Analysis Overview
SHA256
d6721d24fb9aebcf9d3368f5d910f81025ee7769a94c55e20422cd98424204ca
Threat Level: Likely malicious
The file a6d640113dced34a4b9631663aa261fe_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Checks if the Android device is rooted.
Queries information about running processes on the device
Queries information about the current nearby Wi-Fi networks
Queries information about active data network
Requests dangerous framework permissions
Queries information about the current Wi-Fi connection
Registers a broadcast receiver at runtime (usually for listening for system events)
Uses Crypto APIs (Might try to encrypt user data)
Checks CPU information
Checks memory information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-13 22:15
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 22:15
Reported
2024-06-13 22:19
Platform
android-x86-arm-20240611.1-en
Max time kernel
166s
Max time network
185s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /sbin/su | N/A | N/A |
| N/A | /system/app/Superuser.apk | N/A | N/A |
| N/A | /system/bin/su | N/A | N/A |
| N/A | /system/xbin/su | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
cn.kuwo.hifi
/system/bin/sh -c getprop
getprop
/system/bin/sh -c type su
/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.bugly.qq.com | udp |
| US | 1.1.1.1:53 | pingma.qq.com | udp |
| GB | 216.58.212.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| CN | 119.45.78.184:80 | pingma.qq.com | tcp |
| US | 1.1.1.1:53 | android.bugly.qq.com | udp |
| CN | 14.22.7.140:80 | android.bugly.qq.com | tcp |
| CN | 14.22.7.199:80 | android.bugly.qq.com | tcp |
| CN | 119.147.179.152:80 | android.bugly.qq.com | tcp |
| US | 1.1.1.1:53 | android.bugly.qq.com | udp |
| CN | 14.22.7.140:80 | android.bugly.qq.com | tcp |
| CN | 14.22.7.199:80 | android.bugly.qq.com | tcp |
Files
/data/data/cn.kuwo.hifi/databases/bugly_db_-journal
| MD5 | 6ddb2eda4804aaadf5eb06e150e367e8 |
| SHA1 | 26e8074b5cb7bdc99272bd17d2315257eb5db928 |
| SHA256 | 30f567a06aa0378351241b4487ec66cc11ddbe55860efcf9e458c964ecf115eb |
| SHA512 | 87f53536eb0036030f52c60069c468ffd26579ed5868b02205c61f41640876141e7061107c9cfba9c90d2f558671e910482e5ed1545a198495d8ac30206990d0 |
/data/data/cn.kuwo.hifi/databases/bugly_db_
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/cn.kuwo.hifi/app_crashrecord/1004
| MD5 | 414282e0ed6f02a0725576b25e8cbbbd |
| SHA1 | 995176604c50d50cd6b3e8b9aa8ef34bf84518bc |
| SHA256 | dfa2e2b153848eedc3d378de58a4ec105e692f9e5d1fecc827e4d716b31334e7 |
| SHA512 | cef7ca0dbbd52214523319c2d7a5cce3a18c2a018cf029e4cb34a8b2556099872244e0a468d0ba355a7ef49bc6e8541f39b291c35eb46df7719fbc9472927044 |
/data/data/cn.kuwo.hifi/databases/bugly_db_-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/cn.kuwo.hifi/databases/bugly_db_-wal
| MD5 | 67ca597b93392a1a4d04e30118714056 |
| SHA1 | f9e7e869d05487fca6a251bb4dc9d8f6d915ff56 |
| SHA256 | cf54fe5f88258344e8e9977bb895f31559e82b960e948ad09a665ee18602b92d |
| SHA512 | 6ad29b7a7a201ccb3a6657344d5ad8171679db55d16979369e51047d59bef7df2897f576132df9ff72bcd0e995a1218a0f150b0585fa97e7e998a02511175a20 |
/data/data/cn.kuwo.hifi/app_crashrecord/1004
| MD5 | 0d210bfb2a0e1f1b4c082a6a0f79de07 |
| SHA1 | bb8ed9e364db79d1d9f2fcde3f15091893222faa |
| SHA256 | 988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d |
| SHA512 | 536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1 |
/data/data/cn.kuwo.hifi/app_crashrecord/1002
| MD5 | 7a5aba3f81d2eabb4a814fecd9d7ce47 |
| SHA1 | 1f9a1454162b6a5cb61987cead59d3f70ffc8843 |
| SHA256 | c7cf48f8e8c84d3cfd23a662aabcc838ed46638a160ac5586a7d2b06a3608358 |
| SHA512 | b6e681f94acc7dcf16f458c7acd6a5059e0986388696965a6031cc5518df232ac573271776e7bd60756eb4c7c8b9750a7c203366fd6c559c51da5b0a1e63c3c7 |
/data/data/cn.kuwo.hifi/databases/tencent_analysis.db_cn.kuwo.hifi-journal
| MD5 | 3730bfe00515f49b4ac151368793e0ac |
| SHA1 | 211b356086b0ad3b3efafada5b31886b2d33c54b |
| SHA256 | 0c0afcac11ccde7efea61a34e9925d70092e8ab6b17d1dde7972fd3ab62e4489 |
| SHA512 | 4d3fab1178c520701194b574fcf01cfcd23324a9b0dc8ccd518a1b4deb337e219680371a8554b8b53b453fc5d5fe6627743f4e1f22922e9b8011b8053a9d0ca4 |
/data/data/cn.kuwo.hifi/databases/tencent_analysis.db_cn.kuwo.hifi-wal
| MD5 | ffdafaf155651440254209b5e182de39 |
| SHA1 | 9af8fb48f0f84a03033a9f343da1ef0ec69fa151 |
| SHA256 | c92907e83b720e135636b8bd57e21389f685ec8190a45aaef6058bb4dcdcb9fb |
| SHA512 | bfa2020bc7d7b2ab0476a6d5842d3cbb7da9f40cfe75fbe5b2a3a6d8766868cb8b1c68abf036ae2bfd8075f85e0d37cbf7cb2f7afe02eb16d0e23030fea5100d |
/data/data/cn.kuwo.hifi/databases/pri_tencent_analysis.db_cn.kuwo.hifi-journal
| MD5 | 48a1e2e430117fd0769ae6eb69809e80 |
| SHA1 | 54e163eea1f98125d266802454918369fe73eac1 |
| SHA256 | 31062a69f24b797a1aa116ead09cfd1f76c35e3ffeca0c2f9965b33210b5c317 |
| SHA512 | bc042bce6c6182f80fa21f0f7edb9ce45cabcfa26de0eab24292b68ede90736ceb88ee0e3e5846adfc3bce690bfb0c21a05a9d9fb6644482681b038c322fee8c |
/data/data/cn.kuwo.hifi/databases/pri_tencent_analysis.db_cn.kuwo.hifi-wal
| MD5 | e32d247294bea29a06c116e4c039e893 |
| SHA1 | f4b85db9d63f80209d2d9602e4f0b387f157e96b |
| SHA256 | 530247abf2ce0bfd3901feeace10415cd8a59c060c19880235d6ef5ac0493b41 |
| SHA512 | 926874913a3d0cde24f973f04e846d42d2b45a4a3aacadeced1bdc25e4d5185bd234082d37fc5503737868d7bed4b4f1fa53f855972e7130aef432423bab799d |