f2b639c5f242a14a32f4207359b2 |
| SHA256 | 344586cb90d570d04e0c371cb63328b3d7339580c14303ba9f34d7ee696cc71e |
| SHA512 | bf77b594a79c263355ccb34bb3d025f78cac1adc3047e01a14570154dcab4a8827a4a3a5cd3e9acdcc4f3f09738932094418853bcb7512d3e24c4862a19dfaeb |
/data/user/0/com.cgdmk.kxeudznxk/app_zsoesh/iyjgvngy.jar
| MD5 | e0f401a2b744cb28442488b3c0bf383d |
| SHA1 | b07811272a62e13f7e764d3694b6cc2b3916d2d6 |
| SHA256 | ee8841e00cef063cd7b15cf12d5889af35df5c3777afdf2c4d9abe9ba338430a |
| SHA512 | c74c8ad518c77d6ee76fee87b423f9ef37c980b9b7fcc18ae3267f78673ea6fdad4e9f2ca5787092456a417cd7626970f6b6f1e55031a1f7489326d7b675436b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 13:04
Reported
2024-06-12 13:07
Platform
android-x64-20240611.1-en
Max time kernel
153s
Max time network
181s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.cgdmk.kxeudznxk/app_zsoesh/iyjgvngy.jar | N/A | N/A |
Queries the unique device ID (IMEI, MEID, IMSI)
Processes
com.cgdmk.kxeudznxk
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 37.1.207.115:80 | 37.1.207.115 | tcp |
| GB | 172.217.16.234:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.16.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| NL | 37.1.207.115:80 | 37.1.207.115 | tcp |
| GB | 216.58.204.78:443 | tcp | |
| GB | 142.250.178.14:443 | tcp | |
| GB | 142.250.187.226:443 | tcp | |
| NL | 37.1.207.115:80 | 37.1.207.115 | tcp |
| NL | 37.1.207.115:80 | 37.1.207.115 | tcp |
Files
/data/data/com.cgdmk.kxeudznxk/app_zsoesh/iyjgvngy.jar
| MD5 | 6fd3349270a9d1113e55cedf6aefb8a5 |
| SHA1 | 8ce746abb11eeb25b5ff3b0b699b6cb7722bc13b |
| SHA256 | 804b5ee3b4d264a93ccee3d137d5a60d14f104bdbe8070527ce739d51f493bbb |
| SHA512 | 5cc5ba5b42a88ba38552919e43b2808556ceb420d7c596e38f32c6175ef845806e862df8593322a2cce40008cbb3eaeb4179cd62d08250950a46dd9017c9b8d4 |
/data/user/0/com.cgdmk.kxeudznxk/app_zsoesh/iyjgvngy.jar
| MD5 | 94c37de82e7859fa59738b8182a7fd68 |
| SHA1 | f779b8278ca7f2b639c5f242a14a32f4207359b2 |
| SHA256 | 344586cb90d570d04e0c371cb63328b3d7339580c14303ba9f34d7ee696cc71e |
| SHA512 | bf77b594a79c263355ccb34bb3d025f78cac1adc3047e01a14570154dcab4a8827a4a3a5cd3e9acdcc4f3f09738932094418853bcb7512d3e24c4862a19dfaeb |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-12 13:04
Reported
2024-06-12 13:07
Platform
android-x64-arm64-20240611.1-en
Max time kernel
153s
Max time network
186s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.cgdmk.kxeudznxk/app_zsoesh/iyjgvngy.jar | N/A | N/A |
Tries to add a device administrator.
| Description | Indicator | Process | Target |
| Intent action | android.app.action.ADD_DEVICE_ADMIN | N/A | N/A |
Processes
com.cgdmk.kxeudznxk
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 37.1.207.115:80 | 37.1.207.115 | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.204.72:443 | ssl.google-analytics.com | tcp |
| GB | 216.58.212.196:443 | tcp | |
| GB | 216.58.212.196:443 | tcp | |
| NL | 37.1.207.115:80 | 37.1.207.115 | tcp |
| NL | 37.1.207.115:80 | 37.1.207.115 | tcp |
| NL | 37.1.207.115:80 | 37.1.207.115 | tcp |
Files
/data/user/0/com.cgdmk.kxeudznxk/app_zsoesh/iyjgvngy.jar
| MD5 | 6fd3349270a9d1113e55cedf6aefb8a5 |
| SHA1 | 8ce746abb11eeb25b5ff3b0b699b6cb7722bc13b |
| SHA256 | 804b5ee3b4d264a93ccee3d137d5a60d14f104bdbe8070527ce739d51f493bbb |
| SHA512 | 5cc5ba5b42a88ba38552919e43b2808556ceb420d7c596e38f32c6175ef845806e862df8593322a2cce40008cbb3eaeb4179cd62d08250950a46dd9017c9b8d4 |
/data/user/0/com.cgdmk.kxeudznxk/app_zsoesh/iyjgvngy.jar
| MD5 | 94c37de82e7859fa59738b8182a7fd68 |
| SHA1 | f779b8278ca7f2b639c5f242a14a32f4207359b2 |
| SHA256 | 344586cb90d570d04e0c371cb63328b3d7339580c14303ba9f34d7ee696cc71e |
| SHA512 | bf77b594a79c263355ccb34bb3d025f78cac1adc3047e01a14570154dcab4a8827a4a3a5cd3e9acdcc4f3f09738932094418853bcb7512d3e24c4862a19dfaeb |