Analysis Overview
SHA256
a43b8718e486d4a328a34a0fe1ad6b3cf4c538d162a1121f314a66c8e0404d1d
Threat Level: Shows suspicious behavior
The file a6fb025296b9ab94078d7ec4e37bf60f_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Queries information about the current nearby Wi-Fi networks
Requests cell location
Requests dangerous framework permissions
Queries information about the current Wi-Fi connection
Reads information about phone network operator.
Queries information about active data network
Registers a broadcast receiver at runtime (usually for listening for system events)
Uses Crypto APIs (Might try to encrypt user data)
Checks CPU information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-13 22:52
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 22:52
Reported
2024-06-13 22:55
Platform
android-x86-arm-20240611.1-en
Max time kernel
174s
Max time network
159s
Command Line
Signatures
Queries information about the current nearby Wi-Fi networks
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getScanResults | N/A | N/A |
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Processes
com.youguihua.app.jz
com.youguihua.app.jz:bdservice_v1
com.youguihua.app.jz:bdservice_v1
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | jz.youguihua.com | udp |
| US | 1.1.1.1:53 | hmma.baidu.com | udp |
| HK | 103.235.47.161:80 | hmma.baidu.com | tcp |
| US | 1.1.1.1:53 | channel.api.duapp.com | udp |
| CN | 110.242.69.50:80 | channel.api.duapp.com | tcp |
| GB | 216.58.201.110:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| GB | 216.58.212.202:443 | tcp | |
| GB | 216.58.212.202:443 | tcp |
Files
/data/data/com.youguihua.app.jz/files/__local_last_session.json
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.youguihua.app.jz/files/__local_stat_cache.json
| MD5 | 6ffb7aef02621006a810d8bdd1b4f120 |
| SHA1 | b11a8e0df0bf5ca62af34a0b84cf2ca25b5ed6f3 |
| SHA256 | bcbb8a07c3117629cb5e734f74a445c4ac89dcc4f7d5972e267144e955c01070 |
| SHA512 | 3f1c023a455567860b2ae91f81e4a0e4b928fd6d29a8b443ccff6282771a8c84787cf1f8eb4325a4ce69669bae420a45ba9889874e3953810d2cc54022b3ab6d |
/storage/emulated/0/pushservice/database/push.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/storage/emulated/0/pushservice/database/push.db-wal
| MD5 | 31eaa8575d25c6e4d7540039c12c72ac |
| SHA1 | dd353737976b59cbfa34ca52f78d94d704651a90 |
| SHA256 | c6ec4d543b3d8eeb8edfbb4f342069ca2fee6eb72278abf32525c7c8dddca432 |
| SHA512 | b3bbc29e5851f1db1776cf1f26bb685d63b62e53a883afb95a1c9bdc4d6c26dbf3604723a50f55471f67fc4c4a46dc64da764349deb4095a81ca38ffd05fdbd2 |