Analysis Overview
SHA256
ae02b3a33e037c191f8886fcaa3e27de56cdb9ce43344fc9d1a7d1f6af473f95
Threat Level: Likely malicious
The file a3b3b7b28a44b049f2d4e5fbbdb37400_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Checks if the Android device is rooted.
Requests cell location
Queries information about the current Wi-Fi connection
Reads information about phone network operator.
Requests dangerous framework permissions
Queries information about active data network
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks CPU information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-13 03:40
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 03:40
Reported
2024-06-13 03:43
Platform
android-x86-arm-20240611.1-en
Max time kernel
131s
Max time network
155s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/app/Superuser.apk | N/A | N/A |
Requests cell location
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getCellLocation | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Queries information about the current Wi-Fi connection
| Description | Indicator | Process | Target |
| Framework service call | android.net.wifi.IWifiManager.getConnectionInfo | N/A | N/A |
Reads information about phone network operator.
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Processes
com.zplay.cookiesoccer
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.178.3:443 | tcp | |
| GB | 142.250.187.234:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | graph.facebook.com | udp |
| GB | 163.70.147.22:443 | graph.facebook.com | tcp |
| US | 1.1.1.1:53 | hk.g.account.zplay.cn | udp |
| HK | 47.89.50.85:80 | hk.g.account.zplay.cn | tcp |
| GB | 163.70.147.22:443 | graph.facebook.com | tcp |
| US | 1.1.1.1:53 | t.appsflyer.com | udp |
| GB | 18.245.218.71:443 | t.appsflyer.com | tcp |
| US | 1.1.1.1:53 | config.uca.cloud.unity3d.com | udp |
| US | 34.111.113.40:443 | config.uca.cloud.unity3d.com | tcp |
| US | 1.1.1.1:53 | corn.yumimobi.com | udp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| SG | 47.88.131.20:80 | corn.yumimobi.com | tcp |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | api.uca.cloud.unity3d.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| US | 34.107.172.168:443 | api.uca.cloud.unity3d.com | tcp |
| US | 1.1.1.1:53 | cdp.cloud.unity3d.com | udp |
| US | 34.107.172.168:443 | cdp.cloud.unity3d.com | tcp |
| GB | 142.250.187.234:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.187.234:443 | semanticlocation-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | gg.zplay.cn | udp |
| CN | 123.56.215.43:80 | gg.zplay.cn | tcp |
| SG | 47.88.131.20:80 | corn.yumimobi.com | tcp |
| SG | 47.88.131.20:80 | corn.yumimobi.com | tcp |
Files
/storage/emulated/0/.zplay/notifySDK/log/2024-06-13/ZplayNotifier
| MD5 | f11881ea6d2eb6af53c382d4ec04ce44 |
| SHA1 | 5d8e1a9748dd9784bda7fb8c90d1b638a7bbff97 |
