Malware Analysis Report

2024-09-09 17:24

Sample ID 240613-1s3bws1hjf
Target a6c22872ae958990b753894b1048f1fb_JaffaCakes118
SHA256 2327cf19414d7ba528951938a0542dde7964e48229121e1483f81051c8e73904
Tags
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

2327cf19414d7ba528951938a0542dde7964e48229121e1483f81051c8e73904

Threat Level: Shows suspicious behavior

The file a6c22872ae958990b753894b1048f1fb_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary


Requests dangerous framework permissions

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 21:55

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 21:55

Reported

2024-06-13 21:58

Platform

android-x86-arm-20240611.1-en

Max time kernel

2s

Max time network

140s

Command Line

com.camerasideas.instashot

Signatures

N/A

Processes

com.camerasideas.instashot

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp

Files

/data/data/com.camerasideas.instashot/.jiagu/libjiagu.so

MD5 f0f9ef36b67807a253b5932f865eae7b
SHA1 6a8d66c6efa2750b54cb763f4ad044bba4154e0d
SHA256 646dcd8290a30e992553186392239da39ce7c8e7c2fd87b3d6a880551782db75
SHA512 e7ea65467e557e4992e746d808cae3e2d16b42187b1a94326c47c689cef9fe21a2a9d2b312c60c8ff40e128dacbde84cd6b93a191ae38496584a45fe60c04548