Malware Analysis Report

2024-09-09 17:13

Sample ID 240613-1v1abavhrl
Target a6c569f493f8b9bb2143a48242aa8bec_JaffaCakes118
SHA256 ad9003035c64ea7113920f0b6173298cc39848113e89099913bccf2b62129c1a
Tags
evasion persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

ad9003035c64ea7113920f0b6173298cc39848113e89099913bccf2b62129c1a

Threat Level: Likely malicious

The file a6c569f493f8b9bb2143a48242aa8bec_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

evasion persistence

Checks if the Android device is rooted.

Requests dangerous framework permissions

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 21:59

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 21:58

Reported

2024-06-13 22:02

Platform

android-x86-arm-20240611.1-en

Max time kernel

6s

Max time network

158s

Command Line

net.zenjoy.photocollage3

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /system/app/Superuser.apk N/A N/A
N/A /system/xbin/su N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

net.zenjoy.photocollage3

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.204.74:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp

Files

/storage/emulated/0/Android/data/net.zenjoy.photocollage3/cache/uil-images/journal.tmp

MD5 8c92de9ce46d41a22f3b20f77404cc1d
SHA1 8671a6dca00edb72be47363a7071be65cf270373
SHA256 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA512 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

/data/data/net.zenjoy.photocollage3/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666B6BB90116-0001-10DB-A69DE95AC5F6BeginSession.cls_temp

MD5 fcbec8d4942b873ce1e222339aa97f44
SHA1 6a4c95f50d5fb244adca3d199bcadf571f3fa1c4
SHA256 21816b3967694bbd26a4e5c0e576c8f9a70d1b25df7ea79daa7a7e9510608c2d
SHA512 43b896bc1f018fa39a24c1f65d787f3c8017bf8cbdc801cffa4fb44ad177c44b02dda930966329c15f630cbdf098ab00e0412fb637750f4a615d8f9d3e2ce9f2

/data/data/net.zenjoy.photocollage3/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666B6BB90116-0001-10DB-A69DE95AC5F6SessionApp.cls_temp

MD5 2ff7d1ef1e63c5605106c6ccac65a99f
SHA1 884534f55212ea16f1c92e30124f648df486d683
SHA256 b026049db744717fab6551bf5eb0fb97c2aaecd8d0a92f54fea514c52f156401
SHA512 465c52f42c448495392e89116f6c9a7746e246d68a82cade043e04de78a9792f523bdb6b8ecf9a803ef6aa4d19c0afca032756b1b71696d3ce82aa38b4f462b8

/data/data/net.zenjoy.photocollage3/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666B6BB90116-0001-10DB-A69DE95AC5F6SessionOS.cls_temp

MD5 9b3d4522944ce6396563812bfdb92fa9
SHA1 6d2a6133c8f01938a48ccc77ef86ad8ca335c020
SHA256 d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9
SHA512 091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 21:58

Reported

2024-06-13 21:59

Platform

android-33-x64-arm64-20240611.1-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 172.217.169.68:443 udp
GB 172.217.169.68:443 tcp
GB 172.217.16.228:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A