| SHA256 | a560509e0cebcb124e647081f530d23a11033eac031a7ff79add9ba150368502 |
| SHA512 | 957ce6a8dec18cbe29ee5871129270aedda75d9522032266ad17be4d039c29ae7ce85e77b336352113689999c48734f16418cd70dd9f743ffc573fa23799a3f4 |
/storage/emulated/0/.zplay/notifySDK/log/2024-06-13/ZplayNotifier
| MD5 | b20d23bc92ef70a89e4c576703291965 |
| SHA1 | 51edc522962046ce9179228ebb8ac57fe27e2cb6 |
| SHA256 | 18e9f06b25d184a050a2faf3156d80519ad40c1661aac50373462f54874f6d90 |
| SHA512 | 46dac8dd58dffe1f3b84ede1530e47ad97d2a92bf2cb30bb3c20ee5370dff69de678c28cd7d1a3b13e305604822d90ad8631d9e79e92736bb5e7f45f9cb1d009 |
/storage/emulated/0/.zplay/notifySDK/log/2024-06-13/PollingAlarmSender
| MD5 | b0fd2099b2f468d710ea2332f5b2686e |
| SHA1 | f6d0386662c27e914abd18ee125046c6b34723cd |
| SHA256 | d421aa2e393927f67f8ab7ad208c72da2bdbe63987088a1b54e59bce70fbd7cd |
| SHA512 | e45ce72b0e14e52c8fcbf4693cf3b6003ade25db174ea23b1d74eec2eed63670f0e5d5ee840b13a078b390c27908f87b61908c5ce6b82d3e319258952a7380e6 |
/storage/emulated/0/.zplay/notifySDK/log/2024-06-13/PollingAlarmSender
| MD5 | d648301152cac1505e5e4d5d721a4585 |
| SHA1 | ac4bcbad2509ef3fb1a73d7c790dd7ad86c67473 |
| SHA256 | b555a2bfbd4850c66b1d04f909c09f2ac4e384aeb104cac19c688bd92bbc2b5a |
| SHA512 | e6352415da5f937d938c2da36f8243c972e0088601fe01b19406b20545ca56b6c58870ff1dd9cad9f5b57589e9b478c92e586d7b65abac37d1a021d6371f6345 |
/storage/emulated/0/.zplay/notifySDK/log/2024-06-13/PollingAlarmSender
| MD5 | 225562901f7717bc71e64b4c4fd89329 |
| SHA1 | 69cb32cca99cba8614def10d207b41e0d628a1c1 |
| SHA256 | 39944706e193cae83436a34a549a96b6e9a4fabb7a90959eaa58e1afd1e3a449 |
| SHA512 | 454f8c4a82810008f8769988c56d27ee703fd6555df1e466b280e79e6df182df770560dfd542921aea0cee0f15abae8ec169e7dd48d552e6eb28e9b56d06ddd4 |
/storage/emulated/0/.zplay/notifySDK/log/2024-06-13/Reporter
| MD5 | 392ec139441ee0e17952108fdc24971e |
| SHA1 | 03e1eb717cd1ffd556b15391285261d382639925 |
| SHA256 | 1c60ce9bf8160099a4ec83ef382f1a2750d2f993ab7282fe76a1d84881ff532f |
| SHA512 | e5a9d16acbc26686bb2ad8f9fa387e1ddda6e5bee3fcabf88fc0b63e10352ae92298170baacdce6bece5849846b69051cf8216966cb280cfc771cdd1a150a0c1 |
/storage/emulated/0/e7studio/sdk/log/2024-06-13/WebTaskHandler
| MD5 | 32846b8903983971fb2e3cf97ed26813 |
| SHA1 | 6b5b55effb902291522fb2099af3d79e342a790b |
| SHA256 | 3227f88931b7840b8b57ff070ad68371c3c926e8356f33497f55cbacc638dd87 |
| SHA512 | 8bc8833878156d1e5bed825a6864bcc9076998d0eafa929ef968b828b87b7dfa32fdd479974e12d6eb33826b6067cb06ad711cc2a377dbb4d10911f473505b2b |
/data/data/com.zplay.cookiesoccer/databases/com.zplay.android.sdk.notify.db-journal
| MD5 | 6d1e27665fb0ab4745b2f524b5ada9fb |
| SHA1 | 4aeca708543115b6ebeb3e2334ef22409201f0f3 |
| SHA256 | 2b7188868b6b9e570da6b1533c7c18fbae9da9f13d6928579a430faca1af7091 |
| SHA512 | f64b404e08aeb93ff172164c000bb5f08e54334f8d6d400eadc961735b2c88a9e8af5bbaf4249502b4da6bd9d1ce253bc35518b26f55d6b055d598840a53501a |
