Malware Analysis Report

2024-07-28 14:28

Sample ID 240613-2d3vjssgpe
Target a6e2836521d4756b973ff98885db0e07_JaffaCakes118
SHA256 6aaebd95b4cee700f940d0a05fed50b9feeb690d6467f18f0f98ae3191ae7bf8
Tags
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

6aaebd95b4cee700f940d0a05fed50b9feeb690d6467f18f0f98ae3191ae7bf8

Threat Level: Shows suspicious behavior

The file a6e2836521d4756b973ff98885db0e07_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary


Requests dangerous framework permissions

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 22:28

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 22:28

Reported

2024-06-13 22:31

Platform

android-x86-arm-20240611.1-en

Max time kernel

3s

Max time network

183s

Command Line

com.mahuakouzi

Signatures

N/A

Processes

com.mahuakouzi

getprop ro.product.cpu.abi

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 216.58.212.202:443 tcp

Files

/data/data/com.mahuakouzi/files/libexec.so

MD5 9ec09673514d7039809617e032707b28
SHA1 0526b39dbea678ea0cf138c6a7bb3e2a2d7aaa15
SHA256 7d83a9ebe44ae68c0cb89395273e20d623e48195f0c74ee27376c2355c2b4e9a
SHA512 5182c7324a59263139439f4b6c2dd03cf06c59587228183701d3f966de0812a9d2ec899473a7e05e8a751b23e0128c3826430e06bd7ba45a9413ee6bb1b1176a

/data/data/com.mahuakouzi/files/libexecmain.so

MD5 5d88fe5cb8ec0bf90ecaad7548d78ec5
SHA1 379929a1dee4f72b9fd8c8e9f5dc4de66da0ea8a
SHA256 ef50f0e79c65d1ad2933bbb13f065e7dc0a5618883536bb39e8ec9eaac4cdfc7
SHA512 c99a2f02a959d149c2af0782d8a1a8900ed40cbae1e355226406108bbd04d8217e6d44380f7a222a46170a1450b820be075812cab29dc9b0c4d69e762e380151