Analysis Overview
SHA256
514ac20734c27ff2b35f2014d8463ac5ecc4ec5e9ff6911c5cf6d83e2a1c3199
Threat Level: Likely malicious
The file a71eb0e83ed2e827da8f7555e57f37b8_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Checks if the Android device is rooted.
Loads dropped Dex/Jar
Requests dangerous framework permissions
Checks the presence of a debugger
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks memory information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-13 23:32
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 23:32
Reported
2024-06-13 23:36
Platform
android-x86-arm-20240611.1-en
Max time kernel
23s
Max time network
130s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/app/Superuser.apk | N/A | N/A |
| N/A | /system/xbin/su | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.orangeapps.piratetreasure/app_app_apk/piratetreasure.dat.jar | N/A | N/A |
| N/A | /data/user/0/com.orangeapps.piratetreasure/app_app_apk/piratetreasure.dat.jar | N/A | N/A |
Checks the presence of a debugger
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.orangeapps.piratetreasure
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.orangeapps.piratetreasure/app_app_apk/piratetreasure.dat.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.orangeapps.piratetreasure/app_app_apk/oat/x86/piratetreasure.dat.odex --compiler-filter=quicken --class-loader-context=&
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.169.74:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
Files
/data/data/com.orangeapps.piratetreasure/files/file
| MD5 | d1531b1622de54fe3a0187c3344600e9 |
| SHA1 | d47cbc8e977ffc6f492483716f00534153677778 |
| SHA256 | 3bdbb4fe8397cd2b842430b39ccff01a8663c751945ef5e9a09e267fb8b1d359 |
| SHA512 | e1931e50078ec69a0ba99ee2098dfe20afce3c7a75283e50b585ef585ed8eb28db887895fa73b04991e6e590ddbf71ceeaffe37d836068348e5f7fc7049c6d12 |
/data/data/com.orangeapps.piratetreasure/files/file
| MD5 | 3fe124a3f1dc724866389606124b4a66 |
| SHA1 | 4266585ae97271ee0ee9477ad5e34adbadc7fe9d |
| SHA256 | 66628d10c7d8afd0be9caa785f97f5f6e56a48a13f2fe2441cb8a05c8952ccb2 |
| SHA512 | 0fff6f2ea5d8de1d29de5cbda60b9d16e06e32445cf0341aea99fbed142fc72c87d6ade10316c6c6bd3cf8abb988a9d9e192a15f79cd51592e70d09ce069adfe |
/data/data/com.orangeapps.piratetreasure/files/file
| MD5 | 435e56724ae107edf802dd0eae214ede |
| SHA1 | 3f576373235556ecd6a55237f58f804eedfeee3e |
| SHA256 | 42bccabf3a89a3bfef7635c9158e54c966386593f7ae23cb7cbcbf1c85e904f2 |
| SHA512 | c2e9b785574d2ca4587d50d3d7a7c9d5039027c96063e391a0f209ad540887c5f15e2dff954423b5562127391c72d9d4cf66860a64183310092129a89e51ed51 |
/data/data/com.orangeapps.piratetreasure/files/file
| MD5 | 8f33267296a3a2772877985b4ea8eb6a |
| SHA1 | d246c8c6ca8740efb932d1221776847c12a3369f |
| SHA256 | c96f2a208a97d545bfa143eb1b0c4abd9bbdf78bf52c37e1936beed1a1e4e539 |
| SHA512 | b1784217f54bdf8f39d0991edf18548fb7bd918b4c5ac8b31ba171b441f4cd911e168d4132e5c40e69472860a6d28a280389af2f8d8a44cc76cc6535025412a8 |
/data/data/com.orangeapps.piratetreasure/files/file
| MD5 | 08625011432701e0b0d87b735239229c |
| SHA1 | 497a5fbc605d377d3fb782d3d475afc78b1a4df3 |
| SHA256 | 15f89de60788d10657a4c3c54ad701acb6426646801cac7de8f2325f8d6c88df |
| SHA512 | cd61bd8d7ac287b98f1554451a6787503674a6be792a9cafad69893bd59388b2fff9310a7f344ff814cd2d1e9f39fd63a9c4654416184e506454e5ce18168fe1 |
/data/data/com.orangeapps.piratetreasure/files/file
| MD5 | b3c16b6c736fa4782b4c455f37676b65 |
| SHA1 | 40b4dbeb65a913cd5a9dbc69bae6ea80f5320034 |
| SHA256 | 6e54c4c7b1f47024f7a5b7803cd7a9c055cf829c04cb075afbba6ee257f83802 |
| SHA512 | 63d2b165b105cf18141859ee1e8541c187678fd3c504f38508f420de22d9b862b2a99c517718e3984bcf1cf0f342d7d3c5d5de5a3bdff50eb95eb6d93cba458a |
/data/user/0/com.orangeapps.piratetreasure/app_app_apk/piratetreasure.dat.jar
| MD5 | 7c26f0c24870b29480af306133903d54 |
| SHA1 | b2f8b2baf3f2b0cadacc40e55650fecbe8aa7c5b |
| SHA256 | 0c4683edf09d7adc738e58b1a15ebd92d4a196fafe1ecd628fdea3c6c75031a3 |
| SHA512 | 14b0088bf99065c14f5599a3bb8f09a2e384fb2c941e1d5a0cc25b4aa1c3d64b5bdf4145702ebf85d5b63e0a70e1946c93714d1f1f3013f9d62d59982cd34f83 |
/data/user/0/com.orangeapps.piratetreasure/app_app_apk/piratetreasure.dat.jar
| MD5 | 3af6405a2eaaf687153069eb7960dca2 |
| SHA1 | 9a6566334b5991e71433e2b69d66a7b6ef610763 |
| SHA256 | abb096e87a9e6c5f53763959e5c635824b0bdbbf94f93051ff6e1fe7a5bbddb1 |
| SHA512 | c4726c4f2ad50dd2dfd38be15abafb48bd973d5ca30e17bcc84a38384fcf2a46a98ac791fe65e20821c2278c7e34025bbceb31c664219a040ef3d7476bff128d |
/data/data/com.orangeapps.piratetreasure/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666B81B503A8-0001-10AF-B111DD12ECB4BeginSession.cls_temp
| MD5 | c1026344d45359f54b8fcc1e029e2a6b |
| SHA1 | b768d473e2771028687685b9108d275adcc2d84d |
| SHA256 | f5b625975bcd1ef80790ae1d0a79818337af61c448300c0ded864f7ed0127875 |
| SHA512 | ee205999a4d94d6d6feae0a4b838a70f6e1ca3714039c5bee8969ee6a75bb5b53e79bff49bb2ab75a144c93ae805226538c87bf02d140827ac5582f603746699 |
/data/data/com.orangeapps.piratetreasure/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666B81B503A8-0001-10AF-B111DD12ECB4SessionApp.cls_temp
| MD5 | ea9c2b6327c9f934fe15f16814cd4c53 |
| SHA1 | 808f44318dd4f415f1d0fb38abdfbc09611fc43d |
| SHA256 | fb3cc46393f1e7609bcfec5684da73620ea6744820d5a89946f2e8ac654bc25f |
| SHA512 | 53609ee1f5011b95dcee04eb58b4badfe5d4c3cab125e15ec2bf2f23db6b10f5ad27e0f4c4eb1ad751285f7ad8e77a49a8c031f6a8bfef467b0f6398abbcf153 |
/data/data/com.orangeapps.piratetreasure/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666B81B503A8-0001-10AF-B111DD12ECB4SessionOS.cls_temp
| MD5 | 9b3d4522944ce6396563812bfdb92fa9 |
| SHA1 | 6d2a6133c8f01938a48ccc77ef86ad8ca335c020 |
| SHA256 | d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9 |
| SHA512 | 091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727 |
/data/data/com.orangeapps.piratetreasure/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp
| MD5 | c33583fae4e0b61cde1c5b9227963237 |
| SHA1 | fe2ebe4d27469af1460f7e852031a04208ef629b |
| SHA256 | 35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc |
| SHA512 | fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e |
/data/data/com.orangeapps.piratetreasure/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
| MD5 | a5c3fe07a4a208fb28ca6e697cdb419b |
| SHA1 | 54c042dd0aade0f2884c4f624c6aec206c3d036a |
| SHA256 | 04ae178f6b1e34a447ab4216e0388345b34b92e95539ded9c95740dc4867429f |
| SHA512 | ffa5c26c6be4b2bdc517c4b33330d07dfbdf745937c808656371bfee47f1be7c7ea38666b6eace5a23eeaec72cf366c07174858594b828b7df54f88a9fa532ba |
/data/data/com.orangeapps.piratetreasure/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_c7753d4e-aca0-4755-8c89-150d37b04b7e_1718321590843.tap
| MD5 | d7aafc788c6b07ca0a1c62a0158310ae |
| SHA1 | cf33f8b025adec9d809f3499a8b6f3c90c41a622 |
| SHA256 | 872023ffa142d2190c4effde51d31cb789aff9524d3e2232c792651e93d80558 |
| SHA512 | 6cca0e370b6f58eb0c8245d76673560d99205014af082ec67212cdc04543857bdc483e87a45dbb111ce8ea0d1b777a02ad3aa7e5d866db7bdd348babc2005d78 |
/data/data/com.orangeapps.piratetreasure/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/666B81B503A8-0001-10AF-B111DD12ECB4SessionDevice.cls_temp
| MD5 | 4211b07e92f8a6ba2f5e67d631780b16 |
| SHA1 | c3a83d4dfa720533e29f9314cd84d8afadfcc9ce |
| SHA256 | 3e83fd5afade73c059cca7f6da453d441f217242e2d8d5575e249639be6864fd |
| SHA512 | 7674e9c874f22344878750af8f64d2e2effde2b11cc96857eb48aa230735f598a5040c13c6d2a4cac1de8e9d32e69336d983f0dafd109c5bd23694c451b1b529 |
/data/data/com.orangeapps.piratetreasure/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
| MD5 | d7da02de62045d8c8a47768dcf388dd8 |
| SHA1 | b1937c68178de7890471406f84af4d4dad8e1d71 |
| SHA256 | 8742cabe9aef159fb70ea400c1e7b05913cb65317e712d9bef1d14b61186fcae |
| SHA512 | dfb6edeeff9bf54e56ec1e5793dd7a87565a4cd2b8c93ff1e41ce0598fc8ae8ab32647d79e1236fbe0eb3a20b7c2308bc2d1809291b703d299e70782bcd52288 |