Analysis Overview
SHA256
f2e9c7d4bae9e90cf58c21a2d1b2541a0490189ab3d11880c9bcf832198772e2
Threat Level: Likely malicious
The file a6dec1a91a0d644a016e37697ca5e3a0_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Checks if the Android device is rooted.
Loads dropped Dex/Jar
Queries information about running processes on the device
Queries information about active data network
Acquires the wake lock
Queries information about the current Wi-Fi connection
Queries the mobile country code (MCC)
Registers a broadcast receiver at runtime (usually for listening for system events)
Uses Crypto APIs (Might try to encrypt user data)
Checks CPU information
Checks memory information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-13 22:25
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 22:25
Reported
2024-06-13 22:28
Platform
android-x86-arm-20240611.1-en
Max time kernel
179s
Max time network
137s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/app/Superuser.apk | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.absologix.vr.track.speed.racing/cache/1582435991586.jar | N/A | N/A |
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.absologix.vr.track.speed.racing
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | stats.unity3d.com | udp |
| US | 1.1.1.1:53 | ads.heyzap.com | udp |
| US | 199.59.243.226:80 | ads.heyzap.com | tcp |
| US | 199.59.243.226:80 | ads.heyzap.com | tcp |
| US | 199.59.243.226:443 | ads.heyzap.com | tcp |
| US | 1.1.1.1:53 | med.heyzap.com | udp |
| US | 199.59.243.226:443 | med.heyzap.com | tcp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| US | 1.1.1.1:53 | live.chartboost.com | udp |
| US | 34.107.157.36:443 | live.chartboost.com | tcp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| US | 34.107.157.36:443 | live.chartboost.com | tcp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
Files
/data/data/com.absologix.vr.track.speed.racing/cache/1582435991586.jar
| MD5 | e8e0527a01aefdb89afd2c508f131da1 |
| SHA1 | f1103e6b260c657ceb3d95f1b023af3fda8b133a |
| SHA256 | f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce |
| SHA512 | fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34 |
/data/user/0/com.absologix.vr.track.speed.racing/cache/1582435991586.jar
| MD5 | fde2ee00cbd121cfab5290b078aa3ceb |
| SHA1 | e2b77d5320e155e413d040a8c20020962065b2f8 |
| SHA256 | 2897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685 |
| SHA512 | a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56 |
/data/data/com.absologix.vr.track.speed.racing/cache/__chartboost/CBSessionDirectory/cb_previous_session_info
| MD5 | 94f742c89a35f8ea9c019c90332a50de |
| SHA1 | 29aefee3dbee12e3d0e9808349d3880d0f3c0748 |
| SHA256 | c976f2f05e8e7e444f698eea808318d5a91f1ebcd0fe856538f3c502794079b4 |
| SHA512 | 2dfa77c6a73c9da94dd0d099b03213cd3fdb5a4e4070c8717fd1b025391c3ce3928993e8529510aef3cccdf456a1e01afdd84f68aed50e013a1c2f587c4286f9 |
/data/data/com.absologix.vr.track.speed.racing/cache/__chartboost/CBRequestManager/61098499040
| MD5 | ca19ff9135c775566abaa2e95c61be7d |
| SHA1 | f83a40e7ace666ef673eea3df900abfdb5835a73 |
| SHA256 | 5eb13d9bfb34ed5e8182aeeaa43c0e63cbef81fdddf19c0c1bac868d384d21e2 |
| SHA512 | b6850451f455e4331bee0d2cc5b1fced86078cfe287438fc54eeed79c3c92bea5e63f3fc41fa443373f4e5d943fcd4fda84d262a69ce75687dcf1c1eec038aba |