Analysis Overview
SHA256
1fb1990bc8263aaf474ba0476a4c9c5420109826020f14e2352c84575c5df6e5
Threat Level: Shows suspicious behavior
The file a717a36c94ccf2fd1731bd5676f4001f_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Requests dangerous framework permissions
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-13 23:24
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 23:24
Reported
2024-06-13 23:27
Platform
android-x86-arm-20240611.1-en
Max time kernel
2s
Max time network
132s
Command Line
Signatures
Processes
com.qixiao.qrxs
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
Files
/data/data/com.qixiao.qrxs/.jiagu/libjiagu.so
| MD5 | 9915bc124eea9a06c7de657f0eba77dd |
| SHA1 | f619344f10c5fca243a98ec7716185bd59970d87 |
| SHA256 | c01322bac7223147eca10f5ce1b41084c1db013e740c6b523116f69fe093052f |
| SHA512 | 953d18462dc1035d9e61a2e59285d0eea61d098042e16427e5bf55b2a2a560380efa045c451d9a9de20e6e11d01bd013d9a9c1fb0e593977fe111e723837f322 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 23:24
Reported
2024-06-13 23:27
Platform
android-x64-arm64-20240611.1-en
Max time kernel
2s
Max time network
133s
Command Line
Signatures
Processes
com.qixiao.qrxs
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.234:443 | tcp | |
| GB | 172.217.16.234:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp |
Files
/data/user/0/com.qixiao.qrxs/.jiagu/libjiagu.so
| MD5 | 9915bc124eea9a06c7de657f0eba77dd |
| SHA1 | f619344f10c5fca243a98ec7716185bd59970d87 |
| SHA256 | c01322bac7223147eca10f5ce1b41084c1db013e740c6b523116f69fe093052f |
| SHA512 | 953d18462dc1035d9e61a2e59285d0eea61d098042e16427e5bf55b2a2a560380efa045c451d9a9de20e6e11d01bd013d9a9c1fb0e593977fe111e723837f322 |
/data/user/0/com.qixiao.qrxs/.jiagu/libjiagu_64.so
| MD5 | 94104821f2938c9a0d5a90a566f437a5 |
| SHA1 | f556a7f1c3a064e9f009743e218ab60d0d230745 |
| SHA256 | 083d7484988ec559c57450da437cef53858b5660e74916a7ad0866ba1fe5f349 |
| SHA512 | 68228b52c9ae07213e6d3c6114ca5580407b44cdb2e43253138736f59716f988430123fd64837d68b4bf15d320e68574b190944f848059417bb39ad0919a15be |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-13 23:24
Reported
2024-06-13 23:24
Platform
android-x86-arm-20240611.1-en
Max time network
6s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-13 23:24
Reported
2024-06-13 23:24
Platform
android-x64-20240611.1-en
Max time network
6s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-13 23:24
Reported
2024-06-13 23:24
Platform
android-x64-arm64-20240611.1-en
Max time network
7s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp |