Analysis Overview
SHA256
be7bc26ee7c903c59ed98eb6e7f0becc24d7077fab41875a626ce334d8b0aaf1
Threat Level: Shows suspicious behavior
The file a733385af1440d1473f9d03674086400_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Queries information about running processes on the device
Requests dangerous framework permissions
Acquires the wake lock
Queries information about active data network
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks CPU information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-13 23:55
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to write the user's contacts data. | android.permission.WRITE_CONTACTS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to monitor incoming MMS messages. | android.permission.RECEIVE_MMS | N/A | N/A |
| Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. | android.permission.PROCESS_OUTGOING_CALLS | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 23:55
Reported
2024-06-13 23:58
Platform
android-x86-arm-20240611.1-en
Max time kernel
137s
Max time network
184s
Command Line
Signatures
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Processes
com.ifreetalk.ftalk
/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.169.74:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | gk2.ifreetalk.com | udp |
| CN | 122.9.16.196:80 | gk2.ifreetalk.com | tcp |
| US | 1.1.1.1:53 | tj.ifreetalk.com | udp |
| US | 1.1.1.1:53 | report.ifreetalk.com | udp |
| CN | 47.93.19.164:80 | report.ifreetalk.com | tcp |
| CN | 154.8.189.40:80 | report.ifreetalk.com | tcp |
| GB | 142.250.187.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
| CN | 122.9.16.196:443 | gk2.ifreetalk.com | tcp |
| CN | 154.8.190.249:80 | report.ifreetalk.com | tcp |
| CN | 122.9.16.196:6300 | gk2.ifreetalk.com | tcp |
| CN | 39.106.68.175:80 | report.ifreetalk.com | tcp |
| US | 1.1.1.1:53 | gk1.ifreetalk.com | udp |
| CN | 122.9.16.196:80 | gk1.ifreetalk.com | tcp |
| CN | 122.9.16.196:443 | gk1.ifreetalk.com | tcp |
| CN | 47.93.19.164:80 | report.ifreetalk.com | tcp |
| CN | 47.94.248.201:80 | report.ifreetalk.com | tcp |
| CN | 122.9.16.196:6300 | gk1.ifreetalk.com | tcp |
| CN | 47.95.197.220:80 | report.ifreetalk.com | tcp |
| CN | 122.9.16.196:80 | gk1.ifreetalk.com | tcp |
| CN | 140.143.51.218:80 | report.ifreetalk.com | tcp |
| CN | 122.9.16.196:443 | gk1.ifreetalk.com | tcp |
| CN | 140.143.212.63:80 | report.ifreetalk.com | tcp |
| CN | 122.9.16.196:6300 | gk1.ifreetalk.com | tcp |
| CN | 122.9.16.196:80 | gk1.ifreetalk.com | tcp |
| CN | 122.9.16.196:443 | gk1.ifreetalk.com | tcp |
| CN | 122.9.16.196:6300 | gk1.ifreetalk.com | tcp |
| CN | 122.9.16.196:80 | gk1.ifreetalk.com | tcp |
| CN | 122.9.16.196:443 | gk1.ifreetalk.com | tcp |
| CN | 47.94.248.201:80 | report.ifreetalk.com | tcp |