/storage/emulated/0/.zplay/notifySDK/log/2024-06-13/ReportService
| MD5 | 54a6199d643271d327719d2cd2c2d1a3 |
| SHA1 | 49575d1098ecf4904634c4b40c7a72ee5345ad0c |
| SHA256 | 26eda2ad456669c261923ed4924867127c53da93c3759de38a0536194e23efe9 |
| SHA512 | 377a9b23b1a0c33465294eea7e531a57235e73d2719ddb1d6e150dcb9d0c03ef4ad60d10be72416dc7ab1696afa99341d97012a4f354b14a126371ef0dcbbb84 |
/data/data/com.zplay.cookiesoccer/databases/com.zplay.android.sdk.notify.db
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/com.zplay.cookiesoccer/databases/com.zplay.android.sdk.notify.db-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/com.zplay.cookiesoccer/databases/com.zplay.android.sdk.notify.db-wal
| MD5 | 2a623bf0b5ce2fa80292870c4fffe254 |
| SHA1 | e6aa3bc47812edda930e4b6419c61bb8e4dbe4b9 |
| SHA256 | e23f61337936b4f301bde24421c5050593ad64ce836670f46c72ed2f8523afd8 |
| SHA512 | 6b3869fa5f454b62401b2d77365f45f43e77e6a2719543a8087abf8916aec3e1e368716a0b7eaa630fa88c7867b46f8e0f6d93b2d793b091e324e0c45f0d432e |
/storage/emulated/0/.zplay/notifySDK/log/2024-06-13/ReportService
| MD5 | 3d8b08d315fb68f9af722521aedb32e4 |
| SHA1 | 540417ab06b301149024f6328f721a98be1bb1a7 |
| SHA256 | 496ad2a4ddede1134991c7f44b9f261fa31b888c7c9ce09ed41c2131e3857526 |
| SHA512 | 86e67ddb0fa4ac3c5650c8a38715bfc3a30184863429960e1555cccaee72c2c95460b0a6aaf430e01cf7b8f8c4480086b6c1e45f6d6396cb5af85603bae20679 |
/storage/emulated/0/Android/data/com.zplay.cookiesoccer/files/Unity/560a129d-3b3e-4873-bfef-723e8deac597/Analytics/config
| MD5 | 8673a8ac0b06a9d056d08d62f857ba4b |
| SHA1 | a351bea1932270bafbe468584058fef20dcfc31e |
| SHA256 | 83b3f90c4edf1f122c8faf9784ca0aee4dd017c65493ac181c1814211703db96 |
| SHA512 | edf28eb7fcef654f139285d308f817ee230d6f064a4c865109d6dfe6f73c11f8f35737c8159c8a302118237ab980899ba5773f547cc9da4028643a53b08e324f |
/storage/emulated/0/Android/data/com.zplay.cookiesoccer/files/Unity/560a129d-3b3e-4873-bfef-723e8deac597/Analytics/ArchivedEvents/171825004000000.f5c4fd3b/s
| MD5 | 232326c844c85e234fa4a52add1de27b |
| SHA1 | b1db6180a87e8f75bbb215cb45e20f3afeaf8798 |
| SHA256 | 7e90369cbbc359b89cfbd59c87359fd9837269e189c3af02f5fd3effca508ba7 |
| SHA512 | 36acfd03e1e534e453de0bc7a052a3e8b8cfb4197507db39e7053b2aa5ba902ba83fcae05fbe487c5d61a917d0170635d48f9f466fb035a6a68aaea99a96391d |
/storage/emulated/0/Android/data/com.zplay.cookiesoccer/files/Unity/560a129d-3b3e-4873-bfef-723e8deac597/Analytics/ArchivedEvents/171825004000000.f5c4fd3b/e
| MD5 | 16ec3bc8921abda56ccec09899e9bcc8 |
| SHA1 | a52f21fb7cc96eb1a8b5eb43605ad0d06c6767d8 |
| SHA256 | fe8f31884161095297c85976341872c0a719f6a94ad36e76126be03fbb91d92d |
| SHA512 | 7b06934d3c172e5f5cfb228088ad3f381dd136d150cbd0d7cffb8ec35176dcaa8788fa2d31f5499552063809f9acb7c0c97c7e6dda7d9701ad74c9a69d09d94a |
