Analysis Overview
SHA256
91051ec5bf22ffa774dbb90a55134fe1b2a060e9d6745d8ae9814546539f8a10
Threat Level: Shows suspicious behavior
The file a166656b5f25671dae0c50cf5a87b791_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Obtains sensitive information copied to the device clipboard
Queries the mobile country code (MCC)
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks memory information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-12 16:50
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 16:50
Reported
2024-06-12 16:53
Platform
android-x86-arm-20240611.1-en
Max time kernel
179s
Max time network
131s
Command Line
Signatures
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
net.kairosoft_Mod.android.okashi_ja
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.201.110:443 | android.apis.google.com | tcp |
Files
/data/data/net.kairosoft_Mod.android.okashi_ja/databases/google_analytics.db-journal
| MD5 | 1c7dc7f392e6307d57a65cb44c9fbf6c |
| SHA1 | d75dd434cc78f3b0904f92fe7ccff753e3a4b333 |
| SHA256 | d1b328f24c2c87724db1dca6f5c10af9eb8c74828e69e17fac004fda240d39c8 |
| SHA512 | c37e3e58bc58989fbd2687851731f94cca78b64616f96a747024a4cf57e3bfc2237e161bee48655f6fe61fe706f17ce948158e5a4b950fdeb299ec448c1a2f6d |
/data/data/net.kairosoft_Mod.android.okashi_ja/databases/google_analytics.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/net.kairosoft_Mod.android.okashi_ja/databases/google_analytics.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/net.kairosoft_Mod.android.okashi_ja/databases/google_analytics.db-wal
| MD5 | 46debf6285f0f25feb8ddab02b96d875 |
| SHA1 | 7304a3642967c2d60be249e81e156c42efcbaa1e |
| SHA256 | 1eb86ae5b8e4b43abb1ed31a9a8ed68a1a7884afe143a82b7fa7d9933faba89c |
| SHA512 | 6a640c2b2b6f991a1e1e8772f58db65442391028358e4aecb20b0233d5f13a61fc3d949c2dc542de7018243f6a1f2c74994628064dbc1509a8a666f3283ada72 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 16:50
Reported
2024-06-12 16:53
Platform
android-x64-20240611.1-en
Max time kernel
179s
Max time network
148s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
net.kairosoft_Mod.android.okashi_ja
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.179.234:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.169.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 142.250.200.14:443 | tcp | |
| GB | 172.217.169.66:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.204.78:443 | tcp |
Files
/data/data/net.kairosoft_Mod.android.okashi_ja/databases/google_analytics.db-journal
| MD5 | ed2dd60e86ea5fbe4ae67c70003de11d |
| SHA1 | 0ba54493e1e5b93a136f95157f4ce04490c70359 |
| SHA256 | facc53466d216fbb64e5b17571b03f6daf8a51b04765781fcc5161e3a3b9733d |
| SHA512 | b92d60f24627d721d485fb2f6ae1bb511dcca4a47337e6a1976c54d49deec83b870344759e12ee3e9df39702dedd7c6e6975e822557f758c54433c0b8540cd61 |
/data/data/net.kairosoft_Mod.android.okashi_ja/databases/google_analytics.db
| MD5 | 477249d2efd9cce08d44b246fa4803ba |
| SHA1 | 105cd67bf850f97aeb19e0bdc9a7e659a1d2b96e |
| SHA256 | 0aa99cb5749ee0c5ceb68114cf563c4cdf1d484726056d4af6034b8882a54120 |
| SHA512 | e8795465559dec6de12c5e437a889c327a9e17907c229eb038e93fc1d006ee274d4e40f2936ca4cbb27ac3f878d9cebcf873edac645e0fd62b934066d6f9052a |
/data/data/net.kairosoft_Mod.android.okashi_ja/databases/google_analytics.db-journal
| MD5 | 78b5eb56b13cc0f92fa7a40a35b8c5a4 |
| SHA1 | e56a950b2a932c36690608cdaaf91fac54ce49f0 |
| SHA256 | 6351ba5915d06abfe7fcded174e5353abdaae13b447e17d68484b7f9758d2768 |
| SHA512 | d865cebd8804891ec32d26891b796a66248516e1001440cf2e5a97a2cc2b7904c0946561ed18cfc4e03fb442b661424aa80802ae2026715419572d29675ab688 |
/data/data/net.kairosoft_Mod.android.okashi_ja/databases/google_analytics.db-journal
| MD5 | dbdb3cc56a0335d4502d819341ffe327 |
| SHA1 | 4411506bbca75ad77977380b861cfbb190122690 |
| SHA256 | f007e90267c4bde30fabfdd9f8761913a4956831e2b96567f3103e02421ea161 |
| SHA512 | 86bacaf0fb0fcb106e2c06563939a8e48eb58b4b4f55295b04c0c75c8e7400c49854c9a85433cb2443d2ad36f6ddd9df00cbb11301c52b3b25e2d4b5c7b871e6 |
/data/data/net.kairosoft_Mod.android.okashi_ja/databases/google_analytics.db-journal
| MD5 | 06a527f5625890e21104a35645ece717 |
| SHA1 | 8f2a6ee09bc36abcd567bd8f58a1cff7d74c09db |
| SHA256 | 704f2018836d27a7bf5a56548438bcb7a954e5311e436f520d690b47ee42401d |
| SHA512 | eaf7c53d9597d930b8bc33777a698242ac106455264d6b253087cb270f1625aeea8426c2f0ddb4780aa7ac1c99daca015c98b0006e6ece583a849f0c88cc1cad |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-12 16:50
Reported
2024-06-12 16:53
Platform
android-x64-arm64-20240611.1-en
Max time kernel
179s
Max time network
133s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
net.kairosoft_Mod.android.okashi_ja
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.16.232:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp |
Files
/data/user/0/net.kairosoft_Mod.android.okashi_ja/databases/google_analytics.db-journal
| MD5 | 0a1b6fdf7c61e9642ae8b90ec04e9aa2 |
| SHA1 | 283088ba3efe86b041b1b712107f56723c33aa66 |
| SHA256 | 01b75697ffb3dbb2b13f7d80014032183dee2210468479be0dbe12164638c2ca |
| SHA512 | 26a83eaee8e6783e817b3e13d3819d463c84229fa776cf28d11183f27c266c74ad195a908a36f5aa14b8f1aa5d8ad63c17e88b8a0c69da7d1cd2efda26685358 |
/data/user/0/net.kairosoft_Mod.android.okashi_ja/databases/google_analytics.db
| MD5 | fb95726e159a17669d542c1650ebbb16 |
| SHA1 | aba4805f177ab73c2d1fde0ddd3f61f7a8685109 |
| SHA256 | 6833ff4b8c3d2e1140400a5638bab7941ecbaab2948723c3625013b4a0761443 |
| SHA512 | aead3166ccb9fd7dc9900884837b7c7aacd499b04eed4dd7ee3fbaa9d0e5cb25703c8c2267d537e9202dc84a937b2ad283601ef7b2d924273110c8a0824334d7 |
/data/user/0/net.kairosoft_Mod.android.okashi_ja/databases/google_analytics.db-journal
| MD5 | b138c01fac41b177dd01d1f958202805 |
| SHA1 | 52b244a6937c6eb62ff25b206a6629965a311116 |
| SHA256 | 6e8b21210c3b4d54f767c3b9f872cad16eaa79143355cbc0e438b7f6e58af69d |
| SHA512 | 0aa7069bc04b49ebdaee57990d570c1cb02c7c9ba3aa83a158d2bb9d62fae2272e2e1723d2f88acf24e947ee479d7f9a2ec57fb18e39c8bac4a6108731a7cd47 |
/data/user/0/net.kairosoft_Mod.android.okashi_ja/databases/google_analytics.db-journal
| MD5 | dcc6009eb62a35b542ef998543af10c5 |
| SHA1 | aba6312db1f2b47f557f83c7aec236b3995cd5c8 |
| SHA256 | 80e4cf9568a6d4a2d4b3b77b3d0d8a8b113041fcb150c5e18f9d073beb06665f |
| SHA512 | f7bbc4e3c4a5b18fa69ecf66b3d471fe7518d1cd866b41595a1f0ce67f5cae57967011fc825444821f4dea77c4c54e6e63cdc4696f94fe57dfd31d37d14d843d |
/data/user/0/net.kairosoft_Mod.android.okashi_ja/databases/google_analytics.db-journal
| MD5 | 8f59d37bad872314193484e7ab5d4227 |
| SHA1 | d06721d578d517b13bd9e1cd1d68c1acd9ed5c91 |
| SHA256 | fed5b558c3dfd96d6df8586bdec7114bad7d5fc91ae406ef6649f1206b5eb2d7 |
| SHA512 | ab62f3a9745968d2c835da4b2704161f3221f16a97cf41bb63cd50ad8e2bb345a482c686f6a00227c56d2b8385a3b216cc2209f9fc07d89720233b33ff0cfb55 |