| CN | 122.9.16.196:6300 | gk1.ifreetalk.com | tcp |
| CN | 122.9.16.196:80 | gk1.ifreetalk.com | tcp |
| CN | 122.9.16.196:443 | gk1.ifreetalk.com | tcp |
| CN | 122.9.16.196:6300 | gk1.ifreetalk.com | tcp |
Files
/data/data/com.ifreetalk.ftalk/databases/ftalk.db-journal
| MD5 | ba230acf0a05981385bf23a149ca5170 |
| SHA1 | 4bc87333256b635292ef9da9eebb22193eba912a |
| SHA256 | 88faefdd55327a70d2ae42cfa0ac00891baf2eb809c8f8dac001e6656bf027c7 |
| SHA512 | ed8c92c398cb5ab57dd36c1c4c20826fbbd8bfd72983945bee7dbf1678b6780b43711e08771aa6b705fd13f2957dbb01883a6ddc3e77bb4aeddb9608f1c18d26 |
/data/data/com.ifreetalk.ftalk/databases/ftalk.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.ifreetalk.ftalk/databases/ftalk.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.ifreetalk.ftalk/databases/ftalk.db-wal
| MD5 | 9aaee876eb59deab9236f414b8f493e8 |
| SHA1 | 487e11e24b732d156b5261baf0f6484e1f511719 |
| SHA256 | dd0c7991468bf64b1b6dc502f65140ad60d0074a17d8b3ad3de03f47ef764b0e |
| SHA512 | c548580c8c0d1228ab23d39471010244f144e927565c2c6e7b0b8406661798b7265db584c174842e507a1e59577f9c4523e339e31159ab6a50afea3b50475743 |
/storage/emulated/0/ifreetalk/download/imgcache/journal.tmp
| MD5 | 8c92de9ce46d41a22f3b20f77404cc1d |
| SHA1 | 8671a6dca00edb72be47363a7071be65cf270373 |
| SHA256 | 68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274 |
| SHA512 | 30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56 |
/storage/emulated/0/ifreetalk/download/action/json/0000.json
| MD5 | 3bebf43aee3d1b08afb5e08df1d7880b |
| SHA1 | d852b44b34db7db381abdcd6d61c492aaf2e13be |
| SHA256 | 0b66f4c61f3c5e849b2d5234f23ea35290f68e28826188ea000f5e8c42f67e22 |
| SHA512 | 9a63bf7320b82c50829501bb9332383159b9ea976bf162c7f0babd5d268431186fbcd1334239b6ade22dd324314828378c594585c0af6879da41c173e24d75c5 |
/storage/emulated/0/ifreetalk/download/action/ACTION000/thumb.png
| MD5 | 2c342ff1ea2ce84056749b0eb3003c96 |
| SHA1 | 897f3725ec79c30075e71bb98c18c3c028e90bcb |
| SHA256 | de7cdf8856fe4f6b85eb88495ef7970e78767834db42082781e88481009ec4f2 |
| SHA512 | 97ab8eed691da2fef68a809dac901d7af85bb8c665fa0206a47184f365ec7b1831a2130b5339dbff6a5804e4dd1780e6c3f5617918ac3a4e7275095ba07b0080 |
/storage/emulated/0/ifreetalk/download/action/ACTION001/thumb.png
| MD5 | 92b7d47aca056ec316aee120ca79a0b2 |
| SHA1 | 811068ecb1f1f023bd6ed9c33d7c5b38d1394c63 |
| SHA256 | 0c0ace35a9fba4290cb721280bc499ad8973f8a61542dbc3738159f6ff64617e |
| SHA512 | d71386c1f38aac97f260de4d9ed441c1f860d4b55f4f030d7f0e4495320a8465641c38f239fb482df50bc6bd36f99cf77578ace44f1d076902a7611eab8f0a54 |
/storage/emulated/0/ifreetalk/download/action/ACTION002/thumb.png
| MD5 | 91d883581d590451fa1d5b617a793f8d |
| SHA1 | dae876a59237400b31fd1c30c9e467c0bfaecc7d |
| SHA256 | 4859b0f4bd8b30194eefe6c3993e3ae48a06ead119cef353d7a03a8dc4cf3d65 |
| SHA512 | 16e5e37bf6894105bfb14097d6b08eabd4a8480a262e9817d3215b3815f07b86daf0f19190fcebd4a580dcaa82286c0df429b31a5d47ae4eb84e5777ea0c1a19 |
/storage/emulated/0/ifreetalk/download/action/ACTION010/thumb.png
| MD5 | 4e8d097427319c04663269f0eb5b6d0b |
| SHA1 | 47963b13c790091f8acc5ece0b3978028503b08d |
| SHA256 | 27ebf2b512060d5e4da08e455139acbccd77a916e0fc45ab525bca3cdfd8fc5e |
| SHA512 | 9f947644ddd81f55404db62810ba3793bf00ecab6bb1c7ad0fc0e88261c51592a79ad4437665000b3d1422dd299e4f1232aa37270ef90e73fb0ebff09e7bbde0 |
/storage/emulated/0/ifreetalk/download/action/ACTION011/thumb.png
| MD5 | 0b48b3654802a369dc54ace4f6c34d7f |
| SHA1 | cc5657c4eb9cadade6d6c5d11eb7e16fd8d2bba6 |
| SHA256 | e18a8c4bda6655c921436f305e23e079505a6a7de0c2a3c750b345b338b20f44 |
| SHA512 | d9c9dfb71f98220065d65485d0e5317efe4369bb6b02ad2d657a201dae97585ae32d6c9d8a8473d518998df87630e0bfe63721b95d5fcc4e374b800c3226a70f |
/storage/emulated/0/ifreetalk/download/action/ACTION012/thumb.png
| MD5 | 6beb56ca613811c13265b13ad90181ae |
| SHA1 | efa170c344cb23d1848faf798d1033c6b7c85717 |
| SHA256 | cf62da15f3c1ee2c80df203f5399dd5c3e54ca34614c54f72781847e04c9bad1 |
| SHA512 | 3cd7d78ca1160bc0fd3d17c84986a2a38841068fa1127e1dd593ba593bb4ff5af4070f5c3930c670f6e3d12c4c0ac9388aac17fee6f65eb7852c67e387797cf2 |
/storage/emulated/0/ifreetalk/download/action/ACTION013/thumb.png
| MD5 | 1a102b45096f2615f0258e4fecb58a77 |
| SHA1 | 2b933375f2dc29844c5d6374f2669367b9bd99a2 |
| SHA256 | 0e969d013a94d8eeba1cfddff6226ecc43e74784f4aa2f639b8c350521c6c0a7 |
| SHA512 | 92c938f05107c469a4aaf5592e9eef2eb48a4d541edb1e40b2a6a47080850386f036c655e691c1ec4cc6831526dbba318de122ba63c7cd25f28e564e6492e526 |
/storage/emulated/0/ifreetalk/download/action/ACTION100/thumb.png
| MD5 | 4301d94c670112130b8c017c83b69112 |
| SHA1 | d5d91d5a8275c7ddeccac0bb87a37e8232934fb8 |
| SHA256 | 4c493cb76af244f9173f2c48333825c4dc7b0a6a863abb46d4765ff56af018d3 |
| SHA512 | e8fe39d4c93c8be8e7b6423740bdb51b153148fce9efa8d37b9a3ea018e9671c91236bcc0724b72b73e4975a19bbb6f883498004d2be8aad4489dafefd748018 |
/storage/emulated/0/ifreetalk/download/action/ACTION101/thumb.png
| MD5 | 15268059b89fdc813e345bdc8d917c59 |
| SHA1 | cb0f9326cbbbc7af2dab334414dd344dae0663c0 |
| SHA256 | 460d1d89dfaf016b05bd5e05d2debf0b81704b6832808d3f46cc03088d767bf9 |
| SHA512 | 0bb2ef6d360a5e7c049c97d35b18b2615da02c190ddf1bb88c7140b5db4e0818511a811bbcabf841c5ad5a2203bc36a54489be0d5953157cf6d52fd0d5e3d373 |
/storage/emulated/0/ifreetalk/download/action/ACTION102/thumb.png
| MD5 | cc5b2d716b21cd19bdc32e08fdcd4625 |
| SHA1 | 9befbaa60635f9ca6d10e4991378dd2354a8a529 |
| SHA256 | 9ff9039a2eb3e2965788bac24a4488d556c17d7905880c41f2625d6953b4d231 |
| SHA512 | 986ab6bdbca7317a5fa2139d82df8bebe8bc5e018f65d0d83b77557e796385145353e9b2c4e3a6e32a0471cee5275855f9b35f7a92e78a9ddbadda5b642061dd |