/storage/emulated/0/Android/data/com.zplay.cookiesoccer/files/Unity/560a129d-3b3e-4873-bfef-723e8deac597/Analytics/ArchivedEvents/171825004000001.f5c4fd3b/e
| MD5 | 3cbe4d958cdc796f16a66b8716b6edbb |
| SHA1 | 46b32d813c1b8ce919be464fa66486a79ca53a05 |
| SHA256 | f5ca253377b5371475e3ffdcb0157cd0da6f925ed542caf3b96ec86f42e159c1 |
| SHA512 | 069cbbc104d27c0179934655fb563c9f51f4c0a69ac7f676fa25c918c90811b5a1ecfd61576557c869585b1fb919b8bf3d83945a3551d16f2706b6f267d3a70d |
/storage/emulated/0/Android/data/com.zplay.cookiesoccer/files/Unity/560a129d-3b3e-4873-bfef-723e8deac597/Analytics/ArchivedEvents/171825004000002.f5c4fd3b/e
| MD5 | 91355aeb68b2304903f3936445429603 |
| SHA1 | aac3f4658171ca64fda027dcda619fb999347ac8 |
| SHA256 | d6df9a25c50c912d414aa6914626658854521d91e73bf4bcfca3b058a2c3467d |
| SHA512 | 825f8e2af9cd97f1f24b4ff2707e80541332c45340d9ba0af5829b593d704876d2353dc1fcff741b32ff38a50e956f67f9ed85504d1c385cd0de88920571fe79 |
/storage/emulated/0/Android/data/com.zplay.cookiesoccer/files/Unity/560a129d-3b3e-4873-bfef-723e8deac597/Analytics/values
| MD5 | 91c9500d30373ee95c19f905a3b888ed |
| SHA1 | d005b2b1a1264b068de0e9a98648d1dfdde51fb4 |
| SHA256 | 7c65b347405e0afa3141f8ccfa5174416ee5b81b2a546deb3678cdbc241d366d |
| SHA512 | 6dc82cee2fe0389c84e538544c44e79985d5d4baabb1238b4c6f73d055d43e87e48282618bc55b66b2959b4395caa594c0467cc21771545d25c6ae93a9070fcd |
/storage/emulated/0/Android/data/com.zplay.cookiesoccer/files/Unity/560a129d-3b3e-4873-bfef-723e8deac597/Analytics/ArchivedEvents/171825004000002.f5c4fd3b/e
| MD5 | f795df79d5e3b48afb78496178916cbc |
| SHA1 | 4f11866c39efe992b7595bcd15e728f99b3028af |
| SHA256 | 05dd206155f3fff10e9faa0a030ef0d395bd7e14217d0309b48973d930ecaeb1 |
| SHA512 | bf0772a9ddc0a573e361a058b7d6379eb33a06b47a5c7c56d16bf15ffcf88b8dc9ee235b776cf11a4a807b24c88256c8622459c931b2eb842fe971655f92fc87 |
/storage/emulated/0/Android/data/com.zplay.cookiesoccer/files/Unity/560a129d-3b3e-4873-bfef-723e8deac597/Analytics/ArchivedEvents/171825004000003.f5c4fd3b/g
| MD5 | c81e728d9d4c2f636f067f89cc14862c |
| SHA1 | da4b9237bacccdf19c0760cab7aec4a8359010b0 |
| SHA256 | d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35 |
| SHA512 | 40b244112641dd78dd4f93b6c9190dd46e0099194d5a44257b7efad6ef9ff4683da1eda0244448cb343aa688f5d3efd7314dafe580ac0bcbf115aeca9e8dc114 |
/storage/emulated/0/Android/data/com.zplay.cookiesoccer/files/Unity/560a129d-3b3e-4873-bfef-723e8deac597/Analytics/ArchivedEvents/171825004000003.f5c4fd3b/e
| MD5 | e4508dd94c4eb6f9bf395a8c9ad0aaa0 |
| SHA1 | de011b5f7228d60b46367ec22b7a9dc71e304104 |
| SHA256 | 860d6d7e5656473615d95d4018f905b74657c4c1bb6fbab1bb19bb9785a63da2 |
| SHA512 | 3c8f306c3881a61c941371884b281d5435dc2da613dd7be3803c44104e1018ac4d2a7fb20822ba196e63d4c0c5f62b06d9d4ae77e6bb9569cc5a64f36bfdf7f7 |
/storage/emulated/0/Android/data/com.zplay.cookiesoccer/files/Unity/560a129d-3b3e-4873-bfef-723e8deac597/Analytics/ArchivedEvents/171825004000004.f5c4fd3b/e
