Malware Analysis Report

2024-09-09 17:17

Sample ID 240613-3dwlxayerp
Target a717a36c94ccf2fd1731bd5676f4001f_JaffaCakes118
SHA256 1fb1990bc8263aaf474ba0476a4c9c5420109826020f14e2352c84575c5df6e5
Tags
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

1fb1990bc8263aaf474ba0476a4c9c5420109826020f14e2352c84575c5df6e5

Threat Level: Shows suspicious behavior

The file a717a36c94ccf2fd1731bd5676f4001f_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary


Requests dangerous framework permissions

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 23:24

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 23:24

Reported

2024-06-13 23:27

Platform

android-x86-arm-20240611.1-en

Max time kernel

2s

Max time network

132s

Command Line

com.qixiao.qrxs

Signatures

N/A

Processes

com.qixiao.qrxs

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp

Files

/data/data/com.qixiao.qrxs/.jiagu/libjiagu.so

MD5 9915bc124eea9a06c7de657f0eba77dd
SHA1 f619344f10c5fca243a98ec7716185bd59970d87
SHA256 c01322bac7223147eca10f5ce1b41084c1db013e740c6b523116f69fe093052f
SHA512 953d18462dc1035d9e61a2e59285d0eea61d098042e16427e5bf55b2a2a560380efa045c451d9a9de20e6e11d01bd013d9a9c1fb0e593977fe111e723837f322

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 23:24

Reported

2024-06-13 23:27

Platform

android-x64-arm64-20240611.1-en

Max time kernel

2s

Max time network

133s

Command Line

com.qixiao.qrxs

Signatures

N/A

Processes

com.qixiao.qrxs

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.234:443 tcp
GB 172.217.16.234:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp

Files

/data/user/0/com.qixiao.qrxs/.jiagu/libjiagu.so

MD5 9915bc124eea9a06c7de657f0eba77dd
SHA1 f619344f10c5fca243a98ec7716185bd59970d87
SHA256 c01322bac7223147eca10f5ce1b41084c1db013e740c6b523116f69fe093052f
SHA512 953d18462dc1035d9e61a2e59285d0eea61d098042e16427e5bf55b2a2a560380efa045c451d9a9de20e6e11d01bd013d9a9c1fb0e593977fe111e723837f322

/data/user/0/com.qixiao.qrxs/.jiagu/libjiagu_64.so

MD5 94104821f2938c9a0d5a90a566f437a5
SHA1 f556a7f1c3a064e9f009743e218ab60d0d230745
SHA256 083d7484988ec559c57450da437cef53858b5660e74916a7ad0866ba1fe5f349
SHA512 68228b52c9ae07213e6d3c6114ca5580407b44cdb2e43253138736f59716f988430123fd64837d68b4bf15d320e68574b190944f848059417bb39ad0919a15be

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-13 23:24

Reported

2024-06-13 23:24

Platform

android-x86-arm-20240611.1-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-13 23:24

Reported

2024-06-13 23:24

Platform

android-x64-20240611.1-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-13 23:24

Reported

2024-06-13 23:24

Platform

android-x64-arm64-20240611.1-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A