/storage/emulated/0/ifreetalk/download/action/ACTION103/thumb.png
| MD5 | e8eec72d5bbcb0c6f7c56edb859ac09e |
| SHA1 | 055ffc028e110a1f5c3ce39684d3d793c9dbe6b4 |
| SHA256 | bd800a3a1a122b73e3cd459704bfcf6ba98af0f86b4665d81e1324668b90004a |
| SHA512 | be764527fa73a594dd60712254b96fcda4ece0d83ab27c4281f02597bfb0f241ebf71998dd99f8e28e588d97560536c494d503215c10cb7bfd1810ea4e8d5c7c |
/storage/emulated/0/ifreetalk/download/action/ACTION110/thumb.png
| MD5 | 991134b1170bc97a5082edafc91643f1 |
| SHA1 | f7eefe52b7093d70ec38ff0e58acbaccdffad53b |
| SHA256 | 5beaff61dad2588027eb0a146ab70365f2cfc2b4472ddb951779286b69800302 |
| SHA512 | 2565127ba3f424455615540da9bcba201d779dba8a3039a6e7d217558402a8fa5b846423e4ad1889e3313063c0dba10c3df58e0d763139f608f6d5f8af0472d6 |
/storage/emulated/0/ifreetalk/download/action/ACTION111/thumb.png
| MD5 | be7d7a1e98a3b57196f632751f002b6c |
| SHA1 | d1c529ebeea19e0df047b374a7ecda0da7741007 |
| SHA256 | a1631a56c1c4864928a249ee8533d5d021d4becbf8d235ce03eef760bc08d89c |
| SHA512 | 11181b8a01951789f8854482d28d481b54d6da5213a8dbe553127d366c8c3b956cff1686e06cd8699f50853feb8762bf759f0235c58e683cbf3eceeb8741f7e4 |
/storage/emulated/0/ifreetalk/download/action/ACTION112/thumb.png
| MD5 | b905f4c4679f2b6b3dd260ff14bb1e3d |
| SHA1 | efc6bca138eeae4cc3502f68e2c2ba7e5d0be3a5 |
| SHA256 | b3dc8f7ddfb2f94aea1b674c78cf66ff1c88629daedeaf3f9b1c3512aa9e79ff |
| SHA512 | 1f7c26b6a0b1d74c33b6b71ff5d38c1bb0be22a3a4c4f09b06b719f09901f16521b1238d1ee1dad83d54a7d81f0f3d81f7814660ab4e3ab2bf894a912cd62732 |
/storage/emulated/0/ifreetalk/download/action/ACTION113/thumb.png
| MD5 | 7b2c28d202228e77004843aab49cde27 |
| SHA1 | 0a7f5b704bfb02bc965835c3c6901fdad4a0df94 |
| SHA256 | a47a9f5430db1fc690e6766b75dee8a7ce0dd2d099eb66920d65133f9350e542 |
| SHA512 | 5b5f68f21a7fff321846eed4e3b3a1d44ebb752cabed0289f94c1ef4a213f033d6cee03cdf5a3a9518e76676a2a5ce2d851c2d4edc84ffa7ff1d63cdd03ebd90 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 23:55
Reported
2024-06-13 23:58
Platform
android-x86-arm-20240611.1-en
Max time kernel
8s
Max time network
139s
Command Line
Signatures
Processes
com.unionpay.uppay
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.178.3:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-13 23:55
Reported
2024-06-13 23:58
Platform
android-33-x64-arm64-20240611.1-en
Max time kernel
8s
Max time network
170s
Command Line
Signatures
Processes
com.unionpay.uppay
Network
| Country | Destination | Domain | Proto |
| GB | 216.58.212.196:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.228:443 | udp | |
| GB | 172.217.16.228:443 | tcp | |
| GB | 142.250.187.202:443 | udp | |
| GB | 142.250.187.202:443 | tcp | |
| GB | 172.217.16.228:443 | udp | |
| US | 162.159.61.3:443 | tcp | |
| US | 162.159.61.3:443 | tcp | |
| US | 162.159.61.3:443 | udp | |
| GB | 142.250.179.228:443 | tcp |