| MD5 | 47de815e4db167a1b626ed4eeb4090c6 |
| SHA1 | be35de9f764686d6be2a648423eb63d44be4cd88 |
| SHA256 | 4b688b88300470ff60d98996dc92253a6d19054b101d0df7962b56e1581dfdb9 |
| SHA512 | df5f0fc3fbae2e148ac44b18e6cc00a1e10a2ef84f7977ea50d260f81791de6944bd177648332551bc96af42cdf529278c7cacc68ea818568b5fd2204d7961b5 |
/data/data/com.zplay.cookiesoccer/files/AppEventsLogger.persistedsessioninfo
| MD5 | 9df1b814917642baf5d1c650d62ff74a |
| SHA1 | 4495a58797f9f85457215db8a74165ba5e32b878 |
| SHA256 | fdbd68849edb78df4533b486a79fc23b90023bc945e4fb715983ffc523c28c77 |
| SHA512 | b2f039a8ba610cb55078ea7c50363addb78f7f7b168955fdc7b610b8878357478371610ec22249403412582ec436f80a24edde9ec90b4125a9473ce8385118f5 |
/storage/emulated/0/e7studio/sdk/log/2024-06-13/WebMethodHandler
| MD5 | 52e7543393b06a3995fef31d538b6bb8 |
| SHA1 | 1c0b4d1262a5f5dac10d41e87b824da781505440 |
| SHA256 | 7ddd6c286573b76f7456035372eadc986b25aa61814029743b91eaded23aa535 |
| SHA512 | dd37b9e96c6c98e83a16d3b0f37dc60006147ec157f0eecdc272fe0876796682dbb30adf877174b4471bd468dd0ac9d6f2a3e2cc70cc200f6d3dba6351edd5b4 |
/storage/emulated/0/e7studio/sdk/log/2024-06-13/url
| MD5 | 1dca3a838b5c3ca0dff0e9a81d7504ad |
| SHA1 | 9657fde67653f43498a526c7c63ca0f602543eec |
| SHA256 | bf1780527fd139d6efddfd40a51f8f8ac751b4b620dcefc8ec97168a4d52b48c |
| SHA512 | 4bf94c4c5e3fe16adc87418606741a1a9a39b8c01eba0a585d57d31342a641c237cc4f709a87fd88f8b0a09ddae5612ade10d09af2e560d9493752a01d5b655d |
/storage/emulated/0/Android/data/com.zplay.cookiesoccer/files/Unity/560a129d-3b3e-4873-bfef-723e8deac597/Analytics/ArchivedEvents/171825004000005.f5c4fd3b/e
| MD5 | 7103a30fd350551719da38aa0a97dff3 |
| SHA1 | 80b807d1430e1edb94c8e195667604b3d1db7856 |
| SHA256 | 9b79898b1acf8797563b58e1684872d3fce1122f97fe763548e55045f4e053c2 |
| SHA512 | 7c5433288999bcb452b9f9c079c85ca11920bab6eb873de463195ee23f907ee4eb25d883cf3a265761ff0daf7320d185c79a973396e42322d9133900391b2132 |
/storage/emulated/0/e7studio/sdk/log/2024-06-13/WebMethodHandler
| MD5 | a66e8891ad60352f3098d6fcb3f802cc |
| SHA1 | 6946e84ffd6c9d8a98deb555cd29cd6e07f0463c |
| SHA256 | 1df0b8dc50c55ab3b2b0dbc23f0c802d5c6e59c6c16b1575365ae05c7bf7eea2 |
| SHA512 | ddaa217373dbf0ebc4e7c51c1c9ee75119c598133089959f261fdc11210338908a9a0b3b5920c88c821dcae2bd1c4e63292df94d0ee7b3fdee6ee0492d5598d5 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 03:40
Reported
2024-06-13 03:40
Platform
android-x86-arm-20240611.1-en
Max time network
3s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.169.74:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-13 03:40
Reported
2024-06-13 03:40
Platform
android-x64-20240611.1-en
Max time network
5s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-13 03:40
Reported
2024-06-13 03:40
Platform
android-x64-arm64-20240611.1-en
Max time network
6s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp |